SMTP relaying policies for Commercial ISP customers...?

From: Dan Ellis (no email)
Date: Fri Feb 13 2004 - 09:00:04 EST

My apologies for another annoying SMTP thread.


So, while considering enabling SMTPAUTH for all our customers, I'm
planning on placing firm policy on relaying. We're a regional broadband
ISP/MSO that also serves a significant number of educational and
commercial cable/DSL connections as well as a large number of
T1/T3/OC3/Ethernet customers.


That leaves with me needing to define how we will handle 3 situations:

1) Residential (a few dynamic IP computers)

2) Broadband Commercial (Static IP and a few forwarded IP's, a
dozen end user PC's)

3) Dedicated commercial customers (t1/ds3/Ethernet/oc3)



HISTORY: Old school thought was that as long as you are on an ISP's IP
space, you can use them to relay. This made it easy for roamers as
everyone would use the ISP's mailserver for outbound, and their
mailserver for inbound. Yes - there was always a fuzzy line for
t1/ds3/oc3 customers because some ISP's allowed their space to relay and
some did not. I'm trying to determine what the "new school" thoughts


Below are my thoughts and concerns on each. I'm interested in hearing
what others have implemented regarding policy, what the large NSP's have
implemented, and what your thoughts are.


1) Residential Policy: Enable SMTPAUTH and disallow relaying
unless the customer has a valid username/password. If you're not paying
for a mailbox, you don't get to relay outbound. This should not break
anything except those residential accounts that *should* be commercial

2) Broadband commercial: This is the difficult one. These are the
customers that aren't big enough to rightfully run their own mailserver,
but they are big enough to have roaming users on their networks (coffee
shops, branch offices, hotels, SOHO....). They expect relaying service
for either their mailserver or for all their various PC's. At the same
time, they don't have many, if any mailboxes through the ISP. My
thought is that they should ONLY be allowed to relay via SMTPAUTH by
using a residential mailbox login/pass OR they need to purchase a
commercial relay service (expensive because of the openness of it) for
their IP space.

3) T1+ : These customers should not be allowed to relay unless
they purchase (expensive) relay services for their IP space. Of course,
they can always use a residential mailbox, but will have to use SMTPAUTH
for it and will be restrained by the same policies residential mailboxes
have (low tolerance tarpitting,...).



As always, thanks in advance.




Daniel Ellis, CTO, PenTeleData

Hosted Email Solutions

Invaluement Anti-Spam DNSBLs

Powered By FreeBSD   Powered By FreeBSD