Thursday 19th, June 2008
PermaLink Restricting inbound SMTP connections06/19/2008 09:29 PM
 

APNIC is one of five Regional Internet Registries currently operating in the world. It provides allocation and registration services which support the operation of the Internet globally. It is a not-for-profit, membership-based organisation whose members include Internet Service Providers, National Internet Registries, and similar organisations. APNIC represents the Asia Pacific region, comprising 56 economies.
 
APNIC allocates resources in the following ranges within the Asia Pacific region.

Restricting inbound SMTP connections:
Some users and organizations may attempt to send bulk spam mail to your site. You can use Inbound Connection Controls to prevent Domino from accepting unwanted mail and keep your servers from redistributing it.

Complete the following fields on the Router/SMTP - Restrictions and Controls - SMTP Inbound Controls tab in the Configuration Settings document. If you enter an IP address, use brackets -- for example, [205.159.212.144]. You can use an asterisk in an IP address, but only for an entire octet -- for example, [205.159.212.*].

Image:Badkey Corner - Restricting inbound SMTP connections

The following graphic shows an example of how you might fill in these fields:
Image:Badkey Corner - Restricting inbound SMTP connections


Verify sender's domain in DNS: Leave this disabled, this is the 'old' reverse lookup.
Image:Badkey Corner - Restricting inbound SMTP connections

By Chris Linfoot

"First, "Verify connecting hostname in DNS". Leave it disabled!

It is true that enabling it will defeat some spam, but it will also defeat a lot of real email (because too many systems used to send business email still have incorrect or missing DNS). As a corollary to this, it will also accept a lot of spam because so much spam comes from systems that do have well formed DNS but just shouldn't be sending any direct-to-MX email.

"Deny connections from the following SMTP internet hostnames/IP addresses" is an often overlooked feature of D7, distinct as it is from the private blacklist, but is a useful supplement to local and DNS blacklisting.

Why? Because systems blocked by DNS and local blacklists will see your custom error response and thus senders will know why they were blocked. In many cases you want them to know - that is why you use the custom error response - but in some cases you just don't want to accept messages and may not want to say why."


Image:Badkey Corner - Restricting inbound SMTP connections

By Chris Linfoot

"First, "Verify sender's domain in DNS". Turn it on.

This just ensures that inbound mail comes from an envelope sender that can actually accept replies and not something completely bogus. Real senders always want to accept replies. Spammers often do not and may spoof a completely invalid address. Thus the risk of false positives is nil but this will keep out a small amount of spam and some malware."

as a Private Domain fliter:
Image:Badkey Corner - Restricting inbound SMTP connections

Mail from the domain:
host smtp.badkey.com[XXX.XXX.XXX.XXX] said: 554
Your email was not delivered because the host which attempted delivery, is listed in Badkey private DNS blacklist filter.
Please see http://www.badkey.com for more information and assistance. (in reply to MAIL FROM command)

More @ibm.com/developerworks and IBM Redbook:  Lotus Domino 6 spam Survival Guide for IBM eServer

Note: For information on how to block or accept connections for specific hosts using a NOTES.INI parameter, refer to the document titled " Preventing SMTP Denial of Service Attacks from Specific IP Addresses" (#1105201).

Supporting Information:
Domino is operating in accordance with RFC 821 and RFC 2821. Any attempts to prematurely disconnect the client/sender violates section 4.1.1 of RFC 821, which explicitly states that disconnection should occur only after a QUIT command is issued by the client. For further information, refer to the following:

RFC 821, section 4.1.1
RFC 2821, section 4.5.3.2

Addressing the challenge of responsible Internet resource distribution in the Asia Pacific region.

More @apnic.net

Note just as an example: (Domino ND8)
*.ru
*.ro
*.in
*.br
*.cn
*.jp
*.il
[58.0.0.*]
[59.0.0.*]
[60.0.0.*]
[61.0.0.*]
[112.0.0.*]
[113.0.0.*]
[114.0.0.*]
[115.0.0.*]
[116.0.0.*]
[117.0.0.*]
[118.0.0*]
[119.0.0.*]
[120.0.0.*]
[121.0.0.*]
[122.0.0.*]
[123.0.0.*]
[124.0.0.*]
[125.0.0.*]
[126.0.0.*]
[169.208.0.*]
[202.0.0.*]
[203.0.0.*]
[210.0.0.*]
[211.0.0.*]
[218.0.0.*]
[219.0.0.*]
[220.0.0.*]
[221.0.0.*]
[222.0.0.*]


Technorati:
Domino Support
Places I have been
Domino Sites
Planetlotus.org
Planet.CentOS.org
VM Marketplace
Blackberry-NL.com
LN Search
ND Search
IBM ESR
Assist On-site
QP Search
QP Forum
Lotus Documentation
QP Documentation
QP Adm-Dev Doc
ND Technote
ND8 Forum
ND6/7 Forum
ND4/5 Forum
Search Sandbox
Domino FAQ
Domino TCO
Usergroup.org
Notes.net
Redbooks
Search Lotus
Notestips
Dominotips
Dominosecurity
Professor INI
Developerworks INI
Lotus Press releases
IBM Download
Ed Brill
ClusterMaps
Locations of visitors to this page
Domino/Lotus Forums
ND 8
ND 6/7
ND 4/5
Domino.Doc
Enterprise Integration
Extended Search
IM and Web
Lotus Learning
Team Workplace
Lotus Workflow
SmartSuite
IBM Workplace
About Badkey Corner
Disclaimer
About me
Places I have been
Full Archive
Where is Badkey
Cluster Maps
Blogs that Link here
View My Stats
Badkey RSS Feed
Feed News
RSS Feeds I read
Linux Links
PC LinuxOnLine
Linux Documentation Project
Google Linux
LinuxQuestions.org Wiki
Linux-Tips.net
LinuxNewbie.org
Desktop-Linux.net
Linux Mirror Project
Tucows Linux
Whitebox Linux
Linuxinsider.com
Tripwire
Nessus
CentOS-4 Doc
CentOS Wiki
Savannah.gnu.org
SpamAssassin Wiki
Domino Information
IBM/Lotus Security
Taking Notes
SearchDomino Discussions
DPower Magazine
WPower Magazine
PortailLotus.com
News4Notes
Lotus Notes FAQ
Notes411.com
DominoPro.com
LotusAdvisor.com
Dominofiles.com
Dominonews.com
Codestore.org
Notesdesign.com
NSFtools.com
DominoDeveloper.net
Domino.start4all.com
Domino SuperSearch
Domino Siteatlas.com
History of Domino
Walnut - Canberra
IBM RSS feeds
Sponsor Google Ads
blackberry-nl.com
BlackBerry vacatures
Blackberry-Central.nl
NL Notes.nl
NotesLinks.com
nr1-domains.com
NotesSupport.com
Blackberry-Links.com
ASL-Itil.com
DominoDeveloper.net
SNUG
aacron.nl
Promotion Engines
Add to Google Search Engine Submission and Internet Marketing Search Engine Optimization Guides Free META Tag Help Analyzer freewebsubmission.com websitesubmit metaweb.gif metaweb.gif ZoekNed.nl - Vindt elk bedrijf! Free Link Exchange
Wiki Links
CentOS
SpamAssassin
Blogsphere
Private links
Fotoclub IJsselzicht
FotoFans.nl
Family Pictures 2008+
Family Pictures
Family Pictures old
Welkenaam.nl
Sjoerd
Heijkoop.org
Cads.nl
Wolfswinkel.net
Nieuwerkerk.net
Insecure.org
Anti-schnappi
Google Lotus Notes
Dominozone.net
I Like You
Currency Converter
WorldTime
Javard.com
Rianne en Korstiaan
Notes Africa
Middelpunt.ws
Brenda
Anti Schnappi
Moon Song
Lemmings
Coffee Machine
Dutch Course
ADSL Speed Test
JPEG Baby
FUNZooi
Kaat Mossel
Peter van Gemert
RSS Reads
Visit Eduardo
Youtube.com
DownThisVideo
Planet Question
Development @Badkey
Badkey Open TV
Domino Sites
Fotoclub IJsselzicht
Daily Cartoon
Domino 7.0.2
Beta Blog
Canada
Ik mis je
Sjoerd Movie
Sjoerd Pictures
Family Pictures
Sjoerd All
Wiki Blog
Aon Youtube.com
Audio
Discussion
Dolmino
Download Sjoerd
Sjoerd Song
Badkey @Youtube
Backlink Checker
Sjoerd 2007
Profile Willemsej
Poep
Domino Jobs
Jobserve.com
LotusCareers.com
Justnotesjobs.com
MonsterBoard Domino
Lotusnotesjobs.com
LotusProfessional.com
Dice.com
Computerjobs.com
Resumes2work.com
indeed.com
Net-Temps.com
IT-Contracts.nl
Jenrick.nl
Harveynash.nl
Percon.nl
Jobstream.nl
Photo Albums
Here it is
Development Beta @Badkey
Badkey BBlog
Badkey Files
Beta Blog
Beta Blog Domino
Business Pictures
Simple Photo
Simple Sjoerd
John Willemse
john_willemse.jpg
John Willemse
Google Image John Willemse
Badkey Information
Where are we ?

Alblasserdam
Albrandswaard
Alkemade
Alphen
AlphenaandenRijn
Ambacht
barendrecht
Beijerland
Bergambacht
Bernisse
Binnenmaas
Bodegraven
Boskoop
Brielle
Capelle
CapelleaandenIJssel
Capelle aan den IJssel
Cromstrijen
Delfland
Delft
Dirksland
Dordrecht
Giessendam
Giessenlanden
Goedereede
Gorinchem
Gouda
gouderak
Graafstroom
Gravenhage
Hardinxveld
Hellevoetsluis
Hendrik
Hillegom
Ido
Ijssel
Jacobswoude
Katwijk
Korendijk
Krimpen
KrimpenaandenIJssel
Krimpen aan den IJssel
Lansingerland
Leerdam
Leiden
Leiderdorp
Leidschendam
Lekkerland
Liesveld
Lisse
Maassluis
Middelharnis
Moerkapelle
Moordrecht
Nederlek
Nieuw
Nieuwerkerk
NieuwerkerkaandenIJssel
Nieuwerkerk aan den IJssel
Nieuwkoop
Noordwijk
Noordwijkerhout
Nootdorp
Oegstgeest
Oostflakkee
Ouderkerk
Papendrecht
Pijnacker
Reeuwijk
Ridderkerk
Rijn
Rijnwoude
Rijswijk
Rotterdam
Rozenburg
Schiedam
Schoonhoven
Sliedrecht
Spijkenisse
Strijen
Teylingen
Vlaardingen
Vlist
Voorburg
Voorschoten
Waddinxveen
Wassenaar
Westland
Westvoorne
Zederik
Zevenhuizen
ZH
Zoetermeer
Zoeterwoude
Zwijndrecht

Powered By ND8
nd8-block.jpg
Linked In
View John Willemse's profile on LinkedIn
Search
StatCounter Statistics

View My Stats
Visitor Activity
Google Search Page
Google
Google Badkey
Site
Link
Cache
Info
Related
Add to Google
Add to Google
Google AdSence
Google Analytics
Analytics blogspot
Ego Surf
Timer Count Down LS9
5 Years from now

Just a Valentine
My birthday 2009