[c-nsp] SMTP

Alexander Clouter alex at digriz.org.uk
Mon Mar 15 12:04:50 EDT 2010


Mohammad Khalil <eng_mssk at hotmail.com> wrote:
> 
> we have a lot of our customers that are uses SMTP servers other than 
> our own server which causes the subnet to be black listed
>
My guess is that you are not cleanly labelling your IP space which means 
the jobs of the people maintaining blacklists have no idea about the IP 
usage of your network.  As they have no information, and I guess you 
might ignore your abuse@ mailbox, you get a /24 listing after repeat 
offences.

You need to give your customers IP space clear and up-to-date reverse 
DNS (PTR) records and where possible detailed WHOIS information on your 
address allocations. This means that when one of your customers is 
blacklisted the maintainer has information available to them to make a 
more targeted listing.  I imagine at the moment your WHOIS space 
probably just says "this /20 is ours", rather than "this /26 belongs to 
company X which makes up part of our /20 allocation"?

You then need to pro-actively monitor (typically blacklisting only 
occurs if you ignore your abuse@ mailbox to be honest) all the main 
blacklists and act when you see a listing and deal with the problem.

> we tried to block them from accessing any other SMTP server except our 
> own server using access lists on our core routers it works fine but is 
> that the optimal solution for that?? is there any other ways to do 
> that ?
> 
It's a solution, however if you are dealing with business customers you 
are only likely to end up annoying them.  Watch of the following 
excellent presentation for hints on how to do things properly:

http://tinyurl.com/yb5zt4f

And the slides are at:

http://www.cl.cam.ac.uk/~rnc1/talks/090401-emailspam.pdf

Cheers

-- 
Alexander Clouter
.sigmonster says: It is better to have loved and lost -- much better.



More information about the cisco-nsp mailing list