----- Original Message ----- From: "Rafael Alan Bleiweiss" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, June 25, 2003 5:20 PM Subject: WAY OT - Setting Mail Server to block relaying
> If anyone can point me in a direction or to a mailing list on topic, I > would greatly appreciate it. > > I'm trying to breath life into my web work again, and this week discoverd > that my little mail server IP (I'm running Post.office) was added to a > "SpamWatch" list (ORDB.org) and I immediately got a call from a client that > their email was rejected from a foriegn host because that host uses the > ORDB service. > > After two hours of trying to understand email relaying, I had no choice at > the moment to stop ALL relaying to get off that server. This however is > completely unrealistic from how I understand relaying to work for clients... > > Let's say I've got a client in California, who has a return address of one > of my local accounts, but hey, they're not sending email from inside my > network, so I originally said only allow relaying for mail with local > domain names in the FROM field... > > With spammers spoofing good FROM fields these days, ORDB says - no go.... > so then I think my only choice is to allow specific IP's... but how am I > supposed to know what IP a client is using if they're on a dial up account, > say through AOL or PacBell, or some little host in Iowa that forces dynamic > changing IPs with each log-on? > > Their IP changes. Surely I can't let ALL AOL IPs through or ALL PacBell > IPs through... there's got to be spammers on one or both of those right? > > So how do I deal with this? What is the correct configuration? You're correct. If you permit relaying based only on the domain in the FROM address, you may as well have no controls at all. You have an open relay. Spoofing is easy and commonplace. I get an insane amount of spam with a FROM address that is my own. You generally have two ways to control who can relay: 1. using IP addresses (usually by designating subnets or IP ranges) 2. using SMTP auth (authorized SMTP) The first is most appropriate for a dialup ISP or a corporate/educational network. As you've observed it does you no good when you've got customers all over the world. The second method can work if your mail server supports it, and your customer's email clients support it. The way most companies, such as web hosting providers, handle this situation is to simply _not_ permit relaying by their customers. Virtually anyone connecting to the Internet does so through an upstream ISP that permits customers to use their SMTP servers for relaying. Dial into AOL? Relay through AOL's SMTP server. Connect by T1 through Bob's Internet? Use Bob's SMTP server. It's just a matter of setting the "outgoing" SMTP server correctly in the customer's email client. Jim ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
