johnp wrote:
I host a webmaster who looks after a customer in Alaska and they had
some guy come in to configure their e-mail accounts on the office PC's.
I have the mail accounts on my server and have configured it for smtp
via SASL on port 587 because of ISP blocking port 25. He was unable to
figure out how to set up SMTP via SASL in Outlook, and reverted to using
the ISP instead. I quote here from his "explanation" of how the ISP's
operate -
GCI and ACS are the competing ISP's in Alaska
http://www.gci.net and http://www.acsalaska.com
##########
Since GCI is a CLEC in Anchorage, Competive Local
Exchange Carrier, they are always in a battle with ACS, the old converted
Telephone Utility(now commercially owned). To make life more difficult for
each other and to help prevent their systems from being used as open relays
for Spammers, both GCI and ACS refuse to local route data between their two
networks, and both refuse to route forward mail.
Huh? I am not sure what that means, mail that is not sent from MUA to
MUA is "routed". And I am not aware of any MUA to MUA SMTP software.
If you understand how Spamming works then this makes sense.
I do, it doesn't.
What GCI has done to accomodate customers, both business and
residential, is
to have those people trying to send mail through an off network email
server
to send it through GCI's smtp server. No username or password is required
and GCI performs no blocking of any email, unless the email is being
sent to
more than 25 people as it is then considered mass mailing, or SPAM.
Advise to spammers: send to 24 recipients at a time (clearly, their
solution has a gaping hole)
Simply, the only thing I had to do was to change the SMTP server port back
to 25, turn off SMTP server authentication, and use smtp.gci.net as the
outbound server instead of mail.example.com.
##########
So - if you have an account with this ISP it would appear that you can
happily spoof any domain you like, and you don't need a username or
password - just pop before smtp (presumably).
That's actually nothing new, most ISP's are like that.
I suppose the next thing
will be complaints from the customer when his mails are rejected by SPF
because his ISP is not included in the spf record?
Granted.
Can anyone see anything right about this arrangement - or am I
blinkered/stupid?
The support guy simply should configure Outlook to do SMTP AUTH over
port 587. I have users who do it using Outlook 97/98/2000/2002/2003.
Note that not all servers support SSL encrypted connections over 587,
the SSL encrypted submission connections are usually done on a different
port (465?) and I am not sure if all versions of outlook support SSL
encrypted connections (although newer versions do).
If he is using an older version of Outlook then 97, well, he's got other
issues that need to be addressed.
Terry
Slainte,
JohnP
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com