SMTP and open-relay question


Results 1 to 5 of 5

Thread: SMTP and open-relay question

  1. #1
    jthomet Guest

    SMTP and open-relay question

    I am fairly knowledgeable about internet/networking protocols, so I should know the answer to this question. At any rate, here's the question (and if you could point me in the direction of a general resource as opposed to the answer, that'd be even better): How do SMTP servers determine if a host/workstation that is trying to send an email is permitted to do so? (According to my present understanding, the concept of a trusted IP is employed, so that an administrator can specify certain IP addresses as as "trusted" sources. This is also employed for workstations that would be on a server's internal network. That's fine if dhcp is employed (as any address given via dhcp will be trusted), or if the IP is on the same logical subnet as that of the internal IP address of the server. BUT, what if a network is divided into subnets. A user on a different subnet should be (and usually is) able to send email through the network's SMTP server. However, this would seem to be a violation, since this wouldn't be considered a trusted IP.) Hopefully, you'll correct me if I'm wrong about any of the above-listed information and clarify any information which I lack. Thanks for any help you can offer.

  2. #2
    Craig McPherson Guest
    The mail server is given a list of hostnames, IP addresses, or IP ranges, that are allowed to relay through it.

    Anything not on the list, is not.

    Simple enough.

  3. #3
    horneyrabbit Guest
    i work at an isp and i have to disagree, the way our systems work it this :

    all of our ip's (given to customers) in the entire database are trusted ips therefore can send email just fine

    anybody not behind our network cannot send email

    However

    if my isp is called "goodnet" and i connect from a different isp (say "dodgeynet" and RETRIEVE my email from "goodnet" that is fine (provided its a valid username and password) and therefore opens a twenty minute window for me to also SEND email through the server.

    ------------------
    I came, I saw, I broke, I left.......

  4. #4
    jthomet Guest
    Thanks for the replies, both of you! I do realize that there are a host of ways to configure an SMTP server in this respect. So, horneyrabbit, do you configure your servers so that any address given via dhcp will be in that database? (Or do you just configure it for every IP that you as an ISP "lease"?) I realize that this may be a little sensitive, so feel free to not answer!

  5. #5
    per©oDåN Guest
    As a recovering victim of having an open relay on the internet last year, I can shed a bit-o-light on this one...

    Here's a great site (not-so-great if you're on the list, though...):
    http://www.orbs.org/whatisthis.html

    The smtp protocol itself has no authentication methods. Most newer smtp services will exchange all mail that is either destined to or sent from an address within the domain(s) it hosts as an mx. In fact, there is a new project to have some smtp servers interact with a trusted POP3 server to provide true authentication on-the-fly. Otherwise, it will not relay mail to a foreign host.

    However many implementations of it include a provision for a hosts.allow/hosts.deny kind of thing (IP or host name level) for who can use the channel to relay messages. Relaying is an intrinsic problem. I worked for an ISP who set up their smtp the same as the guy above, (except we didn't implement the POP3~SMTP 20 min window... there was just NO relay allowed... at all... I think that kinda sucked for users). I run several now and relay is something I really need at several locations, but can't with one of my servers because it doesn't know how to authenticate me... & I'm certainly not going to give it my ISP's entire IP range as "allowed relay from"...

    -----------------------------------
    "...a host of ways to configure..."

    Was that on purpose?

    -perc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •