Brief note from jfesler: the smtpd.ok file belongs (for most people) in c:\tcpip\etc\smtpd.ok - smtpd looks at your "ETC" config.sys variable, and looks for the file in that directory.. Ä Area: GIGO ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Msg#: 43 Date: 24 Mar 96 14:56:57 From: davidn@unique.blaze.net.au Read: Yes Replied: No To: All Mark: Subj: Re: Problems with mailinglist [nomime] ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ On 24 Mar 1996, Jason Fesler wrote: > da> it seemed to think that it was addressing > da> firstname.lastname@csource.blaze.net.au (which is the > da> gateway address). GIGO did *something* to the address, but > da> unless I can capture another instance of this happening, > da> I've no clear idea what happened. > > Wierd.. Lota help YOU are. :-) Standard reply: well, gee, I'm only the author. What would *I* know??!? > da> BTW - if you read this, Jason, are the current smtpd sources > da> available (if so, what filename and where)? I want to hack > da> in the RFC821 empty "MAIL FROM:<>" support - will send diffs > da> when done. > > I believe it handles it Sure does. Fixed my bounces now from 3 messages to 1, which is a little more manageable. :-) > I've just emailed you the current sources. The smtpd.ok file seems > to be working fine at my site - perhaps (grin) if you can make > comprehensible notes that others will understand, we can post them > here and let people start using it.. Errm, sure. This is based on my understanding and 5 minutes tapping at the keyboard. If I'm wrong in any way, let me know. However, it seems to be working ok here too. SMTPD.OK -------- *> What IS this file and why does SMTPD.EXE want it? SMTPD.OK is an *optional* filter facility that allows you to selectively reject incoming smtp sessions with a remote system based on any one or combination of: a) the (remote) hostname which initiates the connection, b) the sender of the mail (the real *envelope* sender relating to an email item, which is not necessarily the same as the From: header), c) the recipient of the mail. If you do not wish to filter smtp sessions, then do not create SMTPD.OK. Smtpd will warn you that it cannot read the file, but this warning may be safely ignored. The idea behind using SMTPD.OK is that it allows you some form of protection from internet "spamming" - so that you can selectively reject sessions from machines sending annoying mail, or items which transgress your gateway's policies. Because the smtp session is rejected before any data is sent, this will avoid entirely the transfer of mail to your system (an exception to this is when you have blocked mail by recipient, and an item of mail has more than one recipient - it will still be transmitted to any unblocked destinations). A secondary use of SMTPD.OK would be to provide a basic form of destination address validation for a gateway. Rather than gate any/all mail received and then have other software bounce that mail if it is not addressed to a valid FidoNet node, you could instead list all valid destination addresses your gateway handles in SMTPD.OK (updated regularly from the FidoNet nodelist or DNS of course), and reject invalidly addressed mail without having to receive it at all! WARNING: Do not make the mistake of assuming that this filtering makes your system in any way "secure". IT DOES NOT. Someone determined enough to harass will still be able to do so simply by calling from a different system or by only slightly modifying the sender or recipient addresses. For most uses, however, malicious and purposeful harassment aren't usually the cause. *> Where should I put SMTPD.OK? Put it in your system's "ETC" directory, normally x:\TCPIP\ETC, where 'x' is the drive on which you have installed OS/2 TCP/IP 3.x, the TCP/IP components of OS/2 Warp Connect, or OS/2 Warp's Internet Access Kit. SMTPD.EXE dated prior 24-Mar-96 requires this be the \TCPIP\ETC directory on the drive on which SMTPD.EXE is run; later versions look at the ETC environment variable (used by OS/2 TCP/IP, and set in your CONFIG.SYS). *> What is SMTPD.OK's format? The file is line-based; each line represents a filter, which either explicitly allows or disallows a session. The default action (when