[ale] mail headers question
Joe Steele
joe at madewell.com
Fri Aug 27 20:43:25 EDT 2004
On Friday, August 27, 2004, Geoffrey wrote:
>
> Joe Steele wrote:
> > On Friday, August 27, 2004, Geoffrey wrote:
>
> >>Your assumption may well be correct though. Question is, why does it
> >>get through if I set my smtp server to my local machine?
> >
> >
> > Why? Because the message is no longer being forwarded by a server which
> > mindspring considers untrustworthy (mrelay.perfora.net).
> >
> > In an ideal world, mindspring should accept mail from everywhere, as
> > long as it is addressed to mindspring recipients. However, real-
> > world circumstances force mindspring to reject mail from any source
> > they consider untrustworthy. They have no reason to distrust you
> > and/or speedfactory, but they evidently don't trust perfora.net.
> > Apparently their distrust is well founded; IMO, perfora.net should
> > not have relayed your message based on the circumstances given above.
>
> So how else would you suggest that I configure this process to work?
Two accepted methods are:
1. Configure mozilla to forward outgoing mail to *your* ISP's SMTP
server (in other words, speedfactory, not 1and1); or
2. Configure mozilla to forward outgoing mail to your own SMTP
server. Your SMTP server would then be configured to either:
(a) forward the mail to your ISP's server (speedfactory); or
(b) forward the mail directly to the recipient's mail server by
looking up the MX records in DNS. (Note that some people cannot
use this option because they have an IP address which is not
static, so many SMTP servers will refuse to accept mail from
them.)
I doubt that any of what I just said is news to you. I think the
heart of the whole matter depends on this: Why did you think you
needed to have mozilla forward mail to smtp.1and1.com (a.k.a.
mrelay.perfora.net and smtp.perfora.net)? Your answer to this
question may be, "because I was using an e-mail address hosted at
1and1.com and that's what 1and1.com told me to do." Indeed, that
does seem to be what their website advises.
Correct me if I am wrong, but it looks like 1and1.com does not use
any form of authentication for users who submit e-mail to their SMTP
servers, except that they must use a "From" address with a domain
name hosted by 1and1. This is bad because spammers will figure this
out and forge the "From" address so that mail gets through.
Apparently, mindspring has figured this out as well and now refuses
to receive mail from 1and1.
1and1 should either implement some authentication which is not easily
forged, or else they should instruct their users to implement
configuration #1. above (or in your case #2, since you are already
running an SMTP server). There is no need for you to use their SMTP
servers, even though they are hosting your domain.
--Joe
More information about the Ale
mailing list