|
||||||||
* Quoting Alex Neuman van der Hans (alex at nkpanama dot com): > Rolf Kutz wrote: > >* Quoting Alex Neuman van der Hans (alex at nkpanama dot com): > > > > > >>I've set up a few. Definitely your best shot would be to use m0n0 for > >>your firewall/routing needs, along with a bit of traffic shaping. I'd > >>block outgoing port 25 to prevent abuse (and let your clients know that > >> > > > >This helps preventing abuse like castration > >prevents rape. How shall people contact their > >providers smtpd if 25 is blocked? > > > > > Two ways. One would be to set up an internal mailserver running > MailScanner (http://mailscanner.info) that works as an internal relay > and set up a forwarding rule just like some people do for squid caching. > > The other would be to have a notice in the captive portal page that says > that you should use your company's (or your ISP's) webmail instead, or > services like mail2web.com, or use SSL (smtps), or port 587, or a VPN. > It *would* require having knowledgeable staff, which in some hotels > isn't the case. How does using smtps or vpn reduce abuse, if I would be sending mail over my ISPs smtpd anyway? And pointing to webmail doesn't really help either. The question is whether you want to offer _Internet_access or _web_access? Why not block everything but Port 80? Abuse can be done with ftp, ssh or netcat. > This isn't as crazy as it sounds. I've set up several > hotels/resorts/golf clubs like this, and I've been to quite a few here > and all over the world that do the same thing. A million flies can't be wrong? I really hate internet cafés where I can't even run putty or they even block ssh and I can't log into my servers. If they offer Internet they should deliver unfiltered IP. Next thing you know is they block you from "harmful" websites, too. - Rolf |