Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

OpenVMS Disable SMTP Listener but still send email

 
Glyn Gowing, Ph.D.
Occasional Visitor

OpenVMS Disable SMTP Listener but still send email

Hello,

I need to know how to disable the SMTP listener on an OpenVMS machine running the UCX package but I still need to be able to send email from this machine.

I cannot seem to find anything that makes that distinction - everything I can find either disables everything or enables everything.

Thanks.
21 REPLIES 21
Vladimir Fabecic
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

I do not understand the question.
You want to be able to send mail but not with UCX SMTP?
If so, you can look for MX mail for MadGoat.
http://www.madgoat.com/mx042.html
In vino veritas, in VMS cluster
Joseph Huber_1
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email


I tried to just disable the receiver by
TCPIP DISABLE SMTP
but that seems to disable sending as well, at least a test mail got lost.

In principle disabling service smtp should just close the receiver port. In my test I saw the mail delivered o.k., but it never arrived.

Try and test it on Your site.
http://www.mpp.mpg.de/~huber
Vladimir Fabecic
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Still do not understand.
You do not need SMTP listener at all to send mail.
See this:
Start a Telnet session from a DCL by entering:
Telnet your.mailserver.com 25

220 a.mail.server.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.2499 ready at Thu, 29 Jun 2006 15:59:02 -0600
helo

250 a.mail.server.com Hello [192.168.0.15]
mail from: fromemail@server.com

250 2.1.0 email@server.com...Sender OK
rcpt to: joe@server.com

250 2.1.5 joe@server.com
data

354 Start mail input; end with .
This is a test.
. (enter a dot/period to end the data)

250 2.6.0 Queued mail for delivery

quit
Connection to host lost.

You can use PINE for VMS, for example.
In vino veritas, in VMS cluster
Peter Zeiszler
Trusted Contributor

Re: OpenVMS Disable SMTP Listener but still send email

I think he is trying to get SMTP to not acknowledge that it is running on that system. Might be for something as simple as "security" (i.e. security scans report SMTP running on system so security people come down saying - Turn it off).

I don't know of anyway to turn off "listener". About the only thing I have done on my systems was to suppress reporting smtp version
$ define/system/exec TCPIP$SMTP_SUPPRESS_VERSION_INFO 1

Can you explain what you want and why you want it? It could be different terms used or communicaton error with people is all.

Hoff
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Ok, regardless of the use of Simple within the acronym, SMTP is big and hairy and some understanding is required in order to deal with questions involving this beast. I'm going to shot-gun this, to try to provide enough terms to allow further discussion if I've guessed wrong on the intent here.

There are the client Mail User Agents (MUAs). The OpenVMS MAIL utility is an MUA. On OpenVMS with TCP/IP Services, the mail message transport agent known as SMTP% is a key piece of the implementation of the MUA.

There are the Mail Submission Agents (MSAs). These receive the message from the MUA.

There are the Mail Transfer Agents (MTAs) SMTP servers. These shovel the messages around.

And there are the Mail Delivery Agents (MDAs). On OpenVMS, the MDA gets the message from the mail server into the mail folder.

In its entirety, the MUA mail client connects to the MSA which uses the MTA to deliver the message via the MDA.

Various of these hunks can be combined together. On OpenVMS, the MSA and the MTA both use port 25, and the same underpinnings. In particular, OpenVMS combines MSA, MTA and MDA together in one "hunk".

Most SMTP mail servers (MTAs) generally use port 25, and can also be configured as MSAs to accept messages via port 25 or (becoming far more common given spam) via ESMTP and port 587. Yes, you can do ESMTP on 25. (That is rare, in my experience.)

OpenVMS does not provide an ESMTP MSA.

TCP/IP Services and OpenVMS Mail together provide all four pieces of SMTP. On OpenVMS, you can't disable receipt of messages via the server without also disabling client operations, as the server is how the client sends its messages out.

What you will have to do here is to disable SMTP entirely, and scrounge up an SMTP client that uses a client port on a remote host. Probably an ESMTP (SMTP AUTH) client. Again, this client usually submits via port 587, though it's technically feasible to implement ESMTP on port 25. Most ISPs I am aware of tend to require use of port 587, and don't tend to accept from MUAs via (unauthenticated) port 25.

One of the more common MUA (clients) for OpenVMS that can provide ESMTP is built within Mozilla, but it would not be particularly difficult for a software engineer to create one if none more suitable can be found. There are other clients around.

I have not encountered an SMTP transport agent for OpenVMS mail itself -- this is the SMTP% transport stuff I am referring to here -- that does ESMTP. It would be an add-on, or would otherwise replace the provided SMTP% transport agent.

