Question about SMTP insecurities

Printable View

October 15th, 2004, 08:47 PM
br_fusion

Question about SMTP insecurities

Hello,

I had a basic question about smtp servers. Here on campus, from my student account, I use the campus's pop3/smtp mail servers to send and recieve mail. However from outside campus I am not allowed to send mail, only receive. Now before you get the wrong impression, i'm not trying to break into any system. I was just wondering what makes it secure to filter the smtp server from the outside and not the pop3 server(they are physically different computers).

I know its possible to enumerate alot of info from smtp servers, such as expn/vrfy (I believe), along with the possibilty of sending anonymous emails. Could these be some of the reasons? Or is this a security measure to prevent spam? Any helpful resources or insight would be much appreciated?

Much thanks

Fusion
October 15th, 2004, 08:56 PM
morganlefay

I know most ISPs will not allow you to send mail via their servers if you are connected outside of their domain ( say another ISP)...and yes this is to crack down on SPAM and relaying mail.

Some ISPs have a feature "allow Remote Mail" which will give you a time frame in which you can route the mail through them...you need an ccount and password to do this.

Same with other SMTP servers...if you are not connected or part of their domain...you will be unable to send mail via that smtp server.

You could always try and send it through the SMTP server of the connection you are using....usually once you authenticate to connect you are authorized to send mail...you just need the servername etc.

MLF
October 16th, 2004, 06:15 AM
Palemoon

Actually your question is very odd, having worked at a major University 10 years but left and my wife going on 20 years if one would log in through their system there is never a problem send or getting emails. Matter of fact it is the same on my system at work. They can check the pop accout but unless they are on the system and loggen in forget it. The pop 3 works to get stuff but it is routed to a spicific server from a fire wall as in public to private IP address. And yep even major U's colleges and schools emply firewalls. It is not like 2001 out here and yes people do actually watch and filter ehat is going on even in school. Heck now days bite by bite other people know from the super market to where you buy gas.
October 16th, 2004, 06:31 AM
secure_lockdown

i work with mail server admins on support issues. you would be very surprised how much info they can gather and how far back they can go in backups.
October 16th, 2004, 06:42 AM
Palemoon

Ah Oh

LOL gotta say I know stuff about people I really wish I did not but all to true ;) What do I say to people Anonymous does not mean unknown". Even to ISP's now days after all ligit users still out number the bad guys and are gitting a bit pissed lately :)
October 16th, 2004, 01:35 PM
Computernerd22

Quote:

I was just wondering what makes it secure to filter the smtp server from the outside and not the pop3 server

The way to make it secure and filter the outside from sending email through an SMTP server is to place authentication on the SMTP server. This would make it more secure and also reduce the number of unwanted SPAM aswell as stop people from sending anonymous emails through the SMTP server, Because it would require them to logon into the SMTP server.