Archive-Date: Wed, 4 Sep 2002 06:23:07 -0700 Date: Wed, 4 Sep 2002 15:22:59 +0200 From: "Rok Vidmar, NUK Ljubljana" Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.Com Message-ID: <00A137AF.6A4DDCF4.10@NUK.Uni-Lj.Si> Subject: MX_MAILSHR_IGNORE_8BIT MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Does $ DEFINE MX_MAILSHR_IGNORE_8BIT TRUE prevent Router to touch the message body? What gets possibly broken if this logical is defined /sys/exec ? Regards, Rok Vidmar Internet: rok.vidmar@nuk.uni-lj.si National and University Library Phone: +386 1 421 5461 Turjaska 1, SI-1000 Ljubljana Fax: +386 1 421 5464 Slovenia ================================================================================ Archive-Date: Thu, 5 Sep 2002 08:28:46 -0700 Date: Thu, 5 Sep 2002 08:28:42 -0700 From: Matt Madison Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <00A1383E.B4EFBE35.16@MadGoat.Com> Subject: RE: MX_MAILSHR_IGNORE_8BIT MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > Does >$ DEFINE MX_MAILSHR_IGNORE_8BIT TRUE >prevent Router to touch the message body? Only for messages sent using VMS MAIL. It prevents MIME headers from being generated for those messages. > What gets possibly broken if this logical is defined /sys/exec ? Any messages sent by VMS MAIL that contain 8-bit characters will go out as-is, with no MIME encoding. This violates Internet mail standards, and when those messages are read by their recipients, some may come through garbled -- either due to character set mismatch between sender and recipient, or due to stripping of the 8th bit on the 8-bit characters, depending on what happens between your system and the receiving system. -Matt -- Matthew Madison | MadGoat Software | PO Box 556, Santa Cruz, CA 95061 USA madison@madgoat.com http://www.madgoat.com ================================================================================ Archive-Date: Mon, 9 Sep 2002 20:44:01 -0700 From: "rlfitch" Reply-To: MX-List@MadGoat.com To: Subject: Re-direct incoming message Date: Mon, 9 Sep 2002 21:43:38 -0600 Message-ID: <007f01c2587c$42e1abb0$0c00a8c0@pj> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello all- Is it possible/practical to redirect an incoming message to a specific VMS *.mai file? I would like to setup a system alias ("MCP define alias...") to recieve messages without setting up a VMS account and collect these messsages separate from any VMS account. Any suggestions? Thanks very much, Ransom Fitch rlfitch@earthlink.net rlfitch@peakpeak.com for CISCO FUTURES ================================================================================ Archive-Date: Tue, 10 Sep 2002 05:43:01 -0700 Date: Tue, 10 Sep 2002 05:42:57 -0700 From: Matt Madison Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <00A13C15.613F3BBB.16@MadGoat.Com> Subject: RE: Re-direct incoming message MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" >Is it possible/practical to redirect an incoming message to a specific >VMS *.mai file? > >I would like to setup a system alias ("MCP define alias...") to recieve >messages without setting up a VMS account and collect these messsages >separate from any VMS account. > >Any suggestions? You could use the MX SITE interface to have the mail delivered separately, but you'd have to write a program yourself to have the mail delivered into a VMS MAIL file. The normal local delivery agent pretty much needs to have a valid username in the UAF and VMS MAIL database in order to deliver a message. -Matt -- Matthew Madison | MadGoat Software | PO Box 556, Santa Cruz, CA 95061 USA madison@madgoat.com http://www.madgoat.com ================================================================================ Archive-Date: Tue, 10 Sep 2002 07:15:18 -0700 Message-ID: <0c5901c258d4$1d71e630$76041c7e@si.com> From: "Brian Tillman" Reply-To: MX-List@MadGoat.com To: References: <007f01c2587c$42e1abb0$0c00a8c0@pj> Subject: Re: Re-direct incoming message Date: Tue, 10 Sep 2002 10:12:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit >Is it possible/practical to redirect an incoming message to a specific >VMS *.mai file? > >I would like to setup a system alias ("MCP define alias...") to recieve >messages without setting up a VMS account and collect these messsages >separate from any VMS account. In order for VMS Mail to know where to locate the .MAI file for the first time, you need to have an entry in SYSUAF. VMS Mail constructs the location of the mail file from the login directory field of the UAF and the mail subdirectory field of VMSMAIL_PROFILE for that user. If there is no entry in VMSMAIL_PROFILE, no subdirectory is assumed. The VMSMAIL_PROFILE stores only the subdirectory portion of the mail file path, so the parent directory of that path must come from the UAF. By the way, I've tested these statements by creating and deleting UAF and VMSMAIL_PROFILE entries and that's why I believe they're true. At first I thought you could create a UAF entry, then a VMSMAIL_PROFILE entry (with MAIL's SET FORWARD command, and then delete the UAF entry to have a mail profile not tied to a UAF entry. When I deleted the UAF entry, the device and directory data in VMSMAIL_PROFILE that specified the full mail path (the MAIL$_USER_FULL_DIRECTORY item) disappeared. The subdirectory information (MAIL$_USER_SUB_DIRECTORY) remained. Brian Tillman Internet: tillman_brian at si.com Smiths Aerospace tillman at swdev.si.com 3290 Patterson Ave. SE, MS Addresses modified to prevent Grand Rapids, MI 49512-1991 SPAM. Replace "at" with "@" This opinion doesn't represent that of my company ********************************************************************** This e-mail and any files transmitted with it are confidential and may be legally privileged or otherwise exempt from disclosure under applicable law. This e-mail and its files are intended solely for the individual or entity to whom they are addressed and their content is the property of Smiths Aerospace. If you are not the intended recipient, please do not read, copy, use or disclose this communication. If you have received this e-mail in error please notify the e-mail administrator at postmaster@si.com and then delete this e-mail, its files and any copies. This footnote also confirms that this e-mail message has been scanned for the presence of known computer viruses. *********************************************************************** ================================================================================ Archive-Date: Tue, 10 Sep 2002 22:03:13 -0700 Date: Wed, 11 Sep 2002 00:03:01 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-LIST@MADGOAT.COM CC: dyson@iowasp.physics.uiowa.edu Message-ID: <00A13CAF.0E8621E9.8@iowasp.physics.uiowa.edu> Subject: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Greetings! I am trying to plug some relay holes on my MX v5.3 system that I have setup here at home so I can work via cable modem. I can't figure out what is different here from all the others I have that seem to pass the "abuse.net" relay test. I have included their e-mail that made it to the relay system that I did not want to happen. :) It was apparently relayed by my OpenVMS MX server. This home system is using dynamic DNS where the systems at work are all static. I am running MX v5.3 on OpenVMS v7.3 and TCPIP v5.1 ECO 4. I have also included the MCP config settings I have currently at the bottom. If anyone can see something I have missed, please point it out! Regards, Rick -------------------------------------------------------------------------------- From: MX%"relaytest@abuse.net" 10-SEP-2002 23:34:22.81 To: MX%"dyson@iowasp.physics.uiowa.edu" CC: Subj: Test for susceptibility of dyndns.org to third-party mail relay This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = mati.rick-tami.dyndns.org [1.2.3.4] Test performed by from 1.2.3.4 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit . -------------------------------------------------------------------------------- Return-Path: <> Received: from a.b.dyndns.org (1.2.3.4) by blanc.physics.uiowa.edu (MX V5.3 An6q) with ESMTP for ; Tue, 10 Sep 2002 23:34:22 -0500 Received: from www.abuse.net (208.31.42.77) by a.b.dyndns.org (MX V5.3 An6q) with SMTP for ; Tue, 10 Sep 2002 23:34:20 -0500 To: dyson@iowasp.physics.uiowa.edu From: relaytest@abuse.net Subject: Test for susceptibility of dyndns.org to third-party