the file does not exist or is empty) is to allow any session. This can be changed by adding a global "reject" as the last item in the list. Comments may be placed in SMTPD.OK by starting a line with the character '#' as the first non-space character in the line. Blank lines are ignored. Those already familiar with GIGO's MAPPING.CFG (which specifies the newsgroup<->echotag mapping for gated news) will notice a similarity to SMTPD.OK's formula. The format of a filter is as follows: action hostname sender recipient errorcode errormsg Each of these fields may be separated by one or more spaces or tabs. The 'errormessage' field starts at the word in that position and continues until the end of the line. action This is one of '+', '-' or '=' (without the single quotes. + Explicitly allows the session, unless any subsequent matching lines disallow it. - Explicitly disallows the session, unless any subsequent matching lines disallow it. = Explicitly disallows any session matching this line (no further matching is done). hostname This is the host name of the remote system. This is a WILDCARD field, where the asterisk character matches none, one or more characters. sender This is the sender's email address, again a WILDCARD field. recipient This is the recipient's email address, also a WILDCARD field. errorcode This is the SMTPD error number. Unless you are familiar with the SMTP standard, you should use "550" or "551". errormsg This is a text string that is sent to the remote system when the errorcode rejects the session. Note that a line 'matches' on a particular host, sender, recipient combination if it matches ALL of the fields, not just one. A single asterisk (*) in a field matches any entry for that field. The errorcode and errormsg fields are only required (and used) in a "reject" match; that is, any line commencing with either '=' or '-'. *> SMTPD.OK by Example 1/ An internet system starts delivering a mailing list to your system which was not subscribed by anyone, and addressed to multiple FidoNet recipients. Let's take the easy way out and ban any and all mail from the site's domain ("lotsamail.goofey.com"): = *goofey.com * * 550 Unsolicited mailing lists rejected! - ----------- - - --- ----------------------------------- ^ host ^ ^ ^ Text displayed to remote smtp agent | | | +- SMTP error code + Match/quit | +---- Match any recipient +------ Match any sender Once this line matches with the incoming sessions, any remaining lines after this in SMTPD.OK are ignored. 2/ A similar case, but here we still want to reject mail from the host in question only if addressed from a specific user: = *goofey.com spammer@*goofey.com * 550 Unsolicited... (etc) 3/ Also a similar case, but here will reject all mail from the host unless addressed from a couple of specific users: - *goofey.com * * 550 Unsolicited.... (etc) + *goofey.com root@* * + *goofey.com egbert@* * 4/ Here is a simple node checker; we are the MX target for a mythical 4 node network in zone 8, so we reject all mail by default, then accept mail for nodes (and their points) only: - * * * 551 Unknown host or mailbox; mail root@mysite.com for info. + * *@*mysite.com * + * *@*f503.n442.z8.fidonet.org * + * *@*f502.n442.z8.fidonet.org * + * *@*f501.n442.z8.fidonet.org * If you wished to be more pedantic, you could instead do: - * * * 551 Unknown host or mailbox; mail root@mysite.com for info. + * *mysite.com * + * *@f503.n442.z8.fidonet.org * + * *@p*.f503.n442.z8.fidonet.org * + * *@*f502.n442.z8.fidonet.org * + * *@p*.f502.n442.z8.fidonet.org * + * *@*f501.n442.z8.fidonet.org * + * *@p*.f501.n442.z8.fidonet.org * -=- >> This is the GIGO mailing list!. To submit a new message, send your post >> >> to "gigo-l@gigo.com". Subscriptions: email info@gigo.com for full help.>> -!- News headers follow --- From: David Nugent Date: Mon, 25 Mar 1996 08:56:57 +1000 (EST) X-To: Multiple recipients of GIGO Support Subject: Re: Problems with mailinglist [nomime] Message-Id: X-Listname: GIGO Support To: gigo@gigo.com (Multiple recipients of GIGO Support) Reply-To: gigo@gigo.com Errors-To: gigo-owner@gigo.com Sender: gigo-owner@gigo.com Precedence: bulk -!- ! Origin: Net 203 Services | Email & Newsgroups Co-op $2/mo (1:203/8055)