Open Relay?

09/10/2006, 14h05

I want to run this by those who may know about such things before I
take up the issue with my web hosting ISP. I use Thunderbird
(Mozilla) for my mail app. I also have a website (dot.com name
registered to me) hosted by a web hosting company (which shall remain
nameless here). The web hosting company is separate and distinct from
my internet connection company (cable modem access via Adelphia, soon
to become Comcast in this area). The web hosting company uses an
Apache server. I use my website's associated SMTP and POP servers for
all my mail. The thing is, there is apparently no way to setup SMTP
authentication via my website's configuration interface (vDeck, a
popular configuration app run on Apache servers). Therefore, in
Thunderbird's account settings, under Outgoing Server, the "Use
username and password" checkbox is unchecked and there is no password
used. From what I understand, this means my website's SMTP server is
an "open relay" and virtually anyone can use it to send mail. All
they would have to is guess the SMTP server name, which is quite easy
because it's just my website dns name with "mail." prepended (a very
common convention).

Am I missing something here? I thought open relays were to be avoided
these days given all the spammers looking to take advantage of them.
It this common among web hosting ISPs? Seems strange to me. Again,
am I missing something?

Thanks for any ful replies.

DSO

09/10/2006, 14h10

On 2006-10-09, DSO <dso@nomailforme.com> wrote:
> I want to run this by those who may know about such things before I
> take up the issue with my web hosting ISP.
> popular configuration app run on Apache servers). Therefore, in
> Thunderbird's account settings, under Outgoing Server, the "Use
> username and password" checkbox is unchecked and there is no password
> used. From what I understand, this means my website's SMTP server is
> an "open relay" and virtually anyone can use it to send mail.

Ask your ISP if they have some sort of security in place, maybe they
don't relay mail unless it comes from your IP (that they've logged) or
if the mail doesn't have a 'From' address matching your account.

> these days given all the spammers looking to take advantage of them.

Spammers have much fun using networks of zombies, one single server is
quick to put in a blacklist.

Anyway, nothing of this has anything to do with apache or configuration.

Davide

--
It's ten o'clock. Do you know where your source code is?
-- From a Slashdot.org post

09/10/2006, 14h05	#1
DSO Messages: n/a Hébergeur:	Open Relay? I want to run this by those who may know about such things before I take up the issue with my web hosting ISP. I use Thunderbird (Mozilla) for my mail app. I also have a website (dot.com name registered to me) hosted by a web hosting company (which shall remain nameless here). The web hosting company is separate and distinct from my internet connection company (cable modem access via Adelphia, soon to become Comcast in this area). The web hosting company uses an Apache server. I use my website's associated SMTP and POP servers for all my mail. The thing is, there is apparently no way to setup SMTP authentication via my website's configuration interface (vDeck, a popular configuration app run on Apache servers). Therefore, in Thunderbird's account settings, under Outgoing Server, the "Use username and password" checkbox is unchecked and there is no password used. From what I understand, this means my website's SMTP server is an "open relay" and virtually anyone can use it to send mail. All they would have to is guess the SMTP server name, which is quite easy because it's just my website dns name with "mail." prepended (a very common convention). Am I missing something here? I thought open relays were to be avoided these days given all the spammers looking to take advantage of them. It this common among web hosting ISPs? Seems strange to me. Again, am I missing something? Thanks for any ful replies. DSO

09/10/2006, 14h10	#2
Davide Bianchi Messages: n/a Hébergeur:	Re: Open Relay? On 2006-10-09, DSO <dso@nomailforme.com> wrote: > I want to run this by those who may know about such things before I > take up the issue with my web hosting ISP. > popular configuration app run on Apache servers). Therefore, in > Thunderbird's account settings, under Outgoing Server, the "Use > username and password" checkbox is unchecked and there is no password > used. From what I understand, this means my website's SMTP server is > an "open relay" and virtually anyone can use it to send mail. Ask your ISP if they have some sort of security in place, maybe they don't relay mail unless it comes from your IP (that they've logged) or if the mail doesn't have a 'From' address matching your account. > these days given all the spammers looking to take advantage of them. Spammers have much fun using networks of zombies, one single server is quick to put in a blacklist. Anyway, nothing of this has anything to do with apache or configuration. Davide -- It's ten o'clock. Do you know where your source code is? -- From a Slashdot.org post

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email