mail relay Date: Wed, 11 Sep 2002 04:34:19 GMT Message-ID: Sender: dyson@iowasp.physics.uiowa.edu X-Sender-IP: 12.217.248.82 X-Envelope: <> -> ******************************************************************************** ! Configuration file: MX_DEVICE:[MX]MX_CONFIG.MXCFG ! MX version id: MX V5.3 ... some deleted for privacy ... DEFINE PATH "192.168.0.12" Local DEFINE PATH "mati" Local DEFINE PATH "*" SMTP SET SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - /MAXIMUM_RETRIES=96 /DNS_RETRIES=12- /VERIFY_ALLOWED- /NORELAY_ALLOWED- /VALIDATE_SENDER_DOMAIN- /NOPERCENT_HACK SET SMTP/RBL_CHECK=(- "RELAYS.ORDB.ORG") SET SMTP/NODEFAULT_ROUTER- /NOAUTHENTICATION SET LOCAL/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - /MAXIMUM_RETRIES=96/LONG_LINES/NOOMIT_RESENT_HEADERS/MULTIPLE_FROM/NOCC_POSTMASTER/QP_DECODE/NODISABLE_EXQUOTA- /HEADERS=(TOP=(- NOALL), BOTTOM=(- FROM,SENDER,TO,RESENT_TO,CC,RESENT_CC,BCC,RESENT_BCC,MESSAGE_ID,- RESENT_MESSAGE_ID,IN_REPLY_TO,REFERENCES,KEYWORDS,SUBJECT,- ENCRYPTED,DATE,REPLY_TO,RECEIVED,RESENT_REPLY_TO,RESENT_FROM,- RESENT_SENDER,RESENT_DATE,RETURN_PATH,OTHER)) SET ROUTER/NOACCOUNTING/NOPERCENT_HACK/NOOMIT_VMSMAIL_SENDER SET DECNET_SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - /MAXIMUM_RETRIES=96 SET SITE/RETRY_INTERVAL=" 0 00:30:00.00" - /MAXIMUM_RETRIES=96 SET X25_SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - /MAXIMUM_RETRIES=96 SET MLF/NORECIPIENT_MAXIMUM- /NODELAY_DAYS DEFINE LOCAL_DOMAIN "A.DYNDNS.ORG" ================================================================================ Archive-Date: Wed, 11 Sep 2002 00:55:01 -0700 Subject: Re: Plugging RELAY Holes From: peter@langstoeger.at (Peter LANGSTOEGER) Message-ID: Date: Wed, 11 Sep 2002 06:59:43 GMT Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com In article <00A13CAF.0E8621E9.8@iowasp.physics.uiowa.edu>, Rick Dyson writes: >... >DEFINE PATH "192.168.0.12" Local The correct form is DEFINE PATH "[192.168.0.12]" Local And I don't think, that this is the outside address. So, add the real/outside address, too. >DEFINE PATH "mati" Local Add the FQDN too. >DEFINE PATH "*" SMTP >SET SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - I'd enable accounting > /MAXIMUM_RETRIES=96 /DNS_RETRIES=12- > /VERIFY_ALLOWED- I'd disable verify > /NORELAY_ALLOWED- > /VALIDATE_SENDER_DOMAIN- > /NOPERCENT_HACK >SET SMTP/RBL_CHECK=(- > "RELAYS.ORDB.ORG") I'd add one another RBL to this (IMHO the best) one. >SET SMTP/NODEFAULT_ROUTER- > /NOAUTHENTICATION >SET LOCAL/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - I'd enable accounting (as I wrote above) > /MAXIMUM_RETRIES=96/LONG_LINES/NOOMIT_RESENT_HEADERS/MULTIPLE_FROM/NOCC_POSTMASTER/QP_DECODE/NODISABLE_EXQUOTA- I had to enable /OMIT_RESENT_HEADERS because of M$ crap (exchange) behaviour. > /HEADERS=(TOP=(- > NOALL), BOTTOM=(- > FROM,SENDER,TO,RESENT_TO,CC,RESENT_CC,BCC,RESENT_BCC,MESSAGE_ID,- > RESENT_MESSAGE_ID,IN_REPLY_TO,REFERENCES,KEYWORDS,SUBJECT,- > ENCRYPTED,DATE,REPLY_TO,RECEIVED,RESENT_REPLY_TO,RESENT_FROM,- > RESENT_SENDER,RESENT_DATE,RETURN_PATH,OTHER)) >SET ROUTER/NOACCOUNTING/NOPERCENT_HACK/NOOMIT_VMSMAIL_SENDER I'd enable accounting (as I wrote above) >SET DECNET_SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - > /MAXIMUM_RETRIES=96 >SET SITE/RETRY_INTERVAL=" 0 00:30:00.00" - > /MAXIMUM_RETRIES=96 >SET X25_SMTP/NOACCOUNTING/RETRY_INTERVAL=" 0 00:30:00.00" - I'd enable accounting (as I wrote above) > /MAXIMUM_RETRIES=96 >SET MLF/NORECIPIENT_MAXIMUM- > /NODELAY_DAYS >DEFINE LOCAL_DOMAIN "A.DYNDNS.ORG" That's for the start... -- Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm looking for (a) Network _and_ VMS Job(s) ================================================================================ Archive-Date: Wed, 11 Sep 2002 01:47:58 -0700 From: "Martin Vorlaender" Reply-To: MX-List@MadGoat.com To: Subject: RE: Re-direct incoming message Date: Tue, 10 Sep 2002 07:57:10 +0200 Message-ID: <83b9e4b1f61d7586ff5a06e006bb00813d7f027a@pdv-systeme.