|
OK, I'm concerned we're getting confused here. You CAN NOT simply turn off port 25 access from the outside world to your SMTP host! If you do, how do you expect to get inbound e-mail? There are two different scenarios here: 1) connections from anywhere on the net where the mail is addressed to someone AT YOUR location 2) connections from anywhere on the net where the mail is addressed to someone NOT at your location Scenario 1 is how you get YOUR mail. You can not turn that off or you have no mail. Scenario 2 is what is called relaying. Relaying must be disabled in the SMTP server (or a SMTP-aware proxy/firewall) by looking at the RCPT TO commands in the SMTP stream. It's simple enough to turn off relaying at the server, but here's the hitch. If you do that then your employees dialed into the net from the outside world won't be able to use your SMTP server to send their mail. There are several possible solutions to this: 1) Allow relaying from internal addresses only and have them connect to your LAN via a VPN connection. Then they can access the SMTP server from an INTERNAL address and all is good. A spammer trying to relay off you would access from an external address and be denied. (IMHO this is the best solution as the VPN allows so many other "cool" things too.) 2) Allow relaying from external addresses ONLY if user validates w/a password. This works too, but obviously requires a SMTP server that supports authentication. IIRC, authentication isn't part of the base RFC, but rather an ESMTP extension. Does the AS/400s SMTP server support this? 3) Use a higher-level mail client like exchange or domino. In the case of Exchange (and I think, domino) I'm not actually sending SMTP mail from my PC. I'm sending a message into Exchange and Exchange passes it off to the SMTP sender at the server. Using products like Exchange and Domino would also allow the use of browser-based access to e-mail so the road-warriors could check/send e-mail from any web browser in the world. -Walden ------------ Walden H Leverich III President Tech Software (516)627-3800 x11 WaldenL@TechSoftInc.com http://www.TechSoftInc.com -----Original Message----- From: R. Bruce Hoffman, Jr. [mailto:rbruceh@attglobal.net] Sent: Tuesday, November 20, 2001 6:50 PM To: midrange-l@midrange.com Subject: Re: fix.your.open.relay.or.die.net ----- Original Message ----- From: "Fritz Hayes" <fhayes@spiritone.com> To: <midrange-l@midrange.com> Sent: Tuesday, November 20, 2001 6:13 PM Subject: RE: fix.your.open.relay.or.die.net > POP3 or IMAP. How would you propose setting up the SMTP server on the > AS/400 or Domino to service these users without the user/password > technique? It's not really something that _should_ be done on the 400 or any other smtp server (sendmail, etc.). It's something your firewall should do at a minimum. Two ways: NO access from outside networks, just filter off port 25 the other - allow access only from specific static IP addresses. ATT and some of the other big players do this, which is why you have to dial in to their systems and use their assigned addresses in order to access their smtp servers. The idea is that you should not allow access to _any_ smtp server from unrestricted/uncontrolled hosts. =========================================================== R. Bruce Hoffman, Jr. -- IBM Certified Specialist - AS/400 Administrator -- IBM Certified Specialist - RPG IV Developer "I want to be different, just like everybody else!" - Ceili Rain _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.