Home page logo
/

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: Jason Slagle <raistlin () tacorp net>
Date: Thu, 24 May 2001 20:04:34 -0400 (EDT)


On Thu, 24 May 2001, Roeland Meyer wrote:

From: Jason Slagle [mailto:raistlin () tacorp net]
Sent: Thursday, May 24, 2001 12:57 PM

We tell users that if they roam they need to use the mail 
server of the place they are roaming to.

Not without an NDA from us, you're not. Corp traffic stays on corp servers
and anyone diverting it elsewhere will get a sharp phone call from our legal
department. It'll be called industrial espionage. Kashpureff went to jail
for something similar. Of course, we usually use PPTP.

And, as a business we wouldn't divert you.  This is only a solution for
Resi accounts.


As a matter of fact, we are in the process of setting up a 
set of rules to
divert all port 25 bound traffic on our dialups to local mail servers.

Is this your actual place of business? I will make sure that our account
reps are not allowed to use your service or POPS, whilst on the road. Also,
since I'll be doing business with your competition, I'll clue their
marketing departments in on this wonderful opportunity for them. Since this
will also prevent your downstreams from running their own SMTP servers
(which more than one of them probably are), you will probably lose them as
well.

As I said, it's for resi customers only, and only out of the dialup
pools/DSL pools for them.

If everyone diverted all local traffic to a local mail 
server, the problem of open relays would go away.

Problems usually go away when the customers do...

You probably should talk to your marketing and legal folks, before going
quite that far.

Well, AOL doesn't seem to be losing customers at a very high rate doing
the same thing.  All outbound port 25 traffic on AOL gets diverted to
internal mail servers.  This may not be fully implemented yet, but where
it is it works great.  Even stamps an X-Apparently-From in there with the
real AOL "Screen Name".  Since doing this AOL Spammers have gone to a near
0 level.

Last I read, UU.Net is starting to force all their dialup resellers to use
a filter or diversion on port 25 too.

Except the rare telecommuter (Who in all reality should be using a
business account anyways, as there is no price difference, just one is
taxable and goes into a different group), I don't see there being a real
reason a residential dialup account needs to use a non-local mail server,
IF you trust local users to specify domains.  If you don't, all bets are
off.

As has been said several times, there is no 1 thing that works for
everyone.  It takes a combination of things to work.  Port 25 diverting is
just one tool in the proverbial belt.

-- 
Jason Slagle - CCNP - CCDP
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin () tacorp net - jslagle () toledolink com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  . If dreams are like movies then memories
 X  - NO HTML/RTF in e-mail  .   are films about ghosts..
/ \ - NO Word docs in e-mail .     - Adam Duritz - Counting Crows





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]