On Apr 21, 2010, at 9:57 AM, Dan White wrote: > On 21/04/10 10:49 -0300, Claudio Lapidus wrote: >> Hello all, >> >> At our ISP operation, we are seeing increasing levels of traffic in our >> outgoing MTA's, presumably due to spammers abusing some of our subscribers' >> accounts. In fact, we are seeing connections from IPs outside of our network >> as many as ten times of that from inside IPs. Probably all of our customers >> are travelling abroad and sending back a lot of postcards, but just in >> case... ;-) >> >> So we are considering ways to further filter this traffic. We are evaluating >> implementation of MSA through port 587. However, we never did this and would >> like to know of others more knowledgeable of their experiences. The question >> is what best practices and stories do you guys have to share in this regard. >> Also please let me know if you need additional detail. > > Depending on what level of pain you want to inflict on your roaming users: > > 1) Require them to smtp auth to your server when sending mail
SMTP AUTH on port 587, preferably with SSL/TLS. > 2) Require them to use the local SMTP of the server they are connected to, > and do not allow remote relay at all. Good way to not have customers. > 3) Require them to send mail via a webmail interface when they are not on > your local network > > I would not think that using port 587 is going to work in many cases, such > as from Hotel wireless networks. Port 587 connectivity has survived almost every public access and hotel access system I've ever tried. Port 25 is often blocked or hijacked. > > -- > Dan White
