I.T. Security and Linux Administration

Jan 27 2012   12:43PM GMT

Is SMTP Authentication Necessary?

Eric Hansen Eric Hansen Profile: Eric Hansen

Basically every guide you see online or read about on how to set up a SMTP server says you need to have SMTP authentication enabled to be safe (and to avoid open relay attacks).  While yes, you do need this if you’re running an enterprise-level system that requires remote connections from smart phones, laptops/PCs at home, etc…, what about those that do not run into this issue?

The thought process is easy and clear for both sides.  While SMTP authentication does give you security with your mail server, if its just you (or everyone you know) who are using the server, and its behind a LAN-only, why put that extra overhead in place?

Here’s an eample:  My business’ server is behind my LAN.  My mail server is listening on 0.0.0.0:25.  I do not have SMTP authentication enabled.  However, my mail server is still not an open relay.  How does this work?  I’ll show you (in Postfix).

All it takes in Postfix is one line to allow security without overhead:

mynetworks = 192.168.1.0/24, 127.0.0.0/8

What this does is tell Postfix that the specified networks (separated with a comma) are allowed to send e-mail.  For example, if my computer’s IP is 192.168.1.40, then I will be able to send e-mail even without authenticating.  However, if I was at Star Bucks and tried to send e-mail, the IP address would be outside of the allowed list, and thus not able to send e-mail.  This small trick will eliminate the open relay risk without causing overhead due to encryption/decryption using TLS/SSL.

This solution is not “secure”, however, as anyone in the network can send e-mails, which is why I do not suggest using this for more than single-user networks.  In any other case, SMTP authentication is highly advisable.  But, say you’re running a development virtual machine to test some new PHP code, and you want to test the e-mail ability.  You can just install Postfix, edit this line, make a user’s mailbox and send some test e-mails.

If you’re wondering, also, how can you send e-mail if you are at a Star Bucks, Panera, etc… the trick is to use a proxy to your network.  My favorite method in this is to use SSH with public key authentication, but anything can be usable (VPN, for example).

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: