Hi Folks,
I've just received the following from my ISP (BT-yahoo.com):
Subject: Warning: Possible misuse of email address
Dear Sir or Madam,
Your email address has been used to send unauthenticated email through BT mail servers. If you are a BT Yahoo! Internet customer, you must take action by 6.00am on 27th April 2005 if you wish to continue to use BT mail servers.
If you are BT Yahoo! Internet customer Please make a simple change: switch on 'SMTP authentication'. This is usually done by ticking a box called 'My server requires authentication' in your email program settings.
[...]
This particular message was sent to my "efh@nessie.mcc.ac.uk" email address (which is a genuine account on nessie).
I guess this arises because I have my home sendmail configured to masquerade as "nessie.mcc.ac.uk" when sending by SMTP, and "efh" is the user on the home machine from which mail is sent out. (I've been using this setup for years with no problems so far, in order to reconcile (a) being able to mail between my different home machines, and (b) being recognisable to the outside world as a mail originator (since my home LAN is not recognisable outside my LAN).
I.e. the following is the start of a typical SMTP dialogue when initiating sending of a mail:
220 smtp807.mail.ukl.yahoo.com ESMTP
EHLO nessie.mc.ac.uk
250-smtp807.mail.ukl.yahoo.com 250-AUTH LOGIN PLAIN XYMCOOKIE 250-PIPELINING 250 8BITMIME
MAIL From:efh@nessie.mcc.ac.uk
250 ok
RCPT To:someone@somewhere.on.the.net
250 ok ETC
The "EHLO nessie.mc.ac.uk" and "MAIL From:efh@nessie.mcc.ac.uk" are composed by sendmail, which is configured to masquerade in this way (for the reasons above). This has, as I say, worked without a hitch for years.
Now, as you can see, I have been given less than 48 hours to activate "SMTP authentication", after which presumably BT's SMTP servers will no longer accept SMTP from me and I would be unable to use this connection to send email any more.
the version of sendmail on the machine whicj looks after my email with the outside world is
sendmail-8.8.5 from January 1997
and as far as I can see has no provision for anything resembling SMTP authentication.
I've been browsing the web a bit on this topic, and it seems to me that setting it up in Linux is, even now, not straightforward, nor -- depending on your email setup -- even possible.
I would be very grateful for good advice about how to grasp this nettle, while there is still time! (Clearly, the advice given in BT's message above is out of the question for me!)
Also: Is there anywhere I can read what the details of the "SMTP authnetication" protocol are?
Best wishes to all, Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 25-Apr-05 Time: 15:59:32 ------------------------------ XFMail ------------------------------
Ted, it's a shame that BT seem to be going zealous about the MAIL FROM details, but I wonder if it's inevitable with cheap dialup accounts like theirs being so popular with spammers.
http://www.sendmail.org/~ca/email/auth.html suggests that SMTP authentication is in sendmail 8.10 and later. If you are upgrading anyway, I can confirm that it works in Exim, as described in http://www.exim.org/exim-html-4.50/doc/html/spec_33.html
The description is RFC 2554 ftp://ftp.cs.nott.ac.uk/rfc/rfc2554.txt
Seeing as you have to make changes, you could even try changing ISP away from that BT Yahoo. UKFSN.org and thephone.coop will both put the money they make from you to better use, in my opinion.
MJR writes:
Seeing as you have to make changes, you could even try changing ISP away from that BT Yahoo. UKFSN.org and thephone.coop will both put the money they make from you to better use, in my opinion.
Has anyone set up a Phone Co-Op affinity scheme to raise money for UK FSF? If not, would there be some mileage in doing so?
Essentially doing so would mean that anyone signing up to route calls/internet through them (similar to signing up with the likes of Tesco) would raise 6% of their callspend (and/or ADSL line rental) for the FSF. Not worth it unless there's some interest, of-course, but a good idea if there is?
I can set this up if anyone is interested, if nobody has already done so.
I'd be particularly interested in doing this as I've had several conversations with the guys at TPC and they're good people but don't have a clue about Free Software - they're very Microsoft centric in ways that could easily be changed (ie heavy but not complicated dependence on Word/Excel). Their ethics point very much towards Free Software being a much better fit, and it may also be the case that many of their customers would think similarly if it were pointed out to them. They do send semi-regular newsletters to their customers and a conversion to (say) OOo would be every bit as newsworthy as what they currently say.
