nanog mailing list archives
Re: Breaking the internet (hotels, guestnet style)
From: Andrew Cox <andrew () accessplus com au>
Date: Tue, 08 Dec 2009 12:14:01 +1030
Suresh Ramasubramanian wrote:
The problem with doing that is that users don't understand it. All they know is that "it doesn't work here and it does at home".You could just firewall off port 25 and leave 587 open - to save yourself from a bunch of viruses and such. A lot of people will use webmail anyway - from a hotel. And you avoid getting blacklisted
We currently redirect to a couple of dedicated mail relays that will accept any email where:
a) the source address = the email address the put on their signup and b) is not detected as spamAlternatively there's a throttling table and spam filter on everything else that comes through.
We can also just force the box to accept any unsecured auth-attempts however the SMTPS over port 25 is still a problem. Don't see how any system could examine that mail without causing certificate errors. Allowing it to pass to the original server based on the first packet being detected as a secure connection may be possible thou.The other option is to install a device that examines email flows and allows only stuff it doesnt think is spammy (netflow for email kind of, with all the bayesian etc secret sauce). Two devices come to mind * Symantec E160 (used to be called turntide, and before that, back in 2002-03, spam squelcher) * Mailchannels (www.mailchannels.com) There's probably a few more that do this and are totally transparent.
On Tue, Dec 8, 2009 at 6:54 AM, Andrew Cox <andrew () accessplus com au> wrote:I would be interested to hear what people have to say about this, as the only other option I could think of would involve checking the incoming connection to see if the end user was trying to authenticate to a mail server before determining where to forward the connection onto (Layer 7 stuff, gets a bit tricky)
Current thread:
- Re: news from Google, (continued)
- Re: news from Google Curtis Maurand (Dec 03)
- Re: news from Google Michael Holstein (Dec 07)
- Re: random DNS, was news from Google John Levine (Dec 07)
- Breaking the internet (hotels, guestnet style) Jared Mauch (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Paul Timmins (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Brielle Bruns (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Jared Mauch (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Suresh Ramasubramanian (Dec 07)
- Re: news from Google Michael Holstein (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Suresh Ramasubramanian (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 07)
- Re: news from Google Curtis Maurand (Dec 03)
- Re: Breaking the internet (hotels, guestnet style) Joe Greco (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Mark Andrews (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) sthaug (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Mark Andrews (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Owen DeLong (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Owen DeLong (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Jens Link (Dec 09)
- Re: Breaking the internet (hotels, guestnet style) Owen DeLong (Dec 09)