HPE Community
Operating System - OpenVMS
1828301 Members
3547 Online
109975 Solutions
New Discussion

Re: Can a VMS MAIL account name be masked when sending replies?

 
Robert Manning_2
Valued Contributor

‎09-29-2003 10:36 PM

‎09-29-2003 10:36 PM

Can a VMS MAIL account name be masked when sending replies?

In OpenVMS Alpha 7.3, does anybody know whether it's possible to mask or set an alias for a username in MAIL?

The question was raised by a DBA whose application responds to external user queries with an automated reply from a VMS MAIL account. The response identifies the sender as username@nodename.domain, which he believes could pose a possible security issue.

I imagine he could set up a forwarding system so replies could come from a nondescript account name, but that still leaves the matter of identifying the node.

If anyone has any suggestions, I'd appreciate it...

Bob
0 Kudos
Reply
5 REPLIES 5
Ian Miller.
Honored Contributor

‎09-29-2003 10:46 PM

‎09-29-2003 10:46 PM

Re: Can a VMS MAIL account name be masked when sending replies?

For recent versions of TCPIP services (V5 and later) you can define the logical name TCPIP$SMTP_FROM to specify a different address.
____________________
Purely Personal Opinion
0 Kudos
Reply
Åge Rønning
Trusted Contributor

‎09-29-2003 11:01 PM

‎09-29-2003 11:01 PM

Re: Can a VMS MAIL account name be masked when sending replies?

You should be able to do what you want with Callable mail which has been documented for a long time.

You find an example that might get you started at http://h71000.www7.hp.com/wizard/wiz_3214.html
VMS Forever
0 Kudos
Reply
Åge Rønning
Trusted Contributor

‎09-29-2003 11:10 PM

‎09-29-2003 11:10 PM

Re: Can a VMS MAIL account name be masked when sending replies?

Another example of Callable mail at the Freeware CD:

http://h71000.www7.hp.com/freeware/freeware50/srh_examples/callable_mail_test.c
VMS Forever
0 Kudos
Reply
Robert Manning_2
Valued Contributor

‎09-29-2003 11:33 PM

‎09-29-2003 11:33 PM

Re: Can a VMS MAIL account name be masked when sending replies?

Ian,

Thanks - I've defined that logical on a test environment and I'll see what the application guys make of it.

Age,

Thanks also - I've passed the shortcut along. I had a look at the document; I figure it's something the application developers could customise for their own particular environment. Anyhow I'll wait and see how they get along with it.

I'll post again when I get results back, and probably have a point or two to throw around...

Thanks,

Bob
0 Kudos
Reply
John Gillings
Honored Contributor

‎09-30-2003 09:10 AM

‎09-30-2003 09:10 AM

Re: Can a VMS MAIL account name be masked when sending replies?

Bob,

TCPIP$SMTP_FROM can be used to change the "from" address. That will mask the real source for cursory examination from most common mail programs. Setting the personal name (SET PERSONAL_NAME="string") can also be used to mask the IP style address. However, the "real" source can usually be determined by examining the SMTP headers.

Although there are other ways to cover your tracks more completely, remember that they're typically only used by SPAMMERS, so any mail you send using the same techniques are likely to be identified as SPAM and may be rejected by automated filters. A "From" address from a bogus domain is a prime candidate for rejection.

You need to consider what security issues you're concerned about and weigh them against the potential problems you might cause.

I'd recommend you set the PERSONAL_NAME to something like "Automated response from XYZ Corporation" and the TCPIP$SMTP_FROM address to a GENUINE address on a less critical node. Or, if you don't want responses, to something like "PleaseDoNotReply@genuine.domain.com".

Whatever you do, make sure you TEST is with a real sample from your target audience. Make sure what they see in their mail program is acceptable.
A crucible of informative mistakes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.