Home | Aktuell   Startseite   www.init7.com [English]   Medienmitteilungen   Access Services   Gratis Surfen | Dial-In   ADSL | VDSL | SDSL   E1 Leased Line   Business Ethernet Service   Business Optical Service   IP Transit   Hosting Services   Web-Hosting   Serverhousing   Streamserver   Rackspace   Bundle Colo & IP Transit   Backbone | Netzwerk   Backbone | Peering Policy   DNS Server   IP Adress Test | Whois   Traceroute   Looking Glass   Technologie   Multihoming (BGP4)   bgp4cast   iALiVE.NET Webmonitor   Dial-Spam-Block   Webalizer ASN Extension   Firma   Kontakt   Team   offene Stellen   Referenzen   Geschichte   AGB   Service | Support   SPAM Filter   2nd DNS Admin   Webmail   Netzwerk Status

Init Seven AG has developed a protection for it's anonymous Dial-In Access against abuse through spam. The configuration prevents the delivery of mail directly to the MX-Host of the recipient (avoiding the SMTP Server of the ISP). This is (at least in Switzerland) a common technique by abusers. The following configuration is free software and highly recommended to be used by other providers. Please contribute to the worldwide fight against spam. Schematic Redirection of SMTP Traffic from Dial-in Clients *) protected with the Dial-Spam-Block Let's assume the following: dynamic IP Range for Dial-In Users: 192.168.10.0/24 IP address of SMTP Server: 192.168.20.20 (SMTP Server must not have an address from the Dial-Range!) the SMTP Server is already protected with the Dial-Spam-Block Configuration of the Core Router (Cisco Syntax): (adjust interface name to interface which is connected to the internet) ! access-list 100 remark SMTP Redirect of Dial-Customers to smtp.providername.com access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq smtp ! route-map SMTP-Redirect permit 10  match ip address 100   set ip next-hop 192.168.20.20 ! interface FastEthernet 0/0  description connected to Internet  ip policy route-map SMTP-Redirect ! ! Configuration of the SMTP Server (Linux Syntax): (SMTP Server must support IPtables) iptables -A PREROUTING --table nat --protocol tcp --source 192.168.10.0/24 \ --dport 25 -j DNAT --to 192.168.20.20 You might use this init script to set the iptable rules at boot time. Feedback (English or German) to the configuration above is welcome: Please send it to Fredy Künzler. The anti-spam configuriation has been developed with support from Raffael Marty and Marco Steinacher. Further reading regarding security: security.raffy.ch Gianpaolo (Phlog) has done further development of this concept. Last Edit: 20.06.2006

	© 2000-2008 by Init Seven AG, all rights reserved. Init Seven AG - Elias Canetti-Strasse 7 - CH-8050 Zürich - Switzerland Tel. +41 44 315 4400 - Fax +41 44 315 4401 - info@init7.net Init Seven AG is an incorporated company registered under CH-020.3.001.417-3 (HR) / Treuhand / Revision Programming by Fredy Künzler, Graphics by oha werbeagentur Init Seven AG participates in: Netlantis spamdex.org SwiNOG SwissIX freshmeat.net blogg.ch bgp-and-beyond.com ISI Init Seven AG supports: soda-project tanzinwinterthur Winterthurer Musikfestwochen blog.kuenzler.ch swissradio.org Init Seven AG is connected to: AMS-IX DE-CIX FreeIX NL-IX NYCX NYIIX PAIX NYC SwissIX TIX VIX and much more... Fredy Künzler kandidierte für den Gemeinderat Winterthur. Partner-Sites: colo.ch Erwachsenenbildung movies-and-more.ch Lienhard AG soundcheck.org SEM-Seminare Websiteclinic
					examedia: zeitung hotel biblio telefon shop garten lexikon communio travel tv bildung unterkunft