|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lee Quince (Lee.Quince
iqunity.com)
Date: Tue May 13 2008 - 14:56:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jorey..
In a way we do try to cover all angles .. All port 25 traffic hits ASSP
first then is proxied to Postfix.
This solution allows us to support port 25 traffic, like T-Mobile, BT
openZon, The Cloud, but also restrict.
A client is only allowed
5 Msg's in a 1 Min otherwise then are black listed for 10 Min
We also Bayesian Check outbound Email, along with DNSBL, URIBL, SPF
Check..
This closes down any Zombies on the network straight away. So far it has
been successful.
Regards
Lee
Lee Quince wrote, at 05/13/2008 12:56 PM:
> Jorey,
>
> Still missing the point...
>
> Most ISP's still only allow you to relay when connected to one of
there
> own connection's.
It's true that ISPs are blocking outgoing connections to port 25, if it
isn't to one of their submission servers, but they are also implementing
port 587 submission or offering webmail to get around the blocks imposed
by other ISPs or hotspots when users are on another network. It's a
necessary evil, but also a good thing, considering the number of zombies
out there.
> 95% of users still use unauthenticated SMTP.
Well, maybe, but 98% of those are zombies. :)
> 5% of users use authenticated SMTP.
Real users authenticate. :)
> Hence lets reduce the bigger problem. "What the Customer wants"
Again, if that's your only concern, don't block port 25. However, I
agree that you should do the responsible thing and block outgoing
connections to port 25, so the rest of us don't have to deal with spam
from zombies that connect to your hotspot.
It's good that you're doing
this. It may cause problems for users that authenticate over port 25,
but there are solutions that don't require you to sniff login
credentials, break encryption, or relay mail for anyone connected to
your network. In fact, it's really not your problem anymore. Inform your
users that you block port 25 and that they should contact their own
technical support if this interferes with their ability to send email.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]