Select topic of interest... 9/11 Conspiracies Acorn computers Acronyms Anonyminity Ant/Inet support Apple support Argonet Bandit IP addresses Bilderberg Group Blog Chip and Pin Cards Cold Callers Collective Nouns Contact me Crop Circles Crypto stuff CSA.* FAQ Diana Murder Digital Phenomena Digital Photos eBay auctions ElectricType Forum General Tech. Support Hampshire Wildlife Higher Ground ID Cards ID Fraud John Vigay's site Linux stuff Miscellaneous stuff National ID Cards Networking Nokia E90 Orpheus Internet Pauls Software Pauls Web Log PDA Support Photo Album Playstation 3 stuff Poems Princess Diana Murder Privacy Policy Privacy & Security PS3 support Psion support RISCOS.org RISC OS Academy RISC OS software RISC OS support Sick jokes Site map Solaris stuff Stuff for sale Sun Help Third Party stuff Top 10 Downloads Top 30 Articles UFOs WebRings Voyager Support WebCam WebLog WebMail Wildlife & Conservation Windows Support
Home Blog Computing Security Software Misc Wildlife Links Feedback   Section Index

Preventing Open Mail Relays

If you use the SMTP protocol to fetch/download your email, you may be unwittingly allowing your machine to be used as an 'open relay'. This means that people can send out junk mails via your machine without your knowledge.

This page will tell you why this happens and how to fix it.

Background

There are two ways of downloading your email from a remote mail server; Simple Mail Transport Protocol (SMTP) and Post Office Protocol (POP). Both protocols have their own pros and cons, but POP is generally considered to be more secure. SMTP is what's known as a direct delivery protocol, which means that you connect directly to the end server with no intermediate steps, whereas POP uses the DNS system to route the message via different servers if direct end to end delivery is not possible for some reason.

It's not necessary to understand all the technical details in order to send emails back and forth, but you should bear in mind various features and limitations.

Because the Ant Suite was originally designed as a client/server internet system for RISC OS, it can be misused in some circumstances. By client/server, I mean that the Ant Suite contains its own internal server for handling and delivering mails. This means that schools and households with more than one user can setup the Ant Suite to handle multiple user logins and also transfer mail between these users.

Because of this facility, the Ant Suite doesn't necessarily know what's a valid user name and what is a fake, or spoofed one. If you send a message between two local users (ie. two different users in the same household using the same copy of the Ant Suite) then it will simply transfer the message from one users outbox into the other users inbox. If the user isn't recognised as a local user, it simply gets transferred from the first users outbox into the outgoing queue - because the Ant Suite will assume that unrecognised users mean it's someone external to the computer the Ant Suite is running on, so it will send it out to the big wide internet in order to deliver it to a user somewhere else in the world.

Problems

Because of this, using SMTP to receive mail can result in problems, because standard SMTP doesn't require a password, anyone who knows the IP address of your computer can sent a message to your machine and if the Ant Suite doesn't recognise it as a local user, it will simply think 'no user of that name here' and merely transfer it back into the outgoing queue to forward out onto the internet.

This is what's known as an open relay - meaning that your machine is open for relaying messages from one location to another destination. It's not exactly a bug, but it's a feature that not many users are aware of, because of the underlying design of the Ant Suite to be used as a mail server itself.

Normally this might not pose a problem because on a lot of normal dialup accounts, your IP address is dynamically assigned, which means there's quite a small chance of anyone guessing it and sending mail directly to your machine (as SMTP is a direct end to end protocol). However, some ISPs such as Demon DO give you a static, or fixed, IP address which can lead to your machine being used as an open relay if you use SMTP to receive mail.

How to prevent this

This problem is easy to fix. Simply switch to using POP to receive your mail, which requires a username and password in order to fetch mails from the remote server, and doesn't initiate a direct end to end transfer.

Load the Internet Suite configuration panel by clicking on the Internet icon and double-clicking on Configuration.

You should see something similar to the following window:-

Double-click on the line which has <SMTP in the Options column. This will open the Mail account window and allow you change the mail fetching protocol from SMTP to POP3.

Change the mail server name, if required, to that provided by your ISP for fetching mail. In my case, this would be pop3.demon.co.uk. Click on the drop-down menu next to the Transport type and select POP3 fetch

You now need to enter your username and password, as provided by your ISP. The window should now look something like this:-

You should now click on Set to set the changes.

The Mail setup window should now look like:-

Click on Close to close the window and then click Save on the original Internet Suite configuration panel in order to save the changes for future use.

The problem should now be resolved and your machine won't be able to be used as an open relay anymore.

Add a comment to this article

Email this page to a friend Last edit: 10th Apr 2016 at 1:55pm (2937 days ago)

Bookmark with: What are these?  Delicious  Digg  reddit  Facebook  StumbleUpon

Viewed 3955 times since 11th May 2006, ~ 0 views per day

Home Blog Computing Security Software Misc Wildlife Links Feedback   Section Index
		Vigay.com is owned and operated by Paul Vigay . Site map | Copyright | Disclaimer | Privacy policy.