Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

June 29, 2003

The Spam Legacy

This is a slightly convoluted tale of spam and the troubles it causes.

SMTP AUTH is the standard for Authenticated SMTP. Back in the “old days,” email delivery was a cooperative process, with each mail server relaying mail onward to its destination. Then came the spammers, who exploited the “open” nature of SMTP to have other people’s mail servers deliver their spam. So mail servers had to be reconfigured to relay only for specific hosts, or for clients which properly authenticated themselves. Hence the need for SMTP AUTH.

When I first got my iBook, I wanted to set it up to use SMTP AUTH, with golem as the outgoing mail server. At the time, Mail.app’s SMTP AUTH support was broken. But, since MacOSX is Unix, that was no problem. I just told Mail.app that the mail server was localhost and configured sendmail on my iBook as a nullclient, using SMTP AUTH to forward all mail to golem.

Eventually, Apple fixed Mail.app’s SMTP AUTH support. But I kept using the above-mentioned system because it was more convenient. I could “send” emails while offline, and have sendmail queue them up for delivery as soon as I got back online. Worked great, and never gave me a lick of trouble.

Imagine my shock on this trip when I discovered that all of the emails I had “sent” out over the course of two days were still queued on the iBook. None had gone out, despite having a working DSL connection! The reason, it turned out, was that Covad DSL filters all outgoing traffic on port 25 (SMTP). Sendmail on the iBook kept trying to contact golem, but the connection kept timing out.

Why is Covad doing such a seemingly dumb thing? Because spamming technology has evolved. Another favourite spammer technique is to use a program which directly contacts the recipient’s mail server, bypassing the spammer’s ISP’s mail server (which might, say, limit the number of outgoing messages per second!). Instead of going after the spammer for violating Covad’s AUP, they decided to simply block all outgoing SMTP traffic. Spammers can’t send their “direct-to-MX” spam, but “roving” users like myself can’t contact their home mail server either.

What to do? Turns out it’s time to ditch sendmail, and reconfigure Mail.app to contact golem, not on port 25 (SMTP), which is blocked, but on port 587 (MSP) which, mercifully, Covad has left unblocked.

I post this hint because, even if you are doing everything right (using authentication, not running an open mail relay, …) you will eventually get screwed — if only indirectly — by the spammers. And I doubt that more than one person in a thousand knows that, in addition to listening as an MTA on port 25, sendmail also listens as an MSA on port 587.

P.S.: This post was composed with the latest version of Kung-Log, which uses the recently-released Webcore rendering engine (i.e. the same one used in Safari) for previewing. Sweet!

Posted by distler at June 29, 2003 12:03 PM

TrackBack URL for this Entry:   https://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/183

2 Comments & 0 Trackbacks

Re: The Spam Legacy

You could also have configured sendmail to use port 587 on golem, and keep your local queue. Feel free to ping me if you’d like more info.

Posted by: Michael Ivey on July 31, 2003 3:00 PM | Permalink | Reply to this

Re: The Spam Legacy

But can you use Kung-Log to send email notifications of new posts? It doesn’t work for me, I believe because it derives its email settings from the system internet prefs, which (unlike Mail.app) doesn’t allow specification of authenticated SMTP.

(I dropped a note to the developer about this just now.)
cheers,
-d.d-

Posted by: derek on September 13, 2003 1:28 AM | Permalink | Reply to this

Post a New Comment