1 Dec
2017
1 Dec
'17
5:44 a.m.
Off the cuff, I'd probably stand something else up and have it relay mail
to the VAX (I suspect you've already got machines available for this
purpose, ping me off-list if not). Have the VAX only accept connections
from whatever's doing the relaying. If you
can't get VMS or the smtpd to
restrict incoming connections, add a transparent
hardware firewall in
between. This is what I typically do when something old and probably
insecure has to be connected to the Internet -- proxy, relay, or otherwise
hide the actual server behind something modern.
Thanks,
Jonathan
On Thu, Nov 30, 2017 at 6:28 PM, Peter Coghlan via cctalk <
cctalk at classiccmp.org> wrote:
I have a microvax set up with VMS 5, running MULTINET (and decnet
locally). The server has a FQDN and after a while being exposed to the
WWW someone out there started using the server as an SMTP relay. I can
disable and clear the queue, but I'd like to block entirely this from
happening in the first place. I'd like to learn more about how this
happens in VMS.
Anyone have had this same problem before? I realize back when VMS 5 was
current it was not so much of an issue, but today it is. I am working
on a
solution. I can envision a few ways including
blocking the smtp relay
port
from the firewall, but if possible I'd like
to set up a VMS Multinet
solution as a learning exercise.
I had this problem about 25 years ago. I suspect lots of people did.
In the VMS world, networking stacks are separately packaged from the base
operating system and it is possible to install one or more of DECnet,
TCP/IP,
X25 and various other networking products and have them all running
simultaneously.
VMS doesn't know or care about SMTP, the issue here is with Multinet which
seems to be what was installed to provide TCP/IP networking on your
machine.
Multinet includes a basic SMTP server which can be used to move mail
between
VMS MAIL and the internet. Very old versions of Multinet came with SMTP
relaying enabled because this is what the standards required at the time.
Later versions came with easy ways to disable SMTP relaying. Later still
versions shipped with SMTP relaying disabled out of the box when spammers
targetting open relays became a serious problem. More recently still,
Multinet comes with pretty much all of the TCP/IP servers it provides
disabled
and requires the installer to enable the services they want, leaving less
opportunity for surprises when servers are running that nobody knew
existed,
except the bad guys targetting them.
The Multinet SMTP server is pretty basic and people who are serious about
doing SMTP on VMS typically disable it and install a proper mailserver like
PMDF. That's my excuse for not knowing how to disable SMTP relaying in
Multinet. That and because it probably varies for different versions of
Multinet and you haven't said what version of Multinet you have. I used to
be one of the people supporting Multinet in this part of the world and I
seem to have inherited a stack of Multinet documentation for different old
versions so if I knew what version, I could probably look it up. I think
the
documentation for the most recent couple of Multinet versions is on the
Multinet website:
http://www.process.com/psc/service-support/multinet-support/
Try the Adminstrator's guide or Adminstrator's reference.
I do however know how to disable the SMTP server in Multinet completely:
$ MULTINET CONFIGURE /SERVERS
SERVER-CONFIG> DISABLE SMTP
SERVER-CONFIG> RESTART
Configuration modified, do you want to save it first ? [YES]
Regards,
Peter Coghlan