HPE Community
Operating System - OpenVMS
1828398 Members
3556 Online
109977 Solutions
New Discussion

RLB problem?

 
SOLVED
Go to solution
Willem Grooters
Honored Contributor

‎09-23-2003 06:41 AM

‎09-23-2003 06:41 AM

RLB problem?

I wonder who has experience with SMTP as in TCPIP 5.3-18, ECO2, and is able to help me out with this.
I have to define my SMTP server as relay host since local PC's will send mail through it to any place on the internet; however, non-local SMTP servers are only allowed to send mail to my domain - unless they are know spammers. I use RLB lists for that, at least, I want to do that.
To test it, I logged in on a login server at my ISP and start a telnet session to my (external) address, port 25 (Firewall will forward to VMS machine). But it fails from the beginning:

$ telnet aaa.bbb.ccc.ddd 25
Trying aaa.bbb.ccc.ddd...
Connected to aaa.bbb.ccc.ddd.
Escape character is '^]'.
550 I Spotted you in an RBL. SPAMBREATH!
Connection closed by foreign host.
$

but I'm quite sure that this is NOT true.

When I take out the RLB list, it seems Ok. Unknown/bogus addresses, not translatable addresses and known bad domains will be rejected, and known good domains won't be able to send outside my own domain - i checked that the same way.

However, I would like to use RBL's, since it takes quite a lot of maintenance off my back. How to get that working?

I must admit I have no MX record yet pointing to my 'own' mail address. Could that be the case? (point is, that before I have my ISP setting an MX record for my domain, I want to be sure it all works as I want, and open relay is NOT permitted (obviously))

I added the relevant part of smtp.config (but obscured my location for obvious reasons ;-) (Not that I don't trust you, just to be sure)
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
9 REPLIES 9
John Gillings
Honored Contributor

‎09-23-2003 09:16 AM

‎09-23-2003 09:16 AM

Re: RLB problem?

Willem,

When you connect with RBLs disabled, what address do you come in on?

Have you tried setting your RBL list to ONE source at a time? Perhaps only one of them is failing? Perhaps your ISP really is a source of SPAM?

There are web pages that let you check your IP address against RBLs. For example: http://mail-abuse.org/cgi-bin/lookup (though this one probably isn't relevant for the default set of RBLs in SMTP.CONFIG)
A crucible of informative mistakes
0 Kudos
Reply
Willem Grooters
Honored Contributor

‎09-23-2003 05:46 PM

‎09-23-2003 05:46 PM

Re: RLB problem?

John,
With or without RBL, I use the same machine (at ISP), same login (my own on that machine), same destination (my SMTP server at aaa.bbb.ccc.ddd). I checked the ISP machine against RBL's (via mail-abuse.org, indeed) but none found that (ISP) address to be a bad one, so I wonder why this happened.
I'll add RBL's one at a time, then, in case one is failing....
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎09-24-2003 02:08 AM

‎09-24-2003 02:08 AM

Solution

Re: RLB problem?

Me too! ;-)

Same problem over here. My server at home came under siege by Spammers yesterday, so I had plenty of opportunity to experiment :-(

Disallowing non-translatable addresses cuts a good part of the spammers, but unfortunatly not enough. As soon as I uncomment the RBLs in smtp.config all incoming/relay traffic is bounced as being from a SPAM site. I did check this by explicitly sending mail from some systems I have access to to my home system.

So, right now I am back to norelay, which is good for the internet at large, but bad for me.

This looks like a problem in TCP/IP (Config: OpenVMS Alpha 7.3-1, TCP/IP 5.3 ECO 2)

P.S. Not Willems problem, but one I ran into yesterday - smtp.config needs to be W:RE to be used at all
Reply
Willem Grooters
Honored Contributor

‎09-26-2003 09:38 AM

‎09-26-2003 09:38 AM

Re: RLB problem?

Ha, so I'm not the only one.
Martin, I guess you have a support contract so would you issue an SPR for this. I could make one but since I have no support contract I can't leave it somewhere (as a small user, support is far too expensive and _so_ I'll never have a problem?)
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎09-27-2003 05:27 AM

‎09-27-2003 05:27 AM

Re: RLB problem?

Found the culprit: MR-OUT.IMRSS.ORG returns
every addres I tried as a SPAM originator.
Either just drop it from the list or replace it
e.g. with bl.spamcop.net.

I have not yet activated this on my server since I do want to monitor this closely and right now do not have the time to do so.
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎09-28-2003 06:06 AM

‎09-28-2003 06:06 AM

Re: RLB problem?

Seems to work ok now. My RBL list looks like
this

RBLs: rbl.maps.vix.com, dul.maps.vix.com, relays.orbs.org, bl.spamcop.net

and the operator log shows the RBL in action:

--> This is a spammer
%%%%%%%%%%% OPCOM 28-SEP-2003 12:19:32.85 %%%%%%%%%%%
Message from user INTERnet on KORONA
INTERnet ACP SMTP Accept Request from Host: 219.80.7.126 Port: 3603

$
%%%%%%%%%%% OPCOM 28-SEP-2003 12:19:35.48 %%%%%%%%%%%
Message from user TCPIP$SMTP on KORONA
TCPIP-W-SMTP_CLNTINRBL, client IP address 219.80.7.126 matched RBL list

---> Legitimate external host
%%%%%%%%%%% OPCOM 28-SEP-2003 12:20:09.34 %%%%%%%%%%%
Message from user INTERnet on KORONA
INTERnet ACP SMTP Accept Request from Host: 149.68.45.24 Port: 3717

---> Legitimate internal Relay host
%%%%%%%%%%% OPCOM 28-SEP-2003 12:29:27.92 %%%%%%%%%%%
Message from user INTERnet on KORONA
INTERnet ACP SMTP Accept Request from Host: 10.0.0.7 Port: 39134


0 Kudos
Reply
John Gillings
Honored Contributor

‎09-28-2003 03:43 PM

‎09-28-2003 03:43 PM

Re: RLB problem?

It looks like imrss.org has gone out of business (see http://www,imrss.org) and left a "block everything" rule to let you know.
A crucible of informative mistakes
0 Kudos
Reply
Willem Grooters
Honored Contributor

‎09-28-2003 08:29 PM

‎09-28-2003 08:29 PM

Re: RLB problem?

John,
Am I right then, that if a RBL goes offline, accessing it will result in blocking *@* - (anyone from anywhere) virtually everything?
I couldn't find anything on the vix.com site, I wonder if the RBL still exists over there. Is there a way to check the validity of an RBL-list? It would be better if you explicitly had a way to do so. A wiser approach then just stating "Block all" if a RBL goes offline...
Anyway, I did what Martin did - but domains that can not be translated into an IP-address, still seem to be Ok. But that could be because the source is the same network as my external address.
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎09-29-2003 03:26 AM

‎09-29-2003 03:26 AM

Re: RLB problem?

Hello Willem,

the way an RBL works is that essentially they do run a DNS server with entries for each address on the blacklist, i.e. to find out if ip address 1.2.3.4 is a spammer you do a

e.g. tcpip show host 1.2.3.4.bl.spamcop.net

if you get an error here the address is clean and not on the list. If the name is resolved it is a spammer

So easy test: Write a DCL to do this with each of your RBL servers. Use your own ip address as
the one to check. If this gets resolved either the RBL has a problem or you have a problem ;-) In any case it is time to investigate then.

Greetings, Martin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.