Or you leave SMTP services enabled.

Feel free to contact me offline if you'd like to discuss this topic further. I've tossed a whole lot of detail -- possibly too much -- into a really tiny text box.

Stephen Hoffman
HoffmanLabs LLC

Steven Schweda
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

I haven't tried it, but you might be able to
get the desired effect by configuring SMTP
normally (verifying that it works both ways),
and then using "SET SERVICE /ACCEPT = HOST =
addr", where "addr" is something harmless,
like the system's own address, or some unused
or inaccessible address.

I'm assuming that this affects only incoming
connection requests, but no bets.
Joseph Huber_1
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Hoff:
TCP/IP Services and OpenVMS Mail together provide all four pieces of SMTP. On OpenVMS, you can't disable receipt of messages via the server without also disabling client operations, as the server is how the client sends its messages out.

Well it is just heuristics, not knowing what happens behind the scene:
At least if TCPIP$SMTP is always using a gateway (general and alternate gateway), it seems to be sending mail even if the local SMTP server is disabled.

The test I reported earlier was successful, I just was confused by the mail received delayed (I had it sent via gateway back to the node where the receiver was disabled :-).

Without external gateway then there (probably) must be a local SMTP/port 25 server. (?)
http://www.mpp.mpg.de/~huber
Steve-Thompson
Regular Advisor

Re: OpenVMS Disable SMTP Listener but still send email

Hi Glyn

Im sure you can achieve what you want this way.

Configure a normal working SMTP server and then simply deny all imcoming mail. This can be achieved using the ANTISPAM facility.
(18.6 - AntiSPAM section of TCPIP management)

It's very flexible! You can DENY everything or selectively allow a domain or person!
And it works....

Regards
Steven
Steve-Thompson
Regular Advisor

Re: OpenVMS Disable SMTP Listener but still send email

Glyn ...

Thinking about this a bit more....
Are you trying to "hide" the VMS box?
My previous suggestion doesnt hide the box. In a correctly configured DNS/MX environment email senders will receive a REJECT message.

If your (VMS) SMTP problem is in a private network, you could use DNS/MX to your advantage to literally lose all incoming mail, and thus hide the VMS box.

As is one of my VMS servers. [My] VMS box is a server, and it doensnt collaborate in DNS, because it doesnt need to. BUT it sends SMTP mail to a "Notes" server and to the outside world.

The effect is I can send SMTP messages but there's no way the real SMTP/MX servers can route mail back to me because they dont know the VMS box exists.

Regards
Steven

Bryan Ross
Occasional Visitor

Re: OpenVMS Disable SMTP Listener but still send email

Maybe I'm missing the point, but the SMTP client is what sends mail.

The email "listener" is POP. Don't you just want to disable the POP server?
Wim Van den Wyngaert
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

If you only want to disable access to the listener, check ucx help set servi/acc.
You can limit the access.

Wim
Wim
Joseph Huber_1
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Bryan,
the SMTP server is receiving the mail (and sends it to the destination mailbox).
POP has nothing to do with SMTP sending/receiving, it is a protocol to access user mailboxes on a remote node, wether it is a (the) SMTP or not.

http://www.mpp.mpg.de/~huber
Steven Schweda
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

> [...] set servi/acc [...]

Why didn't _I_ think of that? No, wait, ...
Joseph Huber_1
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email


I stand claiming one can disable the SMTP receiver (TCPIP DISABLE SERVICE SMTP) at all, as long as the sender (the SMTP symbiont) is able to find a gateway.

I tried really hard on my system: removed general/alternate gateways, zone, local MX records, deassigned the TCPIP$SMTP_MX_IF_NOALTGATE logical: since my DNS server (not on VMS, so I can't remove it) still has an MX record, TCPIP$SMTP still can send.

The only question remains to be answered from Glyn after a test on his own system is: does it work like this ?

BTW: if there is no SMTP server on the sending system, then it should set a /substitute_domain, otherwise it sends out mails with un-replyable reply addresses.
http://www.mpp.mpg.de/~huber
Joseph Huber_1
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Rethinking, it even has nothing to do with gateways, TCPIP services SMTP sender will directly contact the destination on port 25.

Only if the destination address is an MX domain name, it must be able to translate to a node address.

But sending turns out to be independent of any SMTP service connected to port 25 of the senders node.

But I wonder why Glyn wants to disable mail receiving at all ?
http://www.mpp.mpg.de/~huber
Richard W Hunt
Valued Contributor

Re: OpenVMS Disable SMTP Listener but still send email

I don't propose to speak for anyone else here, but having one-way SMTP is very common in an SMTP environment on a USA Dept. of Defense network, and it is done for security purposes.

