HPE Community
Operating System - OpenVMS
1751854 Members
5601 Online
108782 Solutions
New Discussion юеВ

Re: How to not treat localhost SMTP as relaying

 
SOLVED
Go to solution
Ben Armstrong
Regular Advisor

тАО11-09-2009 09:12 AM

тАО11-09-2009 09:12 AM

How to not treat localhost SMTP as relaying

In TCP/IP SMTP, if I:

- set norelay

AND

- do not configure a "smart host" gateway

Then I can't, as a local user of this system, send an email to the Internet via SMTP. The conversation goes like this:

$ telnet localhost 25
%TELNET-I-TRYING, Trying ... 127.0.0.1
%TELNET-I-SESSION, Session 01, host localhost, port 25
220 my.mail.server V5.4-ECO7, OpenVMS V7.3-2 Alpha ready at Mon, 9 Nov 2009 09:00:42 -0800 (PST)
helo localhost
250 my.mail.server Hello LOCALHOST, pleased to meet you, friend
mail from: me@my.mail.server
250 ... Sender OK
rcpt to: me@somewhere.out.there
551 User not local, Relay disabled.
quit
221 my.mail.server Service closing transmission channel

On another VMS system that is configured to make non-local deliveries via a "smart host", my portable script to send mail via SMTP works. But on a host where a smart host is not available, it fails with the above errors.

I combed the TCP/IP docs, looking for an answer to this one, but couldn't find anything. What am I missing? How do I prevent other hosts from using this system as a mail relay, but allow local users to send mail via SMTP without using a gateway host to do it?

Please don't tell me "use the VMS MAIL client, then", as that is not portable.

Thanks,
Ben
p.s. For anyone who cares, the mail script is written in Ruby, but since the telnet session above demonstrates the problem just as well, that isn't really relevant.
0 Kudos
Reply
9 REPLIES 9
Andy Bustamante
Honored Contributor

тАО11-09-2009 10:52 AM

тАО11-09-2009 10:52 AM

Re: How to not treat localhost SMTP as relaying

>>>How do I prevent other hosts from using this system as a mail relay, but allow local users to send mail via SMTP without using a gateway host to do it?

Option 1, enable mail relay and limit the source of connections. See Chapter 18, Managing TCPIP Services for OpenVMS at http://h71000.www7.hp.com/doc/83final/6526/6526pro_042.html#smtp_chap

$ TCPIP DISABLE SERVICE SMTP
$ TCPIP STOP MAIL
$ TCPIP SET SERVICE SMTP /ACCEPT=(host0, host1 ...)
$ TCPIP SET SERVICE SMPT /ACCEPT=NETWORK=a.b.c.d:mask
$ TCPIP START MAIL
$ TCPIP ENABLE SERVICE SMTP

Option 2, revise your script to use the DCL mail command, possibly in combination with mime as the source for your messages.

Andy Bustamante
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО11-09-2009 10:59 AM

тАО11-09-2009 10:59 AM

Solution

Re: How to not treat localhost SMTP as relaying

> - set norelay

> Then I can't, as a local user of this
> system, send an email to the Internet via
> SMTP.

Makes sense to me.

> How do I prevent other hosts from using
> this system as a mail relay, but allow
> local users to send mail via SMTP without
> using a gateway host to do it?

I'd try:

1. Let it act as a relay, so that it can
deliver some mail.

2. Adjust the rules in
SYS$SPECIFIC:[TCPIP$SMTP]SMTP.CONFIG
to limit the client list. ("Good-Clients:"
might be an easy way.)


> $ TCPIP SET SERVICE SMTP /ACCEPT=(host0, host1 ...)
> $ TCPIP SET SERVICE SMPT /ACCEPT=NETWORK=a.b.c.d:mask

Or do it that way. As usual, many things are
possible.
Reply
Hoff
Honored Contributor

тАО11-09-2009 11:04 AM

тАО11-09-2009 11:04 AM

Re: How to not treat localhost SMTP as relaying

As a completely different approach, the most direct route here is to send mail via the callable API within OpenVMS MAIL, or by generating and spawning a MAIL command under program control. These approaches completely bypass the SMTP transport-level security; you're running on the local host, and (if SMTP is configured and working) you can send MAIL.

C code here: http://labs.hoffmanlabs.com/node/744
0 Kudos
Reply
Hoff
Honored Contributor

тАО11-09-2009 11:04 AM

тАО11-09-2009 11:04 AM

Re: How to not treat localhost SMTP as relaying

And no, that's not portable. Nothing is.
0 Kudos
Reply
Louis in Michigan
Advisor

тАО11-09-2009 08:07 PM

тАО11-09-2009 08:07 PM

Re: How to not treat localhost SMTP as relaying

I believe that once you have created a session to TCPIP$smtp_receiver you are no longer considered a local user. NoRELAY is in effect for all incoming SMTP sessions. The only way to be local is to use VMSmail or a program which uses the API.

There may be something you could do with the TCPIP$SMTP_COMMON:SMTP.CONFIG file such as defining the values of "Relay-Zones:" to include the domains to which you wish to send mail. Of course doing this would create an open relay for thoes domains.
0 Kudos
Reply
Louis in Michigan
Advisor

тАО11-09-2009 08:41 PM

тАО11-09-2009 08:41 PM

Re: How to not treat localhost SMTP as relaying

I forgot about TCPIP$SMTP_COMMON:TCPIP$SMTP_LOCAL_ALIASES.TXT
you may also be able to do something here, however, this also leads to a domain limited open relay.
0 Kudos
Reply
Jansen_8
Regular Advisor

тАО11-10-2009 03:38 AM

тАО11-10-2009 03:38 AM

Re: How to not treat localhost SMTP as relaying

Did you try to add your localhost with its actual IP-number of this machine to the Good-Clients in your smtp.conf file.

Normally this overrides the "no-relay" for the hosts entered here.

Jouk
0 Kudos
Reply
Jansen_8
Regular Advisor

тАО11-10-2009 03:43 AM

тАО11-10-2009 03:43 AM

Re: How to not treat localhost SMTP as relaying

Correction on the previous. Probably you should add 127.0.0.1 (localhost) to the Good-Clients

Jouk
0 Kudos
Reply
Ben Armstrong
Regular Advisor

тАО11-10-2009 05:15 AM

тАО11-10-2009 05:15 AM

Re: How to not treat localhost SMTP as relaying

Interesting approach. I assume the TCP/IP stack also protects against someone spoofing 127.0.0.1 from the network by default?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.