Declared interest: I'm a Phone Coop agent, so would also gain a small revenue from signing up an affinity partner; if it ever amounted to anything I can make sure it also goes to a good home though. If it's just pence that might be the coffee fund for PLUG meetings :-), but otherwise it can go the same way as the main 6%.
[MJR: Sorry if you get two copies of this - the first went with my work email not my list subscribed email address, so will have bounced at ALUG's servers.]
Mark Rogers, More Solutions Ltd :: Tel: 0845 45 89 555
MJR writes:
Seeing as you have to make changes, you could even try changing ISP away from that BT Yahoo. UKFSN.org and thephone.coop will both put the money they make from you to better use, in my opinion.
Has anyone set up a Phone Co-Op affinity scheme to raise money for UK FSF? If not, would there be some mileage in doing so?
Essentially doing so would mean that anyone signing up to route calls/internet through them (similar to signing up with the likes of Tesco) would raise 6% of their callspend (and/or ADSL line rental) for the FSF. Not worth it unless there's some interest, of-course, but a good idea if there is?
I can set this up if anyone is interested, if nobody has already done so.
I'd be particularly interested in doing this as I've had several conversations with the guys at TPC and they're good people but don't have a clue about Free Software - they're very Microsoft centric in ways that could easily be changed (ie heavy but not complicated dependence on Word/Excel). Their ethics point very much towards Free Software being a much better fit, and it may also be the case that many of their customers would think similarly if it were pointed out to them. They do send semi-regular newsletters to their customers and a conversion to (say) OOo would be every bit as newsworthy as what they currently say.
Declared interest: I'm a Phone Coop agent, so would also gain a small revenue from signing up an affinity partner; if it ever amounted to anything I can make sure it also goes to a good home though. If it's just pence that might be the coffee fund for PLUG meetings :-), but otherwise it can go the same way as the main 6%.
Mark Rogers, More Solutions Ltd :: Tel: 0845 45 89 555
PS Folks: In the excertp of SMTP dialogue below:
On 25-Apr-05 Ted Harding wrote:
[...] I.e. the following is the start of a typical SMTP dialogue when initiating sending of a mail:
220 smtp807.mail.ukl.yahoo.com ESMTP
EHLO nessie.mc.ac.uk
250-smtp807.mail.ukl.yahoo.com 250-AUTH LOGIN PLAIN XYMCOOKIE 250-PIPELINING 250 8BITMIME
MAIL From:efh@nessie.mcc.ac.uk
250 ok
RCPT To:someone@somewhere.on.the.net
250 ok ETC
The response in the fourth line from smtp807.mail.ukl.yahoo.com says
250-AUTH LOGIN PLAIN XYMCOOKIE
which is presumably a solicitation to embark on the authentication.
In http://www.sendmail.org/~ca/email/auth.html which was suggested by a few of you, I read:
# Add the following lines to your sendmail.mc file, filling in your ISP's mail server:
define(`SMART_HOST',`your.isp.net')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
wherein I can see "LOGIN" and "PLAIN", but *not* "XYMCOOKIE". Can anyone clarify? Is the "250-AUTH LOGIN PLAIN XYMCOOKIE" a list of *alternatives* (choose any one) or is it a list of *essentials* (must use all)? If so, can sendmail be induced to accept "XYMCOOKIE"s? Or is it just a browser thing?
Thanks! (This saga might just run and run ... )
Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 25-Apr-05 Time: 18:01:25 ------------------------------ XFMail ------------------------------
SMTP authentication is covered in RFC 2554 which can be found here ...
ftp://ftp.isi.edu/in-notes/rfc2554.txt
amongst other places ...
Details of how it works in sendmail can be found here ...
http://www.sendmail.org/~ca/email/auth.html
This also includes some info on how to make sendmail do the AUTH step to other relays which I think is what you are looking for
I've never done this, but have this on a list of stuff to do to my gentoo box at home...
Good luck
tim
(first post - hope its a good one ...)
