John D. Hardin wrote:
On Mon, 11 Dec 2006, John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that would be fine with me.
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having our
customer-assigned IP addresses directly connect to other people's mail
servers?
One possible hurdle is the fact that your source domain will probably
*not* be the ISP's domain, so your routing your domain email outbound
via their servers would require special MTA rules on their part
(except for the subcase where you're trying to send mail to another
user at that ISP).
Think "open relay". The ISP mailserver should only be accepting mail
*from* their domain or *to* their domain. Mail from and to domains
they don't own should be blocked.
I think you're mis-stating this.
1) Being an open relay isn't about accepting mail, it's about routing mail.
2) They should only route mail to outside recipients if:
a) it comes from their own IP address space
b) it comes from an authenticated session
I think you're mis-stating 2a. The traditional requirement is as I
stated it: the mail must come from the ISP's address space, not from a
sender in their mail domain. This works fine: my IP address is assigned
to me by them, therefore I am within their routing domain, therefore
they are not an open relay for routing my messages out to the world,
even though the sender's email address is @mydomain.com instead of
@myisp.net.
But, even if you change 2a to be mail domain based instead of IP address
based, then that still leaves 2b. I can use a sender address of
"[EMAIL PROTECTED]", but authenticate with SMTP-AUTH to my ISP as
"[EMAIL PROTECTED]" (there is no requirement that SMTP-AUTH match the
sender address; nor should there be). I then satisfy 2b, and my email
passes through their servers without a problem.
