Many administrators misunderstand the concept of SMTP relay. Some over-cautious administrators block SMTP relay completely and others leave it open for any Internet user to misuse their servers. Problems exist in both extremes. Therefore, it is important to understand exactly what SMTP relay is and how to configure your SMTP server so that is does not leave you vulnerable to outside attacks and allows legitimate users to send and receive emails. This article should clear up some of the confusion on this topic and show how to effectively turn off an open relay.
Internet mail works pretty much like our postal mail. When you wish to send a letter or a package via snail mail, you put the letter inside an envelope, write the recipient's as well as your return address and drop it off at your local post office. The local post office figures out the final destination of the package and sends it to the appropriate post office in the recipient's town. One important factor to notice here is that if both sender and recipient are in the same town no other post office gets involved.
Electronic mail works pretty much the same. SMTP servers act as local post offices. When a user wishes to send an email, he or she sends it to the SMTP server, which then forwards it to the recipient's SMTP server. Rather than street address and apartment numbers, electronic mail recipients are identified by unique email addresses. Every SMTP server is configured to handle one or more domain names. Analogous to snail mail, if both sender and recipient are in the same domain no other SMTP server gets involved. Following characteristics are common between snail mail and electronic mail.
Similarly, if you work for company A and want to send an email to someone in company B, you connect to your SMTP server which then relays your message to the SMTP server owned by company B. The notion that an SMTP server accepts an email that is destined for a different SMTP server is called relaying.
It would be impossible to send email if every SMTP server in the world stopped relaying
User authentication
The electronic world is a bit different than the real world: you can do things faster, cheaper and distances do not matter. Imagine every time you wanted to send a snail mail you were asked to show your passport or any other document that proved your identity. This would add extra security at a cost of frustration and time. However, the frustration level associated with asking for a user's id and password in an electronic transaction is much lower than the burden of having to carry your passport.
Most SMTP servers ask for the user's credentials in terms of their id and password. The SMTP server will allow users to relay their message to a different server only if these credentials are correct. This authentication mechanism ensures that no one outside the organization can use the company's SMTP server to send message to a third party recipient.
Open relay servers are frequently misused by spammers sending unsolicited emails. Once a malicious user finds out about an open relay server on the Internet, he/she can send millions of messages all over the world, potentially bringing your network to its knees.
Several organizations have setup databases of IP Addresses that list and track open relay servers. If you have an open relay server you run the risk of having your IP listed in one of these databases. As a result many SMTP servers may not accept emails from you.
What is SMTP
Before we dive into SMTP Relay, it is important to know how the SMTP protocol works. SMTP is an acronym for Simple Mail Transfer Protocol. Most of Internet service providers nowadays use this protocol to send email. Email clients, also known as Mail User Agents (MUA), utilize this protocol and act as an SMTP client to distribute email messages to the recipients. When a MUA sends an email messages, it connects to the configured SMTP server and communicates to it using the SMTP protocol. Internet mail works pretty much like our postal mail. When you wish to send a letter or a package via snail mail, you put the letter inside an envelope, write the recipient's as well as your return address and drop it off at your local post office. The local post office figures out the final destination of the package and sends it to the appropriate post office in the recipient's town. One important factor to notice here is that if both sender and recipient are in the same town no other post office gets involved.
Electronic mail works pretty much the same. SMTP servers act as local post offices. When a user wishes to send an email, he or she sends it to the SMTP server, which then forwards it to the recipient's SMTP server. Rather than street address and apartment numbers, electronic mail recipients are identified by unique email addresses. Every SMTP server is configured to handle one or more domain names. Analogous to snail mail, if both sender and recipient are in the same domain no other SMTP server gets involved. Following characteristics are common between snail mail and electronic mail.
| Snail Mail | Electronic Mail |
|---|---|
| Every mail package is wrapped within an envelope that contains:
| Every electronic mail is wrapped within an envelope as well and contains:
|
| There is no guarantee that the sender's name and address will always be correct. It is very easy to forge the sender's identity. | Similarly, it is very easy to hide the sender's true identity in an electronic mail. |
| If the sender and receiver are in the same town, your local post office will not send the package to any other post office. | If the sender and receiver are handled by the same SMTP server, no other server will get involved. |
| Although the sender's identity cannot be trusted, you can still find a few things about the package by looking at the envelope such as the town letter was mailed from and time. | Similarly, the SMTP envelope (also known as header) contains information such as sender's IP Address and date/time stamp the mail was sent. |
| Every post office is assigned a postal code or zip code, which is used to identify it location. It is possible that in one post office may handle multiple zip codes. | These postal/zip codes are known as domain names in SMTP speak. Every SMTP server is configured to handle one or more domains. Domain name is the text that appears after the @ sign in an email address. |
What is mail relay
In case of snail mail, the local post office is a government agency and there are no restrictions on who can send a package. Consider a scenario where you live in town A and you want to send a package to town B. When one town's post office accepts packages from another town it is said to "Relay" your message.Similarly, if you work for company A and want to send an email to someone in company B, you connect to your SMTP server which then relays your message to the SMTP server owned by company B. The notion that an SMTP server accepts an email that is destined for a different SMTP server is called relaying.
It would be impossible to send email if every SMTP server in the world stopped relaying
User authentication
The electronic world is a bit different than the real world: you can do things faster, cheaper and distances do not matter. Imagine every time you wanted to send a snail mail you were asked to show your passport or any other document that proved your identity. This would add extra security at a cost of frustration and time. However, the frustration level associated with asking for a user's id and password in an electronic transaction is much lower than the burden of having to carry your passport.
Most SMTP servers ask for the user's credentials in terms of their id and password. The SMTP server will allow users to relay their message to a different server only if these credentials are correct. This authentication mechanism ensures that no one outside the organization can use the company's SMTP server to send message to a third party recipient.
What is an open relay
Your server is said to be an open relay if it accepts messages on behalf of other domains and does NOT require user authentication. In the case of an open relay, a person sitting in Singapore can send an email to California through your server, which could be in London.Open relay servers are frequently misused by spammers sending unsolicited emails. Once a malicious user finds out about an open relay server on the Internet, he/she can send millions of messages all over the world, potentially bringing your network to its knees.
Several organizations have setup databases of IP Addresses that list and track open relay servers. If you have an open relay server you run the risk of having your IP listed in one of these databases. As a result many SMTP servers may not accept emails from you.
No comments:
Post a Comment