Suresh Ramasubramanian wrote: > > On 6/18/07, Jack Bates <[EMAIL PROTECTED]> wrote: > >> Joe also pointed out the biggest problem with blocking port 25; it >> pushes the >> abuse towards the smarthosts. This creates a lot of issues. >> Smarthosts have to > > So .. great. You have a huge spam problem that flew under your radar > as it was spread across multiple /24s or far larger netblocks, now > concentrated within far fewer servers that are part of the same > cluster. That kind of makes your job a bit easier then .. half full > glass v/s half empty glass, and all that. > >> I'd rather monitor and filter traffic patterns on port 25 (and the >> various other >> ports that are also often spewing other things) than block it. It's >> not unusual >> to see tcp/25 spewing at the same time as udp/135 and tcp/445 or even >> tcp/1025. > > [...] > > Which is what a lot of the kit Sean posted about does .. > > srs
We filter ALL udp/135 and tcp/445 or even tcp/1025 towards and from the Internet. Port 25 is only allowed to go through the smarthosts and other whitelisted mail servers. We have never had any complaints about the 135/445/1025 blocking and very few about the port25 stuff. Spambots are getting clever and they now use configured SMTP relays in thunderbird/outlook etc so the mail gateways get quite a bit of traffic. But we have lots of them (Ironports) behind load balancers so theres little problem there. -- Leigh Porter UK Broadband
