Re: Technical mail setup question

[Craig Sanders <cas@taz.net.au>]

On Fri, Jun 04, 1999 at 08:08:27PM +0200, Torsten Landschoff wrote:
> On Fri, Jun 04, 1999 at 10:59:26AM +1000, Craig Sanders wrote:
>  
> > they can use their ISP's mail relay or beg/buy a uucp-over-tcp
> > service, or run a ssh tunnel to a friendly mail host somewhere, or
> > one of many other cheap or free options. internet technology is
> > extremely flexible if you know how to use it.
> [...]
> The only solution to this problem seems to be the following: Just use
> a mail reader like Netscape and fire up your connection any time you
> want to send a mail. Fine. Every connection costs me at least 12Pf or
> 8cents. So I had to pay about a dollar a day just for sending a few
> mails.

no, you could still use sendmail or whatever on your own system to queue
outgoing mail until you want it to be sent (i.e. when you connect to the
net). to avoid rejections from mailhosts using a DUL, configure your MTA
to relay mail through your ISP's mail relay (or use ssh tunnels or uucp
etc)

i have already suggested several other methods which work (uucp is
probably the best one) so i do not know why you have decided that using
netscape is "the only solution to this problem". it doesn't even seem
like any kind of solution at all...it's an MTA configuration issue, has
nothing to do with the MUA.

if you want, you can even configure your MTA to send mail directly by
default and as you discover DUL protected hosts, add a mailertable entry
for them to a mailertable which looks like:

.domain   smtp:your.isp's.mail.relay

(mailertables are sendmail specific...other MTAs have similar features)


> > there's a right way and a wrong way to do HELO/EHLO checks.
> >
> > checking that the HELO/EHLO line is a valid hostname/domain name
> > is reasonable (but not really necessary). checking that it exactly
> > matches the .in-addr.arpa domain name is unreasonable because it
> > limits what their users can do *without* serving any useful purpose.
>
> Great. So a spammer could connect to every ISPs relay just telling him
> a wrong hostname and send its spam. Voila - it is correctly relayed
> now.

wrong.  ISPs should still block 3rd party relay - i.e. they should only
allow their own customers, their own IP addresses to relay mail through
them.

HELO/EHLO checks, and checks for valid domains in the From envelope
and header do not make it any easier for spammers - they make it
harder. they prevent spammers from just making up random, non-existent
domains...thus making them use either their own legitimate domain (which
can then be blocked), or they will fake someone else's domain (which
they don't like to do anymore because it is illegal and will leave them
wide open to a damages claim).

like everything else, it's not perfect but it makes it difficult for them
to hide....i.e. helps to smoke the bastards out into the open.


[ RE: pop-before-smtp authentication ]

> This is what my ISP uses. Just another reason not to use the relay
> because the POP server fails every so often and I am unable to send
> mail anymore...

if your ISP is broken, complain. provide detailed notes of
when/where/how their service is broken. if you have the knowledge, make
suggestions on how they can fix it.

if none of the above works, then get another ISP and tell the old one
why you are leaving.

craig

--
craig sanders