On 10 Jun 2004, at 07:52, Jeremy Brake wrote:
This would work perfectly in a world of static IPv6 networks. Unfortunately, while we are all stuck using Dynamic IP pools, especially on dialup, when customers disconnect every 3 or 4 minutes, and IP addresses are re-assigned constantly, this (like almost all the previous suggestions) just isn't really feasible - especially from a helpdesk point of view.
The suggestion of blocking 25/tcp connections outbound from customers by default (or restricting them to set of ISP mail servers), and disabling that behaviour on request for specific users, is not hard. You can hand out appropriate per-user filter specifications in a RADIUS profile. As to the uselessness of this in the face of worms which send spam using the configured smarthost -- if the only smarthost the worms can reach is the ISP's mail server, you have an opportunity to spam-filter outbound mail from customers and to take appropriate action if the filters are getting exercised too much. The real trouble with these approaches is that they cost the ISP money without providing much of a return -- the benefit to blocking outbound spam from your own customers is felt by the rest of the world, who probably aren't going to pay you for it. The only remaining benefit to the ISP is that they can save money on their abuse desk because the number of complaints received about customers ought to go down (but then, an ISP that concerned with revenue probably doesn't have a functional abuse desk anyway). Joe