Viewing 36 posts - 1 through 36 (of 36 total)
  • Virgin Broadband – Email Relaying?
  • mattjg
    Free Member

    Is this still correct, ie it’s impossible to avoid the “on behalf of” if using Virgin’s smtp servers to send mail using a different domain’s identity?

    Ta.

    http://community.virginmedia.com/t5/Email/Email-security-changes-for-sending-mail-via-SMTP/td-p/565913

    damo2576
    Free Member

    What email account? If Gmail for example use their smtp.
    If some other domain without own smtp try smtp2go

    atlaz
    Free Member

    No, I think that probably this is actually a good thing they’re doing. My suggestion? Spent about 20 quid a year and buy a domain for yourself and a mailbox or two.

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    mattjg
    Free Member

    I have loads of domains. Domain’s don’t come with an SMTP service.

    atlaz
    Free Member

    So you haven’t done the second part of what I said then. You need to buy some mailboxes. 🙄

    mattjg
    Free Member

    Mailboxes are for incoming mail. Thx but that’s not helping, I know what I need.

    If anyone actually uses Virgin and has knowledge of this question (most probably a home-worker), that would be helpful, ta.

    Cougar
    Full Member

    Dunno if it’s ‘still correct’ but the way to bypass it would be to use the SMTP server belonging to the domain where your email address resides, rather than Virgin’s. As a Brucie Bonus, this also saves you having to change settings if you change ISPs, or are out and about using a laptop.

    Sorry if you knew this already; I’ve never dealt with Virgin broadband directly.

    Cougar
    Full Member

    Reading that post, it suggests that the ‘on behalf of’ tag “may” be applied. Ie, there’s situations where it doesn’t apply? (non-ntlworld accounts?)

    mattjg
    Free Member

    yeah it’s ambiguous

    btw usually (tho not exclusively), incoming mail is handled by the server the domain is hosted on, outgoing mail (usually SMTP) is handled by whoever is providing the user’s connection

    Google do have public SMTP email servers, but do the same “on behalf of” thing, which is what I need to
    avoid.

    I’m currently using Zen, who do all I need but are expensive, have other issues that are causing me a problem, and we need to get the digital TV anyway as our terrestrial reception is poor to non-existent.

    atlaz
    Free Member

    matt – what I meant was, if you buy a mailbox, you will be able to send email from the place you get the email from. Obviously if it’s your work email then that one is out but you should be able to use your work server for outgoing as well I assume.

    Some ISPs totally bar all relaying so tagging mail is a relatively decent way to balance spam filtering/identification against the need of the customer.

    Cougar
    Full Member

    btw usually (tho not exclusively), incoming mail is handled by the server the domain is hosted on, outgoing mail (usually SMTP) is handled by whoever is providing the user’s connection

    This is true. However, the alternative isn’t only a public server, it’s the server of the host. The gotcha is, you need to authenticate to the server before you can connect to it (and sometimes jump through other hoops too). If you do that you won’t get any ‘on behalf of’ because you have a local account.

    wwaswas
    Full Member

    Google do have public SMTP email servers, but do the same “on behalf of” thing

    probably because all of Virgin’s mail goes through the same servers.

    mattjg
    Free Member

    However, the alternative isn’t only a public server, it’s the server of the host. The gotcha is, you need to authenticate to the server before you can connect to it (and sometimes jump through other hoops too).

    Yup. I know. I have a server. But as you say SMTP doesn’t have **authentication and I’m not going to make my server’s SMTP public. ISPs work around this by only allowing mail to be sent from one of their IP addresses. Which would be fine if it didn’t do the damn “on behalf of” thing.

    ** Actually there is authenticated SMTP, Zen have it and I use it … just trying to avoid having to run it on my server.

    mattjg
    Free Member

    Obviously if it’s your work email then that one is out but you should be able to use your work server for outgoing as well I assume.

    I work from home … that’s the issue.

    Cougar
    Full Member

    as you say SMTP doesn’t have authentication

    That isn’t what I said – I said you have to authenticate, not that you can’t.

    I have a server.

    Ah, you neglected to tell us that bit. Why go through Virgin’s (/anyone’s) SMTP servers at all, then?

    mattjg
    Free Member

    That isn’t what I said – I said you have to authenticate, not that you can’t.

    Fair enough.

    Ah, you neglected to tell us that bit. Why go through Virgin’s (/anyone’s) SMTP servers at all, then?

    Because the SMTP on our server doesn’t have authentication – and since I will be connecting via an ISP neither will I have a fixed IP address.

    Cougar
    Full Member

    Gotcha.

    So by “your” server you mean you’ve got, what, a local SMTP server on a dynamic IP address? (You don’t mean you’re connecting to a remote work email server from home?)

    So your local server is pointing to Virgin’s SMTP hosts to relay email to the outside world. Sticky, then, you’re neither one nor the other really. What are you using as an email server if it doesn’t support authentication on its connector?

    I’m not really seeing a simple way round this then, other than what’s already been said above. You can’t go through your email provider’s SMTP because that’s you. Sending directly is arguably the ‘correct’ way, but with a dynamic IP and various anti-spam policies from different hosts it’s probably more trouble than it’s worth (as I’m sure you’re aware by the sounds of things). So you’re left with public relays (if you can provide authentication credentials) or Virgin’s “on behalf of” shenanigans.

    As an aside, there’s an interesting point on the second post here; seems you’ve to tell them what addresses you’ll be using as well.

    mattjg
    Free Member

    We rent a dedicated server in a warehouse in London that runs Linux and the services we provide to our clients. I mean a proper, bunch of hardware in a pizza box, server.

    Yup saw re notifying Virgin re the domains to be used. That’s not a problem but doesn’t stop the “on behalf of”.

    If I was happy with “on behalf of” I’d use Google and it would be no issue.

    Anyway there we go, I don’t think Virgin will do what I need.

    sas
    Free Member

    If you own your domain is using Google Apps a possibility? Ihaven’t actually tried this, but I’m thinking of signing up to avoid the “on behalf of” thing in GMail.
    http://support.google.com/mail/bin/answer.py?hl=en&answer=78799
    http://support.google.com/a/bin/answer.py?hl=en&hlrm=en&answer=176600

    sl2000
    Full Member

    I’ve recently set up Google Apps to send email for my domain – so using me@example.com instead of example@gmail.com (with web mail access at https://mail.example.com).

    http://www.google.com/enterprise/apps/business/index.html

    Pretty easy to work through.

    mattjg
    Free Member

    Thx guys I’ll try that.

    jmason
    Free Member

    Aye +1 for google apps and a domain. Rock solid, reliable, imap and free (not counting domain(and your soul(possibly)))

    sas
    Free Member

    Just make sure you don’t use 1and1 as your domain registrar… the reason I haven’t got round to Google Apps is that they don’t support it (for email you need to edit certain DNS settings which 1and1 won’t allow).

    mattjg
    Free Member

    ok, mostly they are on easily.co.uk

    mattjg
    Free Member

    Follow up: Google Apps looks to be a PITA for multiple domains.

    I’m trialling this: http://www.authsmtp.com/

    Seems to do just what I need.

    Maybe that’ll help someone in the future.

    xiphon
    Free Member

    You have access to a dedicated server? So why not restrict SMTP relays to the domains you specify?

    mattjg
    Free Member

    because anyone else could connect to the server and do that too

    xiphon
    Free Member

    What SMTP software is running? How competent is the person who administers the server?

    And to be clear, what exactly are you trying to achieve?

    Send email, from your home virgin internet connection, as another domain?

    mattjg
    Free Member

    He’s highly competent but please point me to what we should be running if we’re missing something. We’re running Postfix, with Google Postini handling inbound spam management.

    I want to be able to send email, with the from address correctly set as my business domain (of which there are several) with no “on behalf of” nonsense, while connected to the net with Virgin Broadband. I currently use Zen successfully for this but will probably switch to Virgin soon if I can resolve this.

    Cougar
    Full Member

    Out of interest, what’s your reasoning for running business email from an SMTP server relaying upstream from a consumer broadband connection with a dynamic IP address?

    please point me to what we should be running if we’re missing something.

