| View previous topic :: View next topic |
| Author |
Message |
dixon_pete
Joined: 09 Mar 2006
Posts: 21
|
 Posted: Thu Mar 22, 2007 7:26 pm Post subject: Super webscan boasts that it caught me |
 |
|
I received this email today
"Super webscan open relay check succeded, hostname = <my IP address>"
After looking at the option in the mail server I could see only two options related to security, authenticiation re'q for local and non local. Those were off and I've now turned them both on. Is this enough to keep pesky spammers from using my mail server for their own despicable ends? |
|
| Back to top |
|
 |
admin
Site Admin
Joined: 13 Apr 2005
Posts: 1467
|
| Posted: Thu Mar 22, 2007 7:32 pm Post subject: |
|
|
| Enabling authentication is a good way to prevent spammers from using your server for sending spam. If you know the IP (range) of the spammers your can also block this. This way the remote party can't even connect to your server. |
|
| Back to top |
|
|
dixon_pete
Joined: 09 Mar 2006
Posts: 21
|
| Posted: Thu Mar 22, 2007 8:25 pm Post subject: |
|
|
| admin wrote: | | Enabling authentication is a good way to prevent spammers from using your server for sending spam. If you know the IP (range) of the spammers your can also block this. This way the remote party can't even connect to your server. |
I'll look into the IP addresses. Turning on either authentication method meant I couldn't receive email from mail sent from my Hotmail account to one of my email addresses. With the boxes unchecked the mail sailed right thru.
Is there a real possibility these guys could send spam thru my mail server. Sure I might be able to block this one guys IP address, but what this they just start sending spam thru another IP I don't know about. How would I even be aware what's happening? I would prefer to authenticate via those checkbox options but I also need to be able to receive mail. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 13 Apr 2005
Posts: 1467
|
| Posted: Sun Mar 25, 2007 10:48 am Post subject: |
|
|
If you enable 'Authentication required for non-local recipients' you will stil be able to receive emails from other server, but to send emails email you will have to be logged in first.
From the help file:
| Quote: | Authentication required for non-local recipients
Normally SMTP access is anonymous, meaning the user doesn't have to login to be able to send messages to remote recipients.
But to prevent the server from being used for sending SPAM, you can check this option so that the SMTP client must use authentication to send messages to users for non-local domains. The username/password is the same as the POP3 account. |
If you enable the log you will be able to see everything that's happening on your server. So you also will see spammers using your server.
Spammers can not send email trhough your server is you have enabled
'Authentication required for non-local recipients', unless they know the password of course... |
|
| Back to top |
|
|
dixon_pete
Joined: 09 Mar 2006
Posts: 21
|
| Posted: Sun Mar 25, 2007 3:03 pm Post subject: |
|
|
I just turned on "Authentication required for non-local recipients" and sent myself a Hotmail messagel to one of my addresses. It was rejected, and this is what the log showed.
03/25/2007 09:57:58.202 <SMTP> MAIL FROM:<dixon_pete@hotmail.com>
03/25/2007 09:57:58.202 <SMTP> 250 OK
03/25/2007 09:57:58.311 <SMTP> RCPT TO:<pete@petedixon.ca>
03/25/2007 09:57:58.311 <SMTP> Forwarding email to: <dixonpete@gmail.com>
03/25/2007 09:57:58.311 <SMTP> 551 Client was not authenticated
03/25/2007 09:57:58.405 <SMTP> RSET
03/25/2007 09:57:58.405 <SMTP> 250 OK
03/25/2007 09:57:58.483 <SMTP> QUIT
03/25/2007 09:57:58.483 <SMTP> 221 Bye
03/25/2007 09:57:58.483 <SMTP> Client disconnected from 65.54.246.99
| admin wrote: | If you enable 'Authentication required for non-local recipients' you will stil be able to receive emails from other server, but to send emails email you will have to be logged in first.
From the help file:
| Quote: | Authentication required for non-local recipients
Normally SMTP access is anonymous, meaning the user doesn't have to login to be able to send messages to remote recipients.
But to prevent the server from being used for sending SPAM, you can check this option so that the SMTP client must use authentication to send messages to users for non-local domains. The username/password is the same as the POP3 account. |
If you enable the log you will be able to see everything that's happening on your server. So you also will see spammers using your server.
Spammers can not send email trhough your server is you have enabled
'Authentication required for non-local recipients', unless they know the password of course... |
|
|
| Back to top |
|
|
dixon_pete
Joined: 09 Mar 2006
Posts: 21
|
| Posted: Sun Mar 25, 2007 3:31 pm Post subject: |
|
|
I guess the issue here is that I'm not just receiving I'm forwarding and that's where it fails. I pool all my mail to my Gmail account from all my accounts.
For watching the log I wrote a FoxPro routine to parse it and present a summary of the activity. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 13 Apr 2005
Posts: 1467
|
| Posted: Mon Mar 26, 2007 10:10 am Post subject: |
|
|
| Yes, the problem in this case is the forwarding to an external mail address. I'm not sure if you can get around this. |
|
| Back to top |
|
|
dixon_pete
Joined: 09 Mar 2006
Posts: 21
|
| Posted: Mon Mar 26, 2007 2:34 pm Post subject: |
|
|
I guess the only way would if the mail server had an option where you could enter 'safe' email addresses where emails could be forwarded to. Forwarding to email is handy for non-local consolidation and taking advantage of their spam filter and other features.
Otherwise I'm understanding that operating as I am I have a ongoing vulnerability to being used by spammers.
| admin wrote: | | Yes, the problem in this case is the forwarding to an external mail address. I'm not sure if you can get around this. |
|
|
| Back to top |
|
|
|
FAQ
Search
Usergroups
Register
Profile
Log in to check your private messages
Log in
