From: Suresh Ramasubramanian (no email)
Date: Thu Jan 12 2006 - 22:46:12 EST
On 1/13/06, Todd Vierling <tv at duh dot org> wrote:
> (Your new SMTP port filters put in today in the Atlanta market are a step in
> the right direction, but they are configured incorrectly: They block
> outbound connections to port 25, which is good -- but they are also blocking
> *inbound* connections to a local SMTP receiver, which protects nothing and
> simply annoys those of us who have a clue.)
What they're *trying* to do is actually quite sensible, and beats
spammers trying to do asymmetric routing / source address spoofing
type stuff
I guess what they actually should do is filtering inbound connections
FROM port 25 to any port.
Thread starting from
http://www.merit.edu/mail.archives/nanog/2005-01/msg00127.html for
example
And an example of how people get bitten without doing that ..
What Hank thought: http://www.cctec.com/maillists/nanog/current/msg03171.html
Actual issue: http://www.cctec.com/maillists/nanog/current/msg03232.html
(which is what it turned out to be .. unidirectional port 25 filtering
and a customer - nigerian spammer rather - who was sending out packets
through a satellite interface but with Hank's IP as the source IP)
srs
-- Suresh Ramasubramanian (ops dot lists at gmail dot com)
|
|
|