Solved

Spam Relaying on a Domino SMTP Gateway

Posted on 2004-08-04
27
1,709 Views
Last Modified: 2013-12-18
We currently have a problem with people using our Domino SMTP server to relay spam.

On our gateway we have our SMTP Inbound Relay Control fields and SMTP Outbound Control fields set as blank. However, when we place * in the "Deny messages from external internet domains" and "Deny messages from external internet hosts" fields we stop being used as a relay but cannot send email via the gateway from our Domino Email server with a 554 error message being returned to our users.

We have checked that our Domino SMTP server and Domino Email server is only using TCP/IP notes protocol to connect to each other as the smtp protocol is not running on our email server.

Our global domain name is set as Pierhouse, our notes domain is Pierhouse and our local primary internet domain name is pierhouse.co.uk. We have also 6 alternate internet domain aliases.

Both of our servers are running Domino 5.0.7.

This spam relaying as become a real issue to us and 500 points is available to whoever can help us solve it.



 
0
Comment
Question by:Pierhouse
  • 15
  • 9
  • 2
27 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11714298
To check, use www.abuse.net/relay.html

Only fill in ONE of the fields, denying all would be best. So the field "Deny messages to be sent to the following external internet domains".
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11714321
By the way, do you have multiple internal servers, and do you allow SMTP-mail between those servers? Then you need to remove the deny-setting and add in the allowed settings your domain only (pierhouse.co.uk)
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11714428
Ignore last question... :-$

What could be set though is to allow only external mails to your domain.
0
 

Author Comment

by:Pierhouse
ID: 11714547
We had tried putting a * just in the "Deny messages to be sent to the following external internet domains" field but we still could not send email from our email server.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11714654
By the way, did you verify that you're not blacklisted? Providers can block all mail to you if your server allows message relays. Did you also try to put only your domain in the allow (top-field), and leave the rest empty?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11714675
And what does your server's log database tell you, under miscellaneous? Rejected for policy reasons (554)?
0
 

Author Comment

by:Pierhouse
ID: 11715177
Yes we have tried putting our domain in the allow (top field) and we again got the 554 error "Attempt to relay mail to xxx@hotmail.com rejected for policy reasons. Relays to recipient's domain denied in your configuration" where the the hotmail address was a valid one.

With regards to blacklisting, carrying out checks yesterday, we are not blacklisted.
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 300 total points
ID: 11715471
Just to check:

Configuration Settings for your server
 Router/SMTP tab
  Basics: SMTP outside=Enabled, SMTP local=Disabled, Reachable=Always
 Restrictions and Controls:
  Restrictions: empty
  SMTP Inbound Controls:
   Allow messages: pierhouse.co.uk, rest empty
  SMTP Outbound controls: empty

Is the name of your server mentioned in the log during the start of the router equal to the name used from the internet?
0
 

Author Comment

by:Pierhouse
ID: 11716081
We have just doubled checked our current settings and they are:-

Router/SMTP tab
  Basics: SMTP outside=Enabled, SMTP local=All Messages, Reachable=Always
 Restrictions and Controls:
  Restrictions: empty
  SMTP Inbound Controls: empty
  SMTP Outbound controls: empty

Are you sugesting that we alter our configuration to that mentioned in your last comment and if that is the case should pierhouse.co.uk appear in both the "Allow messages from external internet domains...." and "Allow messages only from the following external internet hosts..." fields or just one of them and if so which one?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11716555
That would be my suggestion, yes, to allow only messages destined for your domain. Set only the first allow-field to your domain, stop and start the router, and test again. Restarting (or stopping and starting) the router is essential!

Either
    Tell Router Restart
or
    Tell Router Quit
    Load Router

I prefer the latter.
0
 

Author Comment

by:Pierhouse
ID: 11716628
Thanks for the latest info. We will be trying the new settings on our server after 17:30 BST.

On our previous attempts to change the settings we have only stopped and restarted the smtp task, should we have stopped and re-started the router task as well?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11716869
Absolutely! SMTP task is only the listener, the Router sends mails.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11717156
Is that 18:30 MEST or FST? Strange abbreviation, MEST, in my language it means "manure".
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 31

Assisted Solution

by:qwaletee
qwaletee earned 200 total points
ID: 11717805
Do you use a single SMTP server for inbound/outbound?  Do you have a separate SMTP server in a DMZ?

My prefered setup involves separate internal and DMZ servers, with the DMZ server set up using SendMail, and all the inbound controls set up on the SendMail box.  If you use Domino for the DMZ, then set the inbound controls "only from following hosts to external" set to the IP address of the internal server(s), using bracket notation, e.g., [192.168.0.25]

If you have only a single Domino server, and don't use any SMTP clients (only Lotus Notes for user mail, and no processes sending to external), then using * in the DENY to external shoudl work.
0
 

Author Comment

by:Pierhouse
ID: 11717999
We have a single SMTP server for inbound/outbound which should then route the email via notes mail to our email server. (BST is British Summer Time by the way)
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11718080
See www.greenwichmeantime.com :)

Tried restarting the Router?
0
 

Author Comment

by:Pierhouse
ID: 11724564
Finally found the problem at last!!!!

On the initial setup of our mail server the "Relay host for messages leaving the local internet domain:" had our SMTP server host name listed so of course when an email was to be sent from our mail server outside our local internet domain, it was being RELAYED to the SMTP server. So of course when we had put the * in the Deny fields on the SMTP box's configuration documet, it was rejecting all mail bound for the internet from our mail server

Thanks for all the help and time Sjef, it has been really appreciated
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11724962
Good for you! And I got so close with my just-to-check list, I forgot the (more or less) obvious after Reachable=Always: "the rest is empty/default". I'm sorry, it took far too long to solve this, I should have been more detailed.

You verified with abuse.net as well?
0
 

Author Comment

by:Pierhouse
ID: 11734920
By verified with abuse.net do you mean submitted contact details with them?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11735423
No, I meant to use the test on abuse.net. I checked the relays of your server using
    http://www.abuse.net/relay.html
and some tests seemed to pass through, unfortunately (see Test 16). What you might do is block everything with the * in the Deny again, as was the plan originally.
0
 

Author Comment

by:Pierhouse
ID: 11735475
Thanks a lot. I will register and try tests
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11735597
I didn't even register, I just filled in the name of your mailserver and clicked Test for Relay.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 11739611
What I hate about abuse.net is they cahce your results and won't check it again.

What I really hate about it is if you lost the results of your test, it will tell you that it is in cache, but won't show you what it was!
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11742835
Indeed. Thanks, Lunchy.

Pierhouse, as it happens, I posted the complete relay report, but since it contains a description of some holes, I asked for its removal immediately afterwards. If you want to have the relay report then send me a mail, I saved a copy I can mail you back. My address is in my EE-profile.
0
 

Author Comment

by:Pierhouse
ID: 11750793
Thanks Sjef for all your help on this one. We have sorted out the problem now and also identified some IP's to block on our firewall.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 11750826
You're welcome :)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now