- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: smtp accept request
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 07:46 AM
08-18-2010 07:46 AM
I don't have any users on one of the systems (it's a test system) and I'm pretty sure no one is sending or receiving email other than me. There is a tcpip$smtp_recv_run.log file created every time one of these opcom messages comes in, but it doesn't have anything unusual in it. (I can post it here if needed.)
The port shown changes every time, and this comes out about (but not exactly) every minute. No other opcom messages (that would be related) come out at the same time.
%%%%%%%%%%% OPCOM 18-AUG-2010 11:28:27.72 %%%%%%%%%%%
Message from user INTERnet on HNATST
INTERnet ACP SMTP Accept Request from Host: 10.252.19.122 Port: 3351
Any hints as to what I should look at - assuming it's something I need to fix on the vms side?
Thanks,
Ron
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 09:32 AM
08-18-2010 09:32 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
TCPIP SHOW VERSION
> INTERnet ACP SMTP Accept Request [...]
It is what it says. Someone (at Host:
10.252.19.122) is trying to send e-mail to
someone at this system.
> There is a tcpip$smtp_recv_run.log file
> created every time one of these opcom
> messages comes in, but it doesn't have
> anything unusual in it.
Define "unusual". Defining (/system)
TCPIP$SMTP_RECV_TRACE = 1 might add some
interest. I do that here, and it shows
things like the "MAIL From:" and "RCPT To:",
which might offer some hints as to who's
trying to do what to whom.
> (I can post it here if needed.)
With my weak psychic powers, it's hard to say
what might be useful.
When those .LOG files hit ;32767, you may
need to intervene.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 09:36 AM
08-18-2010 09:36 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
stop, and your influence with the sender is
slight, then you could add:
Bad-Clients: 10.252.19.122
to "SYS$SPECIFIC:[TCPIP$SMTP]SMTP.CONFIG".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 10:33 AM
08-18-2010 10:33 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 10:49 AM
08-18-2010 10:49 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Wonder why it's trying to send email, or how it's "monitoring" via smtp, but...
anyway, this is tcpip v5.6 eco 5, fwiw.
I did turn on the tcpip trace and debug logicals earlier, attached is the recv_run log from that time.
I did already hit the 32767 limit, hoping to avoid having to worry about that again...
the "bad clients" idea sounds like it might work for me - any negative effects I should be concerned about in doing that? i.e. what does it do, on my end and his?
and Hoff, didn't know what to include without making the problem description overly lengthy...figured to get the discussion rolling and go from there.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 10:59 AM
08-18-2010 10:59 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Many organizations run port scanning software to see which systems are listening on which ports (and therefore may be vulnerable to attack). On well known ports (as is SMTP's 25) they'll often engage in a conversation with that well known application - with SMTP, for example, not to prove they can send mail, but to determine which of the other features of SMTP might be active as some are potentially revealing with respect to the OS or users of the system. Often the folks who engage in this sort of scanning come calling later telling you that there are risks that require mitigation... :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 11:31 AM
08-18-2010 11:31 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Though an entirely more serious note, these sort of network tools are a neglected area of security; they're potentially juicy targets, too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 11:45 AM
08-18-2010 11:45 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
> work for me - any negative effects I should
> be concerned about in doing that? i.e.
> what does it do, on my end and his?
ALP $
%%%%%%%%%%% OPCOM 18-AUG-2010 13:07:24.55 %%%%%%%%%%%
Message from user INTERnet on ALP
INTERnet ACP SMTP Accept Request from Host: 41.140.98.126 Port: 4130
ALP $
%%%%%%%%%%% OPCOM 18-AUG-2010 13:07:34.15 %%%%%%%%%%%
Message from user TCPIP$SMTP on ALP
%TCPIP-W-SMTP_BADCLNT, client IP address 41.140.98.126 matched Bad Clients list
Stops junk e-mail delivery, but doesn't do
much for OPERATOR.LOG. Possibly more useful
in this situation:
TCPIP set service SMTP /reject = host = 10.252.19.122
> I did already hit the 32767 limit, hoping
> to avoid having to worry about that
> again...
I have added a (messy, potentially
embarrassing) piece of DCL to
TCPIP$SMTP_RECV_RUN.COM which does a
purge-and-renumber operation from time to
time. (It may be ugly, but it does seem to
work around here, at least until the latest
TCPIP patch installation overwrites it
(again).)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 11:55 AM
08-18-2010 11:55 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Probably not important here, but for
annoyances which originate in the outside
world, setting this to TRUE can stop
considerable junk.
ALP $
%%%%%%%%%%% OPCOM 18-AUG-2010 09:22:34.94 %%%%%%%%%%%
Message from user INTERnet on ALP
INTERnet ACP SMTP Accept Request from Host: 113.22.236.153 Port: 23708
ALP $
%%%%%%%%%%% OPCOM 18-AUG-2010 09:22:42.27 %%%%%%%%%%%
Message from user TCPIP$SMTP on ALP
%TCPIP-W-SMTP_UNBKTRNSIP, client IP address 113.22.236.153 is not backtranslatable to a host name
Again, doesn't do much for OPERATOR.LOG, but
a valid sender without a working
address-to-name look-up is pretty rare.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 12:14 PM
08-18-2010 12:14 PM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
So it should be possible to resolve the issue by human interaction - unless the organization is too big to find the people responsible for the systems involved :-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2010 09:55 PM
08-18-2010 09:55 PM
SolutionWhy not just turn off the SMTP logging?
$ TCPIP
TCPIP> SET SERVICE SMTP /LOG_OPTION=NOACCEPT
TCPIP> DISABLE SERVICE SMTP
TCPIP> ENABLE SERVICE SMTP
TCPIP> EXIT
$
This will stop the annoying OPCOM messages.
You might also ask your co-workers why their monitoring software is pinging your machine every minute.
Regards,
Jeremy Begg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2010 05:32 AM
08-19-2010 05:32 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Thanks for the reminder. I will look at doing that, though I will also look at the suggestion for the reject=host=..., which might be the "less-sledge-hammer-ish" approach.
As for the monitoring, that's how this particular package works, I suppose...I don't really have any say at that site, I just have to deal with whatever they're doing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2010 07:06 AM
08-19-2010 07:06 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Thanks for everyone's help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2010 07:13 AM
08-19-2010 07:13 AM
			
				
					
						
							Re: smtp accept request
						
					
					
				
			
		
	
			
	
	
	
	
	
Check the ratings of the firewalls versus your typical maximum bandwidth; you may be able to operate with a mid-grade firewall.
Or have the IT folks VLAN your stuff.
Or have the probes stopped. VMS mail isn't very secure, so they're not going to prove anything here.
