> >...block essentially all outgoing TCP connections from any
> >of your internal (non-firewall) machines to port 25 on any machine which
> >is outside of your domain.
> This is very nice, except that you've now created a large technical
> problem for ISPs that support roaming users. Where once a user
> could simply select a number off a list, dial in, and work as
> normal, now the user must somehow find out the SMTP mail server
> address for that particular ISP and know how to reconfigure his
> MUA to use that. This may be trivially easy for you, but it's not
> for the vast majority of people out there, and they will simply
> choose another ISP to give their roaming dollars to rather than
> deal with the hassle.
around here, reconfiguration problems aren't the reason - there's plenty
of other problems (such as too slow).
That may be because this ISP actually has set up *all* their nationwide
dialin points. And that's because it's run by the (still monopolistic)
It's t-online.de. Last time I looked, they ran a modified smail
3.something that did heavy header rewriting based on the login used (that
is, it probably knows how to access the database used to give out the
dynamic IP numbers).
Around here, this is probably the largest ISP by far. And they probably
have more dialin points than all the others combined - all those they
already used for their crappy online service, originally called Btx, then
Datex-J, and finally T-Online. Now that they have IP access, people are
I have no idea how they are doing it, but I can assure you that they are.Quote:> In practice it's the modifications you'd need to make to sendmail
> seem to me to be less than trivial. The only way you can find out
> what user is sending mail is to look up who is currently using that
> particular IP address. There is no standard method of doing this.
> I would be interested to hear how you had planned to implement
What they are not doing is limiting mail - or maybe I should take that
back: they *did not*.
I remember a report in the radio that said one of their customers had
tried to mail everybody else, it seems auto-generating addresses (doable
in theory because everybody gets a phone number based address by default)
and producing about 90% bounces for some million mails. Besides being
fairly angry about at and saying that they were talking to their lawyers,
they said they were implementing some automatic detection so in a similar
case, all those mails would go to another machine and not disturb the
normal mail service. No idea how good this actually is; you could try to
look at their web pages to find someone to ask.