| When we
refer to an "open relay," we mean a mail server that
allows third parties to send mail to other third-parties.
For example, the domain reddawg.net will accept mail for
users @reddawg.net from Internet users all over the world;
it also allows users on the machine to send mail to
Internet users all over the world. |
| |
| However,
it does not allow a user from, say, AOL.COM to send mail
to a user at, say, JUNO.COM. Doing that (which is a
popular technique used by spammers) is called a "third
party relay," because the spammer is attempting to relay
the mail through reddawg.net. |
| |
| There are
several different ways to prevent this; the first method
was based on SMTP envelope checking. This, however, is not
sufficient because spammers typically lie about who they
are, in an effort to evade this kind of restriction, as
well as to prevent discovery. |
| |
| Another
common method is to require that either the source or
destination fall within the mail server's IP Address; this
means, for example, that reddawg.net will only deliver
mail from the greater Internet to machines that happen to
be on its network, or mail from its local network, to the
local network or the greater Internet. |
| |
| This,
however, is too restrictive for some ISPs, as their users
may travel a lot, and use other ISPs for Internet access,
but still expect to use their "home" ISP for sending and
receiving e-mail. A solution that generally works for this
is called "POP-before-SMTP". This is currently not
available with the Red Dawg mail cluster.
|
| |
| SMTP
stands for "Simple Mail Transport Protocol," and separates
an e-mail message into two parts: the "envelope" (used for
sorting and routing), and the "body" (the data inside). |
| |
| A sample
SMTP session might look something like: |
| |
| |
220
rly-za01.mx.aol.com ESMTP Sendmail
HELO reddawg.net
250 rly-za01.mx.aol.com Hello reddawg.net, pleased to meet
you
MAIL FROM:
250 ... Sender ok
RCPT TO:
250 ... Recipient ok
DATA |
| |
| The rest
of the session would be the e-mail message itself, i.e.
what you normally see when you read it. |
| |
| The "HELO"
line tells the mail server who is talking to it; some mail
servers will use this to determine whether or not to allow
relaying e-mail through it. This is insufficient, because
a spammer can put any text there (and many have programs
that will simply place the first word of the greeting
message, which is that first line beginning with "220,"
after the HELO). |
| |
| The "MAIL
FROM" line tells the mail server who is sending the
message; this is similar to the "From: " line that shows
up in the mail message, but is not necessarily identical;
if the mail message is from a mailing list, for example,
the "MAIL FROM:" line in the envelope may be the owner of
the list, whereas the "From: " line that shows up in the
message is probably the person who sent the message to the
list in the first place; this would then be part of the
"body" (which follows the "DATA" statement). As stated
above, some mail servers use this to check to see if the
mail message is from a local user; again, this is
insufficient, because a spammer can put any text there
that he or she wants. (And, again, many have programs
which simply use a random word, followed by "@" and the
name it gave at the "HELO" message.) |
| |
| The "RCPT
TO:" line indicates who the message is for. This is
similar to the "To: " line in the message, but is not
necessarily the same. (Again, for a mailing list, the "To:
" line might be the address for the mailing list, but the
recipients on each machine are the users who get it.)
There can be more than one of these; in fact, many
spammers try to use as many "RCPT TO:" lines as possible,
in some cases tens or hundreds of thousands. If the mail
server being used does not prohibit relaying, then it will
be stuck trying to deliver tens or hundreds of thousands
of copies of the spam. |
| |
| Guides to
Preventing Open Relays: |
|
|
Red Dawg Internet
Services
