- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Disabling VMS mail
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 01:18 AM
02-06-2007 01:18 AM
I do not want to set the "/dismail" flag on user accounts, but rather disable it altogether for everyone (both on the fly and for a ny future reboot)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 01:47 AM
02-06-2007 01:47 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
E.g. dfg, sched, DTSS, CA, ...
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 01:54 AM
02-06-2007 01:54 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
I didn't think there would be an easy answer. Is there any way of making VMS mail inaccessible to certain groups, or perhaps only available to holders of a particular identifier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 02:16 AM
02-06-2007 02:16 AM
SolutionDISMAIL and DISNEWMAIL are the usual approaches toward locking out MAIL. (Removing NETMBX privilege may or may not be feasible. It usually isn't, but sometimes it is.)
Further along is CAPTIVE or RESTRICTED command procedures, and simply keeping the user out of MAIL. MAIL is one of a class of utilities with a couple of interesting features, so I tend to avoid permitting a completely untrusted user access into the MAIL command prompt.
If you are specifically targeting remote IP mail access, you can disable SMTP.
There are parts of OpenVMS itself that use MAIL for various purposes, and many command procedures around can expect access to MAIL, so removing it isn't necessarily something I would recommend.
In any case, it would be useful to know some background around why you're locking out MAIL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 02:20 AM
02-06-2007 02:20 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
To disable mail for group 300
mc authorize mod [300,*]/flags=dismail
I don't know if you can set an identifier to remove access to mail. You might be able to do it through ACLs on the SYS$COMMON:[SYSEXE]MAIL.EXE file.
I personally would stick with UAF modifications.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 02:39 AM
02-06-2007 02:39 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
... or set-up an identifier access ACL on sys$system:mail.exe (note that it's an installed image) but this would return a rather ugly nopriv error and the user could of course have their own mail.exe
I suspect you can't remove NETMBX.
J.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 02:46 AM
02-06-2007 02:46 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
I think for now I will simply set the /dismail flag on selected accounts.
I cannot remove NETMBX, not can I make the accounts in question captive or restricted.... over a 1000 users with all kinds of different access requirements.
I will dig deeper into what you have all suggested and see what I can come up with. Thanks again for your time
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 03:41 AM
02-06-2007 03:41 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
As for locking out the utility via the command line, that's a fairly soft protection. It'll certainly slow down some of the script kiddies, but it won't but momentarily delay an experienced user. And I'd not recommend removing the command verb, but that too has been tried.
FWIW, Whether you're defending against script kiddies or experienced users or complying with corporate auditing requirements isn't yet known, which is why I was looking for some background around the question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 08:51 AM
02-06-2007 08:51 AM
			
				
					
						
							Re: Disabling VMS mail
						
					
					
				
			
		
	
			
	
	
	
	
	
((ID=MAILUSER,ACCESS=EXECUTE),ID=[*,*],ACCESS=NONE))
sort of thing. This allows chatting to the MAIL DECnet object using MAIL11 protocol for the terminally curious.
Security is often a people problem.
Purely Personal Opinion
