On Fri, May 03, 2002 at 01:43:27PM -0600, LuKreme wrote: | | <quote who="dman"> | > On Fri, May 03, 2002 at 11:09:53AM -0400, CertaintyTech - Ed Henderson | > wrote: | This question is not SA specific but just a general email | > sysadmin type | question: What is an effective way to monitor my own | > dialup customers to | see if any are abusing their email privilege by | > sending out spam? I am | using qmail. Somehow monitor the volume that | > each local IP is sending? Just | curious to see what others are using | > and how you do it. | > | > First block outgoing connections to port 25. Your customers shouldn't | > have their own mailserver, they should be using your smarhost relay. | | Meany people using dialup have email accounts for their work/profession. | Requiring them to send "on the road" email through your own server rather | than their work server is a pain in the ass for your customer.
That would be.
| It requires multiple settings for SMTP servers and generally makes
| their lives MUCH harder.
Depends on how brain-damaged the software is in the first place. Some
software can easily be setup to switch settings dynamically.
Alternatively an ssh tunnel can be used to get inside the corp.
network and pretend that the dialup link doesn't even exist outside of
it.
| Just because someone is using dialup doesn't mean they don't have
| other means of accessing the web besides that connection, and that
| those other means are just as valid -- perhaps more so -- than your
| server.
True, but you don't know that. If you give people the benefit of the
doubt ...
| > It may (or may not) be a good idea to verify that the sender
| > address (MAIL FROM:) matches their account with you.
|
| Horrible horrible idea. Unless your server is a corporate server this
| should never ever ever be done. It's simply -=rude=-
Note that MAIL FROM: is wholly different from From: and most end users
never see the contents of the MAIL FROM:.
| Really what this boils down to is punishing your users for others actions.
| Assuming that every dailup user is a spammer is simply not fair to
| 99.99% of your users.
It is really sad that people can't be trusted to be honest, but that's
human nature. One problem with dialup is it is cheap, so spammers can
resubscribe numerous times rather cheaply. Also, most dialup users
(ie aol users) don't know enough to run their own mail server. If the
user doesn't know enough to run their own mail server why would they
need anything going out on port 25 unless it's to the provider's
relay? As a user, though, I would hate to have these restrictions put
on me, but as an admin I realize they are not terribly unrealistic if
they actually help prevent spam. At the least the provider can
monitor all SMTP transactions for suspicious activity. That doesn't
really invade privacy if the messages are sent plain text, and
(almost) can't invade privacy if they are encrypted.
-D
--
No harm befalls the righteous,
but the wicked have their fill of trouble.
Proverbs 12:21
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
msg04566/pgp00000.pgp
Description: PGP signature
