Preventing VAX running VMS / Multinet from being used as SMTP relay

Pete Rittwage peter at rittwage.com
Sun Dec 3 20:32:35 CST 2017


> I have a microvax set up with VMS 5, running MULTINET (and decnet
> locally).   The server has a FQDN and after a while being exposed to the
> WWW someone out there started using the server as an SMTP relay.  I can
> disable and clear the queue, but I'd like to block entirely this from
> happening in the first place.  I'd like to learn more about how this
> happens in VMS.
>
> Anyone have had this same problem before?  I realize back when VMS 5 was
> current it was not so much of an issue, but today it is.  I am working on
> a
> solution.  I can envision a few ways including blocking the smtp relay
> port
> from the firewall, but if possible I'd like to set up a VMS Multinet
> solution as a learning exercise.
>
> I am open to suggestions, and once I find the solution I'll post it.
>
> I understand that this kind of thing is not cookie cutter, there are
> different levels one could address something like this.  I have a comcast
> business router, and one of the 5 IPs I have is NAT assigned to the
> internal 10.1.10 port of the microvax.
>
> This is the same machine I wrote about previously as with then, thanks for
> your help.  I find the best way to learn is on the actual hardware warts
> and all.
>
> Bill
>

You should never use one-to-one NAT like that. You should only forward the
ports you need from the firewall to your server. In this case, I assume
you only need tcp/23 for telnet from the outside?

--
Pete Rittwage




More information about the cctalk mailing list