Vigay.com25
Nov
Search Vigay.com
 
 

Preventing Open Mail Relays

If you use the SMTP protocol to fetch/download your email, you may be unwittingly allowing your machine to be used as an 'open relay'. This means that people can send out junk mails via your machine without your knowledge.

This page will tell you why this happens and how to fix it.

Background

There are two ways of downloading your email from a remote mail server; Simple Mail Transport Protocol (SMTP) and Post Office Protocol (POP). Both protocols have their own pros and cons, but POP is generally considered to be more secure. SMTP is what's known as a direct delivery protocol, which means that you connect directly to the end server with no intermediate steps, whereas POP uses the DNS system to route the message via different servers if direct end to end delivery is not possible for some reason.

It's not necessary to understand all the technical details in order to send emails back and forth, but you should bear in mind various features and limitations.

Because the Ant Suite was originally designed as a client/server internet system for RISC OS, it can be misused in some circumstances. By client/server, I mean that the Ant Suite contains its own internal server for handling and delivering mails. This means that schools and households with more than one user can setup the Ant Suite to handle multiple user logins and also transfer mail between these users.

Because of this facility, the Ant Suite doesn't necessarily know what's a valid user name and what is a fake, or spoofed one. If you send a message between two local users (ie. two different users in the same household using the same copy of the Ant Suite) then it will simply transfer the message from one users outbox into the other users inbox. If the user isn't recognised as a local user, it simply gets transferred from the first users outbox into the outgoing queue - because the Ant Suite will assume that unrecognised users mean it's someone external to the computer the Ant Suite is running on, so it will send it out to the big wide internet in order to deliver it to a user somewhere else in the world.

Problems

Because of this, using SMTP to receive mail can result in problems, because standard SMTP doesn't require a password, anyone who knows the IP address of your computer can sent a message to your machine and if the Ant Suite doesn't recognise it as a local user, it will simply think 'no user of that name here' and merely transfer it back into the outgoing queue to forward out onto the internet.

This is what's known as an open relay - meaning that your machine is open for relaying messages from one location to another destination. It's not exactly a bug, but it's a feature that not many users are aware of, because of the underlying design of the Ant Suite to be used as a mail server itself.

Normally this might not pose a problem because on a lot of normal dialup accounts, your IP address is dynamically assigned, which means there's quite a small chance of anyone guessing it and sending mail directly to your machine (as SMTP is a direct end to end protocol). However, some ISPs such as Demon DO give you a static, or fixed, IP address which can lead to your machine being used as an open relay if you use SMTP to receive mail.

How to prevent this

This problem is easy to fix. Simply switch to using POP to receive your mail, which requires a username and password in order to fetch mails from the remote server, and doesn't initiate a direct end to end transfer.

Load the Internet Suite configuration panel by clicking on the Internet icon and double-clicking on Configuration.

You should see something similar to the following window:-

Mail Setup

Double-click on the line which has <SMTP in the Options column. This will open the Mail account window and allow you change the mail fetching protocol from SMTP to POP3.

Change the mail server name, if required, to that provided by your ISP for fetching mail. In my case, this would be pop3.demon.co.uk. Click on the drop-down menu next to the Transport type and select POP3 fetch

You now need to enter your username and password, as provided by your ISP. The window should now look something like this:-

Mail account changes

You should now click on Set to set the changes.

The Mail setup window should now look like:-

Mail Setup after changes

Click on Close to close the window and then click Save on the original Internet Suite configuration panel in order to save the changes for future use.

The problem should now be resolved and your machine won't be able to be used as an open relay anymore.

Add a comment to this article

I am sorry to report that no further comments are to be left for articles here. We thank you for past comments. This feature has been disabled.

Email Email this page to a friend

Last edit: 10th Apr 2016 at 1:55pm
(594 days ago)

Bookmark with:What are these?
delicious Deliciousdigg Diggreddit redditfacebook Facebookstumbleupon StumbleUpon

RSS Feed

Viewed 2356 times since 11th May 2006,
~ 0 views per day

^
 
Valid HTML 4.01!
Valid CSS!
Best viewed with a cup of tea Crafted by RISC OS