Pesky virus
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sat Jul 24 03:32:10 UTC 2004
James Marcinek wrote:
> I'm no expert at this but I did some reading and was under the
> impression that people will use your mail server to send emails and
> that there's not a lot that can be done about it. I would definitely
> like to be proven wrong with this. The simply script something to
> telnet into your mail port and send emails... These emails are
> generated from your server so even setting your email to send only
> from your domain does not protect you. Is anyone listening that could
> shed some more light on this?
To shed more light on this. You can configure a server that can be used
remotely and safely , without having it being used by spammers. To do
this , you have some work to do, because you need to add authentication
(it is a bit trivial on postfix. Never tried on sendmail or qmail). Also
it's suggested to use cryptography to protect the passwords during
authentication (also known as Transport Layer Security, or TLS).
So , a properly configured server will accept incoming conections (even
bad ones) , but will reject the bad ones during authentication.. Here's
an example of a properly configured server in action:
220 mailhost. ESMTP
ehlo mailhost
250-mailhost
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250 8BITMIME
mail from:<someuser at somedomain>
250 Ok
rcpt to:<anotheruser at anotherdomain>
554 <anotheruser at anotherdomain>: Relay access denied
From this point on , the spammer can keep trying to send his spam , but
probably the server will reject all his attempts , because he didnt use
authentication. This example server didnt show anything about
authentication , because I've configured it to only show authentication
information if the channel is secure. If the software connects to port
25 , then uses the STARTTLS command , then it'll have the option to
authenticate and send a message (if it's a valid user).
--
Pedro Macedo
More information about the users
mailing list