Re: SMTP Server for outgoing only behind a home router
From: hector (nospam_at_nospam.com)
Date: 12/29/04
- Previous message: hector: "Re: SMTP Server for outgoing only behind a home router"
- In reply to: ~~Alan~~: "Re: SMTP Server for outgoing only behind a home router"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Dec 2004 07:57:52 -0500
"~~Alan~~" <alan.shepro.NOSPAM@verizon.net> wrote in message
news:#YG7h7H7EHA.208@TK2MSFTNGP12.phx.gbl...
> It did have a valid destination email address. I removed it so as not to
> advertise it.
>
> My ISP is Verizon. They cliam to ONLY block port 80 to keep me from
running
> a web server. How can I test and see which ports they block?
>
Two other points:
CBV and SPF
Verizon.net is not blocking the dynamic IP address as I can connect via my
home computer.
telnet relay.verizon.net 25
220 sc022pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY
ready Wed,
29 Dec 2004 06:34:59 -0600
This means I can connect to and send mail to a LOCAL verizon.net user. I
can only send to a REMOTE user from this server IF and ONLY IF I
authenticate (login with ESMTP AUTH). Since I am not a verizon.net
customers, by SMTP RFC standards, it must allow me to send to local users
(this is the essence of the ANTI-SPAM problem).
But I do know that verizon.net will do a CBV (Callback Verification) to test
your sender address to make sure it is legit.
For example, I am going to send you a message using a FAKE address. The C:
lines are my commands, the S: lines are the server responses:
220 sc016pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready
Wed,
29 Dec 2004 06:40:22 -0600
HELO HDEV1
250 sc016pub.verizon.net
MAIL FROM: <foobar@foobar.com>
550 You are not allowed to send mail:sc016pub.verizon.net
As you can see here, Verizon.net did a check on the MAIL FROM: address and
found it is not legit.
Lets do this again with a good address:
220 sc009pub.verizon.net MailPass SMTP server v1.1.1 - 121803235448JY ready
Wed,
29 Dec 2004 06:43:41 -0600
EHLO HDEV1
250-sc009pub.verizon.net
250-8BITMIME
250 SIZE 8388608
MAIL FROM: <winserver.support@winserver.com>
250 Sender <winserver.support@winserver.com> OK
Now, let me connect to my company network to show you the log of what
verizon.net need to CALLBACK to my system to check that address:
**************************************************************************
Wildcat! SMTP Server v6.0.451.3
SMTP log started at Wed, 29 Dec 2004 07:42:24
Connection Time: 20041229 07:42:24 cid: 000D4FD8
SSL Enabled: NO
Client IP: 206.46.170.188 (unknown)
07:42:24 S: 220-winserver.com Wildcat! ESMTP Server v6.0.451.3 ready
07:42:24 S: 220-************** WARNING: FOR AUTHORIZED USE ONLY!
**********************
07:42:24 S: 220-* THIS SYSTEM DO NOT AUTHORIZE THE USE OF ITS PROPRIETARY
COMPUTERS *
07:42:24 S: 220-* AND COMPUTER NETWORKS TO ACCEPT, TRANSMIT, OR DISTRIBUTE
UNSOLICITED *
07:42:24 S: 220-* BULK E-MAIL SENT FROM THE INTERNET. THIS SYSTEM WILL
RESTRICT ACCESS *
07:42:24 S: 220-* TO CAN-SPAM (US S. 877) COMPLIANT CLIENTS ONLY.
*
07:42:24 S: 220
************************************************************************
07:42:24 C: HELO sc009pub.verizon.net
07:42:24 S: 250 winserver.com, Pleased to meet you.
07:42:24 C: MAIL FROM:<>
07:42:24 S: 250 <>... Sender ok.
07:42:24 C: RCPT TO:<winserver.support@winserver.com>
07:42:29 ** WCX Process: wcsap ret: -1
07:42:29 S: 250 <winserver.support@winserver.com>... Recipient ok
07:42:29 C: QUIT
07:42:29 S: 221 closing connection
The above log shows the CBV verizon.net performed to validate my address.
So this is one thing you have to watch for.
The second and more inportant is SPF. This is more complex and I refer you
to http://spf.pobox.com support site.
SPF is fastly becoming the industry standard for protecting domain names.
What it means in that in the near future you will not be able to use your
local machine to send mail DIRECTLY to systems. You will have to either
have a SPF record in DNS or use a SPF ready smart host.
VERIZON.NET is not SPF ready. But AOL.COM and other big ISPs are. If
VERIZON.NET was SPF ready, then it would not allowed me to use my HOME
machine to send mail because my HOME machine is not an SPF protected domain.
Micosoft's SenderID is a cloned and borrowed SPF technology. So before you
can use a Microsoft SenderID supportive system, you have to be a SPF ready
site as well. Fortunately, most systems will probably not support
SenderID since its extends SPF and is based on allowing you to send mail
first to later check all the information AFTER the mail is accepted. This
mode of operation is a big taboo in the anti-spam research area and most
advanced ANTI-SPAM systems are not going to allow you to send mail without
checking your credentials before hand. Any system or ISP who claims to
support SenderID is doing so for "marketing reasons" only.
--- Hector Santos WINSERVER "Wildcat! Interactive Net Server" WCSAP "Wildcat! Sender Authentication Protocol" http://www.winserver.com/sslinfo support: http://www.winserver.com sales: http://www.santronics.com
- Previous message: hector: "Re: SMTP Server for outgoing only behind a home router"
- In reply to: ~~Alan~~: "Re: SMTP Server for outgoing only behind a home router"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
