× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2001

RE: fix.your.open.relay.or.die.net

Please rethink any decision to disable SMTP and rely on Exchange to send
outgoing mail.  These non-standard solutions just create complexity in an
arena that is already fairly well defined.

Another solution that works is to allow SMTP only to people that have
checked their incoming mail within 15 minutes.  Then your users, however
they access the internet, can check their mail and send mail, but spammers
can't relay through you.

pair.com does that and I have been their customer for a couple of years.  It
works just fine.

--------------------------------------------
Booth Martin
MartinB@Goddard.edu
802-454-8315 x235
--------------------------------------------
-------Original Message-------
From: midrange-l@midrange.com
Date: Wednesday, November 21, 2001 09:38:59 AM
To: 'midrange-l@midrange.com'
Subject: RE: fix.your.open.relay.or.die.net
OK, I'm concerned we're getting confused here. You CAN NOT simply turn off
port 25 access from the outside world to your SMTP host! If you do, how do
you expect to get inbound e-mail? There are two different scenarios here:
1) connections from anywhere on the net where the mail is addressed to
someone AT YOUR location
2) connections from anywhere on the net where the mail is addressed to
someone NOT at your location
Scenario 1 is how you get YOUR mail. You can not turn that off or you have
no mail.
Scenario 2 is what is called relaying. Relaying must be disabled in the SMTP
server (or a SMTP-aware proxy/firewall) by looking at the RCPT TO commands
in the SMTP stream. It's simple enough to turn off relaying at the server,
but here's the hitch. If you do that then your employees dialed into the net
from the outside world won't be able to use your SMTP server to send their
mail. There are several possible solutions to this:
1) Allow relaying from internal addresses only and have them connect to your
LAN via a VPN connection. Then they can access the SMTP server from an
INTERNAL address and all is good. A spammer trying to relay off you would
access from an external address and be denied. (IMHO this is the best
solution as the VPN allows so many other "cool" things too.)
2) Allow relaying from external addresses ONLY if user validates w/a
password. This works too, but obviously requires a SMTP server that supports
authentication. IIRC, authentication isn't part of the base RFC, but rather
an ESMTP extension. Does the AS/400s SMTP server support this?
3) Use a higher-level mail client like exchange or domino. In the case of
Exchange (and I think, domino) I'm not actually sending SMTP mail from my
PC. I'm sending a message into Exchange and Exchange passes it off to the
SMTP sender at the server. Using products like Exchange and Domino would
also allow the use of browser-based access to e-mail so the road-warriors
could check/send e-mail from any web browser in the world.
-Walden
------------
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
WaldenL@TechSoftInc.com
http://www.TechSoftInc.com
-----Original Message-----
From: R. Bruce Hoffman, Jr. [mailto:rbruceh@attglobal.net]
Sent: Tuesday, November 20, 2001 6:50 PM
To: midrange-l@midrange.com
Subject: Re: fix.your.open.relay.or.die.net
----- Original Message -----
From: "Fritz Hayes" <fhayes@spiritone.com>
To: <midrange-l@midrange.com>
Sent: Tuesday, November 20, 2001 6:13 PM
Subject: RE: fix.your.open.relay.or.die.net
> POP3 or IMAP. How would you propose setting up the SMTP server on the

> AS/400 or Domino to service these users without the user/password

> technique?

It's not really something that _should_ be done on the 400 or any other smtp
server (sendmail, etc.).
It's something your firewall should do at a minimum.
Two ways: NO access from outside networks, just filter off port 25 the other
- allow access only from specific static IP addresses. ATT and some of the
other big players do this, which is why you have to dial in to their systems
and use their assigned addresses in order to access their smtp servers.
The idea is that you should not allow access to _any_ smtp server from
unrestricted/uncontrolled hosts.
R. Bruce Hoffman, Jr.
-- IBM Certified Specialist - AS/400 Administrator
-- IBM Certified Specialist - RPG IV Developer
"I want to be different, just like everybody else!"
- Ceili Rain
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.