× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

Re: Mail Servers -- iSeries & not


On 4/13/2005 8:39 AM, David Gibbs wrote:

>Your ISP's mail server shouldn't care what the "FROM" address is ... so
>long as you are an authorized user of their mail server.  This means you
>either have authenticated to their mail server or are in a IP block that
>is allowed to relay.
>
>
>  
>
>>Second is a business that has people work at home occasionally. It is
>>not often enough to justify a VPN but they need to respond to customers
>>and need to use the company's SMTP because the return address is their
>>company address. The company exists on another ISP. Home workers are a
>>growing portion of the workforce.
>>    
>>
>
>This is easily solved using authenticated relay ... I use that with my
>own mail server.  When I'm in my home lan, the mail server relays my
>mail without authentication ... but when I'm on the road, I have to send
>a userid & password (encrypted, of course) before it will relay my mail
>for me.
>
>  
>
I agree that when authentication is used things are better. However,
when I've seen an ISP (such as Sprint's pre-paid) block port 25 it
blocks *all* PC to server traffic unless they allow it to their own
server. I believe that we are not talking about SSL based SMTP, which is
port 465, at least for now. Server to server SMTP uses the same port as
PC mail program to server. Now if the blocking is setup the more complex
(if possible at all) way so that only pre-identified servers _and_
authenticated based traffic is allowed we can all get along. This would
still allow the use of foreign servers in a better way until an even
better protocol or whatever is developed.

IMHO I think that all PC mail program to any server traffic should use
authentication and not just accept it because it is via a local IP. I
know this isn't exactly possible because of the valid server to server
to the world's servers mail relay configurations.

>>Instead of funneling everything through the ISP's servers it would be
>>better to:
>>1) Educate about preventing open relay.
>>    
>>
>
>Open relays are not really the major problem anymore ... it's zombie
>PC's that are infected with a spam sending virus ... this basically
>distributes the spammers workload to hundreds (if not thousands) of
>innocent PC's throughout the net.  *THIS* is why port 25 is being blocked.
>
>FWIW: Some ISP's allow you to request unblocking of port 25 if you can
>provide a reasonable justification.  I know it's fairly easy to do with
>SBC.  I know a number of people who are running mail servers using SBC DSL.
>  
>
The zombies are the reason more and more servers are using rDNS which
has its own issues of requiring legitimate mail servers to get their DNS
correct for it. This would be one half of fixing the root cause of this
source instead of treating the symptoms. The other half is agreeably the
mega-monster in the closet; getting _effective_ anti-virus active on
every computer, keeping it current, and keeping the user from
deactivating it.

I am not trying to divert the thread here into the ant-virus topic, just
acknowledging it is part of the problem. So please don't let me lead the
discussion astray. Frankly, David, I am slightly surprised you haven't
suggested moving this topic to another list.   :-) 

To be clear...no offense intended to any reader.

>  
>
>>2) Make the ISP have better tracking of customers/times/IPs for
>>backtracking.
>>    
>>
>
>Agreed
>
>  
>
>>3) Backup the education with major consequences.
>>    
>>
>
>What kind?
>
>  
>
Something that makes it easier/cheaper/worthwhile to do it right the
first time. However until a workable method is in place to actually
track problems back to the exact individual, not just machines,
responsible, it is probably a futile threat.

>>4) Make all SMTP server software providers set the initial/default
>>configuration as closed with the administrator required to open items if
>>they really need it. The "ease of setup" as justification for  having
>>the setup start as wide open is pure nonsense.
>>    
>>
>
>Actually, IMHO, there should be *NO* default configuration for mail
>servers ... it should always have to be built from scratch.
>
>  
>
AMEN!

>david
>
>  
>

Roger

-- 
*** Vicker Programming and Service *** Have bits will byte *** www.vicker.com 
***
The price of greatness is the responsibility.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.