    You know, I think I’m tired of playing twenty questions. We’ve suggested using SMTP directly, but you don’t want to do that. We’ve suggested using a third party relay, but you don’t want to do that. We’ve suggested SMTP authorisation, but you don’t want to do that. I don’t mean to be rude but without understanding your setup and what you’re trying to achieve and thus why all these suggestions aren’t appropriate for you, it’s bloody hard to make recommendations.

    What you need to do, I think, is ring Virgin’s presales tech support and ask them your question directly. It doesn’t look like there’s anyone here who knows authoritatively how their servers behave, which is why alternatives have been suggested instead.

    grahamb
    Free Member

    How about using ssh tunnel on the linux server ?.
    Open up ssh through the firewall on the server, allowing key only authentication (ie disable password authentication). Then port forward 25 over ssh to some local port.

    If you’re worried about bad guys trying to break into your ssh server there’s plenty of tools out there that will monitor the logs for failed ssh attempts & add the failing ipaddr to the iptables rules.

    It’s what i use.

    xiphon
    Free Member

    Forget SSH….

    You need to use something like OpenVPN – a simple, reliable, fast, secure connection between your PC and your dedicated box.

    Run the OVPN server on the dedicated box, and run the Win32/OSX/Linux OpenVPN client on your home/work PC.

    Add the hostname ‘internalsmtp’ to your hosts file, with the corresponding INTERNAL IP (private) of your OpenVPN box (say, 10.0.1.1)

    Step 1. When in ‘work’ mode, simply connect (takes less than 10 seconds) to your server via the client.

    Step 2. Open up Outlook (or whatever mail client you use), and use “internalsmtp” as the outbound server.

    Step 3. Write an email, choose which domain to send as, and click send…

    I should add you should lock-down your SMTP server to only accept connections from those in the OpenVPN client range (for example, 10.0.2.X), and also make appropriate firewall rules (no inbound SMTP for starters!)

    This way, you don’t need to explicitly add every client domain to the smtp whitelist.

    Forward this onto your sys admin… and if he doesn’t understand a word of the above…. get a new admin 😉

    FWIW we have deployed about 500 remote client PCs (in factorys all over the world) and use OpenVPN for them to phone back home. Only requires ONE port and ONE protocol open at the firewall (e.g. 5000/UDP)

    pdw
    Free Member

    FWIW the “on behalf of” nonsense is something that’s added by Outlook when the sender (envelope) address doesn’t match the from address.

    The Virgin mail servers will set their envelope address to your Virgin Media address and there’s no way you can change this, so if you use a different from address, some recipients will see the “on behalf of” thing.

    The only way to avoid this is to not use Virgin’s SMTP servers.

    I run a small ISP, and we sell email hosting that includes authenticated SMTP, which avoids exactly this problem. You connect to our SMTP server with a username and password, and we set your sender address to whatever your mail client tells us to. As others have said, it also means that if you’re on a laptop, you don’t have to change your email settings when you change connection.

    If you’ve got your own server there’s various ways around the problem. You can configure Postfix to do authenticated SMTP and use that as your outgoing mail server, or as others have said, you can use SSH or a VPN. If you’re already committed to running an internet facing mail server, then this isn’t a big change, but otherwise I’d pay someone else to do it.

    xiphon
    Free Member

    Another thing to remember is to configure your domains to avoid spam traps.

    SPF is handy ( http://en.wikipedia.org/wiki/Sender_Policy_Framework )

    Also using domain aliasing is handy (all your domains could be mail.somthing.com, yet alias to mail.yourcompanydomain.com). If you change IPs/domains, just change mail.yourcompanydomain.com and the rest automatically follow…

    Any questions – email’s in profile 🙂

    I’m a Win/Linux admin by profession…

    xiphon
    Free Member

    And my method of using OVPN above doesn’t require SMTP authentication… that’s done by only allowing OpenVPN clients to send email..

    mattjg
    Free Member

    Lots of info there, will have a read through, thanks for taking the time to post, appreciate it.

    Cougar: chill out.

Viewing 36 posts - 1 through 36 (of 36 total)

The topic ‘Virgin Broadband – Email Relaying?’ is closed to new replies.