[nos-bbs] SMTP gateway

Michael E Fox - N6MEF n6mef at mefox.org
Mon Jul 28 13:13:26 EDT 2014 

JNOS already uses SMTP so it doesn't require a gateway.  But ...

-- The SMTP code in JNOS is very old and I've seen it do a couple things
(like pipelining when that option has not been negotiated) that aren't quite
correct by today's standards
-- The SMTP code in JNOS has no security mechanisms

So, if you are sending SMTP messages to or receiving SMTP messages from any
other machine that you don't trust 100% (this includes anything on the
Internet and probably the rest of 44-net) then you should configure 'smtp
gateway' to the address of a mail server you do trust.

For example, here is one way to do it:  Each of the linux machines that runs
JNOS in our network is also running a mail server.  JNOS is configured with
'smtp gateway' set to the linux IP address.   The linux mail server
configuration performs a dozen or more security checks on incoming mail
connections from other machines, including:  DNS lookups, blacklist lookups,
relay lookups, network-based lookups, spam detection, virus scanning, and
more.  It also performs some outbound checks to make sure JNOS has not be
compromised.  If your mail server is exposed to the Internet and you monitor
the mail logs on such a machine, you'll find that it will be hit with relay
or spam or virus attempts multiple times per hour.  But the gateway rejects
all of that (hopefully!), protecting the JNOS system.

Some home/SOHO routers may have something simple built into their software
which lets them protect you from some attacks.  Consult you're router's
documentation for details.  Perhaps Google or Yahoo or others provide a free
service.  Postini (now part of Google, ugh!) and others provide paid
services.  For details on how to set up your own, more comprehensive
solution, consult the documentation for your preferred mail server software:
sendmail, postfix, exim, ...  

Finally, the JNOS release notes provide some details about extra 'smtp
gateway' options that were added a few versions ago.

Michael
N6MEF


-----Original Message-----
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of Lakenet
Sent: Monday, July 28, 2014 9:12 AM
To: TAPR xNOS Mailing List
Subject: [nos-bbs] SMTP gateway

I have always set SMTP gateway to none not knowing how to use that gateway. 
Recently I read a reflector post that the gateway should be set to the 
address of the home router I assume to route unroutable mail out into the 
internet. I understand that any packet mail with no route to deliver would 
go to the SMTP queue. So I entered a gmail address from within JNOS for a 
test and the mail did get to the recipient. I did not see anything on the 
monitor. How does this operation run? Does ampernet have some type of mail 
handler? Does anyone know if there is something written to explain this 
operation or can someone type me a simple explanation.

Thank you,

Jerry, N0MR

More information about the nos-bbs mailing list