(Ted Harding) wrote:
Hi Folks,
I've just received the following from my ISP (BT-yahoo.com):
Subject: Warning: Possible misuse of email address
Dear Sir or Madam,
Your email address has been used to send unauthenticated email through BT mail servers. If you are a BT Yahoo! Internet customer, you must take action by 6.00am on 27th April 2005 if you wish to continue to use BT mail servers.
If you are BT Yahoo! Internet customer Please make a simple change: switch on 'SMTP authentication'. This is usually done by ticking a box called 'My server requires authentication' in your email program settings.
[...]
This particular message was sent to my "efh@nessie.mcc.ac.uk" email address (which is a genuine account on nessie).
I guess this arises because I have my home sendmail configured to masquerade as "nessie.mcc.ac.uk" when sending by SMTP, and "efh" is the user on the home machine from which mail is sent out. (I've been using this setup for years with no problems so far, in order to reconcile (a) being able to mail between my different home machines, and (b) being recognisable to the outside world as a mail originator (since my home LAN is not recognisable outside my LAN).
I.e. the following is the start of a typical SMTP dialogue when initiating sending of a mail:
220 smtp807.mail.ukl.yahoo.com ESMTP
EHLO nessie.mc.ac.uk
250-smtp807.mail.ukl.yahoo.com 250-AUTH LOGIN PLAIN XYMCOOKIE 250-PIPELINING 250 8BITMIME
MAIL From:efh@nessie.mcc.ac.uk
250 ok
RCPT To:someone@somewhere.on.the.net
250 ok ETC
The "EHLO nessie.mc.ac.uk" and "MAIL From:efh@nessie.mcc.ac.uk" are composed by sendmail, which is configured to masquerade in this way (for the reasons above). This has, as I say, worked without a hitch for years.
Now, as you can see, I have been given less than 48 hours to activate "SMTP authentication", after which presumably BT's SMTP servers will no longer accept SMTP from me and I would be unable to use this connection to send email any more.
the version of sendmail on the machine whicj looks after my email with the outside world is
sendmail-8.8.5 from January 1997
and as far as I can see has no provision for anything resembling SMTP authentication.
I've been browsing the web a bit on this topic, and it seems to me that setting it up in Linux is, even now, not straightforward, nor -- depending on your email setup -- even possible.
I would be very grateful for good advice about how to grasp this nettle, while there is still time! (Clearly, the advice given in BT's message above is out of the question for me!)
Also: Is there anywhere I can read what the details of the "SMTP authnetication" protocol are?
Best wishes to all, Ted.
E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 25-Apr-05 Time: 15:59:32 ------------------------------ XFMail ------------------------------
http://lists.manchester.ac.uk/mailman/listinfo/man-lug
ManLUG WWW Pages: http://www.manlug.mcc.ac.uk/
If you've got full control of the SMTP server, is there any particular reason for relaying via bt for outgoing emails?
If you look in the sendmail.cf I assume you'll have
DSsmtp.bt.com
or something similar set in it
If you set the line to be
DS
or just comment it out completely, your sendmail server should do smart relaying. Assuming it has access to a DNS server, it should all "just work".
Ewan
(Ted Harding) wrote:
Hi Folks,
I've just received the following from my ISP (BT-yahoo.com):
Subject: Warning: Possible misuse of email address
Dear Sir or Madam,
Your email address has been used to send unauthenticated email through BT mail servers. If you are a BT Yahoo! Internet customer, you must take action by 6.00am on 27th April 2005 if you wish to continue to use BT mail servers.
If you are BT Yahoo! Internet customer Please make a simple change: switch on 'SMTP authentication'. This is usually done by ticking a box called 'My server requires authentication' in your email program settings.
[...]
This particular message was sent to my "efh@nessie.mcc.ac.uk" email address (which is a genuine account on nessie).
I guess this arises because I have my home sendmail configured to masquerade as "nessie.mcc.ac.uk" when sending by SMTP, and "efh" is the user on the home machine from which mail is sent out. (I've been using this setup for years with no problems so far, in order to reconcile (a) being able to mail between my different home machines, and (b) being recognisable to the outside world as a mail originator (since my home LAN is not recognisable outside my LAN).
