Community Discussions and Support
Local users emailing from mobile phones

So..... Am I right in thinking that if a connection to the smtp server uses smtpauth then its ip address does not need to appear in the Connection Control list? Or are the 2 comments above mentioning authentication suggesting that having an all encompassing range is ok so long as smtpauth is required for relaying?

Correct, the use of ESMTP AUTH is the normal way that is used to block the spammers from relaying off your server while allowing remote users to relay. 

 

<blockquote>So..... Am I right in thinking that if a connection to the smtp server uses smtpauth then its ip address does not need to appear in the Connection Control list? Or are the 2 comments above mentioning authentication suggesting that having an all encompassing range is ok so long as smtpauth is required for relaying? </blockquote><p>Correct, the use of ESMTP AUTH is the normal way that is used to block the spammers from relaying off your server while allowing remote users to relay.  </p><p> </p>

Hi all,

Up to now I have dealt with users mobile phones by allowing relaying for the IP address range they are using.

However this can be a problem when I don't know the extent of the range and therefore have to enlarge it when the user tells be they can't send anymore.... Also it is not exactly a secure approach.

Can someone tell me what I should be doing?

Cheers,

Gordon 

<p>Hi all,</p><p>Up to now I have dealt with users mobile phones by allowing relaying for the IP address range they are using.</p><p>However this can be a problem when I don't know the extent of the range and therefore have to enlarge it when the user tells be they can't send anymore.... Also it is not exactly a secure approach.</p><p>Can someone tell me what I should be doing?</p><p>Cheers,</p><p>Gordon </p>

I've always used authentication. Rather than using a username/password for each user I just use a generic username. Seems to work fine. Dave.

I've always used authentication. Rather than using a username/password for each user I just use a generic username. Seems to work fine. Dave.

So I suppose the nub of my question is "Is there an alternative to having to add to the SMTP server ip ranges for each mobile network that I have phones on?" This seems to be a significant security risk as well as beinf a pain in the rear!

Cheers, Gordon 

<p>So I suppose the nub of my question is "Is there an alternative to having to add to the SMTP server ip ranges for each mobile network that I have phones on?" This seems to be a significant security risk as well as beinf a pain in the rear!</p><p>Cheers, Gordon </p>

I have been allowing mobile phone access to my Mercury IMAP server for some years.  For the phone, I use my ISP for SMTP service, so I don't personally have a security issue to deal with on the SMTP side.  So, in a sense, this halves my security management problem.  In my case the access is for my personal use only; one phone with one service provider, which is much simpler than Gordon's situation.  My phone provider seems to use the same contiguous  IP address ranges for several months and then can suddenly switch.  Also, the same ranges don't seem to be used across the whole country (Canada).

To this point, I have done IP address filtering at my router firewall together with username/password authentication to access IMAP.  I am not terribly happy about putting "holes" in the firewall, but I couldn't see any other option.

As an aside, to manage the IP address range while I am away, when I might find that IP addresses have changed, I use UltraVNC over OpenVPN.  This allows me to access the Mecury server machine and the router remotely, while retaining a reasonable level of security.

GordonM

<P>I have been allowing mobile phone access to my Mercury IMAP server for some years.  For the phone, I use my ISP for SMTP service, so I don't personally have a security issue to deal with on the SMTP side.  So, in a sense, this halves my security management problem.  In my case the access is for my personal use only; one phone with one service provider, which is much simpler than Gordon's situation.  My phone provider seems to use the same contiguous  IP address ranges for several months and then can suddenly switch.  Also, the same ranges don't seem to be used across the whole country (Canada).</P> <P>To this point, I have done IP address filtering at my router firewall together with username/password authentication to access IMAP.  I am not terribly happy about putting "holes" in the firewall, but I couldn't see any other option.</P> <P>As an aside, to manage the IP address range while I am away, when I might find that IP addresses have changed, I use UltraVNC over OpenVPN.  This allows me to access the Mecury server machine and the router remotely, while retaining a reasonable level of security.</P> <P>GordonM</P>

Thanks very much for the replies.

Cheers, Gordon

<P>Thanks very much for the replies.</P> <P>Cheers, Gordon</P>

So..... Am I right in thinking that if a connection to the smtp server uses smtpauth then its ip address does not need to appear in the Connection Control list? Or are the 2 comments above  mentioning authentication suggesting that having an all encompassing range is ok so long as smtpauth is required for relaying? 

<p>So..... Am I right in thinking that if a connection to the smtp server uses smtpauth then its ip address does not need to appear in the Connection Control list? Or are the 2 comments above  mentioning authentication suggesting that having an all encompassing range is ok so long as smtpauth is required for relaying? </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft