MSMTP Problem [OT] FIXED

James Wilkinson fedora at aprilcottage.co.uk
Sun Sep 16 21:32:14 UTC 2012 

Arthur Dent wrote:
> I tried taking out (commenting out) the tls stuff. No joy. I tried
> altering the "from"... Success! I changed it to be "mark at mydomain.org".
> "mark" is a valid user on this machine. Is that what the problem was? If
> that is the case I didn't spot anywhere that it was a requirement that
> the "from" be a "valid" user.
> 
> Anyhow - it now works. The strange thing is that I had not re-enabled
> the tls settings and - even though Blueyonder insist that connections
> should be made with SSL - it still works!

Just reading through this thread, I’d thought I’d make a couple of
comments.

One is that whenever you’re sending email through someone else’s server,
there’s the possibility that email might fall foul of a counter-spam
measure, and you can’t tell what those measures really are.

This is still the case when you’re sending as an authenticated user and
you have some sort of relationship (business, for example) with the
server’s owner. A system like smtp.blueyonder.co.uk is unlikely to be
blocked even if it does send the occasional email. That makes it
valuable to spammers, who can obtain valid login details from
compromised Windows systems (or phishing, or using stolen credit card
details, or a number of other routes). Once they’ve done that, they’ll
try to send as many emails through as possible before they get caught.
There should be systems in place to try to minimise the damage when that
happens.

I think that’s what you’re experiencing: changing minor details like the
from name doesn’t affect whether the SMTP conversation works (the
recipient has no business checking whether the “from” user is “valid”),
but it can affect the spam filter logic. If smtp.blueyonder.co.uk is
expecting only real users using end-user MTAs to relay through it, then
it might be configured to treat noreply@ and other signs of “this has
come from a PHP script” as spam indicators (quite possibly in a
scoring-based system similar to SpamAssassin).

And the key point here is that you’ve only “fixed” one of the possible
spam indicators, the weighting may well change in future (so it may well
break when you haven’t changed anything), and the number of emails sent
per hour may well be factored in to the filter.

If this is for home use, you might well decide just to live with all this.

The second point is why you didn’t need SSL/TLS. I suspect this is just
because you may have turned TLS off, but you might not have turned
authentication (passwords) off: msmtp will use secure login methods over
unencrypted connections.

Alternatively, if smtp.blueyonder.co.uk is configured for incoming email
as well as relaying to the outside world, it could use the presence of
SSL or TLS to select what it does, and even without a login it might
accept email for your domain in the same way as it would from any other
server.

(Does dig -t mx +short mydomain.org mention smtp.blueyonder.co.uk at
all?)

Hope this helps,

James.

P.S.: if you ever plan to send email from web pages to random addresses
on the wider Internet, please think about how that could be misused!

-- 
E-mail:     james@ | Legacy (adj): an uncomplimentary computer-industry
aprilcottage.co.uk | epithet that means 'it works'.
                   |     -- Anthony DeBoer

More information about the users mailing list