[nos-bbs] SMTP gateway

Lakenet n0mr at lakenet.com
Mon Jul 28 13:53:30 EDT 2014


Michael,

Thank you for the note. I failed to mention that my Linux JNOS machine is 
located behind a Netscreen NS5GT firewall that blocks all but trusted 
incoming mail on port 25. That blocks the thousands of spam mails that would 
otherwise come in daily. Is there any trace or other parameter that I can 
set in JNOS to monitor outgoing SMTP traffic so I can see how and where 
outgoing SMTP traffic is going? I'm not a network person so I learn by lots 
of reading and trial and error. I will look into a mail server that I can 
run on the Linux machine and I have a couple of mentors that can help.

Jerry, N0MR

-----Original Message----- 
From: Michael E Fox - N6MEF
Sent: Monday, July 28, 2014 12:13 PM
To: 'TAPR xNOS Mailing List'
Subject: Re: [nos-bbs] SMTP gateway

JNOS already uses SMTP so it doesn't require a gateway.  But ...

-- The SMTP code in JNOS is very old and I've seen it do a couple things
(like pipelining when that option has not been negotiated) that aren't quite
correct by today's standards
-- The SMTP code in JNOS has no security mechanisms

So, if you are sending SMTP messages to or receiving SMTP messages from any
other machine that you don't trust 100% (this includes anything on the
Internet and probably the rest of 44-net) then you should configure 'smtp
gateway' to the address of a mail server you do trust.

For example, here is one way to do it:  Each of the linux machines that runs
JNOS in our network is also running a mail server.  JNOS is configured with
'smtp gateway' set to the linux IP address.   The linux mail server
configuration performs a dozen or more security checks on incoming mail
connections from other machines, including:  DNS lookups, blacklist lookups,
relay lookups, network-based lookups, spam detection, virus scanning, and
more.  It also performs some outbound checks to make sure JNOS has not be
compromised.  If your mail server is exposed to the Internet and you monitor
the mail logs on such a machine, you'll find that it will be hit with relay
or spam or virus attempts multiple times per hour.  But the gateway rejects
all of that (hopefully!), protecting the JNOS system.

Some home/SOHO routers may have something simple built into their software
which lets them protect you from some attacks.  Consult you're router's
documentation for details.  Perhaps Google or Yahoo or others provide a free
service.  Postini (now part of Google, ugh!) and others provide paid
services.  For details on how to set up your own, more comprehensive
solution, consult the documentation for your preferred mail server software:
sendmail, postfix, exim, ...

Finally, the JNOS release notes provide some details about extra 'smtp
gateway' options that were added a few versions ago.

Michael
N6MEF


-----Original Message-----
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of Lakenet
Sent: Monday, July 28, 2014 9:12 AM
To: TAPR xNOS Mailing List
Subject: [nos-bbs] SMTP gateway

I have always set SMTP gateway to none not knowing how to use that gateway.
Recently I read a reflector post that the gateway should be set to the
address of the home router I assume to route unroutable mail out into the
internet. I understand that any packet mail with no route to deliver would
go to the SMTP queue. So I entered a gmail address from within JNOS for a
test and the mail did get to the recipient. I did not see anything on the
monitor. How does this operation run? Does ampernet have some type of mail
handler? Does anyone know if there is something written to explain this
operation or can someone type me a simple explanation.

Thank you,

Jerry, N0MR


_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
http://www.tapr.org/mailman/listinfo/nos-bbs 





More information about the nos-bbs mailing list