>My cousin is a UCLA student who has Verizon DSL in his apartment. He >wants to use his UCLA email address, but can't using Verizon's SMTP >server. Luckily for him, smtp.ucla.edu is an open relay. I have >confirmed this myself by sending an email through it. However, because >they are a special type of open relay, they don't get blacklisted. They >do a standard relay for "mail from:<[EMAIL PROTECTED]>" with one exception: >they do a check to see that [EMAIL PROTECTED] actually exists.
all headers are forgeable. > I submitted smtp.ucla.edu to one of the open relay databases (I don't > remember which one), but it came back negative. It seems the only > @ucla.edu address it tested was [EMAIL PROTECTED] (or something like > that), which obviously isn't a real email address. I imagine this type > of open relay is somewhat common. Why don't the open relay databases > attempt to detect it? Every [EMAIL PROTECTED] address I tried worked > so it's not that difficult to fool the smtp server. iirc, spam checks on our servers did spoof [EMAIL PROTECTED] which we blocked (not in relay for addresses). > I imagine spammers could easily do s! >o. Smtp.ucla.edu being an open relay helps my cousin in this case, but at >the expense of possibly allowing spammers to relay. What do you guys >think of this type of SMTP setup? I think you don't have the whole story, yet. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
