Preventing VAX running VMS / Multinet from being used as SMTP relay
Pete Rittwage
peter at rittwage.com
Sun Dec 3 20:32:35 CST 2017
> I have a microvax set up with VMS 5, running MULTINET (and decnet
> locally). The server has a FQDN and after a while being exposed to the
> WWW someone out there started using the server as an SMTP relay. I can
> disable and clear the queue, but I'd like to block entirely this from
> happening in the first place. I'd like to learn more about how this
> happens in VMS.
>
> Anyone have had this same problem before? I realize back when VMS 5 was
> current it was not so much of an issue, but today it is. I am working on
> a
> solution. I can envision a few ways including blocking the smtp relay
> port
> from the firewall, but if possible I'd like to set up a VMS Multinet
> solution as a learning exercise.
>
> I am open to suggestions, and once I find the solution I'll post it.
>
> I understand that this kind of thing is not cookie cutter, there are
> different levels one could address something like this. I have a comcast
> business router, and one of the 5 IPs I have is NAT assigned to the
> internal 10.1.10 port of the microvax.
>
> This is the same machine I wrote about previously as with then, thanks for
> your help. I find the best way to learn is on the actual hardware warts
> and all.
>
> Bill
>
You should never use one-to-one NAT like that. You should only forward the
ports you need from the firewall to your server. In this case, I assume
you only need tcp/23 for telnet from the outside?
--
Pete Rittwage
More information about the cctalk
mailing list