Re: SMTP relay issue with emails to specific domain
On Fri, Sep 09, 2016 at 08:58:15PM +0100, Joe wrote:
> An email client connects to its SMTP smarthost using SMTP, so there's no
> way a given SMTP server can tell whether it's a client (MUA) or another
> SMTP server (MTA) trying to connect to it.
That's outdated information.
SMTP is used to exchange messages between mail servers (MTAs), but
a client submitting a new message to its designated relay may use
the "Submission" protocol on port 587 instead. (Really old clients
may still use SMTP.)
Relay control is a pretty important, nontrivial field. Some servers
rely on an "SMTP AUTH" protocol that involves a username and password
to authenticate the client. A few may still use the old "POP before SMTP"
hack, in which a client that performs an authenticated POP3 retrieval
opens up permission to use SMTP for some time period. I don't know
how widespread this practice still is; it's quite antiquated.
And of course some servers may simply whitelist their clients by IP
address. This works extremely well in internal corporate settings,
but very poorly if you have people working from home, on the road, etc.
(I've seen the phrase "road warriors" used to refer to these clients.)
Internet service providers probably use some variant of this, magically
knowing who their customers are by IP address. This is outside of my
experience.
DJB proposed authenticating client emails by having them be PGP-signed,
with the server holding the public keys necessary to validate the
clients' signatures. I've never seen this actually implemented, though.
So, long story short, you have to get permission to use a given host
as your mail submission/relay. And how you do that is up to the owner
of that host.
Reply to: