Date: Sat, 20 Aug 2005 07:07:02 -0700 From: Roman Volf <volfman@keystreams.com> To: Cody Baker <cody@wilkshire.net> Cc: freebsd-isp@freebsd.org Subject: Re: Workarounds for blocked port 25 on outgoing e-mail Message-ID: <43073906.20105@keystreams.com> In-Reply-To: <4306C7BB.6050909@wilkshire.net> References: <003f01c5a517$ee377590$81f9e204@4BANKS> <9cd98d120508192023154a689e@mail.gmail.com> <4306C7BB.6050909@wilkshire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Cody Baker wrote: > What Logan wrote was mostly true, port 587 is the recommended way of > doing it, and SSL (TLS) is a recommended option for just about > everything. Another, albeit far less popular, and much less supported > option is to use IMAP to send mail. Courier-IMAP (I'm not sure about > the others) has an option where messages placed in a special Outbox > folder are automatically send by sendmail running locally on that > server. This eliminates the issue of SMTP relaying entirely. > > The other challenge Logan touched on is verifying that your users are > in fact allowed to be sending mail through your server. It may seem > like common sense that you can't relay email through company xyz.net's > SMTP server, but there's a couple things enforcing that. > > The most common way of authenticating customers is based upon their > IP. If company xyz.net owns 111.222.333.x/24 then they simply allow > relaying for any client inside that subnet. By this logic you could > send a message from MyPersonalDomainHostedElsewhereOnTheNet.com > through your broadband/dialup ISP's (xyz.net) email server and it > would work. This is what Logan was suggesting in his last line there. > UNFORTUNATELY there's a new kink in that plan. Sender Policy > Framework (SPF) is designed specifically to detect and stop this kind > of "forgery". It's a good standard and it's starting to become > popular. Because of SPF there's rapidly increasing likelihood that > your messages would be marked as spam and deleted if you followed this > advice. Also some MTA's notably qmail, won't allow you to relay a > message through if the From: field is not listed as an address local > to that server. FYI, this last comment about qmail is incorrect. There does exist a patch I believe that has this functionality, but it is by no means the default behavior of qmail. Qmail does not care where/from you sent a mail. It will accept it from any ip address listed in tcp.smtp and send it to wherever it needs to go, or it will except any email destined for its local domains from any IP. It does not check or even look at the FROM: address. > To send a message from MyPersonalDomainHostedElsewhereOnTheNet.com > using MyPersonalDomainHostedElsewhereOnTheNet.com's SMTP Relay server > you could authenticate the client in several ways: > > -- Roman Volf Keystreams Internet Solutions volfman@keystreams.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43073906.20105>