On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote: > Hello all, >
Hello Claudio, > At our ISP operation, we are seeing increasing levels of traffic in our > outgoing MTA's, presumably due to spammers abusing some of our subscribers' > accounts. In fact, we are seeing connections from IPs outside of our network > as many as ten times of that from inside IPs. Probably all of our customers > are travelling abroad and sending back a lot of postcards, but just in > case... ;-) > I presume you use SMTP-authentication ? That way it's easy to see what users are sending a lot of mail (or more then usual). > So we are considering ways to further filter this traffic. We are evaluating > implementation of MSA through port 587. However, we never did this and would > like to know of others more knowledgeable of their experiences. The question > is what best practices and stories do you guys have to share in this regard. > Also please let me know if you need additional detail. > We added SSL to our SMTP-service and tell our customers to use SSL (not TLS) with authentication and have the mailserver listen on the TCP-ports which the mailclients pick for that (of which their are a few if I'm not mistaken). We've found having to tell clients port-numbers sounds complicated and technical, but telling people to use encryption sounds like a good service and in most cases it just works (we ask the name of the e-mail client before we give them any settings). Also because port 25 is blocked in a lot of places, when people travel with laptops. The mailservers log the IP-adress and username from the authentication, that will hopefully allow us to easily play whack-a-mole when confronted with the problem you might be having. > thanks in advance, > cl. >