Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS

331

332

333

334

335

336

337

338

339

340

Conﬁguring and Managing SMTP

17.6 Conﬁguring SMTP AntiSPAM

Table 17–4 (Cont.) AntiSPAM Conﬁguration Options

Field Name Value Default

Security FRIENDLY or SECURE.

This value speciﬁes the

type of error text sent to

the SMTP client when

disconnecting a link

because of a SPAM event.

A value of SECURE means

to send purposely unhelpful

error text. A value of

FRIENDLY means to send

helpful error text.

SECURE

Unbacktranslatable-IP-Text

Bad-Clients-Text

Client-In-RBL-Text

Reject-Mail-From-Text

Unqualiﬁed-Sender-Text

Unresolvable-Domain-Text

SPAM-Relay-Text

These individual ﬁelds

(one for each type of SPAM

event) hold the error text to

be sent to the SMTP client.

These override values set in

the Security ﬁeld.

The default for each of

these is set according

to the value of the

Security ﬁeld. See

Section 17.6.8.3 for more

information.

The following sections provide further information about the conﬁguration

options.

17.6.2 Preventing the System from Routing SPAM

SPAM mailing lists contain thousands of addresses and sending a SPAM takes a

great deal of time. Therefore, SPAMmers prefer to use hosts other than their own

to send the message. SPAMmers routinely use unaware Internet hosts as route-

through hosts for their SPAM. The victim is a host not protected by a ﬁrewall or

by SPAM-aware software. The SPAMming SMTP client software connects to the

victim SMTP server host and issues multiple RCPT TO commands, which may

number in the thousands. The SPAMing SMTP client then sends the message to

the victim host and closes the link. It is now left to the victim host to do the real

work of relaying the SPAM to the thousands of recipients.

Fortunately, the route-through attack can often be detected. Most or all of

the recipients of the SPAM will not be within the victim’s own domains or IP

networks. They will be somewhere outside in the expanse of the Internet. You

must trap for the situation where an unknown SMTP client is trying to use your

system to relay mail to recipients in domains outside its own. If you specify the

‘‘known world’’ and the ‘‘unknown world,’’ the SMTP server can detect this type of

SPAM attack.

SMTP allows you to conﬁgure two lists:

• Good-Clients, a list of the IP addresses, IP nets, DNS hostnames and DNS

MX domains of known good SMTP clients.

• Relay-Zones, a list of the SMTP domains to which SMTP will relay mail even

if it is from an unknown client.

Together, these lists deﬁne the ‘‘known good world’’ to the SMTP server for relay

purposes. They are used to prevent SPAM routing as follows:

1. The SMTP server checks the IP address of the client against the Good-Clients

list. If a match occurs, the client is considered ‘‘known good’’ and it is free to

use the local system to relay without further checking. However, if no match

17–18 Conﬁguring and Managing SMTP