Blocking MX query
Hi All, I've read old archive about blocking SMTP port (TCP port 25). In my current situation we are mobile operator and use NAT for our subscribers and we have few spammers, a bit difficult to track it because mostly our subscribers are prepaid services. If we block TCP port 25, there might be good subscribers will not be able to send email. We are thinking to block MX queries on our DNS server, so only spammer that use their own SMTP server will got affected. All DNS queries from our subscribers already redirected to our DNS cache servers. But seem Bind don't have feature to block MX query. Any best practice to block MX query? Regards Ibrahim
Re: Blocking MX query
Not block, but we use DNS transparent proxy mechanism. We need to do this as our government request all ISP to block porn sites :-) Regards Ibrahim On Tue, Sep 4, 2012 at 5:13 PM, Bacon Zombie baconzom...@gmail.com wrote: Are you saying that you only allow your subscribers to use your DNS Servers and block access to all other DNS Server? On 4 September 2012 11:07, Ibrahim ibrah...@gmail.com wrote: Hi All, I've read old archive about blocking SMTP port (TCP port 25). In my current situation we are mobile operator and use NAT for our subscribers and we have few spammers, a bit difficult to track it because mostly our subscribers are prepaid services. If we block TCP port 25, there might be good subscribers will not be able to send email. We are thinking to block MX queries on our DNS server, so only spammer that use their own SMTP server will got affected. All DNS queries from our subscribers already redirected to our DNS cache servers. But seem Bind don't have feature to block MX query. Any best practice to block MX query? Regards Ibrahim -- ??? BaconZombie LOAD *,8,1
Re: Blocking MX query
Hi Suresh, We create special NAT that all destination use TCP port 25 will be NATed to one public IP address only. And this public IP address is registered on most of RBLs. But we are still receiving complaint about spammer from this public IP address :-) Regards Ibrahim On Tue, Sep 4, 2012 at 5:12 PM, Suresh Ramasubramanian ops.li...@gmail.comwrote: Feel free to block port 25. Most if not all mail providers offer email access on webmail and on an alternate smtp port (587) If you have NAT - the problem is that if you have spammers abusing your service (or abusing other services on port 25) providers will end up blocking your NAT gateway IP and then you have a problem. You will want to look at walled gardens or similar to block spamming / infected users. Please see the maawg best practice for walled gardens and port 25 management. On Tue, Sep 4, 2012 at 3:37 PM, Ibrahim ibrah...@gmail.com wrote: Hi All, I've read old archive about blocking SMTP port (TCP port 25). In my current situation we are mobile operator and use NAT for our subscribers and we have few spammers, a bit difficult to track it because mostly our subscribers are prepaid services. If we block TCP port 25, there might be good subscribers will not be able to send email. We are thinking to block MX queries on our DNS server, so only spammer that use their own SMTP server will got affected. All DNS queries from our subscribers already redirected to our DNS cache servers. But seem Bind don't have feature to block MX query. Any best practice to block MX query? Regards Ibrahim -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Blocking MX query
All, thanks for the input and comment. In summary, I will block TCP port 25. My DNS loadbalancer (F5) can filter MX query and need license to do it. But given the information the botnet use address list with pre-resolved IP addresses then blocking MX query is not the answer :-) Thanks Regards Ibrahim On Wed, Sep 5, 2012 at 9:18 AM, George Herbert george.herb...@gmail.comwrote: On Sep 4, 2012, at 12:07 PM, William Herrin b...@herrin.us wrote: You are. You should be doing SMTP Auth to *your* email server on which you have an authorized account and then letting it relay your messages to the world. This is not the thread for this conversation per se. The practicality of general ISP 25 blocking is established for antispam purposes. So are power users running home domains. Different user profiles. Different circumstances. George William Herbert Sent from my iPhone