I.e. the following is the start of a typical SMTP dialogue when initiating sending of a mail:
220 smtp807.mail.ukl.yahoo.com ESMTP
EHLO nessie.mc.ac.uk
250-smtp807.mail.ukl.yahoo.com 250-AUTH LOGIN PLAIN XYMCOOKIE 250-PIPELINING 250 8BITMIME
MAIL From:efh@nessie.mcc.ac.uk
250 ok
RCPT To:someone@somewhere.on.the.net
250 ok ETC
The "EHLO nessie.mc.ac.uk" and "MAIL From:efh@nessie.mcc.ac.uk" are composed by sendmail, which is configured to masquerade in this way (for the reasons above). This has, as I say, worked without a hitch for years.
Now, as you can see, I have been given less than 48 hours to activate "SMTP authentication", after which presumably BT's SMTP servers will no longer accept SMTP from me and I would be unable to use this connection to send email any more.
the version of sendmail on the machine whicj looks after my email with the outside world is
sendmail-8.8.5 from January 1997
and as far as I can see has no provision for anything resembling SMTP authentication.
I've been browsing the web a bit on this topic, and it seems to me that setting it up in Linux is, even now, not straightforward, nor -- depending on your email setup -- even possible.
I would be very grateful for good advice about how to grasp this nettle, while there is still time! (Clearly, the advice given in BT's message above is out of the question for me!)
Also: Is there anywhere I can read what the details of the "SMTP authnetication" protocol are?
Best wishes to all, Ted.
E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 25-Apr-05 Time: 15:59:32 ------------------------------ XFMail ------------------------------
On 4/25/05, Ewan Leith ewan@bcs.org wrote:
If you've got full control of the SMTP server, is there any particular reason for relaying via bt for outgoing emails?
Because as a BT customer, his IP address will be in various blacklists and much of his email will be refused if an attempt is made to deliver it directly.
On 01-May-05 Tim Green wrote:
On 4/25/05, Ewan Leith ewan@bcs.org wrote:
If you've got full control of the SMTP server, is there any particular reason for relaying via bt for outgoing emails?
Because as a BT customer, his IP address will be in various blacklists and much of his email will be refused if an attempt is made to deliver it directly.
I can confirm that this is only too true! By the way, BT do not seem to be all that concerned about being on blacklists. Response received to a complaint about blocking in Aug 2003:
"BT has no obligation to remove its addresses from these lists and if customers are having problems it is their responsibility to advise the would be recipient to unsubscribe or to find another route for communication.
However I have requested to Distributed Server Boycott List (DSBL) to remove this IP address from the blacklist. The advise I received was, as long as further spam does not go through this server then it will be removed within twenty five hours(25 hours)."
Best wishes to all, Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 01-May-05 Time: 10:01:03 ------------------------------ XFMail ------------------------------
On Sun, 1 May 2005 Ted.Harding@nessie.mcc.ac.uk wrote:
On 01-May-05 Tim Green wrote:
On 4/25/05, Ewan Leith ewan@bcs.org wrote:
If you've got full control of the SMTP server, is there any particular reason for relaying via bt for outgoing emails?
Because as a BT customer, his IP address will be in various blacklists and much of his email will be refused if an attempt is made to deliver it directly.
I can confirm that this is only too true! By the way, BT do not seem to be all that concerned about being on blacklists. Response received to a complaint about blocking in Aug 2003:
"BT has no obligation to remove its addresses from these lists and if customers are having problems it is their responsibility to advise the would be recipient to unsubscribe or to find another route for communication.
However I have requested to Distributed Server Boycott List (DSBL) to remove this IP address from the blacklist. The advise I received was, as long as further spam does not go through this server then it will be removed within twenty five hours(25 hours)."
Indeed, and some would say (for domestic subscribers), that if we are to control spam on the internet then have a duty not to remove IP adds from these blacklist blocks. They should however provide a reliable, well advertised mail smarthost for email sending - which they do not.
They should have different conditions for business connections that give one an IP outside of such blocks, along with conditions of use.
Jim Jackson wrote:
Because as a BT customer, his IP address will be in various blacklists and much of his email will be refused if an attempt is made to deliver it directly.
