|
You can block mail relay and spamming using the following instructions. There is a list available of IP addresses of know spammers at http://www.orbs.org/database.html. You can download the list, edit it and upload it to the AS/400. I have about 7500 ip addresses in my list. It blocked 50 connections from spammers since last midnight. This information was copied from: http://www.as400service.ibm.com/supporthome.nsf/document/10000016 Special instructions for controlling RELAY and CONNECTIONS ---------------------------------------------------------- If you do not choose to take advantage of this enhanced function, nothing needs to be done. If you want to take advantage of this enhanced function, you should do the following: Special Instructions for RESTRICTING RELAY: 1. Create a Source Physical File QUSRSYS/QTMSADRLST record length 92 (12 characters for line count and change information). The file must be ccsid 500. CRTSRCPF FILE(QUSRSYS/QTMSADRLST) CCSID(500) 2. Create a Source Physical File member ACCEPTRLY To create a member for a file that already exists (and go into edit): STRSEU SRCFILE(QUSRSYS/QTMSADRLST) SRCMBR(ACCEPTRLY) 3. Add a record with the dotted decimal address of the ALLOWED user. Only addresses in the list will be allowed to relay. Put one address and mask per line, (a mask is optional). An example entry would be: 1.2.3.4 255.255.0.0 In this example the mask and the address would be combined (AND) to allow all addresses starting with '1.2' e.g. '1.2.5.6' Another example: 7.8.9.3 255.255.255.255 This would allow only one address, 7.8.9.3. It is the same as 7.8.9.3 Special Instructions for RESTRICTING CONNECTIONS: 1. Create a Source Physical File QUSRSYS/QTMSADRLST record length 92 (12 characters for line count and change information). The file must be ccsid 500. CRTSRCPF FILE(QUSRSYS/QTMSADRLST) CCSID(500) 2. Create a Source Physical File member REJECTCNN To create a member for a file that already exists (and go into edit): STRSEU SRCFILE(QUSRSYS/QTMSADRLST) SRCMBR(REJECTCNN) 3. Add a record with the dotted decimal address of the REJECTED user. This blocks relay and mail delivery from this address. Put one address and mask per line (a mask is optional). An example entry would be: 1.2.3.4 255.255.0.0 In this example the mask and the address would be combined (AND) to reject all address starting with '1.2' e.g. '1.2.5.6' Another example: 7.8.9.3 255.255.255.255 This would reject only one address, 7.8.9.3. It is the same as 7.8.9.3 Instructions for activating relay and connection lists 1. End the smtp server ENDTCPSVR SERVER(*SMTP) 2. If data area for blocking all relays exists, delete it. To see if the data area exists: DSPDTAARA DTAARA(QUSRSYS/QTMSNORLY) To delete the data area: DLTDTAARA DTAARA(QUSRSYS/QTMSNORLY) 3. Start the smtp server STRTCPSVR SERVER(*SMTP) Special notes: 1. If the data area for blocking relays is used (QUSRSYS/QTMSNORLY), ALL relays will be blocked. If the data area is not there, but QUSRSYS/QTMSADRLST.ACCEPTRLY exists and has at least one entry, then only addresses in the list will be allowed to relay. 2. If the address is in QUSRSYS/QTMSADRLST.REJECTCNN it will not be allowed to connect. This blocks relay and mail delivery from this address. If QUSRSYS/QTMSADRLST.REJECTCNN does not exist or has no valid entries, then all connections will be allowed. 3. If journaling is on, rejected addresses will be journaled. To find out if journaling is on: Use PF4 on command CHGSMTPA, look for parameter Journal which would be *YES for on. To display journal,('sues/jrnl' is your directory and file, 'dec14' is the name of the member you are creating): DSPJRN JRN(QZMF) OUTPUT(*OUTFILE) OUTFILE(sues/jrnl) OUTMBR(dec14) ENTDTALEN(512) DSPPFM FILE(sues/jrnl) MBR(dec14) Rejected connections will have the entry, starting in column 195: "9S CONNECTION REFUSED 1.2.3.4" (1.2.3.4 is the dotted decimal address rejected.) Rejected relays will have the entry, starting in column 195: "9V RELAY REFUSED 1.2.3.4" (1.2.3.4 is the dotted decimal address rejected.) These journal entries will have a message id of 0. 4. Relays will be rejected with the SMTP protocol response, in the SMTP client to SMTP server conversation: "553 Relaying blocked at this site." 5. Connections will be rejected with the SMTP protocol response, in the SMTP client to SMTP server conversation: "421 Service not available, access denied." 6. Only the first 10,000 entries in each table will be read. Lines beginning with '*' will be treated as comments. The file must be ccsid 500. Only put one address and mask per line. If you FTP your file between systems, make sure it is created as a source physical file on the receiving system first. 7. Error messages will appear in the QTSMTPSRVR joblog as follows: Entries in the QUSRSYS/QTMSADRLST that are not valid: "TCP9508" "Internet address not valid." Note that the above message will always be followed by the following message to indicate which file member has problems. The entries not in error will still be used. Any error with file QUSRSYS/QTMSADRLST: "TCP2062" "SMTP job not able to use file QTMSADRLST." Except for entry errors, the above message will result in the actions that would occur if there were no file. Error getting temporary space for lists, which will result in actions that would occur if there were no file: "TCP1062" "Not enough storage available." Read errors on file QUSRSYS/QTMSADRLST, may result in a partial file being used: "TCP12B5" "Unable to read data from file QTMSADRLST." 8. If changes are made to QUSRSYS/QTMSADRLST, the SMTP Server must be restarted for the changes to take effect: ENDTCPSVR SERVER(*SMTP) STRTCPSVR SERVER(*SMTP) tomh@simas.com Sent by: To: midrange-l@midrange.com midrange-l-owner@MI cc: DRANGE.COM Subject: How do I block mail-relay? 05/31/2001 03:20 PM Please respond to MIDRANGE-L We've set up a web site using the built-in IBM web server, and also use it to process email. How do I block mail-relay so that only certain domain hosts and/or IP addresses are allowed to relay mail (and all others are blocked)? Domino/Notes is _not_ an option on this box. Thanks! +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
