On Feb 29, 0:53, Eric Smith wrote:
> My ISP runs two SMTP mail servers, one open, the other not;
This can be solved by having your POP or IMAP daemon
open up temporary
access to your SMTP server from the roaming IP address after the POP or
IMAP connection is authenticated. This is what I do for some of my
If you use qmail there's a readymade program
available, but it should be
easy to set it up for Sendmail.
That's one of the methods being trialled by my ISP (they use Exim for
(E)SMTP). They'r also loking at some sort of password-based authentication
but I don't know how that works.
Another approach is for the "roaming" relay
to only accept email with
envelope sender and from headers of legitimate
customers. This isn't as
secure, but is still much better than a wide-open relay. If a spammer
discovers the relay by scanning IP addresses for SMTP ports, they still
won't be able to use it unless they also can determine who the legitimate
users of that SMTP server are.
True, but that requires spoofing the envelope sender address, which isn't
so easy to do on some systems. It also requires even more setup for the
ISP than Jay's suggestion of adding domains to sendmail.cw.
I know of one common SMTP package (Mercury, for Novell) that allows a
simpler system. It's much less secure, because it doesn't really check the
addresses; it merely relies on the From address matching the server's own
domain. Needless to say, that's easy for anyone -- including a spammer --
> However, until there's a sensible system to
deal with roaming users'
send mail as
well as receive it, there will be open relays.
Lots of sites are starting to refuse mail from open relays. Your ISP is
going to have to come up with a better solution.
Indeed, and they are looking. IPv6 should eventually remove the problem,
of course, but that's some way off.
Anyone know the number of the RFC for roaming IP, which Shawn mentioned?
I'd like to take a look at it.
Pete Peter Turnbull
Dept. of Computer Science
University of York