[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SMTP hole maybe - any ideas

Subject: Re: [cobalt-users] SMTP hole maybe - any ideas
From: Andreas Banze <andreas@xxxxxxxx>
Date: Wed Jun 4 05:06:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed Jun 04, 2003 - 12:30:14PM, Ian wrote:

> The relaying of this email to 50 others on the same server is not
> prevented, even though POP b4 SMTP is enabled. Admittedly it will not
> allow the relaying to domains that are not on the server, but will happily
> send on this email to the 50 or so domains on the same server.

you caught me. I think, you never mentioned before that smtp-after-pop is
involved.

Sorry - my bad. I apologise for being such an asshole before - your question
is valid.

If the mailserver feels resonsible for the sender it doesn't matter whether
the sender is forged or not (forged senders only add confusion, reading the
header and finding out which data is forged and which is valid is a task
that get's more challenging all the time. There are newsgroups dealing only
with this matter). 

The mailserver will deliver mails happily to every recipient it feels
responsible for without checking the sender. Only if the recipient is
"outside" it'll check the relay rules (including smtp-after-pop).

Remember: smtp-after-pop was invented to hinder people to use your
mailserver to relay mail for others, because of spam - it'll never get's in
your way when your mail is send through a valid connection (a connection
that is the result of a MX lookup)

> Surely this can not be right and the POP b4 SMTP should stop this sort of thing from
> happening.

No. Please take in account that all addresses on this server need to be
reached. If you forbid this kind of local delivery by forcing smtp-after-pop
(or pop b4 smtp) you'll stop the delivery of any mails from people who are
not in posession of an email account. So I (or anyone else on this list or
in the world) couldn't send you any email

> Could really do with knowing how the rest of you overcome this, cos surely it cant be left
> open like this...

To be honest, I still can't figure out where your problem is - especially
since this is normal behaviour since the beginning of the internet and smtp.

If you find out that your mailserver relays mails to others from anywhere in
the world because you forged the sender, then you have a problem. As long as
only locally delivered mail is affected there is no problem (spam will be
delivered anyway)

Use a free email provider or an alternate email account of yours to check
it out (or send me an email and I'll help you check it out) by forging the
address and send an email to someone else through your raq3. Normally it
should get blocked - if it doesn't get blocked you've got a problem

> All points gratefully received,

Hopefully I'm still on the right track and didn't misinterpret you again...
;)

MfG
Andreas Banze

--
There are two means of refuge from the miseries of life: music and cats.
					-- Albert Schweitzer

References:
- Re: [cobalt-users] SMTP hole maybe - any ideas
  - From: Andreas Banze
- RE: [cobalt-users] SMTP hole maybe - any ideas
  - From: Ian

Prev by Date: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by Date: Re: [cobalt-users] Raq4 - majordomo one-way mailing list
Previous by thread: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by thread: Re: [cobalt-users] SMTP hole maybe - any ideas

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index