I can confirm that this is only too true! By the way, BT do not seem to be all that concerned about being on blacklists. Response received to a complaint about blocking in Aug 2003:
"BT has no obligation to remove its addresses from these lists and if customers are having problems it is their responsibility to advise the would be recipient to unsubscribe or to find another route for communication.
However I have requested to Distributed Server Boycott List (DSBL) to remove this IP address from the blacklist. The advise I received was, as long as further spam does not go through this server then it will be removed within twenty five hours(25 hours)."
Indeed, and some would say (for domestic subscribers), that if we are to control spam on the internet then have a duty not to remove IP adds from these blacklist blocks. They should however provide a reliable, well advertised mail smarthost for email sending - which they do not.
They should have different conditions for business connections that give one an IP outside of such blocks, along with conditions of use.
I can see every justification for allowing dynamically assigned addresses to be blacklisted, unless there are some controls in place to limit what subscribers can do - one area where ISPs could be 'good netizens'. Where a subscriber has a fixed address, then it should be a matter of whether they meet the criteria to be added or removed from the blacklists.
The obvious solution, but it requires thought and effort so don't expect most of the ISPs to support it, is for 'normal' customers to be restricted from direct sending of mail and use the smarthosts which almost every ISP provides. This would not affect (at a guess) well over 90% of net users but would prevent compromised machines from being used for spamming (because the outgoing connections simply wouldn't be possible). It would also stop the 'sign up, spam, f**k off' abuse of instantly available dial-up accounts.
The flip side of this is that the ISP needs to provide a mechanism for customers with needs like the OP to be transferred to a different user group where the outgoing mail restrictions are lifted. Since this would have to be on application, and presumably after correspondence with the customer, it would exclude the automated spamming systems, and it would also allow some checks (such as "Do you know how to secure your machine against open relaying ?").
If every ISP did this sort of thing, then spam would be reduced, and the life of spammers would be made harder as there would be far less compromisable machines for them to use.
Time to wake up, it's a dream and it aint going to happen :-(
Simon
On 03-May-05 Simon Hobson wrote:
[...] The flip side of this is that the ISP needs to provide a mechanism for customers with needs like the OP to be transferred to a different user group where the outgoing mail restrictions are lifted. Since this would have to be on application, and presumably after correspondence with the customer, it would exclude the automated spamming systems, and it would also allow some checks (such as "Do you know how to secure your machine against open relaying ?").
If every ISP did this sort of thing, then spam would be reduced, and the life of spammers would be made harder as there would be far less compromisable machines for them to use.
Time to wake up, it's a dream and it aint going to happen :-(
Simon
Dream or not, with this arrangement the ISP would then control the subscriber's usage. So if the subscriber used their "user group" to send spam, that subscriber could be summarily struck out, without refund. Though such a person could re-subscribe by setting up a new account with the ISP under a different name etc., the sheer inconvenience and expense of doing so would surely have a strongly limiting effect on spam.
Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Ted.Harding@nessie.mcc.ac.uk Fax-to-email: +44 (0)870 094 0861 Date: 03-May-05 Time: 13:34:24 ------------------------------ XFMail ------------------------------
Simon Hobson writes:
If every ISP did this sort of thing, then spam would be reduced, and the life of spammers would be made harder as there would be far less compromisable machines for them to use.
Time to wake up, it's a dream and it aint going to happen :-(
Oh ye of little faith:
http://www.demon.net/helpdesk/networkstatus/serviceannouncements/announce27a...
Summary:
AOL blocks all Demon customers, including those with static IPs, from sending email except through the Demon smarthosts.
Quote: "However, AOL is able to accommodate Demon customers who operate their own email systems, bypassing the Demon "smarthost", provided of course that they are not sending any unsolicited commercial email!"
You simply email Demon's whitelist manager and request you are added to the list.
Mark Rogers, More Solutions Ltd
-
Ewan Leith -
Jim Jackson -
Mark Rogers -
Mark Rogers -
MJ Ray -
Simon Hobson -
Ted.Harding@nessie.mcc.ac.uk -
Tim Green -
Tim Heslop