I've got one for which the one-way setup was accomplished by our network team blocking STMP traffic coming towards my cluster at a firewall level. I have to use a mail relay server for outbound traffic and cannot pick up any inbound mail at all. It's a real pain, too, because the outbound relay servers remind me of cold molasses.

Before you ask... no, I don't know why they do that for OpenVMS, but then trying to tell a D.o.D. network guru that OpenVMS is not nearly as vulnerable as Windows is like talking to a brick wall. Except that the brick wall is probably far easier to recognize as such.
Sr. Systems Janitor
Willem Grooters
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Just a blind guess - I cannot check at this very moment, but it might just do what you need.

Sending mail is done via queue(s) SMTP. Leave that in place.

Receiving mail _might_ be handled by a procedure behind port 25: if $ TCPIP SHOW SERVICE/PORT=25 shows a commandprocedure, that will be the one to handle incoming messages. What you might do is edit this file, or replace it with one that does _nothing_ else but EXIT (or read HELO - you'll ghet who's calling - and then drop).

Blunt but effective.
Willem Grooters
OpenVMS Developer & System Manager
Thomas Ritter
Respected Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Just to add to Richard W Hunt's note...we also only allow outbound SMTP and block all inbound at the firewalls.

2 cents.
Willem Grooters
Honored Contributor

Re: OpenVMS Disable SMTP Listener but still send email

On my previous mesage:

If a incoming coonect request is received on port 25, procedure TCPIP$SYSTEM:TCPIP$SMTP_RECV_RUN.COM is invoked (using TCPIP V 5.6) - in turn this runs program to process the message.
Not advisable - but you could think of changing this file, or replace it with another with the same name (or with another but you'd have to prepare TCPIP$CONFIGURE.COM for that. Not advisable either, for the same reason)).

If the system is behind a firewall, why not disable incoming mail on port 25, or transfer it to another port where you simply drop the message - or have no service defined at all. Big advantage: you don't have to mess around in the standard config ;)
Willem Grooters
OpenVMS Developer & System Manager
Thomas Ritter
Respected Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Willem's approach should work

$ ucx show service smtp/full

Service: SMTP
State: Enabled
Port: 25 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: TCPIP$SMTP Process: TCPIP$SMTP
Limit: 300 Active: 0 Peak: 1

File: TCPIP$SYSTEM:TCPIP$SMTP_RECV_RUN.COM
Flags: Listen IPv6

Socket Opts: Rcheck Scheck
Receive: 0 Send: 0

Log Opts: Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr
File: SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_RECV_RUN.LOG

Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
$ type TCPIP$SYSTEM:TCPIP$SMTP_RECV_RUN.COM
$ !
$ ! File name: TCPIP$SMTP_RECV_RUN.COM
$ ! Product: HP TCP/IP Services for OpenVMS
$ ! Version: V5.6-ECO2
$ !
$ ! © Copyright 1976, 2006 Hewlett-Packard Development Company, L.P.
$ !

...

$ ! constituting an additional warranty.
$ !
$ set :=
$ set noon
$ set symbol /scope=(nolocal,global)
$ set symbol /scope=(nolocal,noglobal)/verb
$ serv_id = f$edit("tcpip$smtp","upcase")
$ serv_home = f$edit("sys$specific:[''serv_id']","upcase")
$ !
$ ! purge smtp receiver logs
$ !
$ purge:
$ set default 'serv_home'
$ logsav = 2 * f$getsyi("cluster_nodes") + 5
$
$ lognam = f$edit("tcpip$smtp_recv_run.log","upcase")
$ if f$search(lognam) .nes. ""
$ then
$ purge /noconfirm/nolog/keep='logsav' 'lognam'
$ endif
$ !
$ ! start smtp receiver process
$ !
$ run:

Make your changes here ...

$ run 'f$edit("sys$system:tcpip$smtp_receiver.exe","upcase")'
$ !
$ ! completed smtp receiver execution
$ !
$ exit:
$ exit $status .or. %x10000000
Thomas Ritter
Respected Contributor

Re: OpenVMS Disable SMTP Listener but still send email

Look for the listener ...

$ pipe netstat -na |sea sys$input *.25
tcp 0 0 *.25 *.* LISTEN
$ ucx disable service smtp

Listener now gone ...

$ pipe netstat -na |sea sys$input *.25
%SEARCH-I-NOMATCHES, no strings matched

Send email ...

$ mail/subject="test" nl: smtp%"thomas.ritter@secret.com.au"

allows outgoing email but no incoming email.
and email received.