Re: Cisco 2611 as a firewall?

["Thomas O'Dowd" <tom@example.com>]

On Thu, May 17, 2001 at 07:19:42PM +0900, Jonathan Q wrote:
> Thomas O'Dowd (tom@example.com) wrote:
> 
> > Why filter outgoing 25? Presumably you are trying to stop customers
> > who are potential spammers from directly sending email avoiding
> > your mail servers and filters. If my ISP blocked any outgoing ports
> > I'd move on... I consider it basic privacy and usually throw in PGP
> 
> You realize, of course, that the only mailservers you can connect to
> on port 25 outside of your ISPs network are improperly configured
> ones (yes, pop-before-smtp counts as improper configuration; it's
> a total kludge and we have seen it defeated by spammers), so you
> are in essence arguing in favor of open relays, at least to
> some extent.  Fair enough, some people think open relays are
> perfectly fine; I'm just kind of surprised to see it from you.
> You seem to be a fairly anti-spam kind of guy.

Hmmm. Actually, I like to run my own mailserver on my home machine and
let that do all the work for me. I'm not talking about relaying 
just connecting point to point. Its a pretty valid thing to do I would
say and I would have thought quite normal in the community of linux
users... For the record, I would consider myself as spam hating 
as the next person out there who has had email for a couple of years
now. Don't see why I should be forced to pop before smtp if I've a
mail I wanna send right away and one of my mates has gone and sent
me some silly mpeg that eats my traffic for the next 30 minutes while
I sit there helpless.

> Any argument that anyone could ever have made for allowing
> outbound port 25 from a dial pool has been taken away by the
> current widespread support for auth smtp.

Does my argument not count?

> You'll find it more and more difficult to get an ISP that doesn't
> filter outbound port 25 on their dial-up pools; many of us do it and
> more get onboard all the time. 

Sad world :(

> > for good measure. Why not have a good policy against spammers instead
> > and terminate them on valid claims of spam with some extra fines 
> > thrown in for good measure. Freedom..
> 
> Because that only works after the fact (which means that it
> doesn't work at all; it's kind of like having a law against
> burglary but leaving your door unlocked; your stuff gets
> stolen and probably never recovered, and all you can do is try to
> prosecute the burglar after the fact); the spammer gets a freebie,
> no matter what.  And that's all they want.  Spammers tend not
> to use the same account for more than one or two runs, because
> it gets terminated as soon as they're found out (well, not everywhere;
> seem pretty soft on spam).  Secondly, it's very difficult to collect
> those fines.   If you tell the spammer "We're billing you for $500
> for excessive use of system resources, cleanup, and damage control" and
> they tell you where to shove it (which they will), you'll spend
> more than that trying to get the $500 from them, and there's no
> guarantee of success.

Yeah, I thought that the fines are hard to get out of them :( Wouldn't
some sort of ban list between ISPs work? I mean, the spammer lives somewhere,
they register with you, you have their information, as in they're address,
telephone number, etc. Surely, they do it once within a telephone area,
account terminated and put on a shared ban list with other ISPs. If they
want reconnection then they have to dialup outside their area or steal
someone elses account. Hmmm, all possible too I guess. But still, I
ain't a fan of filtering.

> You sound like a person who has never worked at an ISP.  You ought
> to try it some time.  It may convert you to port 25 filtering quickly.

:) Nope, never worked for an ISP. I'd say most people sound that way
though...

> We've been doing it for about two years now, and it's pretty effective.
> The few spammers we've had have been forced to go through our SMTPs
> and as a result were even caught in the act in several cases and
> terminated while they were still sending.  And yes, it's lots of
> fun to log into the RAS, cut off the spammer, see them dial in again,
> cut them off again, see them dial again, cut them off again, until
> the update to their account status goes into effect and they get
> brushed off by the RAS  :-) 

Sounds evil *grin*

Tom.
-- 
Thomas O'Dowd. - Nooping - http://nooper.com
tom@example.com - Testing - http://nooper.co.jp/labs