----- Original Message -----
From: "David & Eileen Keck" <bstars@optonline.net>
To: <midrange-l@midrange.com>
Sent: Wednesday, November 21, 2001 5:24 PM
Subject: Re: fix.your.open.relay.or.die.net


> While putting this to bed I'd like to see how you tucked the
covers in ...
> i run outlook express as my client ... for each mail account
there is an
> option to specify an smtp server user id and password ...
probably you have
> specified this, right ? If not, then if i know your smpt server
address, and
> given all u state below, what;s to stop me from using it ? -
Dave K.

Yes, I am in the dark on what he is using to prevent any person
from sending mail thru his SMTP server.

If he is not using SMTP passwords (and the normal state is not to
require them) then anyone can connect to him and send mail thru
him. Unless he does IP filtering.

As I said before, if you use the SMTP servers in their normal
state according to the RFCs, you are allowing anyone to connect to
you  and send mail, unless you do IP filtering. If you do use a
password on the SMTP connection, you are going beyond the RFCs.

For those who are not familiar with all this, SMTP is the outbound
email server you use to send mail. POP3 is the inbound mail server
you use to read mail. The normal configuration has been that you
need a password to receive mail, but you are not asked for a
password to send mail. Some spammers have used this, or a similar
ability that allows one SMTP server to forward mail for another
SMTP server, to send emails.

Some people, upset with this, have started using programs that
probe ip addresses on the web for a functioning SMTP server. They
then try to connect to your mail server as an SMTP client or as an
SMTP server asking your server to relay mail. If your server
follows the rules and lets them attach, they mark your server as a
potential spam source, even if it has not been used for this.

Other people write their email servers with the ability to scan
the lists of potential spammers. (I've always heard these called
'black hole lists'). If your server is on it, they reject your
email.

Technically speaking, the people creating these lists are hacking
your server, and compounding that by interfering with
acommunication by wire. No one has threatened them with jail time
that I know of, but some of the organizations that do this have
had to move outside the USA or even shut down.

One of these lists targeted one of my servers a year or so ago,
and a certain university still wont pass email to me even to this
day. We 'fixed' (actually broke, in terms of the RFC) our servers
to conform to the extortion by the black holers as soon as we
became aware of the problem a year or so ago.

You have to do either smtp password protection (which some email
clients now support) or ip filtering to satisfy these vigilantes.
My network admin chose the latter, probably because the smtp
clients didn't have password as an option back when we did it.

I'd like to send a bill to the bleepety bleeps who set this up.
I've gotten used to dialing into my home server long distance when
I'm on the road, but it sure makes the Internet look like a square
wheel.

And no matter what their wonderful intentions are, the guys who
did this are outlaws.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.