From: Matt Robertson
Date: Mon, 27 Sep 2004 13:22:19 -0700
> As Jochem has pointed out, this is absolutely no protection whatsoever
> against relaying. Either there is more to this than you are aware of
> or the mail server admin isn't aware of how mail servers work.
> To protect against relaying, you have to enable -- and enforce -- SMTP
> AUTH: every sent mail message has to be authenticated with the
> correct username and password for the sending account. CF 6.1 finally
> supports this, but earlier versions didn't; necessitating -- typically
> -- the allowance of mail traffic from the cf server's IP (which
> hopefully is inside a single local network) without authentication.
This is off the topic of the reply-to headers, but it seems to me that
it does provide SOME protection from relaying (which may not be the
right term, but it fits the error message IIS sends back to CF). Our
system is similar to the way CrystalTech has their shared hosting.
Any outgoing e-mail has to come from an actual e-mail account on the
server. While this doesn't prevent spammers from guessing a "correct'
address to send e-mail from, it does prevent them from using something
like "[EMAIL PROTECTED]" to send mail through your server. It's not
full SMTP authentication, of course, but it does provide some
protection.
(The error message from CrystalTech's system [our system isn't on CT,
but my freelance stuff is] when the from address isn't an actual
account on the server is something like, "Mail Server does not relay",
which is why I'm using the term relay)
Which is all I was saying before. It does provide some protection,
and since we haven't transitioned to MX yet, it's about all the
protection we can have right now.
Of course, that doesn't mean our server admin knows what he's doing,
either (based on his CF code and the fact that they have a production
environment running in single-threaded mode, I do have my doubts).
This is one of the reasons we're taking control of the servers.
Scott
--
-----------------------------------------
Scott Brady
http://www.scottbrady.net/
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