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit In-Reply-To: <007f01c2587c$42e1abb0$0c00a8c0@pj> Ransom Fitch wrote: > Is it possible/practical to redirect an incoming message to a specific > VMS *.mai file? I don't think so, as VMS Mail looks for the mail file in SYS$LOGIN: which it gets from SYSUAF. > I would like to setup a system alias ("MCP define alias...") to recieve > messages without setting up a VMS account and collect these messsages > separate from any VMS account. That would probably best be done with rewrite rules. See the MX Management Guide (http://www.madgoat.com/mx/mx_mgmt_guide.html#heading_3.1). If you don't have the most recent version 5.3, disregard the section about regular expressions (I think). Combined with MX' Folder delivery, you can direct those messages to a specific mail folder. See the MX User's Guide (http://axpsrv.pdv.intern/intranet/softinfo/dokus/mx051/mx_user_guide.ht ml#heading_1.6) cu, Martin -- | Martin Vorlaender VMS & WNT programmer OpenVMS is today | work: mv@pdv-systeme.de what Microsoft wants | http://www.pdv-systeme.de/users/martinv/ Windows NT 8.0 to be! | home: martin@radiogaga.harz.de ================================================================================ Archive-Date: Wed, 11 Sep 2002 01:48:03 -0700 From: "Martin Vorlaender" Reply-To: MX-List@MadGoat.com To: CC: "'Rick Dyson'" Subject: RE: Plugging RELAY Holes Date: Wed, 11 Sep 2002 08:07:27 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit In-Reply-To: <00A13CAF.0E8621E9.8@iowasp.physics.uiowa.edu> Rick Dyson wrote: > I am trying to plug some relay holes on my MX v5.3 system that I > have setup here at home so I can work via cable modem. I can't > figure out what is different here from all the others I have that > seem to pass the "abuse.net" relay test. I have included their e- > mail that made it to the relay system that I did not want to happen. > :) It was apparently relayed by my OpenVMS MX server. > > This home system is using dynamic DNS where the systems at work are > all static. I am running MX v5.3 on OpenVMS v7.3 and TCPIP v5.1 ECO > 4. > > I have also included the MCP config settings I have currently at the > bottom. If anyone can see something I have missed, please point it > out! You have to DEFINE the INSIDE_NETWORK_ADDRESSes to tell MX which sending systems are on the inside (i.e. for which systems relaying is okay). cu, Martin -- | Martin Vorlaender VMS/WNT programmer Unix is user friendly. | work: mv@pdv-systeme.de It's just selective about | http://www.pdv-systeme.de/users/martinv/ who his friends are. | home: martin@radiogaga.harz.de ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:15:48 -0700 Date: Wed, 11 Sep 2002 08:15:43 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: dyson@iowasp.physics.uiowa.edu Message-ID: <00A13CF3.E35B6AE8.9@iowasp.physics.uiowa.edu> Subject: Re: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > From: MX%"MX-List@MadGoat.com" 11-SEP-2002 02:56:00.05 > Subj: Re: Plugging RELAY Holes Thanks Peter! > In article <00A13CAF.0E8621E9.8@iowasp.physics.uiowa.edu>, Rick Dyson writes: > >... > >DEFINE PATH "192.168.0.12" Local > > The correct form is > > DEFINE PATH "[192.168.0.12]" Local Thanks, I missed that, though this file is the output from "MCP Show /Command /Ouput=config.mcp". None of my other systems display it that way and they seem to be working correctly. I did not include all of the full addresses, etc. of this system since it is still an open relay and is connected to a cable modem and this mailing list is gatewayed to USENET... > >DEFINE PATH "mati" Local This is per some old recommendations from long ago that had all the possible variations suggested, like "node.domain", dotted-quad IP, and just "node". I edited out the FQDN, per above reasons. :) > > "RELAYS.ORDB.ORG") > > I'd add one another RBL to this (IMHO the best) one. Which one? That is the one I am aware of for free. Rick -- Richard L. Dyson rick-dyson@uiowa.edu _ _ _____ http://www-pi.physics.uiowa.edu/~dyson/ | | | ||_ _| Senior Systems Analyst -- INFORMM-Cerner Systems Group | | | | | | The University of Iowa Hospitals and Clinics | \_/ | _| |_ Information Systems Dept. BT1000 GH Office: 319/384-7016 \___/ |_____| Iowa City, IA 52242-1052 FAX: 319/384-7020 (Consulting to the Physics and Astronomy Department) ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:18:57 -0700 Date: Wed, 11 Sep 2002 08:18:52 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: dyson@iowasp.physics.uiowa.edu Message-ID: <00A13CF4.53E4F06D.15@iowasp.physics.uiowa.edu> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > From: MX%"MX-List@MadGoat.com" 11-SEP-2002 03:51:06.48 > Subj: RE: Plugging RELAY Holes > You have to DEFINE the INSIDE_NETWORK_ADDRESSes to tell MX which sending > systems are on the inside (i.e. for which systems relaying is okay). At this point, I am not using the MX/OpenVMS system for anything except local SMTP mail service. I have no plans to use it for a relay from my local network, so I really don't want ANY relays to work for now. rick -- Richard L. Dyson rick-dyson@uiowa.edu _ _ _____ http://www-pi.physics.uiowa.edu/~dyson/ | | | ||_ _| Senior Systems Analyst -- INFORMM-Cerner Systems Group | | | | | | The University of Iowa Hospitals and Clinics | \_/ | _| |_ Information Systems Dept. BT1000 GH Office: 319/384-7016 \___/ |_____| Iowa City, IA 52242-1052 FAX: 319/384-7020 (Consulting to the Physics and Astronomy Department) ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:23:18 -0700 Date: Wed, 11 Sep 2002 06:23:14 -0700 From: Matt Madison Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <00A13CE4.2C84B78E.10@MadGoat.Com> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" >> You have to DEFINE the INSIDE_NETWORK_ADDRESSes to tell MX which sending >> systems are on the inside (i.e. for which systems relaying is okay). > > At this point, I am not using the MX/OpenVMS system for anything >except local SMTP mail service. I have no plans to use it for a relay >from my local network, so I really don't want ANY relays to work for now. You at least need to define the "inside" addresses for your local network, then -- even if you just define 127.0.0.1 (the loopback address). Without at least one inside address definition, address checking won't happen and the SMTP server will not pass relay tests. -Matt -- Matthew Madison | MadGoat Software | PO Box 556, Santa Cruz, CA 95061 USA madison@madgoat.com http://www.madgoat.com ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:26:36 -0700 From: "Martin Vorlaender" Reply-To: MX-List@MadGoat.com To: CC: "'Rick Dyson '" Subject: RE: Plugging RELAY Holes Date: Wed, 11 Sep 2002 15:25:49 +0200 Message-ID: <4e81b416203be250ff0e919e2219a23b3d7f43c8@pdv-systeme.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit In-Reply-To: <00A13CF4.53E4F06D.15@iowasp.physics.uiowa.edu> > > You have to DEFINE the INSIDE_NETWORK_ADDRESSes to tell MX > > which sending systems are on the inside (i.e. for which systems > > relaying is okay). > > At this point, I am not using the MX/OpenVMS system for anything > except local SMTP mail service. I have no plans to use it for a relay > from my local network, so I really don't want ANY relays to > work for now. IMHO, for relay blocking to work, MX needs to know whether the sender's IP and the recipient's domain are on the inside networks and in the list of local domains, respectively. cu, Martin -- OpenVMS: | Martin Vorlaender VMS & WNT programmer When you KNOW | work: mv@pdv-systeme.de where you want | http://www.pdv-systeme.de/users/martinv/ to go today. | home: martin@radiogaga.harz.de ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:30:30 -0700 Date: Wed, 11 Sep 2002 08:30:25 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: dyson@iowasp.physics.uiowa.edu Message-ID: <00A13CF5.F0ED409E.21@iowasp.physics.uiowa.edu> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > From: MX%"MX-List@MadGoat.com" 11-SEP-2002 08:25:37.55 > Subj: RE: Plugging RELAY Holes > >> You have to DEFINE the INSIDE_NETWORK_ADDRESSes to tell MX which sending > >> systems are on the inside (i.e. for which systems relaying is okay). > > > > At this point, I am not using the MX/OpenVMS system for anything > >except local SMTP mail service. I have no plans to use it for a relay > >from my local network, so I really don't want ANY relays to work for now. > > You at least need to define the "inside" addresses for your local network, > then -- even if you just define 127.0.0.1 (the loopback address). Without > at least one inside address definition, address checking won't happen and > the SMTP server will not pass relay tests. Ahh.. So I need at least: $ MCP Define Inside_Network_Address 127.0.0.1 /Relay On some of my other systems that DO have real relays defined, I see I do not have one for the loopback address. Should I also add it to them for correctness? I suspect it is working OK for them because there is at least one address assigned already? rick -- Richard L. Dyson rick-dyson@uiowa.edu _ _ _____ http://www-pi.physics.uiowa.edu/~dyson/ | | | ||_ _| Senior Systems Analyst -- INFORMM-Cerner Systems Group | | | | | | The University of Iowa Hospitals and Clinics | \_/ | _| |_ Information Systems Dept. BT1000 GH Office: 319/384-7016 \___/ |_____| Iowa City, IA 52242-1052 FAX: 319/384-7020 (Consulting to the Physics and Astronomy Department) ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:40:42 -0700 Date: Wed, 11 Sep 2002 06:40:38 -0700 From: Matt Madison Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <00A13CE6.9A9A8931.18@MadGoat.Com> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > Ahh.. So I need at least: > > $ MCP Define Inside_Network_Address 127.0.0.1 /Relay You don't need the /RELAY, but yes. > On some of my other systems that DO have real relays defined, I see I >do not have one for the loopback address. Should I also add it to them >for correctness? I suspect it is working OK for them because there is at >least one address assigned already? You don't need to add 127.0.0.1 on the other systems; it's just a convenient way of getting an entry into the inside-network list when you don't have any "real" local networks defined. -Matt -- Matthew Madison | MadGoat Software | PO Box 556, Santa Cruz, CA 95061 USA madison@madgoat.com http://www.madgoat.com ================================================================================ Archive-Date: Wed, 11 Sep 2002 06:49:10 -0700 Date: Wed, 11 Sep 2002 08:49:05 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: dyson@iowasp.physics.uiowa.edu Message-ID: <00A13CF8.8C7C0C5A.12@iowasp.physics.uiowa.edu> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > From: MX%"MX-List@MadGoat.com" 11-SEP-2002 08:41:22.44 > Subj: RE: Plugging RELAY Holes > You don't need to add 127.0.0.1 on the other systems; it's just a convenient > way of getting an entry into the inside-network list when you don't have > any "real" local networks defined. Great. Thanks. I'll add it so I can then back out of nodes with relay definitions slowly and not have it break when the last real IP address is removed. :) I've been wanting to try to use the SMTP authentication methods which mean I don't have to have any "relay" entries for the users, right? rick -- Richard L. Dyson rick-dyson@uiowa.edu _ _ _____ http://www-pi.physics.uiowa.edu/~dyson/ | | | ||_ _| Senior Systems Analyst -- INFORMM-Cerner Systems Group | | | | | | The University of Iowa Hospitals and Clinics | \_/ | _| |_ Information Systems Dept. BT1000 GH Office: 319/384-7016 \___/ |_____| Iowa City, IA 52242-1052 FAX: 319/384-7020 (Consulting to the Physics and Astronomy Department) ================================================================================ Archive-Date: Wed, 11 Sep 2002 07:45:05 -0700 Date: Wed, 11 Sep 2002 07:45:01 -0700 From: Matt Madison Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <00A13CEF.9931FC4C.29@MadGoat.Com> Subject: RE: Plugging RELAY Holes MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" >> You don't need to add 127.0.0.1 on the other systems; it's just a convenient >> way of getting an entry into the inside-network list when you don't have >> any "real" local networks defined. > >Great. Thanks. I'll add it so I can then back out of nodes with relay >definitions slowly and not have it break when the last real IP address is >removed. :) > >I've been wanting to try to use the SMTP authentication methods which >mean I don't have to have any "relay" entries for the users, right? Right. On successful authentication, the anti-relay checks are disabled. -Matt -- Matthew Madison | MadGoat Software | PO Box 556, Santa Cruz, CA 95061 USA madison@madgoat.com http://www.madgoat.com