We do a combination of the following across networks:
-Greylisting
-Customers can only talk to certain mail servers on port 25. We
encourage them to use port 587 for out of network access.
-Set inbound and outbound limits on our routers in regards to port 25
traffic and to mail server(s). X number of connections in X number of
seconds.
-Router rules that block the most common virus ports. Its amazing how
many people get 10 year old viruses still.
-In-bound spam & Virus filtering (who doesn¹t). Testing purplehat.org
as a barracuda replacement.
-Limit customer CPE to x number of connections.
All of this locks down the network quite well. It will cause some
support calls but it will be worth it.
Justin
--
Justin Wilson <[email protected]>
http://www.mtin.net/blog
Wisp Consulting Tower Climbing Network Support
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
