[CLUE-Tech] SMTP authentication
Ken MacFerrin
lists at macferrin.com
Fri Aug 6 18:06:00 MDT 2004
Angelo Bertolli wrote:
> I'm trying to figure out how SMTP authentication works. I am using it
> on a server, and I'm just wondering why spammers aren't able to get
> through and relay.
>
> From ethereal it seems to me that all you do is:
> 1) send EHLO
> 2) send AUTH
>
> But AUTH doesn't seem to contain anything about that particular user, so
> what's being checked for authentication? For example, for me it was
> something like AUTH PLAIN FSJ823ajsa2... but I never sent a userid or
> anything. I tried to use the exact same line via telnet and I got denied.
>
> Does anyone know how SMTP authentication works?
>
>
> Angelo
>
> _______________________________________________
I know this response is a bit dated but it would appear to me that you
setup SMTP AUTH but were not making it a requirement for allowing relay.
A proper SMTP AUTH setup should allow you to accept incoming
submission on port 25 without AUTH but require AUTH (with
username/password or token) to relay outbound. On my personal mail
server I prefer to only allow relay with SMTP AUTH via SSL connection to
port 465. Port 25 will allow non-SSL, non-AUTH incoming connections for
receiving mail but no relay. Port 465 is setup to require an
established SSL connection prior to allowing AUTH and relay.
-Ken
More information about the clue-tech
mailing list