Home page logo

nanog logo nanog mailing list archives

Re: Fun new policy at AOL
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Thu, 28 Aug 2003 08:07:55 -0700 (PDT)

On Thu, 28 Aug 2003, Matthew Crocker wrote:

Shouldn't customers that purchase IP services from an ISP use the ISPs 
mail server as a smart host for outbound mail? 

applying that standard just how large do you have to get before 
you "graduate" to running your own smtp server. "I'm sorry we won't accept 
mail from you because you're not an lir?"

We block outbound port 
25 connections on our dialup and DSL pool.  We ask our customers that 
have their own mail servers to configure them to forward through our 
mail servers.  We get SPAM/abuse notifications that way and can kick 
the customer off the network.  We also block inbound port 25 
connections unless they are coming from our mail server and require the 
customer setup their MX record to forward through our mail server.  We 
virus scan all mail coming and going that way.  We protect our 
customers from the network and our network from our customers.  We are 
currently blocking over 3k Sobigs/hour on our mail servers.  I would 
rather have that then all my bandwidth eaten up by Sobig on all of my 
dialup/DSL connections.

SMTP & DNS should be run through the servers provided by the ISP for 
the exact purpose.  There is no valid reason for a dialup customer to 
go direct to root-servers.net and there is no reason why a dialup user 
should be sending mail directly to AOL, or any mail server for that 
matter (besides their host ISP)


Joel Jaeggli           Unix Consulting         joelja () darkwing uoregon edu    
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]