[nos-bbs] About JNOS SMTP, was 'Re: interesting - pop mail to read WW area :)'

Langelaar maiko at pcsinternet.ca
Mon Nov 2 10:31:21 EST 2020 

Good morning,

There is NO ww account with regard to sending internet email
spam, remember JNOS has no SMTP authentication, it's pure
connect and send. The ww account is strictly a pop3 account.

This is the most important thing people need to know about JNOS
and it's SMTP, it's wide open, but keep reading, just be smart about
it. Either way I would not be sharing 'an account', that's just stupid.

I was thinking, good luck getting JNOS to talk to an internet email
service anyways, most of them now require SMTP authentication,
if not then probably you should not be doing that anyways ?

Michael's concerns about SPAM and JNOS, especially since SMTP
is NOT authenticated are valid, but if it helps any ? by default JNOS
will not 'relay' anything outside it's subnets. But that still leaves for
email clients within the JNOS subnets. You can restrict access to
the SMTP ports using tcp access for example :

    tcp access permit 44.135.124.16/32 25 25

    tcp access permit 192.168.200.10/32 25 25

where 44.135.124.0/24 is my VHF ip network,

and 192.168.200/24 could be the internal lan my JNOS sits on,
and there may be multiple clients on that internal lan, and so on.

In my case I am outside of the JNOS subnets, and the only way
into my JNOS system is via an openVPN connection. Once I am
in, JNOS will not allow SMTP, unless I (the sysop) put in this :

    smtp relay add 10.8.10.6 255.255.255.255

And you can see it in the logs when I access JNOS with
my android or PC or whatever coming in over the VPN :

    logs/29Oct20:02:05:39  - smtp [10.8.10.6] allow relay

Maiko

On 11/2/20 8:20 AM, Michael Fox - N6MEF wrote:
> If you set up JNOS to also accept email from clients like Thunderbird, and
> if you have an email gateway to the Internet (or you allow JNOS to talk
> directly to Internet mail servers [yikes!!!!]), then this also opens up the
> ww account for sending Internet email spam.
>
> If it's just one person using a BBS, that's one thing.  But if you're
> sharing the ww account amongst multiple users so they can all use this
> method of retrieving bulletins, then the chances of creating a spam problem
> are significant.
>
> Estimates range between 10%-30% of home computers are infected with some
> sort of virus/malware.  And we've probably all received email from someone's
> hacked account in the last month or two.  You don't want JNOS to be a vector
> for that.
>
> Michael, N6MEF
>
> FYI:
>
> Home User Statistics
>
> According to the Microsoft Security Intelligence Report and Consumer Reports
> the following home user statistics illustrate the impact of viruses to your
> average American.
>
> 1. 24 million households experience heavy spam.
> 2. 16 million households have experienced a serious virus problem in the
> past two years.
> 3. 8 million of households have had spyware in the past 6 months.
> 4. 1 million households lost money or compromised accounts from misused
> phishing.
> 5. The estimated cost of all households impacted by viruses, spyware, and
> phishing is $4.55 billion.
> 6. 40% of household are affected by viruses.
> 7. 32% of the world’s computers are infected with some type of malware.
>
> Virus Threats by Type
>
> A listing of the types of viruses and percentages of those that impact
> users.
>
> 1. Viruses – 57%
> 2. Misc. Trojans – 21%
> 3. Trojan Downloaders – 7%
> 4. Unwanted Software – 4%
> 5. Adware – 3%
> 6. Exploits – 3%
> 7. Worms – 2%
> 8. Password Stealers and Monitoring Tools – 2%
> 9. Backdoors – 1%
> 10. Spyware – 0.01%
>
>
>
>
> -----Original Message-----
> From: nos-bbs <nos-bbs-bounces at lists.tapr.org> On Behalf Of M Langelaar
> Sent: Thursday, October 29, 2020 8:55 PM
> To: TAPR xNOS Mailing List <nos-bbs at lists.tapr.org>
> Subject: [nos-bbs] interesting - pop mail to read WW area :)
>
> My so called WORLD area for bulletins is @ww
>
> Out of a hunch, decided to put an entry into my /jnos/popusers file :
>
>     ww:mypassword:
>
> then setup thunderbird for pop3, leave messages on server, user 'ww'.
>
> Dirty way to download all the bulletins to thunderbird, a bit slow if you
> have 720 of them, so download headers only, still a bit slow, so maybe
> more the reason for me to rewrite some of that to store each message
> in it's own file then one huge file for all of them - maildir vs mbox
> ... Not
> the first time I've thought about it, the last time was years ago :(
>
> Anyways, in case anyone is curious, that actually works if you need
> something, even if it means setting up a separate email account just for
> the one ww 'user' or whatever other bulletin area you're interested in.
>
> Maiko
>
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at lists.tapr.org
> http://lists.tapr.org/mailman/listinfo/nos-bbs_lists.tapr.org

More information about the nos-bbs mailing list