Email, Mulitple ISP's, and Message Relaying

[ShawnF]

I've got a related thread here about how to resolve an issue with some of our traveling users that have at least one ISP (DSL or cable at home, plus a different dial-up for the road) and multiple email accounts. The problem ultimately appears to stem from the whole email system and "message relaying," but I don't completely understand how this works, nor do I understand the complete architecture.

For example:
When I set up an email account for some ISP fictitiously called "abc", I would input an SMTP of smtp.abc.com and POP3 of pop3.abc.com. Then I if set up another email account for isp "xyz," it would have smtp.xyz.com and pop3.xyz.com. If I am connected to ISP "abc" I can send and receive email from abc's servers with no problem. But I can only download email from xyz to my computer and cannot send email from my computer to the outgoing xyz server (why??) **unless I set up the outgoing email server for the xyz account to be abc's**(why??). This is of course assuming company abc allows for it in their acceptable use policy and hasn't somehow configured their server to not allow this ability. Then if I switch ISP's and connect with xyz, the complete opposite happens and I can send/receive xyz but can only receive abc (not send abc).

Can someone help clarify how the email architecture works? I suppose I can understand if an ISP does not want to bog down their email servers (someone trying to send out spam) by also handling someone else's mail, but is that actually true and if so is there anyone who does allow for it? I have no intention of sending outgoing mail from one account using another account's outgoing server for spamming purposes, but I do have legitmate business emails that need to go out do have to use multiple ISP's to send/receive mail. Why? Well, I can't take my cable modem or DSL on the road with me, and no company in the area offers cable or DSL with "on the road 56k" abilities (is there such a thing?). Lots of questions, I know.

Thanks for your help!

 

[Davetoo]

It's all to prevent spammers. If I could use anybodys SMTP server to send my mail, that is called an Open Relay. Many ISP's will actually block receipt of e-mail from a server they have deemed to be an open relay server (they assume it's all spam coming from it).

You prevent an Open Relay by telling your server to only relay mail from a specific set of computers (via IP addys). So, if I have an IP assigned from ISP "ABC", then I can use their SMTP server to send my mail because my IP matches a list they have provided to their SMTP server. But if I try to send mail through ISP "XYZ" while I'm connected to the Internet via ISP "ABC", then it won't allow that because XYZ's SMTP server has said nope, you're not on my list of IP addys, so I'm not going to accept your mail transfer.

Some of the bigger ISP's offer both DSL and a dial-up for one fee, so that would be an option to investigate.

 

[Provogeek]

You actually answered your own question.

The difficulty you view with sending mail out of an ISP's mail server when that ISP is not the one you are connected to is all for security. The security is there to prevent spammers from using the mail server, and you rinability to use the mail server when your NOT on the ISP's network is to give the ISP's users "Ease of Use".

The security allows only mail the comes from a client that is on the ISP's network, no other network can send mail through the SMTP server the ISP owns and operates. No authentication is needed, you just send the mail and it goes. The system looks at your IP address, sees that your on their network and send the mail. If you were not on their network, it would drop the message and would be viewed as spam. Your ISP has not reason to make an excpetion for you, and making an excpetion is just additional admin over head for the ISP. If many people demanded such a thing from an ISP, you would see the "free" mail boxes we get with an account go away.

If you look around, you CAN find an ISP that will allow you to send mail through their SMTP server, but this server requires authentication for you to use it. These mail boxes are additional cost to the account, or the provider only does mail hosting like my mail host does. So when I am on the road I can get e-mail from my online account from a mail host out on the net. This mail host provides me with SMTP and POP3 servers to use, no matter what access point I use. However, my mail box I get with my broadband account, I can only GET mail when I am NOT on their network.

You may remember the days when you could bounce an e-mail message off of anyones SMTP server. It was fun, you could spoof mail from anyone to anyone. I messed with a lot of peoples heads when you could do this. Spammers messed all of this up for everyone else. Once people got their accounts turned off for spamming, they would use someone elses SMTP server to send out the spam so they wouldn't loose their account. Now it's a big cat and mouse game. We IT admins (the cat) keep building better mouse traps, but spammers (the mouse) keep finding ways through those traps. The RBLs do nothing as far as I can tell to stop spammers, there seems to be nothing that will stop them. They find a way around filters and black lists. Shoot, a new program that defeats everyones trap is one that sends mail out inteded to be bounced back to the sender, only this programs places the spam target in the senders spot. So when the mail bounces, it goes to who it was inteded for. Then there is the change in spelling they do to get around content filters. Me seem like over kill and a beegen for a law suite, but all they need is the 1% in the thousands of spam they send out to make a profit. That 1% doesn't even need to buy anything, just click on that link in the spam, thats it. So if people would stop amusing the spammers, we may get our freedom of use back on the Internet. Brent Schmidt CNE,Network +
Senior Network Engineer
Keep IT Simple

http://www.kiscc.com

 

[ShawnF]

Thanks to the both of you for your responses. I want to clarify something, and propose another question. When connected to ISP "abc", why doesn't outgoing email from xyz just go straight to xyz's outgoing server? Or am I missing something important here and the outgoing message from xzy must first go through abc regardless before it gets to xyz? Up to this point we've been able to use large ISP companies for our traveling users, and they are set up to send outgoing work email on the ISP's outgoing server. Even though it's working, if I understand you correctly this is not a good way to do it (unless it was an authenticated service provided at addtional cost).

Meaning, I can dial up to the internet with service abc. I can send and receive abc's mail. I can send and receive work's email account if I use the incoming work email and outgoing of abc? We have our own exchange server, but for whatever reason it isn't set up to ever be the "outgoing" mail server. A 3rd party company set up our server this way.

I certainly have no desire to send spam. I hate it as much as anyone else who isn't the one sending it out. I just need to understand how the whole process works and make sure our company is doing the best/right thing. Whether that's to somehow use our own exchange server, or to get an ISP that offers authentication.

Secondly, we have our own exchange server, firewall, etc... what are the options for being able to send/receive work email using any ISP and our own mail server we already have? I guess this would be analogous to Brent's email provider in that he can dial in with any service and access his email any time.

Thanks for your help!