Let's try another approach... premise... block all dialup SMTP port 25 to start... Then open it up (the ISP SMTP server) for dial-up users who have SMTP auth... a very simple software solution... ;)
I know of one big ISP here, who blocks SMTP sending via their dialups.. very typical... However, they do allow SMTP sending through their SMTP servers, if client auths via SMTP... and you can send not just using their domain name (your ISP email address), but you can send using any FQDN... The key here is SMTP Auth.. to open up 25... and then use their SMTP servers.
Yes, that's the typical solution. It forces users to use their provider smtp server, and not any other one. It's limiting freedom. For whatever reasons some users may not want - or can not - use that server. For example, let me think... yap: suppose you need to relay using your bussiness smtp server, so that, even if outside, you can email internal only addresses, or simply, be authenticated as a bussiness mail. Firewalling the users is tricky. It may be good for some things, bad for others. The big ISP I use here do not have any firewalling at all, the network is transparent. Like a piece of ethernet cable. That's why I get port scans, and many attempts to connect to port 445 (Microsoft-DS), to name one.
Well, that takes care of outbound email.... now the only problem is inbound SMTP .. LOL.... but, since it is a dial-up... most dial-up users would not be using their own email servers anyway at least for inbound mail :) so... only problem left would be inbound SMTP for DSL customers .... LOL... several DSL customers here are not blocked on 25 in or outbound ... your mileage may vary..
No, of course, inbound smtp has no sense in dialup. No need to block it, because the IP is dynamic, therefore very dificult to use. Just imagine, the line goes down, you reconnect, you get another IP, and some poor user with windows starts getting smtp connections in your stead X-) DSL is diferent, I have friends with DSL, a .org domain, http server, smtp, pop, ftp, etc. A small server, that is. It is probably a small bussines DSL, but the difference here is simply contractual, not technical: both are on the same pool. -- Cheers, Carlos Robinson