Hope it helps.
Michael
> ¥DÃD(Subject):
> SMTP Relay Security
> ±H«H¤H(From):
> "Andy Kirk" <[EMAIL PROTECTED]>
> ¤é´Á:
> Fri, 10 Jan 2003 22:46:11 -
> ¦¬«H¤H(T
Todd A. Jacobs wrote:
Lots of MTAs still don't support it without patches (e.g. qmail). So it's
not exactly a universal solution, but it's a good one to use if you have
the option.
1 MTA, ie. qmail, is hardly "lots of MTAs". On the contrary, most modern
SMTP servers support SMTP AUTH. The lis
On 10-Jan-2003/18:34 -0800, "Todd A. Jacobs" <[EMAIL PROTECTED]> wrote:
>If you must allow relaying for some reason, restrict it to known hosts
>and/or IP's, and enable pop-before-smtp if possible.
[snip]
POP-Before-SMTP is a kludge that was Good Enough while clients and servers
that support SMTP
On Sat, 11 Jan 2003 [EMAIL PROTECTED] wrote:
> On Fri, 10 Jan 2003, Andy Kirk wrote:
> snip...
>
> 3) Again, if the problem is a forged From field, these not really an easy
> solution to stop it. You can try to push the IETF to promote digital
> signature checking as a revised SMTP standard but t
On Fri, 10 Jan 2003, Andy Kirk wrote:
> I was until about an hour confident that my SMTP relay was secure. At that
> time, I received a spam email promoting 1,000,000 email address, that
> appears to have been sent from my mail server. At least, the From says
> [EMAIL PROTECTED], and from lookin
On Fri, 10 Jan 2003, Andy Kirk wrote:
> 1. Is it possible for someone to basically use my relay to send mail to my
> domain
Why would they want to? The point of using a relay is to deliver to a
third-party destination.
> 3. Is there anyway to stop it, whilst still allowing email destined for
>
I was until about an hour confident that my SMTP relay was secure. At that
time, I received a spam email promoting 1,000,000 email address, that
appears to have been sent from my mail server. At least, the From says
[EMAIL PROTECTED], and from looking at the headers, the from address
also contain
