Deny spammers server access
Rich Loeber
Spam is more than an annoyance; it can be a real security headache. Spammers make it a regular practice to use the email capability of others' systems that are connected to the Internet.
OS/400 has an SMTP server that can be used to send email directly from your system. This is a very handy thing to have available if you need to send mail from your system and you don't want to load down your company's regular mail server. But how do you keep spammers from gaining access to the system and spreading their own particular disease using your system, especially because default configuration for the SMTP server is for wide-open message relaying. The answer to our question is to control how messages are relayed through your system. If you are using the SMTP server on your iSeries box, you should definitely set up control over the message relaying process.
Do this by defining specific IP addresses that are allowed to relay mail through your system. IP addresses that attempt to send mail through your system that are not on the list of "trusted" addresses, will be denied access to your system.
To set up relay control, do the following:
- Create a source physical file in library QUSRSYS named QTMSADRLST. The file must be created with CCSID value set to "500". The record length should be the default value of 92.
- Start PDM on this new source file and create a new member named ACCEPTRLY.
- For each IP address for which you want to authorize mail relaying, you add a line to this file member. Each line will contain an IP address and an address mask in dotted decimal format.
Here are some examples:
- To allow a specific IP address to relay mail through your iSeries box, code: 1.2.3.4 255.255.255.255. This will allow the system with IP address 1.2.3.4 to relay mail using your system.
- To allow all addresses from 1.2.3.1 through 1.2.3.255, code the following: 1.2.3.1 255.255.255.0. This will let all of the systems within the defined range use your system to relay mail.
- You can also approach this from the angle of rejecting relay requests from specific systems by creating another member in the same QTMSADRLST file named REJECTCNN. Enter records in this file using the rules cited above. The systems defined in this member will be specifically rejected from mail relay attempts.
Note: If all you want to do is turn off ALL message relaying, regardless of its source, you can do this by creating a data area in library QUSRSYS named QTMSNORLY. This will disallow all mail relay requests on your system.
Once your file is set up, you can activate the feature by:
- Ending the current SMTP server (ENDTCPSVR *SMTP)
- Check to make sure that no data area named QTMSNORLY exists in your QUSRSYS library.
- Restart the SMTP server (STRTCPSVR *SMTP)
Rich Loeber is president of Kisco Information Systems Inc., in Mt. Kisco, NY. The company is a provider of various security products for the AS/400 market.
