Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Block incoming traffic
56 views
Skip to first unread message
Ace
May 22, 2012, 6:48:52 AM5/22/12
to
Hi
all,
I run a small shop with a
AS400/I5 server which resides in a datacenter. The box has an outside
IP-address. There is no modem or router involved. Mu customers enter the system
with a specific terminal type which is checked within an exit program that is
running before the user can come in.
My users can also send email
from the AS400 over the SMTP port 25 using SNDM. We will only send messages
out of the system. We don't receive email from
outside.
The Problem
is:
Some spammers in Russia and
China have discovered that the AS/400 has an open SMTP server inside my machine,
and are currently redirecting a flood of junk mail via our server.
I have set the incoming traffic
to the AS/400 to telnet-only (since that's all people need) and it still isn't
blocking the mail. If I use a port scanner I can see that port 25 is open.
I'm getting kind of frustrated here because I don't intend on taking down all public access to our AS/400 but don't see how to make this stop.
I'm getting kind of frustrated here because I don't intend on taking down all public access to our AS/400 but don't see how to make this stop.
Is there a way to stop all
incoming traffic without ending the SMTP server because that will work
?
Any tips, comments, etc. would
be greatly appreciated, thanks.
Ace
iseriesflorida
May 23, 2012, 8:54:03 AM5/23/12
to
like your doing it native.
trans am kid
May 23, 2012, 3:39:00 PM5/23/12
to
First, you really need some sort of firewall/router. While you say
there is no router/modem, obviously from the isp, there probably is.
If for example, you had a router, you could block the incoming port
25 traffic that would solve your problem.
On May 22, 6:48 am, "Ace" <n...@spam.pls> wrote:
there is no router/modem, obviously from the isp, there probably is.
If for example, you had a router, you could block the incoming port
25 traffic that would solve your problem.
On May 22, 6:48 am, "Ace" <n...@spam.pls> wrote:
jse...@yahoo.co.nz
May 23, 2012, 5:25:23 PM5/23/12
to
On Tuesday, 22 May 2012 22:48:52 UTC+12, Ace wrote:
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Hi
> all,</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">I run a small shop with a
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">My users can also send email
> outside.</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">The Problem
> is:</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Some spammers in Russia and
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">I have set the incoming traffic
> to the AS/400 to telnet-only (since that's all people need) and it still isn't
> all public access to our AS/400 but don't see how to make this stop.
> </font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Is there a way to stop all
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Any tips, comments, etc. would
> be greatly appreciated, thanks.</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Ace</font></span></span></div></div>
I'm not an expert on SMTP, but would turning off the allow relayed mail option stop this?
CHGSMTPA ALWRLY(*NONE)
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Hi
> all,</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">I run a small shop with a
> AS400/I5 server which resides in a datacenter. The box has an outside
> IP-address. There is no modem or router involved. Mu customers enter the system
> with a specific terminal type which is checked within an exit program that is
> running before the user can come in. </font></span></span></div>
> IP-address. There is no modem or router involved. Mu customers enter the system
> with a specific terminal type which is checked within an exit program that is
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">My users can also send email
> from the AS400 over the SMTP port 25 using SNDM. We will only send messages
> out of the system. We don't receive email from
> outside.</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">The Problem
> is:</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Some spammers in Russia and
> China have discovered that the AS/400 has an open SMTP server inside my machine,
> and are currently redirecting a flood of junk mail via our server.
> </font></span></span></div>
> and are currently redirecting a flood of junk mail via our server.
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">I have set the incoming traffic
> to the AS/400 to telnet-only (since that's all people need) and it still isn't
> blocking the mail. If I use a port scanner I can see that port 25 is open.
>
> I'm getting kind of frustrated here because I don't intend on taking down
>
> all public access to our AS/400 but don't see how to make this stop.
> </font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Is there a way to stop all
> incoming traffic without ending the SMTP server because that will work
> ?</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Any tips, comments, etc. would
> be greatly appreciated, thanks.</font></span></span></div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana"></font></span></span> </div>
>
> <span style="TEXT-TRANSFORM:none;TEXT-INDENT:0px;BORDER-COLLAPSE:separate;FONT:medium 'Times New Roman';WHITE-SPACE:normal;LETTER-SPACING:normal;COLOR:rgb(0,0,0);WORD-SPACING:0px"><span style="TEXT-ALIGN:left;FONT-FAMILY:Arial,Helvetica,sans-serif;FONT-SIZE:11px"><font size="2" face="Verdana">Ace</font></span></span></div></div>
I'm not an expert on SMTP, but would turning off the allow relayed mail option stop this?
CHGSMTPA ALWRLY(*NONE)
jse...@yahoo.co.nz
May 23, 2012, 5:30:56 PM5/23/12
to
Eeek, dunno why a reply made my previous post come out like that...
In case you couldn't see my reply in all the HTML gibberish...
In case you couldn't see my reply in all the HTML gibberish...
Dr.Ugo Gagliardelli
May 24, 2012, 4:06:51 AM5/24/12
to
il 22.05.2012 12:48, Scrive Ace 114321068:
[...]
will find the new port.
I wrote my own mail client that don't use any mail framework support, so
I can keep smtp server off.
[...]
> Is there a way to stop all incoming traffic without ending the SMTP server because that will work ?
>
> Any tips, comments, etc. would be greatly appreciated, thanks.
>
> Ace
Try changing smtp port in service table, it should work till spammers
>
> Any tips, comments, etc. would be greatly appreciated, thanks.
>
> Ace
will find the new port.
I wrote my own mail client that don't use any mail framework support, so
I can keep smtp server off.
Ace
May 29, 2012, 8:43:35 AM5/29/12
to
Hi Guys,
Thanks for replying.
The AS400 is not a box that you would use as a smtp server because of the
bad firewall it has. There is NONE !
I solved the problem by installing a (free) smtp-server (Alt-n) on a PC. I
send all mail from the AS400 to the PC, which will send it to the receivers.
Because of the fact that the PC also has an external IP-address I had in 2
days lots (about 4000) of visits from Russian and Taiwanese spammers. After
I had fixed a tarpit for 60 seconds if they send more than 2 RCPT's all
spammers are gone now.
My advise: Don't use the smtp server on a AS400 that is directly connected
to the Internet.
Ace.
"Dr.Ugo Gagliardelli" <do.no...@me.please> schreef in bericht
news:jpkq6q$9qd$2...@speranza.aioe.org...
Thanks for replying.
The AS400 is not a box that you would use as a smtp server because of the
bad firewall it has. There is NONE !
I solved the problem by installing a (free) smtp-server (Alt-n) on a PC. I
send all mail from the AS400 to the PC, which will send it to the receivers.
Because of the fact that the PC also has an external IP-address I had in 2
days lots (about 4000) of visits from Russian and Taiwanese spammers. After
I had fixed a tarpit for 60 seconds if they send more than 2 RCPT's all
spammers are gone now.
My advise: Don't use the smtp server on a AS400 that is directly connected
to the Internet.
Ace.
"Dr.Ugo Gagliardelli" <do.no...@me.please> schreef in bericht
news:jpkq6q$9qd$2...@speranza.aioe.org...
0 new messages