From owner-freebsd-isp@FreeBSD.ORG Sat Aug 20 14:07:06 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C23416A41F for ; Sat, 20 Aug 2005 14:07:06 +0000 (GMT) (envelope-from volfman@keystreams.com) Received: from mailbox.keystreams.com (mailbox.keystreams.com [207.158.28.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id F10B543D46 for ; Sat, 20 Aug 2005 14:07:05 +0000 (GMT) (envelope-from volfman@keystreams.com) Received: (qmail 60969 invoked by uid 1012); 20 Aug 2005 07:05:30 -0700 Received: from 10.8.0.6 by mail.keystreams.com (envelope-from , uid 1009) with qmail-scanner-1.25-st-qms (clamdscan: 0.86.2/1001. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:0(10.8.0.6):SA:0(-5.9/5.0):. Processed in 1.388272 secs); 20 Aug 2005 14:05:30 -0000 X-Spam-Status: No, hits=-5.9 required=5.0 X-Antivirus-Keystreams-Mail-From: volfman@keystreams.com via mail.keystreams.com X-Antivirus-Keystreams: 1.25-st-qms (Clear:RC:0(10.8.0.6):SA:0(-5.9/5.0):. Processed in 1.388272 secs Process 60956) Received: from unknown (HELO ?10.8.0.6?) (volfman@keystreams.com@10.8.0.6) by mailbox.keystreams.com with AES256-SHA encrypted SMTP; 20 Aug 2005 07:05:29 -0700 Message-ID: <43073906.20105@keystreams.com> Date: Sat, 20 Aug 2005 07:07:02 -0700 From: Roman Volf User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Cody Baker References: <003f01c5a517$ee377590$81f9e204@4BANKS> <9cd98d120508192023154a689e@mail.gmail.com> <4306C7BB.6050909@wilkshire.net> In-Reply-To: <4306C7BB.6050909@wilkshire.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Workarounds for blocked port 25 on outgoing e-mail X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2005 14:07:06 -0000 Cody Baker wrote: > What Logan wrote was mostly true, port 587 is the recommended way of > doing it, and SSL (TLS) is a recommended option for just about > everything. Another, albeit far less popular, and much less supported > option is to use IMAP to send mail. Courier-IMAP (I'm not sure about > the others) has an option where messages placed in a special Outbox > folder are automatically send by sendmail running locally on that > server. This eliminates the issue of SMTP relaying entirely. > > The other challenge Logan touched on is verifying that your users are > in fact allowed to be sending mail through your server. It may seem > like common sense that you can't relay email through company xyz.net's > SMTP server, but there's a couple things enforcing that. > > The most common way of authenticating customers is based upon their > IP. If company xyz.net owns 111.222.333.x/24 then they simply allow > relaying for any client inside that subnet. By this logic you could > send a message from MyPersonalDomainHostedElsewhereOnTheNet.com > through your broadband/dialup ISP's (xyz.net) email server and it > would work. This is what Logan was suggesting in his last line there. > UNFORTUNATELY there's a new kink in that plan. Sender Policy > Framework (SPF) is designed specifically to detect and stop this kind > of "forgery". It's a good standard and it's starting to become > popular. Because of SPF there's rapidly increasing likelihood that > your messages would be marked as spam and deleted if you followed this > advice. Also some MTA's notably qmail, won't allow you to relay a > message through if the From: field is not listed as an address local > to that server. FYI, this last comment about qmail is incorrect. There does exist a patch I believe that has this functionality, but it is by no means the default behavior of qmail. Qmail does not care where/from you sent a mail. It will accept it from any ip address listed in tcp.smtp and send it to wherever it needs to go, or it will except any email destined for its local domains from any IP. It does not check or even look at the FROM: address. > To send a message from MyPersonalDomainHostedElsewhereOnTheNet.com > using MyPersonalDomainHostedElsewhereOnTheNet.com's SMTP Relay server > you could authenticate the client in several ways: > > -- Roman Volf Keystreams Internet Solutions volfman@keystreams.com