Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

Post.Office
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: open relay

To: post_office@xxxxxxxxxxxxxxx
Subject: Re: open relay
From: Charles Ying <cying@xxxxxxxxxxxx>
Date: Tue, 28 Jan 2003 23:52:00 -1000
Eric is right. It took me a while to realize the power of this unique feature of Post.Office to allow SMTP based on sender's Return Address domain. It is also a dangerous feature as Bob Minor has learned the hard way. Say your Post.Office's IP address is listed as MX for domain1.com, ... domain9.com. You should NEVER have any of these domain names listed in the External Relay Restriction section (or local domain box checked). Because obviously, any spammer spoofing your domain name (like sending mail posing as postmaster@xxxxxxxxxxx will try to relay the spam using the MX record for domain1.com, such as mail.domain1.com).

HOWEVER, assume you have 2 machines running Post.Office and the other machine's IP is nowhere to be found in the DNS zone file for domain1.com ... domain9.com, and you DO enter the list domain1.com... domain9.com into the field in the second Post.Office machine (allowing these domains to relay mail). Now all of your users using domain1.com .... domain9.com can simply set the second Post.Office machine as their SMTP server in their Outlook or Eudora and voila, they can smtp without having to POP first or do SMTP Auth.

I have a palm cell phone on Sprint running Palm version of Eudora. The problem is after picking up email and writing a reply, my phone has terminated the link to my POP server. When I hit send, my palm connects to Sprint and gets a new DHCP IP address and try to use SMTP to send and my Post.Office server refuses to allow me to send because my Palm phone had not done a POP first. Of course, I had no idea the status of the connection when I hit send. My version of Eudora for Palm also did not do Smtp Auth (not that Post.Office does). So I had a receive only email setup for my palm until I figured out that Post.Office can allow relay based solely on the Return address. Then it was simply finding a friend who also runs a Post.Office so we can trade domain names to add to this fantastic field. (Sprint also does not provide an SMTP server that will allow me to send email using my domain name as my return address.)

I can think of several other situations where this feature is the only way to get mail relayed. To me, this is one of the least-used and most powerful feature of Post.Office (when used properly).

Bottom line, find a PO buddy and achieve SMTP (relay) freedom with Post.Office!

Please, please Eric, Sue, Andrea et al, promise me Tenon will never remove this "feature" no matter how many Bob Minors there are out there. I begged other Mail server suppliers to offer this feature and none of them think it is worthwhile weighed against the hassle of dealing with users who are not careful. I have convinced several folks to switch to PO for this feature alone!

Thanks for listening,

Charles



At 12:49 AM -0800 1/29/03, faQ wrote:
Robert,

on 1/28/03 10:33 PM, Bob Minor at bob@xxxxxxxxxxxxx wrote:

 right but its not suppose to. Its suppose to see its not for the local
 domain and then reject it.

This is not quite correct. You are confusing the "Local Mail Domains" in the
"External Relay Restrictions:" section (top of the page) with the "Local
Mail Domains" in the "Allow delivery to:"  section (bottom of the page).

It is checking to see if it is FROM the local mail domain based solely on
the Mail From mail envelope.  This is not the best way to check and should
not be enabled.  The syntax on this form will be changed slightly in future
versions.

The one on the bottom does what you are referring to:
ie:
Allow delivery to:
 Local Mail Domains

TTS
--Eric

On Tuesday, January 28, 2003, at 11:46 PM, Bruce Sommer wrote:

 "When relay restrictions are set using domain names, Post.Office
 checks the
 return address on the envelope of every message in the system against
 the list
 of allowed or restricted domains. Because a user can easily alter
 his/her return
 address to include any domain, using domains to restrict or allow
 relaying is
 not as secure as restricting by IP addresses."
>>
Robert Minor



---------
Tenon Intersystems' Post.Office Mailing
List
To unsubscribe: send mail to
post_office-request@xxxxxxxxxxxxxxx
with the body only containing:
unsubscribe
Find the searchable mailing list archives
at:
http://postoffice.computeroil.com/


---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mail to post_office-request@xxxxxxxxxxxxxxx
with the body only containing: unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/

<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: HTML mails send to a list, faQ
Next by Date:  Re: HTML mails send to a list, Alberto Lozano
Previous by Thread:  Re: open relay, faQ
Next by Thread:  Re: open relay, Bob Minor
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists