www.grootersnet.nl |
Setting up MailMAIL - or better: VMSMAIL - is a standard facility on ANY VMS system, from the very beginning. Working with DECNet originally, it now can handle TCP/IP protocols as SMTP, POP and IMAP as well. Setting it up is really no big deal: just enable the service and start it, automatically on boot. Standard, it's defined as "NORELAY" so keeping spammers out by default. POP is no big deal either - just enable the service. (For this, by the way, use the standard script, which comes with TCPIP. You can set up most of the TCPIP stuff with it) Set it all up internally is no trouble at all. Although you can set it up by DHCP as well, I decieded NOT to. Of course: mail for this domain isn't routed to my address, so it doesn't make sense to do this. Well, sending and receiving internal mail from any PC using the mail server works, as does receiving mail sent from the server on the PC. However, to pass mail from a PC (sent by SMTP) to the internet using the server requires it set up as relay server - which is very undesireble. Luckily, in TCPIP version 5.3 (as running on this machine) there is a facility to lock out unwanted clients. In principle the only allowable clients are on the intranet, obviously. And from the outside world? It's hard to set up a list of acceptable hosts - or hosts to be banned. Luckily, there is the concept of Realtime Blackhole Lists (RBL) that can be used to check addresses against. In the end the following setup was ready for testing:
Now test: Login at ISP login site, the TELNET to my address and SMTP port, and follow the primary parts of the protocol: HELO If that is NOT accepted, it means the address you're on, is in a RBL. Since 'friendly' signalling is enabled, you'll get a message stating this status. OOPS, this happens. WHY IS THAT? Checked that machine but it isn't in a RBL, but SMTP says so..... For the time being, disable RBL. Now HELO is accepted, now take the next hurdle: MAIL FROM:<name@domain> Well, the result depends on domain If it is in the list of explicitly named unacceptable domains, it actually
breaks here. Again, ten result depends on the domain. Actually, ALL is rejected unless for the expected domain (indeed: grootersnet.nl). Also check the openness using www.orbs.org
(that has good tests), and this doesn't find it as an open relay. Requested my ISP to change MX record for this domain to this address so I can
handle my own mail (and ISP will be backup). A few things still need to be handled, but that's mainly e matter of layout (Outlook gets all headers and should strip them) But for the rest: IT WORKS. To trace rejections, created a command procedure to be run each night. Output must still be formatted so it can be read from the Internet.... |
(c) 2003- 2007 W. Grooters Last updated 01-01-2008 |