I would like to know if there is any cheap host...Ummm about $ 3.00 m.o. where can I have mail relay facility ?

Hmm.. and why would you like to relay mail through a server?
:rolleyes:

Greg Moore

I hope you're not plannin' some spammin' ;)

I *presume* you are looking at just forwarding email ? You can try the search on the main site.

I got a PM from Dev. Apparently it is a legit reason. I'm not sure it'll be easy to find a host that will leave a relay open though... Those filthy spam swines put an end to that in most cases....

Greg Moore

Why couldn't the host use POP before SMTP?

akashik - I've spent quite a while closing down an open relay and finding the best way to do it. I've now managed to get my systems off the ORBS open relay scammers database so I'm clean. I wasn't aware of how abused open relays are and they are in principle an outdated mechanism no longer needed on the web.

I reckon it would be impossible to find a legit host to offer open relays since any reports that go back to anti-spam organisations will immediately blacklist the host in something like the ORBS database. So why would a host do this.

I'm very interested to know why someone has a legit reason for an open relay ? Can it be explained briefly (if dev does not want to give too much info away) the gist of why an open relay is required ?

Many thanks.

I'd be interested in hearing the purpose as well, Mr. Chunder.

Open mail relays are more than risky, they are an 'open' invitation to spammers(as some of our customers who are running their own mail servers have found out the hard way).

When (not if) spammers find that open mail relay they will flood it with UCE until the open relay is closed (or the offending server is taken off the network), and by then the damage is done.

Angry spam recipients flood the provider with email, bounced messages jam the postmaster's inbox, a tremendous amount of bandwidth is utilized, the provider ends up getting blacklisted. It's expensive and potentially lethal to the provider offering that service.

Is there another solution for what Dev needs to do that doesn't require the provider to give every spammer in the world free access to their mail server at the same time?

Open relays are definately bad news. However, we do allow access to SMTP through our mail server.

The way we do it, and the way you guys may want to learn because more and more people want SMTP access (for some odd reason), is through POP3 authentication. When a user wants to SMTP through our server, they authenticate themselves with POP3. Until they do that, our server ignores their IP for SMTP purposes. After they authenticate, their IP gets added to a list of "SMTP-OK" IPs, and stays there for 1 hour. After the 1 hour, the IP is dumped and the user must POP3 again.

So far this has worked very well. I haven't noticed any spamming or any hateful things going on with the mail server. Knock on wood. If some spamming does start to happen, the SMTP server will be shut down for "public access" and only people authorized to log into the box will have access to it. Btw, POP3 passwords != telnet login passwords, for safety reasons (unless the user sets them that way -- but that's not avoidable).

Hope that helps you guys out.

You can find out if your server has been "named and shamed" at www.orbs.org. (http://www.orbs.org.).

POP3 authentication for SMTP is interesting. With our servers, we require that people use authorised SMTP as well as POP3 authentication.

@ www.orbs.org:

"Due to circumstances beyond our control, the ORBS website is no longer available. "


POP3 authentication for SMTP is interesting. With our servers, we require that people use authorised SMTP as well as POP3 authentication.

what does that mean? Authorized SMTP...?

Originally posted by allera
@ www.orbs.org:

"Due to circumstances beyond our control, the ORBS website is no longer available. "



:eek: :eek: :eek: JEEZ H. Its been shutdown or something !

I don't know what happened to it! Anyway, an alternative is
http://www.mail-abuse.org/ but why it has disappeared I don't know. I seem to remember that you can test if you have an open relay through this site as well.



Originally posted by allera

what does that mean? Authorized SMTP...?

Setting on my mail server that requires all my clients to connect with authorised SMTP. This is easily found on Outlook under the SMTP options, there is a setting that says connect with authorised SMTP and the same POP3 login can be reused. I suppose its similar to yours but I have not found out how you get it to have a different password for SMTP and POP3 on the server. outlook seems to allow it.

Setting on my mail server that requires all my clients to connect with authorised SMTP. This is easily found on Outlook under the SMTP options, there is a setting that says connect with authorised SMTP and the same POP3 login can be reused. I suppose its similar to yours but I have not found out how you get it to have a different password for SMTP and POP3 on the server. outlook seems to allow it.
Ahh, this is something I'm going to look into as well. Thanks. :)

A quick search on Google.com brought this up about ORBS:

They were blocked into the US recently (though have managed to circumvent that block). They have changed IP's to avoid blocks. Their probing variously violates 18 USC 1030 section 2(b), 2(c), and 3; By falsely advertising sites as offering free relay services they conspire with spammers to enable spammers to violate 1030 section 4, and enable spammers to send spam in amounts less than criminal violations of section 4. The false advertising of relay services as free violates various state laws covering fraud, not to mention it infringes on trademarks, which a new federal law will hold ISP's responsible for.

I haven't verified this but I thought you might find it interesting.

Interesting !

Well I'm not sure that they intended to conspire with spammers.

The original ORBS email I received triggered me into closing my open relays so I am quite happy about that.

Even if ORBS is out of business, then
http://www.mail-abuse.org/ can still be used.