www.grootersnet.nl

Setting up Mail

MAIL - or better: VMSMAIL - is a standard facility on ANY VMS system, from the very beginning. Working with DECNet originally, it now can handle TCP/IP protocols as SMTP, POP and IMAP as well.

Setting it up is really no big deal: just enable the service and start it, automatically on boot. Standard, it's defined as "NORELAY" so keeping spammers out by default.

POP is no big deal either - just enable the service.

(For this, by the way, use the standard script, which comes with TCPIP. You can set up most of the TCPIP stuff with it)

Set it all up internally is no trouble at all. Although you can set it up by DHCP as well, I decieded NOT to. Of course: mail for this domain isn't routed to my address, so it doesn't make sense to do this.

Well, sending and receiving internal mail from any PC using the mail server works, as does receiving mail sent from the server on the PC. However, to pass mail from a PC (sent by SMTP) to the internet using the server requires it set up as relay server - which is very undesireble.

Luckily, in TCPIP version 5.3 (as running on this machine) there is a facility to lock out unwanted clients. In principle the only allowable clients are on the intranet, obviously. And from the outside world? It's hard to set up a list of acceptable hosts - or hosts to be banned. Luckily, there is the concept of Realtime Blackhole Lists (RBL) that can be used to check addresses against.

In the end the following setup was ready for testing:

RBLs as defined in the example
Accept only clients within the intranet
Reject ANY request where a domain is non-existing (cannot be translated to an IP address) or where an address can not be translated to a name.
Reject ANY request from a number of explicitly named domains or domain-groups (because known as notorious source of SPAM)

Now test: Login at ISP login site, the TELNET to my address and SMTP port, and follow the primary parts of the protocol:

HELO

If that is NOT accepted, it means the address you're on, is in a RBL. Since 'friendly' signalling is enabled, you'll get a message stating this status.

OOPS, this happens. WHY IS THAT?

Checked that machine but it isn't in a RBL, but SMTP says so.....

For the time being, disable RBL.

Now HELO is accepted, now take the next hurdle:

MAIL FROM:<name@domain>

Well, the result depends on domain

If it is in the list of explicitly named unacceptable domains, it actually breaks here.
If it is an non-existing domain, the connection breaks also.
A connection that can not be translated to a name can not be tested this way...

When a connection is Ok, the next step can be taken:

RCPT TO:<name@domain>

Again, ten result depends on the domain. Actually, ALL is rejected unless for the expected domain (indeed: grootersnet.nl).

Also check the openness using www.orbs.org (that has good tests), and this doesn't find it as an open relay.
But why don't RBL's work.....
Asked this on HP OpenVMS ITRC Forum - and others had the very same problem, it turned out that the last RBL in the example is down - and will cause ALL mail to be rejected! (thanks Martin). Took that out, put another in: Now it's OK!

Requested my ISP to change MX record for this domain to this address so I can handle my own mail (and ISP will be backup).
First day already found one site being rejected because it's server address cannot be translated to a name - just one I NEED to receive. Solution: Add this translation as host in the static configuration (so BIND doesn't need to restart) and that solved the problem.

A few things still need to be handled, but that's mainly e matter of layout (Outlook gets all headers and should strip them)

But for the rest: IT WORKS.

To trace rejections, created a command procedure to be run each night. Output must still be formatted so it can be read from the Internet....

Back to web sertup

Back to project description

Back home