Home page logo

nanog logo nanog mailing list archives

RE: Fun new policy at AOL
From: "Tony Hain" <alh-ietf () tndh net>
Date: Thu, 28 Aug 2003 12:53:16 -0700

Matthew Crocker wrote:
Shouldn't customers that purchase IP services from an ISP use 
the ISPs 
mail server as a smart host for outbound mail?

Look carefully at that question and find the logic error.


In case you missed it, the customer purchased 'IP' service, not 'ISP mail


We block outbound port 
25 connections on our dialup and DSL pool.  We ask our customers that 
have their own mail servers to configure them to forward through our 
mail servers.  We get SPAM/abuse notifications that way and can kick 
the customer off the network.  We also block inbound port 25 
connections unless they are coming from our mail server and 
require the 
customer setup their MX record to forward through our mail 
server.  We 
virus scan all mail coming and going that way.  We protect our 
customers from the network and our network from our 
customers.  We are 
currently blocking over 3k Sobigs/hour on our mail servers.  I would 
rather have that then all my bandwidth eaten up by Sobig on all of my 
dialup/DSL connections.

Running a walled garden is fine as long as that is what your customers are
signing up for. One question though, why aren't you also running a web proxy
and NetNanny to protect your customers from the 'bad' content on port 80?
What makes port 25 so special?

SMTP & DNS should be run through the servers provided by the ISP for 
the exact purpose.  There is no valid reason for a dialup customer to 
go direct to root-servers.net and there is no reason why a 
dialup user 
should be sending mail directly to AOL, or any mail server for that 
matter (besides their host ISP)

This line of thinking leads us to a cabal that has complete control over
communication. Think about it, a few large organizations allow/encourage
abuse, then claim that the only resolution to the abuse is to route all
communication through the centrally controlled servers. We end up back in
the PTT style monopolies where censorship becomes trivial.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]