|
#3 discusses it. I am aware of it only because a client relies on this solution and I am unable to use e-mail on his site with any e-mail program but Outlook, which really is a pretty limited e-mail solution. -------------------------------------------- Booth Martin MartinB@Goddard.edu 802-454-8315 x235 -------------------------------------------- -------Original Message------- From: midrange-l@midrange.com Date: Wednesday, November 21, 2001 10:21:40 AM To: 'midrange-l@midrange.com' Subject: RE: fix.your.open.relay.or.die.net Booth, there are millions of people that rely on Exchange to send their SMTP mail, what's "non-standard" about it? I've never had any problems with exchange sending SMTP or ESMTP mail, have you? Also, the check before send solution is a decent one PROVIDED that your SMTP server supports it and your client checks before sending. My understanding is that most do, but Eudora doesn't, but that may be a specific version of Eudora or something. Oh, and talk about non-standard <G>. -Walden ------------ Walden H Leverich III President Tech Software (516)627-3800 x11 WaldenL@TechSoftInc.com http://www.TechSoftInc.com -----Original Message----- From: Booth Martin [mailto:booth@MartinVT.com] Sent: Wednesday, November 21, 2001 9:57 AM To: midrange-l@midrange.com Subject: RE: fix.your.open.relay.or.die.net Please rethink any decision to disable SMTP and rely on Exchange to send outgoing mail. These non-standard solutions just create complexity in an arena that is already fairly well defined. Another solution that works is to allow SMTP only to people that have checked their incoming mail within 15 minutes. Then your users, however they access the internet, can check their mail and send mail, but spammers can't relay through you. pair.com does that and I have been their customer for a couple of years. It works just fine. -------------------------------------------- Booth Martin MartinB@Goddard.edu 802-454-8315 x235 -------------------------------------------- -------Original Message------- From: midrange-l@midrange.com Date: Wednesday, November 21, 2001 09:38:59 AM To: 'midrange-l@midrange.com' Subject: RE: fix.your.open.relay.or.die.net OK, I'm concerned we're getting confused here. You CAN NOT simply turn off port 25 access from the outside world to your SMTP host! If you do, how do you expect to get inbound e-mail? There are two different scenarios here: 1) connections from anywhere on the net where the mail is addressed to someone AT YOUR location 2) connections from anywhere on the net where the mail is addressed to someone NOT at your location Scenario 1 is how you get YOUR mail. You can not turn that off or you have no mail. Scenario 2 is what is called relaying. Relaying must be disabled in the SMTP server (or a SMTP-aware proxy/firewall) by looking at the RCPT TO commands in the SMTP stream. It's simple enough to turn off relaying at the server, but here's the hitch. If you do that then your employees dialed into the net from the outside world won't be able to use your SMTP server to send their mail. There are several possible solutions to this: 1) Allow relaying from internal addresses only and have them connect to your LAN via a VPN connection. Then they can access the SMTP server from an INTERNAL address and all is good. A spammer trying to relay off you would access from an external address and be denied. (IMHO this is the best solution as the VPN allows so many other "cool" things too.) 2) Allow relaying from external addresses ONLY if user validates w/a password. This works too, but obviously requires a SMTP server that supports authentication. IIRC, authentication isn't part of the base RFC, but rather an ESMTP extension. Does the AS/400s SMTP server support this? 3) Use a higher-level mail client like exchange or domino. In the case of Exchange (and I think, domino) I'm not actually sending SMTP mail from my PC. I'm sending a message into Exchange and Exchange passes it off to the SMTP sender at the server. Using products like Exchange and Domino would also allow the use of browser-based access to e-mail so the road-warriors could check/send e-mail from any web browser in the world. -Walden ------------ Walden H Leverich III President Tech Software (516)627-3800 x11 WaldenL@TechSoftInc.com http://www.TechSoftInc.com -----Original Message----- From: R. Bruce Hoffman, Jr. [mailto:rbruceh@attglobal.net] Sent: Tuesday, November 20, 2001 6:50 PM To: midrange-l@midrange.com Subject: Re: fix.your.open.relay.or.die.net ----- Original Message ----- From: "Fritz Hayes" <fhayes@spiritone.com> To: <midrange-l@midrange.com> Sent: Tuesday, November 20, 2001 6:13 PM Subject: RE: fix.your.open.relay.or.die.net > POP3 or IMAP. How would you propose setting up the SMTP server on the > AS/400 or Domino to service these users without the user/password > technique? It's not really something that _should_ be done on the 400 or any other smtp server (sendmail, etc.). It's something your firewall should do at a minimum. Two ways: NO access from outside networks, just filter off port 25 the other - allow access only from specific static IP addresses. ATT and some of the other big players do this, which is why you have to dial in to their systems and use their assigned addresses in order to access their smtp servers. The idea is that you should not allow access to _any_ smtp server from unrestricted/uncontrolled hosts. R. Bruce Hoffman, Jr. -- IBM Certified Specialist - AS/400 Administrator -- IBM Certified Specialist - RPG IV Developer "I want to be different, just like everybody else!" - Ceili Rain
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.