[c-nsp] SMTP
Alexander Clouter
alex at digriz.org.uk
Mon Mar 15 12:04:50 EDT 2010
Mohammad Khalil <eng_mssk at hotmail.com> wrote:
>
> we have a lot of our customers that are uses SMTP servers other than
> our own server which causes the subnet to be black listed
>
My guess is that you are not cleanly labelling your IP space which means
the jobs of the people maintaining blacklists have no idea about the IP
usage of your network. As they have no information, and I guess you
might ignore your abuse@ mailbox, you get a /24 listing after repeat
offences.
You need to give your customers IP space clear and up-to-date reverse
DNS (PTR) records and where possible detailed WHOIS information on your
address allocations. This means that when one of your customers is
blacklisted the maintainer has information available to them to make a
more targeted listing. I imagine at the moment your WHOIS space
probably just says "this /20 is ours", rather than "this /26 belongs to
company X which makes up part of our /20 allocation"?
You then need to pro-actively monitor (typically blacklisting only
occurs if you ignore your abuse@ mailbox to be honest) all the main
blacklists and act when you see a listing and deal with the problem.
> we tried to block them from accessing any other SMTP server except our
> own server using access lists on our core routers it works fine but is
> that the optimal solution for that?? is there any other ways to do
> that ?
>
It's a solution, however if you are dealing with business customers you
are only likely to end up annoying them. Watch of the following
excellent presentation for hints on how to do things properly:
http://tinyurl.com/yb5zt4f
And the slides are at:
http://www.cl.cam.ac.uk/~rnc1/talks/090401-emailspam.pdf
Cheers
--
Alexander Clouter
.sigmonster says: It is better to have loved and lost -- much better.
More information about the cisco-nsp
mailing list