- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- TCPIP$SMTP antispam; How to stop spam relayed thro...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2005 04:23 AM
04-03-2005 04:23 AM
TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
Return-Path: toqawiger@alemail.com
Received: from ip.85.202.142.138.dyn.pool-3.broadband.voliacable.com (85.202.142.138)
by mynode.mydomain (V5.4-15E, OpenVMS V7.3-2 Alpha);
Sun, 3 Apr 2005 14:49:01 +0200 (MET DST)
Received: from alemail.com (alemail-com.mr.outblaze.com [205.158.62.177])
by ip.85.202.142.138.dyn.pool-3.broadband.voliacable.com (Postfix) with ESMTP id D2VWPG955H
for
All the mail originates at *.mr.outblaze.com, but the from domain, alemail.com in this case, changes all the time and translates back to the ip-adress of *.mr.outblaze.com.
The node that relays the mail to my mail server appears to be a virus infected PC and changes with every mail I see. De ip-address of the PC also translates back to an existing domain with MX record.
I have the following settings in smtp.config:
!!!Good-Clients: relay.dec.com, 16.20.0.0/16, 16.20.208.1
Good-Clients: 192.168.0.0/24
!
!!!Bad-Clients: 1.2.3.5, 11.1.0.0/8
Bad-Clients: 213.189.173.179, 200.121.83.234
!
!
RBLs: bl.spamcop.net,
relays.visi.com,
relays.ordb.org,
opm.blitzed.org,
list.dsbl.org,
dnsbl.sorbs.net,
sbl-xbl.spamhaus.org
!
!!!Relay-Based-On-Mx: TRUE
!
Reject-Unbacktranslatable-IP: TRUE
!
Accept-Unqualified-Senders: FALSE
!
Accept-Unresolvable-Domains: FALSE
!
!!!Reject-Mail-From: *.xyz.com, known.spammer@*, *the_internet*
!
Reject-Mail-From: sam@alcyone.darkside.com, *.mr.outblaze.com, *.umass.edu
!
!!!Accept-Mail-From: *@notabadguy.xyz.com, the_internet_news@somehwere.com
!
SPAM-Action: OPCOM, ACCOUNTING
!
Security: SECURE
!
Unbacktranslatable-IP-Text: Your IP address is unbacktranslatable. SPAMMER!
Bad-Clients-Text: You dirty SPAMmer.
Client-In-RBL-Text: I Spotted you in an RBL. SPAMBREATH!
Reject-Mail-From-Text: Haven't you SPAMmed me before?
Unqualified-Sender-Text: MAIL FROM who? You've got to be kidding.
Unresolvable-Domain-Text: MAIL FROM where? Yeah right.
SPAM-Relay-Text: Trying to launch your SPAM from my site will get you nowhere.
How do I stop this kind of spam?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2005 09:08 PM
04-04-2005 09:08 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
Robert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2005 05:26 AM
04-05-2005 05:26 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
Blocking the PC doesn't help because the next spam mail will come from another infected PC.
So for every every spam message I receive from outblaze.com, the relay is a different PC, The from address including the domain part is different, the from domain exists and has a MX record.
The only thing that appears to be the same for all these messages is the IP-address of the sender domain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2005 07:38 PM
04-06-2005 07:38 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
Dus je hebt je VMS doosje rechtstreeks aan het internet ? Heeft het niet met relay te maken ? Xs4all controleert de SMTP servers daar op toch ? Er is een site met richtlijnen om relay te voorkomen, maar weet de URL niet direct meer... Via deze moet je er wel komen : http://www.xs4all.nl/helpdesk/mail/advanced/openrelay_faq.html
Verder alles goed ?
As I belief it must have something to do with the relaying. I think your mailserver is a litle bit to open... ;-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2005 05:16 AM
04-07-2005 05:16 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
and these are the result from the jury:
Mail relay testing
Connecting to mynode.mydomain for anonymous test ...
