Date: Fri, 24 Sep 1999 19:35:30 -0500 From: Jacques Vidrine <n@nectar.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: chat@freebsd.org Subject: Re: Filtering port 25 (was Re: On hub.freebsd.org refusing to talk to dialups) Message-ID: <19990925003530.6331CBE08@gw.nectar.com> In-Reply-To: <199909241637.JAA02838@gndrsh.dnsmgr.net> References: <199909241637.JAA02838@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[moving to -chat, since there is no fit here] On 24 September 1999 at 9:37, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> wrote: [snip] > Perhaps you should try being in the business and having to deal with > the calls that happen when some luser signs up with you for the purpose > of spamming and admin's around the world start to flood your abuse@domain > address with the spammers junk. Perhaps you should have to make the > calls to get your IP space unblocked from certain entities due to the > actions of 1 bad luser. Well, I started the first ISP in New Orleans in 1994, and ran it through late 1998. I was VP Technology of Verio Midamerica for most of 1998 as well (that involved 10 ISP operations). I'm fairly familiar with the problem. :-) In fact, I've dealt with this very issue (filtering packets with destination TCP port 25 and a dial-up source address) before. So, I do speak from some experience. I am not advocating making it easy for spammers. The RBL has been a huge help, and the DUL looks potentially even more helpful. I just object to blocking legitimate traffic. I applaud your effort at monitoring this traffic from your dial-up users, to help you catch spammers early, but filtering should be something for which they opt-in. > If we have an AUP that states that all outbound smtp port 25 connections > shall be via our smarthost relay hosts we darn well have a right not > only to monitor that this is being done, we further more have a right > to inforce it if we so decide to. Of course you do have the ``right'', in a legal sense. An ``ISP'' also has the right to not deliver any traffic with a destination port of, say, 17, or 80 even. That doesn't make it a _good_ policy. To risk repeating myself, I believe that a company that doesn't deliver the legitimate (non-fraudulent) traffic of its customers is _not_ really an Internet Service Provider, but something else. ``A JSP perhaps?'' a friend and colleague of mine, with much more experience than me, once said :-) Analogously, a host can choose not to support, say, IP fragment reassembly, but then it isn't then a host (by RFC 1122). Yes, I know there is no RFC or other standards document that says what an ISP is and how one must perform. I am merely expressing my opinion on the matter. > If you want us to be a transpart IP transport you are asking us to > waive our AUP. We can, but your contract is going to have to be > specially written, and will have serous damage clauses attached to > it that will basically allow us to terminate your contract without > notice, yet collect the balance due on your contract. I couldn't quite parse this. [snip] > We don't, but your violating IETF standards by doing anything other > than smtp on port 25 of tcp. AFAIK, there is no IETF standard which disallows traffic other than SMTP to flow on port 25. That isn't to say that it is wise to use ports in a way that conflict with the IANA Assigned Numbers (rfc1700?). Such use would probably be a response to some temporary problem, or maybe an experimental protocol. But, the point is, that is not the concern of the ISP. It is the business of the customer, only. The ISP is simply to deliver the packets from A to B. You skipped the issue of customers that do not wish to push their SMTP traffic through your mail server (which is the more realistic scenario). What do you do with the conscientious business customer that has dial-up account with you, but due to company policy needs to push SMTP through their own mail server? > Violating IETF standards is not a good thing to do, and violating an > ISP's AUP is also not a good thing to do. Agreed. > The only real reason to run something other than smtp on port 25 > is to circumvent firewalls, How do you know? > which can lead to legal prosecussion. It might be my own firewall! > ISP's are _not_ common carriers, or at least the courts haven't made > up thier minds on this one. I don't suggest that they are common carriers (though I would guess that in time they will be). I suggest that an ISP is in the business of moving packets. Arbitrarily filtering packets conflicts with that business. > > Don't throw out the baby with the water! > > If the baby is causing us problems we darn well throw him right out! > And we will collect a big chunk of money from them in the process. Agreed, if the baby == spammer. I still disagree, though, in that I meant baby == legit customer. Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990925003530.6331CBE08>