Source address validation (was Re: UUNet Offer New Protection

From: Paul Vixie <>
Date: 08 Mar 2004 06:35:16 +0000 (Ken Diliberto) writes:


> We're now blocking all SMTP traffic leaving the campus from non-blessed
> sources (read mail servers). The first day doing this we had comments
> about less junk mail traffic. We block traffic we consider harmful that
> shouldn't leave the campus. We're trying to do our part.
> Any suggestions how we can do better?

yes. contact the nanog program committee so you can come to san francisco
and tell the rest of us how you did it -- both in the ones and zeros, and
in the dollars and cents.


This is MY take and not Ken's...

Firewall: block port 25 from all internal hosts except those
'recognized' as mail servers.

For a user or department to get a mail server set up and 'recognized',
they probably have to go through some sort of "qualification" and
scanning process to ensure that the mail host is configured

Going to San Francisco is still a good idea though.

Gregory Hicks