Resources
HOWTO Documents > Mail Relaying Turned Off at CCIS
In an effort to combat the hijacking of our mail server to send spam and other troublesome bulk email, CCIS turned off mail 'relaying' on Thursday, October 22, 1998. This HOWTO describes you this policy may affect you (though most users are not be affected). If you have any questions about this howto, please feel free to send mail to systems@ccs.neu.edu.
What is Relaying?
Relaying occurs when site A (typically be junk mailer) uses the mail server at site B (that's us) to send mail to site C (typically an unwitting spam victim). The key feature here is that the mail neither originates on nor is destined for our system.
So for instance, our mail server might receive a piece of mail from a machine with a dial-up connection through an ISP in Texas addressed to several hundred addresses at AOL. The mail neither originates from nor is destined for CCS, but our server has to do the work of getting it to its destination, slowing down the processing of legitimate mail, and we get the bounces or angry complaints.
How Promiscuous Relaying Can Hurt CCIS
Before relaying was stopped at CCIS, there was a weekend when our mail server was brought to its knees by the onslaught of spam. Little if any of that was addressed to CCS accounts, but the amount of spam that was flowing through our mail server (for a period of no more than a few hours) dwarfed all the legitimate traffic through that server. If spammers continue to be able to relay through us, of course we'll become a more and more popular relay site as more spammers hear that we're undefended, and eventually the flow of legitimate mail will be seriously impacted.
There's an even more significant problem, though: If we allow ourselves to be used as a relay by spammers, then an increasing proportion of the mail other sites get from CCS will be spam, and those sites will start blocking connections from us. That means you won't be able to send legitimate mail from CCS to large numbers of sites. Moreover, some people use this blacklist technique to block not just email, but *all* IP traffic from sites that relay a lot of spam. That would mean that people at CCIS would no longer be able to browse a large fraction of the Web, and that our domain would no longer be resolvable for a fairly large proportion of the net. It would probably not be good for our recruitment efforts if attempts to get to CCIS's home page produce "host not found" for large numbers of high schools.
When spammers use us as a relay site, we get lots of angry mail from recipients of spam, and from administrators at targeted sites. Most of these people are understanding, but if we didn't take serious steps to deal with an ever-escalating problem, we would look like an irresponsible site. In a similar vein, when spammers use us as a relay, typically lots of their addresses bounce. And since the "From:" addresses in spam are generally fraudulent and invalid, the bounces bounce. That can easily produce tens of megabytes of bounce messages, filling up disks and causing legitimate mail to be lost or bounce.
Do I relay through CCIS?
You are only relaying through CCIS only if both of these are true:
| • | You are sending mail from a non-CCIS machine or a machine not directly connected to CCIS via our dedicated dialup lines. |
| - and - | |
| • | You have a ccs.neu.edu name (usually mail.ccs.neu.edu) set up as your outgoing (SMTP) mail server. |
If either of these things are not true, you are not relaying through CCIS and you do not have to concern yourself with the rest of this HOWTO document.
Oops, I was attempting to relay through CCIS, what now?
If you were attempting to relay through CCIS from a non-CCS address, you will have four options:
| • | Dial into a CCIS modem or send mail from a CCIS machine. |
| • | Use secure SMTP to send your mail. |
| • | Use the 'ssh' software to tunnel a connection to a CCIS machine to send your mail. This option has the advantage that your connection is encrypted and therefore secure. (Note: we also recommend using SSH to tunnel POP since POP sessions are *not* encrypted by default.). |
| • | Instead of using 'mail.ccs.neu.edu' as your SMTP (mail) server, use
the SMTP server provided by your ISP. (Note: you can still use our server to get your incoming mail via POP, although you should be aware that your password is sent in the clear when you do that, unless you use ssh.) Depending on your ISPs policy and your mail software, this option may make it difficult for you to use your CCIS email address in the From: line of your mail. |
Thanks for your help in cutting down the amount of SPAM and illegitimate relaying on the Internet.