|
|
Posted by Gordon Burditt on 09/19/07 00:17
>>> I like the way you wobble back and forth on that.
>>> It's not a realy - except when it is.
>>
>> Nope, I stand that most public MTA's are not relays.
>
>OK, Jerry - but that requires a very wrong interpretation of the word
>"Transfer".
A typical public MTA that is NOT considered an open relay will
permit mail traffic that is:
(a) destined for mailboxes that it handles (incoming mail from
anywhere is allowed, subject to SPAM filtering). Note that
the mailboxes are NOT necessarily on the same machine. In
large setups the public MTA may be a border MX machine with
few (e.g. "root" only) or no mailboxes and they pass the mail
to the servers with the mailboxes.
or (b) sent in by trusted customers or from trusted locations to the
world (outgoing mail from my customers is allowed). This may
be checked by a number of methods:
(1) Authenticated SMTP, with or without SSL
(2) POP-before-send: you must check your mailbox from the
IP address you are using within X minutes before sending
mail out.
(3) SSL with user certificates
(4) Using extensions to POP3 or IMAP to send mail during
a mail-fetching session.
(5) Allowing any mail from IP blocks owned by the ISP
(6) Combinations of these, such as (5) from DSL or dialup
lines and (1) or (2) from "roaming" customers
(7) There's all sorts of other methods also.
This does not address the subject of SPAM filtering or virus scanning.
Incidentally, there's a subtle difference between "relay" and
"forward". This terminology might not be universal but its in
use at some ISP abuse departments.
Let's suppose that there is a mail service that will accept mail
to me at me@service.com and forward it to any mailbox I designate.
I designate my mailbox at my local ISP, me@isp.com . When someone
does a spam run against the @service.com addresses, service.com may
get accused of being an open relay when it doesn't really deserve
it.
A spammer connects to the service.com mail server and drops off a
penis enlargement ad for me@service.com. Their server transfers it
to the mail server at isp.com, which delivers into the me@isp.com
mailbox. This is a *forward*. The *customer* requested the routing
from service.com to isp.com.
A spammer connects to the service.com mail server and drops off a
penis enlargement ad for you@aol.com. Their server transfers it to
the mail server at aol.com. Unless the spammer had authentication
or permission to use the service.com mail server, this makes it an
open relay. The *spammer*, not the AOL customer, requested the
routing from service.com to aol.com.
>Seriously - on this I consider myself an honest expert. Back in 95, I
>built the first Fax-Over-IP protocol, as you've heard me say once or
>twice before.
>
>In that effort, I spent a year *constantly* consulting with Marshall
>Rose and he gave me an excellent education on this. If you don't know
>who he is, check the SMTP specification; his name is on it.
>
>I can't claim his expertise as my own - but when you consider that MTA
>stands for Message Transfer Agent, the truth that it is a relay becomes
>quite self-evident.
>
>
>>> That last, of course, is why I suggested that the OP use an SSL
>>> secured mail relay.
>>
>> Which has absolutely no effect on whether the relay is secure or not.
>> All SSL does is encrypt the data.
>
>Wow - could you BE more self-contradictory?
SSL encrypts the data so the thief of a customer (using a phony
credit card number) can rip off the thief running the web site
before any other thief (such as the FBI or dishonest ISP employee)
can get to the card number. SSL does not identify the customer to
the web site, unless it insists on user certificates.
It works the same way with email. A spammer can securely shower
the whole internet with penis enlargement ads while making it
difficult for someone tapping the net to see what's in the email
until their copy lands in their mailbox.
>> When an MTA receives a message and places it in a POP (or IMAP) mailbox,
>> it is called "Delivery", not relay. Relay is used to indicate passing
>> on to another MTA.
Many corporate and ISP setups have "border MX machines" running a
MTA which receives the email and passes it on to one of a bunch of
another machines which actually hold the mailboxes. The "border
MX machines" have few or no mailboxes themselves.
>And how does it get from the outgoing MTA, to the incoming MTA? Relay.
>Thus - an MTA that does not relay, is merely a POP.
I suggest not using the abbreviation "POP" to refer to "Point of
Presence" when discussing mail protocols. There's another meaning
for that TLA (And I don't mean Tokyo Law Association). Similarly,
don't use "IP" to mean "Intellectual Property" when discussing TCP
port numbers.
>btw - it would be more accurate for you to say POP3 Server, because POP
>has a very specific tele-communications networking meaning beyond
>internet email.
Navigation:
[Reply to this message]
|