Re: open relays

Tue, 02 Apr 2002 08:40:29 -0800 


I got fed up with trying to restrict relaying through my SMTP server.
Also, since I run a hosting service, I did not want to spend a ton of money
on "Black Hole" services.
They usually charge a fee for the service on a costly per server basis, so
I did the following.

I migrated my SMTP server to Lotus Domino (for Linux of course)
Then Configure the service to
      1. Require Authentication for Relaying
      2. Restricted relaying based on IP Address

This has completely stopped all relaying on my servers.

If you don't have the need for a package like Domino, these restrictions
can also be used on SendMail
      For Sendmail, you will need to add a couple of patches first in order
to make the SMTP authentication work properly
                  When I was testing it, there was a bug, If you were using
only 1 mail server for all e-mail,
                        other servers attempting to deliver mail to my
machine would get denied due to invalid authentication.
                  Also, if you have a lot of remote users using various
dial-up accounts, using IP based restrictions gets to be a nightmare.
                        (Since My clients are usually interconnected to my
network via Frame Relay, or using Dedicated IP this is not such
                        a problem for me since I can just plug in their
network address/subnet mask for allowed to relay)
                  If you do want to use IP based restrictions, and have a
lot of dial-up type users, then they should be sending their outbound
                  e-mail through their providers SMTP server and just pull
POP or IMAP from your box.

      Now unfortunately, for mailing lists such as "[EMAIL PROTECTED]" this
is really difficult to restrict.
            The only way I have found (cost -effectively) to reduce spam
across a list, is to moderate everything sent to the list.
                  This usually ends up becoming a major headache for the
person assigned as the moderator, since they have to
                  approve all messages going out to the list.
            The only other option, (That works) is to force the list
members to send / originate their message from a website that they are
forced to
            log into to. Then assign the IP address of the webserver to be
allowed to relay through the SMTP server.
-Art-

Reply via email to