No surprises
Except perhaps that the first half of August shows a large amount of attempts to abuse the mailserver to relay messages – likely to be spam. The files are not that big, and the sizes decrease in time; there has been an outbreak on 24-Aug-2014, where the anti-relay log was over 30 blocks in size: just 124 records – 119 form one address: 113.78.39.167, between 10:15 and 10:20 – just 5 minutes, by wlyx068@163.com – a domain that I know to be a Chinese source of trouble. There will be no possibility but block this address (and all that are related to this domain) in the router….I’ve done quite a lot already, but this one was still missing.
Spam is limited today, compared to some years ago. But either the notorious spammers have been taken offline, or are blocked to access my LAN – I don’t know. But though the number of messages are dramatically lower, the percentages of rejected mail are still relatively high:
PMAS statistics for August
Total messages : 2046 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 493 = 24.0 o/o (Files: 31)
Accepted by PMAS : 1553 = 75.9 o/o (Files: 31)
Handled by explicit rule
Rejected : 917 = 59.0 o/o (processed), 44.8 o/o (all)
Accepted : 301 = 19.3 o/o (processed), 14.7 o/o (all)
Handled by content
Discarded : 130 = 8.3 o/o (processed), 6.3 o/o (all)
Quarantained : 170 = 10.9 o/o (processed), 8.3 o/o (all)
Delivered : 35 = 2.2 o/o (processed), 1.7 o/o (all)
21-Aug-2014
Renewed licenses
Being a VMS hobbyist user on this site, the licences need to be renewed each year – and the expiration date is close. Ok, I have a few weeks left but to be sure to have them installed in time, I requested a new set of licences for VMS and Process Software’s mail-frontend – my spam-filter. The VMS licenses of course requested via OpenVMS.org (they offer an entry to request them) after I renewed my Connect membership – though I could propably have saved the $25 if only the Dutch HP User group had the membership number displayed on their meber site….) and I got the procedure for renewal the next day by email, thnaks to John Egolf. Installed them, so I can go on until 15-Sep-2015.
Next, pushed the VAX_VMS spec to Process as proof that I DO have a hobbyist license and requested a new PMAS license – which again, I got by email witgin 24 hours, thanks to Hunter Goatley. Installed that license (remotely :)) and I’m free from most spam until 4-Sep-2015.. There is a slight gap, but that will be addressed next year, in August.
03-Aug-2014
No surprises
in the maintenance job.
PMAS statistics for July
Total messages : 2896 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 1065 = 36.7 o/o (Files: 31)
Accepted by PMAS : 1831 = 63.2 o/o (Files: 31)
Handled by explicit rule Rejected : 1199 = 65.4 o/o (processed), 41.4 o/o (all)
Accepted : 263 = 14.3 o/o (processed), 9.0 o/o (all)
Handled by content
Discarded : 108 = 5.8 o/o (processed), 3.7 o/o (all)
Quarantained : 210 = 11.4 o/o (processed), 7.2 o/o (all)
Delivered : 51 = 2.7 o/o processed), 1.7 o/o (all)
Just that the number of relay attempts has been quite large: Almost every day there have beenm numerous attempts. This is something to be looked at; it concerns a number of different addresses sp I suspect a number of infected systems.
The WASD configuration requires a slight change for Mondesi to work. Minor, but important.
02-Jul-2014
Monthly maintenance – with a twist
The automated job works fine. Nothing weird or unexpected found. Even in mail:
PMAS statistics for June
Total messages : 2451 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 266 = 10.8 o/o (Files: 30)
Accepted by PMAS : 2185 = 89.1 o/o (Files: 30)
Handled by explicit rule
Rejected : 1589 = 72.7 o/o (processed), 64.8 o/o (all)
Accepted : 204 = 9.3 o/o (processed), 8.3 o/o (all)
Handled by content
Discarded : 153 = 7.0 o/o (processed), 6.2 o/o (all)
Quarantained : 197 = 9.0 o/o (processed), 8.0 o/o (all)
Delivered : 42 = 1.9 o/o (processed), 1.7 o/o (all)
Since DNSBlacklisting hasn’t been re-enabled yet, the number of messages is zero – obviously. Given the number of messages there is no real need at the moment, and I want to monitor it closely, so it might be done in a weekend or so.
Relay attempts were concentrated on the last few days, but the amounts are not that big.
There are quite a log of debug log files; needed to investigate some things, but I’m way to busy with other stuff ….
This month’s twist is the mail access trouble. Since HP’s POP doesn’t seem to work properly, I have now installed another program: Ruslan Laishev’s Starlet POP server (SPOP3). It has been developed as a service running on the TCPWARE stack, or as a detached process. Since I don’t use TCPWARE, I would like to have it running as a normal TCPIP-service. But as it turned out, this is not possible: appearently, there are problems accessing the sockets, according Ruslan; Attempting to connect to a socket crashes the program with a DUPLNAM error.
But it works as a detached process so I left it that way. It does the job, although a bit different: where HP’s POP process copies files to the WASTEBASKET folder in VMSMAil, SPOP3 actually deletes read messages. This is an alteration I may add.
The second mail access protocol;: IMAP, is also running, I use it for my phones and tablets – in stead of POP because mail is accessed where it resides. But for some reason, it seems the IMAP process stalls for some reason, the logs do not give a clue on what may have caused it. This was the case for a day or two; and tonight I found multiple TCPIP$IMAP processed on the system, both HIB but not responding – I gor network errors on my Android devices. All went fine after they were restarted.
19-Jun-2014
Mail access issue solved
The problems I encountered with the HP-supplied POP server have been posted on the HP Network forum, and I got an alternative via a Russian collegue: Ruslan Laishev. He ported (or wrote) a POP server (Starlet POP3 – hence SPOP3) that should do the job, and it can be obtained from his site. The project contains a MMS/MK build file, but it failed to build since commands were missing: it is important that you specify that files need to be compiled….So I added these commands, but again it failed: two files were not included: an SDL file and a TCPWARE library; the first I could locate, but the second I couldn’t. I contacted Ruslan and he built me an Alpha version. Next was to start it – but the procedures to do so contained a possibility to start the server as a TCPIP-service using TCPWARE stack, not the HP TCPIP stack. So I added this as well. A second possibility is to have the server running as a detached process.
Neither way worked flawlessly. First, the process ran into a number of SSL issues – non fatal but still. That is because both port 11n and 995 are initiated – except if the secure port is set to zero; however, you would still need to specify the .PEM file. But most annoying is that when the program is started as a TCPIP service under HP’s stack, it crashes stating a DUPLNAME error.
There were a number of other issues that boiled down to logicals that were misinterpreted – but in the end it all looked nice, more or less. But building failed on syntax errors – and my knowledge of C is far too limited. Ruslan would look into it, and urged me to download the latest header – and source files.
For the time being, I stuck to IMAP, but that proved to have some issues as well: Some messages – once moved – were not re-read and did not show up in Outlook, though the web-agent (that accesses VMS mail directly) had no trouble at all. So I left al mail on the server and didn’t access it using Outlook.
Tonight I downloaded the latest versions – first onto the workstation and moved the to Diana for compilation. Most files succeeded, but the most important one failed to be transferred – any file, actually. So I started the browser on Diana and downloaded the files directly on the system – built the application and fired it as detached process – which succeeded perfectly. But when run as an HP TCPIP service, it again fales with DUPLNAME. After restarting it (once more since I forgot to remove the installed image and disable and remove the service) it now runs as detached process. For the moment, that’s Ok. But the DUPLNAME issue need to be resolved (I do have an idea of the cause but will need to investigate the code).
So now I’m using POP again to retrieve mail.