• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: ASIP Mail Relay
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ASIP Mail Relay

  • Subject: Re: ASIP Mail Relay
  • From: email@hidden (Michael Sullivan)
  • Date: Wed, 6 Feb 2002 15:55:51 -0500
  • Organization: Society for the Incurably Pompous
Joe Parana <email@hidden> writes:

> I beleive I have a solution for the open relay problems many are having
> with ASIP, at least for environments similar to mine. All the IP's in our
> district are in-house, if that's the proper term, ie, dummy ips not
> addressible on the greater net. Servers are named and referenced to real
> IPs with network address translation. ASIP mail service is established on
> a named server such as Mail.buffalo.k12.ny.us. which serves as a pop/imap
> server. SMTP is disabled on that server, so that it cannot send mail.
> Clients are configured to send mail via another, unamed (and thus invisible
> to the internet) box running ASIP mail. No configuration hoops to jump
> through. Comments please.

It's much less likely that your open relay would be found, but it's
still open. Your outgoing messages will contain the IP address of your
"invisible" SMTP server, it just won't appear in usenet and mailing list
harvests of domain names. That doesn't mean that spammers can't find
you -- If their harvesters are a teeny bit more intelligent, they may.

The key question for anyone who needs to close a relay is this:

Do people need to send mail through your server from outside your own
domain of IPs?

If not, then a real solution is easy -- block the SMTP port on your
firewall for all IPs except your mail provider and the IPs you are
responsible for. (You can also configure an allow/deny list of IPs in
ASIP Mail, I believe)

Done -- no one can connect to your SMTP service except the people who
are supposed to be able to -- unless they hack into or otherwise get
control of one of your or your upstream provider's machines. That's the
goal.

This system fails if you have people who travel and log on to your
servers who don't know how to configure their machines for using the
local SMTP server associated with a given connection. it fails, not in
the sense that your relay is open, but that those people can't use your
server. Your options in that case are to have them use a webmail
service when on the road, or to run a different mail server which
supports some form of authentication.

Or to try these various hacks (like your suggestion) that people keep
posting which leave the relay open but temporarily fool the RBL
services. This is fine, but realize it's a duct tape and bailing wire
solution -- it still leaves the relay open.


Michael

--
Michael Sullivan
Business Card Express of CT Thermographers to the Trade
Cheshire, CT email@hidden
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: ASIP Mail Relay
      • From: John W Baxter <email@hidden>
  • Prev by Date: Re: ASIP Mail Relay
  • Next by Date: Re: Hiding Apps
  • Previous by thread: Re: ASIP Mail Relay
  • Next by thread: Re: ASIP Mail Relay
  • Index(es):
    • Date
    • Thread