<<< 220 mynode.mydomain V5.4-15E, OpenVMS V7.3-2 Alpha ready at Thu, 7 Apr 2005 19:07:44 +0200 (MET DST)Â
>>>Â HELOÂ www.abuse.net
<<< 250 mynode.mydomain Hello abuse.net, pleased to meet you
Relay test 1
>>>Â RSET
<<<Â 250Â OK
>>>Â MAILÂ FROM:
<<<Â 250Â
>>>Â RCPTÂ TO:
<<< 551 Trying to launch your SPAM from my site will get you nowhere.
Relay test 2
>>>Â RSET
<<<Â 250Â OK
>>>Â MAILÂ FROM:
<<<Â 550Â MAILÂ FROMÂ who?Â
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2005 07:12 PM
04-07-2005 07:12 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
Relay-Zones:
(add to this list what domains you accept)
it will block any attempt to use your mailserver to send mail elsewhere, and allow only mail intenmded for the domains you accept. (Your own, obviously)
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2005 01:34 AM
04-08-2005 01:34 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
My VMS box is behind a firewall - that is just routing any traffic on a few ports directly to my VMS box without restrictions to outside addresses - SMTP is one of these. So effectively - it is directly connected to the Internet. I guess Martin's machine is as well.
The link you issued will lead to information on Windows and Unix mail programs only. No info (as usual ;-() on VMS mail (I doubt the XS4ALL helpdesk knows about VMS at all)
So for your reference, I have added the configuration as on my VMS box as an example. Of course, the personal data has been removed.
This setup has been effective since Dec 2003, without other alterations than allowing a few specific users on an otherwise blocked domain.
Use it to your advantage.
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2005 08:52 AM
04-08-2005 08:52 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
My mail server is not an open relay.
It doesn't relay any mail.
And I don't want it to relay mail to any domain.
I just don't want to receive this kind of spam.
If only there was a rule to reject by original sender ip-address. SMTP MAIL does the DNS lookup.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2005 06:22 PM
04-10-2005 06:22 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2005 09:27 PM
04-11-2005 09:27 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
for MX-based relay:
!!!Relay-Based-On-Mx: TRUE
Make that active.
Combined with
Reject-Unbacktranslatable-IP: TRUE
it may block valid domains. Best you define _some_ server (mail.domain.tlb) in your hostfile, the addresses can be obtained drom the log mesages (and DIG), may take some work but will keep the rubbish out.
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2005 06:00 AM
04-12-2005 06:00 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
In the TCP/IP management guide you can read the following:
Relay-Based-On-Mx TRUE or FALSE.
If TRUE, the SMTP server accepts relays from unknown clients to recipients where the recipient's domain has an MX record naming the local host as a gateway.
The spam I,m referring to is targeted at users in my mail domain.
So this rule will not help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2005 10:26 PM
04-12-2005 10:26 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
so you'll have to block the outside world.
What you could do is to create your own RBL and specify that one, containg the addresses you know to be infected PC.s Daunting task - if the address is often changing!
How did you start SMTP by the way? /NORELAY, I think (not relaying as you said) but IIRC the default was /RELAY in an earlier version. And if your clients connect to your server for outgoing mail, it must be set up /RELAY (or am I mistaken?)
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2005 10:32 PM
04-12-2005 10:32 PM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
alemail.com
*.outblaze.com
205.158.62.177
205.158.*.* (This may impose false positives - but chances are pretty low, I think)
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2005 06:37 AM
04-13-2005 06:37 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
>
>
> so you'll have to block the outside world.
Yes!
> What you could do is to create your own RBL and specify > that one, containg the addresses you know to be
> infected PC.s Daunting task - if the address is often
> changing!
You can achieve the same thing by making them Bad-Clients
> How did you start SMTP by the way? /NORELAY, I think > (not relaying as you said) but IIRC the default was
>/ RELAY in an earlier version. And if your clients connect
> to your server for outgoing mail, it must be set up
> /RELAY (or am I mistaken?)
