North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Nanog List
  • Date: Thu Feb 03 10:53:33 2005

I know that I'm in the middle of trying to figure this out with the mail
server software that is used where I work but if limits are going to be put
into
place per email box of say 1,000 messages per day and a total daily sending
limit of say 200 megabytes, I feel there also needs to be methods in place
for the end-user (customer) to be able to view where they stand in
relationship to their "quota".

Yes this becomes more of something for the "help desk" side of a provider
but as operations, I have to support the "help desk" in being able to give
the user information when they call about the "limits"

David
----- Original Message ----- 
From: "Gadi Evron" <ge@linuxbox.org>
To: "Raymond Dijkxhoorn" <raymond@prolocation.net>
Cc: <Michael.Dillon@radianz.com>; <nanog@merit.edu>
Sent: Thursday, February 03, 2005 10:14 AM
Subject: Re: Time to check the rate limits on your mail servers


>
> > Did you actially read the article? This was about drones sending out via
> > its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In
> > general sure, good ide, and also start using submission for example. But
> > in this contect its silly.
>
> No, it is relevant or I wouldn't have mentioned it.
>
> Allow me to elaborate; and forget about this article, why limited
ourselves?
>
> Once big ISP's started blocking port 25/outbound for dynamic ranges, and
> it finally begun hitting the news, we once again caused the spammers to
> under-go evolution.
>
> In this particular case, they figured they'd have to find better ways to
> send spam out, because eventually, they will be out of working toys.
>
> Using the user's own mail server, whether by.. erm.. just utilizing it
> if that is possible, sniffing the SMTP credentials or stealing them from
> a file/registry, maybe even using Outlook to send is all that's about to
> happen.
>
> heck, I don't see how SMTP auth would help, either. They have local
> access to the machine.
>
> Now, once 100K zombies can send *only* 1000 spam messages a day instead
> of 10K or even 500K, it makes a difference, but it is no solution.
>
> I am happy to see people are starting to move this way, and I personally
> believe that although this is happening (just go and hear what Carl from
> AOL says on Spam-R that they have been seeing since 2003), this is all a
> POC. We have not yet begun seeing the action.
>
> Should I once again be stoned, or will others see it my way now that the
> tide is starting to turn?
>
> Gadi.
>