I asked if they could tell if the relaying was from one of our users or was it from some outside source? Let me explain what that means. Relaying, when abused, simplifies spamming. In other words, if someone wanted to send a message to someone else and disguise where it came from, they might send their outgoing mail through another mail server other than the one belonging to the currently connected ISP. That other mail server's domain name is what gets put in the message headers confusing the recipient when he or she tries to figure out its actual point of origin. For all intents and purposes, this is called "spamming." The server that is accepting the mail and then forwarding it on to the addresses is "relaying the mail over". That server has an open relay, accepting mail from anyone, including those who are not connected to that ISP.

This became a problem a few years back when advertisers, typically sex advertisers or junk mailers, found that they could send all their outgoing mail through, for example, a university's e-mail server which puts the university's address as the address that shows up in the headers of the advertisement. Universities and companies all over the Internet were being accused of hosting mailings for which they were not responsible.

Soon it was discovered, with tracking, that it was possible for someone to relay their mail through any local mail server. Soon after that, ISPs decided that it would be in their best interest to do a reverse lookup on the DNS entry of anyone relaying e-mail. They could restrict who is authenticated and who is not.

This, of course, placed burdens on universities and companies who have users working from home who were responding to their e-mails from their primary ISP. For example, let's say ACME Company has 4,000 employees and several executives access their e-mail from home. One user might have AOL as their primary ISP. That user can retrieve all e-mail from several accounts by "popping off" their mail (retrieving work related e-mail from the POP server installed in the computer system at work and AOL e-mail from AOL's server) to their e-mail program at home. When this person responds to any of the work related e-mails received or sends new work related e-mails, the e-mail program contacts ACME's Simple Mail Transfer Protocol (SMTP) server which accepts the mail and places it into the system, eventually getting it to the appropriate person. This is an open relay, because the sender is submitting the e-mail to ACME's SMTP server while being directly connected to AOL.

Having an open relay is a problem because it allows e-mail to be placed in the system by anyone. Having a closed relay is also a problem. Like the example above, this executive now cannot respond to work related e-mails while connected to AOL. There are ways to authenticate a user with a reverse DNS lookup. In other words, the mail server would check a table of IP numbers and accept e-mails from these numbers only. However, in the case of the above example, whenever this executive logs into AOL, a different IP number is assigned every time -- a dynamic IP addressing scheme. It has many more users than IP addresses, and assigns an available address to a user as needed when the user comes online. AOL and most other ISP's rely on the fact that not everyone is connected at the same time, so they can re-use IP numbers from the available pool.

This brings us back to our problem. Our SACPCUG mail site has an open relay so our members can send e-mail through this site's SMTP gateway. However, after this phone call, I told Net Exchange that they could close our open relay because most of our users subscribe to an ISP and only need to receive e-mail that comes to them. They can always forward a response via their primary e-mail account or use the Web-based e-mail reading and sending functions. As it turns out, because our NX site has a open relay, people have been getting advertisements from SACPCUG.ORG that have nothing to do with our organization!

I hope this decision does not inconvenience any of our users. However, as a mail server owner myself (Microsoft Exchange Server), I would rather have a closed relay than be accused of sending unwanted material to other organizations. And, since Net Exchange is allowing us to have this service at no cost, we are essentially at their mercy as to how it is run. It was Net Exchange who suggested we close the relay.

I hope that soon, after I get the list from our Membership Director, I can input more of our users into this system, allowing more of our members access to the service. If you are a member and are not on this system yet, please e-mail your full name to Milt Hull (that's me) and I will create your account and send directions on how to use the service.