And I would like to add that the RELAY option is, in most cases, not the one you need to stop your server from relaying mail.
To answer the rest your question:
TCPIP SMTP configuration data:
Server-Nodes : NYNODE
Queue-Name : TCPIP$SMTP_MYNODE_00
Alternate-Gateway :
General-Gateway :
Substitute-Domain :
Zone :
Postmaster-Alias : Postmaster
Postmaster-Forwards-To : SYSTEM
Foreign-Transport-Synonyms :
Initial-Interval : 0 00:30:00.00
Retry-Interval : 0 01:00:00.00
Retry-Maximum : 3 00:00:00.00
Receive-Timeout : 5
Retry-Address : 16
Hop-Count : 16
Symbiont-Snapshot-Blocks : 0
Receiver-Snapshot-Blocks : 0
Utilities-Snapshot-Blocks : 0
Send-Timeout-Init : 5
Send-Timeout-Mail : 5
Send-Timeout-Rcpt : 5
Send-Timeout-Data : 3
Retry-Address : 16
Hop-Count : 16
Symbiont-Snapshot-Blocks : 0
Receiver-Snapshot-Blocks : 0
Utilities-Snapshot-Blocks : 0
Send-Timeout-Init : 5
Send-Timeout-Mail : 5
Send-Timeout-Rcpt : 5
Send-Timeout-Data : 3
Send-Timeout-Term : 10
Log-Level : 2
Receiver-Debug : 0
Receiver-Trace : 0
Symbiont-Debug : 0
Symbiont-Trace : 0
Utilities-Debug : 0
Utilities-Trace : 0
EF-Debug-Level : 0
Channel-Debug-Level : 0
Header-Placement : TOP
Eightbit : FALSE
Relay : TRUE
Altgate-Always : FALSE
Mx-If-Noaltgate : FALSE
No-Mx : FALSE
No-Subs-Domain-Inbound : FALSE
Smtp-Jacket-Local : TRUE
Cent-Sign-Hack : TRUE
Nosey : TRUE
Log-Line-Numbers : FALSE
Memory-Debug : FALSE
Mail$Protocol-Debug : FALSE
CF-Debug : FALSE
Parse-Debug : FALSE
Deliver-VMS-Def-To : FALSE
Deliver-NoXVMS : FALSE
MTS-From-Hack : FALSE
Rewrite-MTS-From : FALSE
Local-Alias-Only : FALSE
Relay-Based-On-Mx : FALSE
Reject-Unbacktranslatable-IP : TRUE
Accept-Unqualified-Senders : FALSE
Accept-Unresolvable-Domains : FALSE
SFF-Requires-Priv : FALSE
8BitMIME-Hack : FALSE
Suppress-Version-Info : FALSE
Symbiont-Checks-Deliverability: TRUE
Other TCPIP SMTP environment data:
SMTP Software Username : TCPIP$SMTP
SMTP Software Default Director: SYS$SPECIFIC:[TCPIP$SMTP]
Symbiont Log File : SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG
And yes, this configuration does not relay mail as you can see in the relay test I ran a few days ago.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2005 06:50 AM
04-13-2005 06:50 AM
Re: TCPIP$SMTP antispam; How to stop spam relayed through virus infected PC's
> try to block :
> alemail.com
Well, this part changes with every mail I receive. No point in blocking it.
> *.outblaze.com
Well, I tried mr.outblaze.com and it didn't help. I didn't expect it to help, but what the heck.
> 205.158.62.177
> 205.158.*.* (This may impose false positives - but
> chances are pretty low, I think)
This unfortunately doesn't work in the Reject-Mail-From setting.
By the way. To make any of the settings in SMTP.CONFIG work, you have to set the SMTP RELAY option.
TCPIP> SMTP SET CONFIGURATION/OPTION=RELAY