John wrote quoting Lucky: > > Locate the button in your MUA that's labeled "Use secure > connection" > > or something to that effect, search the docs for your MTA for the > > words "STARTTLS", "relaying", and potentially "SASL", don't > use your > > ISP's smtp server, encourage those that you are > communicating with to > > do the same, and the email data retention laws will be of > no bother to > > you. > > However, your ISP will cut you off for "spamming", by which > they mean sending emails toward their destination without > going via the ISP's wiretap point, I mean mail relay machine. > > All you anti-spam bastards wanted ways to control what people > are allowed to send you, regardless of the cost in broken > protocols, savaged freedoms, and user inconvenience. OK, now > you have a bunch of controls, stop whining when they are used > to control YOU! (Of course, the spam hasn't stopped coming > in anyway, so you get the worst of both > worlds.)
I share John's dislike for the (thoroughly ineffective, except in making the lives of legitimate users more difficult) anti-spam zealots and anybody else upstream from me that deems it necessary or even acceptable to do anything other than to forward raw IP packets addressed to my IP address unmodified. In fact, I cautioned various anti-spam activists back around 1994/95 where their objectives would lead, but it was to no avail. An experience that John is undoubtedly familiar with. Nonetheless, I would not run an open relay today simply due to the fact that I want the postmaster alias to remain useful for submitting reports of actual mail sub-system problems on my system. And, yes, because I would loath to see cypherpunks.to's very pleasing 100Mbps upstream connection cut. Fortunately, what I am suggesting can be accomplished without running an open relay on port 25, which /will/ cause you pain. I am limiting relaying on port 25 smtp to authorized users by using Cyrus-SASL, which integrates cleanly with postfix + TLS as the MTA. Since Outlook only provides the plaintext variant of SASL authentication, my MTA is configured to not offer smtp AUTH as an option until after the TLS connection has been established to prevent eavesdroppers from capturing the relaying authentication password. Since more and more misguided ISP's are flat out blocking outgoing connections to port 25 from inside their network, I have postfix listening at a higher port number in addition to port 25, just as many hosts today are running sshd on several ports to help compensate for similarly misguided corporate firewall policies. One probably could get away without using SASL just by running the smtpd on a non-standard port, since AFAIK spammers only try port 25, at least at the moment, but enabling SASL was so easy with postfix that I saw little reason not to do so. Besides, it was the more esthetically pleasing solution. > John > (off the Internet for months now, getting email via uucp, > since Verio cut off my T1 for running an "open relay", i.e. > a box that would accept email like what Lucky proposes) UUCP, eh? Well, having just watched my ISP's primary upstream provider essentially melt down and the replacement likely to do so soon, I had myself briefly considered retrieving my old UUCP books from storage just in case the need should suddenly arise. :-) Hmm, I wonder where one gets an UUCP link nowadays. Guess I should take a look at the current maps. (The following offer is specifically for John: let me know if you'd like a relay and I'll gladly give you an UID/PW for my not-quite-open mail relay. I have little doubt that any and all traffic in and out of that particular machine has been logged since it first came online 7 years ago. I don't care, since any significant traffic is encrypted. YMMV. Oh, and yes, cypherpunks.to of course supports IPSec under both IPv4 and IPv6 in addition to higher-level encryption protocols such as smtp's STARTTLS). --Lucky "strong crypto sure has become amazingly inexpensive and easy to use" Green --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
