[ale] "UPDATE" What is going on with Bellsouth's smtp server?

H. A. Story adrin at bellsouth.net
Sat Mar 18 13:11:37 EST 2006


Greg Freemyer wrote:

>On 3/18/06, Howard A Story <adrin at bellsouth.net> wrote:
>  
>
>>Greg Freemyer wrote:
>>
>>    
>>
>>>My company has a business dsl with a static IP from Bellsouth.
>>>
>>>For years we've been able to use mail.bellsouth.net as our smtp server
>>>in our e-mail clients even though our return addresses are
>>>xxx at NorcrossGroup.com
>>>
>>>As of some point yesterday Bellsouth's outbound smtp server appears to
>>>be checking the return address and denying access to anybody that does
>>>not have a xxx at bellsouth.net address.
>>>
>>>I hope I'm wrong but that is certainly the way it is behaving?
>>>
>>>Can anyone confirm/deny the above or provide a simple work around?
>>>
>>>Unfortunately my company uses Goldmine for most of our e-mail clients
>>>and they don't have a lot of configurability.
>>>
>>>I suspect I can find anouther outbound smtp server I can use, but
>>>bellsouth is getting to be more and more of a pain.
>>>
>>>Greg
>>>--
>>>Greg Freemyer
>>>The Norcross Group
>>>Forensics for the 21st Century
>>>_______________________________________________
>>>Ale mailing list
>>>Ale at ale.org
>>>http://www.ale.org/mailman/listinfo/ale
>>>
>>>
>>>
>>>      
>>>
>>Well,  I I can send email from the CLI and Mozilla again.  But any
>>messages form root will get bounced.  Forget about trying another SMTP
>>as bellsouth has those ports blocked.   Looks like you are stuck using
>>their webmail client when you are away. ICK!!!  And I would assume at
>>this point that if you are access a mail server through port 25 not on
>>bellsouth's network.  You are not now unless you have a VPN to that
>>server.   I think it has been this way for a little while now though.
>>
>>Looks like they have turned off some of the relaying.
>>
>>Adrin
>>    
>>
>
>Not sure of total story, but it is not as dire as you have painted it.
>
>As of yesterday I am not using bellsouth.net for pop3/smtp servers.  I
>am still using the business dsl w/static ip for transport.  I don't
>have a VPN in place to anybody.
>
>I do appear to have full smtp/pop3 connectivity from my clients to an
>external web hosting company.
>
>I have my e-mail client configured to do outbound smtp (port 25)
>connections to the offsite webhosting company.  They host my companies
>domain and apparently allow outbound relaying if the return address is
>from my companies domain.
>
>Bellsouth did not block these outbound port 25 connections for the few
>outbound e-mails I sent from my business account yesterday and today.
>
>For pop3 I also handle that thru my web hosting company and Bellsouth
>has never blocked my pop3 requests to them.  I've been using that
>setup for a year or more.  I found Bellsouth's pop3 service to be way
>too unreliable to use for business.
>
>Greg
>--
>Greg Freemyer
>The Norcross Group
>Forensics for the 21st Century
>
>  
>
Sorry,  I don't know what I was doing last night.  I have changed from 
sendmail to postfix this morning.  Didn't take long to setup.  Much 
easier to setup than sendmail also. For some reason the email would get 
blocked if sent from the CL as root user, "root at hostname.domainname".   
And since I have filters and fetchmail setup it was probably working all 
the time.

What was a real killer.  I setup a user to test on the Linux box.  Sent 
email and had sendmail putting in the domain of bellsouth.net  I got the 
email as though it came form user at bellsouth.net even though I don't have 
that email account.  So in my eyes the from address could still be 
spoofed.  Someone could still go sit at a free WiFi spot and send all 
the email they wanted too. You just need to figure out who the provider 
is and a little bit of other info.
 
I really think the end user has more control over the spam they get than 
the ISP do sometimes.





More information about the Ale mailing list