BlackHawk2
Technical User
Hope this helps some of you...
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to Allow only Specific Domains and/or IP Addresses to use Relay 1
- Thread starter BlackHawk2
- Start date
- Status
Hope this helps some of you...
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
- Thread starter
- #2
BlackHawk2
Technical User
Domino 5.0.5 SMTP Relay Restriction Fails to Prevent Relays
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
- Thread starter
- #3
BlackHawk2
Technical User
How to Prevent Domino 5.x from Being Used as a Relay Host
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
- Thread starter
- #4
BlackHawk2
Technical User
Well I hope this helps some one. I followed the instructions on
and my server is still relaying for outside SMTP servers..... now I am being hounded by upper level managment to switch to MS Exchange Server....
Can anybody help me to allow only certain IP addresses and users to relay through our server while securing it against idiot spamers.
Much appreciate it...
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
and my server is still relaying for outside SMTP servers..... now I am being hounded by upper level managment to switch to MS Exchange Server....
Can anybody help me to allow only certain IP addresses and users to relay through our server while securing it against idiot spamers.
Much appreciate it...
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
- Thread starter
- #5
BlackHawk2
Technical User
Domino R5 Router Restrictions and Controls Explained
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
"Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
- Thread starter
- #6
BlackHawk2
Technical User
How can I block this:
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mydomain.com>
<<< 250 spamtest@mydomain.com... Sender OK
>>> RCPT TO:<abuse.net!relaytest>
<<< 250 abuse.net!relaytest... Recipient OK
I have substituted my real domain for mydomain.
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mydomain.com>
<<< 250 spamtest@mydomain.com... Sender OK
>>> RCPT TO:<abuse.net!relaytest>
<<< 250 abuse.net!relaytest... Recipient OK
I have substituted my real domain for mydomain.
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
-
1
- #7
The best thing we did to prevent what you mentioned before is for the SMTP server to require Authication, so all external address trying to route through the server have to provide authentication while the users in the PAB dont have to worry about a thing. There is also an extra line you can add to your INI file which will allow you to specify IP Addresses or DNS Names that can route through your server anonnymously. Is this what your looking for? I will post the technote when I find it.
- Thread starter
- #8
BlackHawk2
Technical User
We are using Domino/Notes R5. I set the Ip addresses that were permitted, but anybody still seems to be able to route through us.
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
BH2 "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
You should make you SMTP ask for authentication, by default it allows all anonymous access, and rather than trying to play with the restrictions and relay controls, if you just enable SMTP Authentication, then noby can route through your server without either having an account in the Address book, or appear in the List you generate to allow anonymous access.
- Thread starter
- #10
BlackHawk2
Technical User
Why is it that companies always make the defaults of products wide open and then leave it up to everyone else to close them..... sheeessss. "Act before there is a problem. Bring order before there is disorder."
~The Tao Te Ching
#notes on IRC
~The Tao Te Ching
#notes on IRC
>>> RCPT TO:<abuse.net!relaytest>
<<< 250 abuse.net!relaytest... Recipient OK
-> is the mail being routed to the recipient ?
(sometimes, Domino accepts the message, but blocks it afterwards...)
The only way to really block smtp relays is :
Edit the configuration document for your SMTP server,
Go to Router/SMTP
Restrictions and Controls
SMTP Inbound Controls
Under ‘Inbound Relay Controls’, put a * (asterisk) in the following fields :
Deny messages from external internet domains to be sent to the following internet domains :
Deny messages from external internet domains to be sent to external internet domains :
Then edit notes.ini
and type this in it
SMTP_OCH_REJECT_SMTP_ORIGINATED_MESSAGES=1
SMTPMTA_ALLOW_KNOWN_DOMAINS=1
SMTPMTA_RELAY_FORWARDS=1
restart the server and it will not be in open relay
Note : using smtp authentication is not bulletproof as well... if someone bruteforces the authentication, then you're open to the world again...
good luck
--------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
<<< 250 abuse.net!relaytest... Recipient OK
-> is the mail being routed to the recipient ?
(sometimes, Domino accepts the message, but blocks it afterwards...)
The only way to really block smtp relays is :
Edit the configuration document for your SMTP server,
Go to Router/SMTP
Restrictions and Controls
SMTP Inbound Controls
Under ‘Inbound Relay Controls’, put a * (asterisk) in the following fields :
Deny messages from external internet domains to be sent to the following internet domains :
Deny messages from external internet domains to be sent to external internet domains :
Then edit notes.ini
and type this in it
SMTP_OCH_REJECT_SMTP_ORIGINATED_MESSAGES=1
SMTPMTA_ALLOW_KNOWN_DOMAINS=1
SMTPMTA_RELAY_FORWARDS=1
restart the server and it will not be in open relay
Note : using smtp authentication is not bulletproof as well... if someone bruteforces the authentication, then you're open to the world again...
good luck
--------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
- Status
Similar threads
