Anonymous_User Absent Member.
Absent Member.
653 views

Disable in smtp agent mail from itselself to itself


Hello Everyone,

My users are receiving emails from "itself" to "itself" with infected links. I checked and if I telnet to the gwia port 25 and issue

helo xyz.com

mail from: user1@xyz.com

rctp to:user1@xyz.com

data

click this surpise link! you won! http://infected.bad

..

it works...

Is there any way to disable this in the agent?



Many thanks
Labels (1)
0 Likes
15 Replies
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


We modified the Default Class of Service on the SMTP incoming, we have an exception that prevents mail to @ourdomain and that stopped it for us. Mail from us to us should not be going through the GWIA.



Be aware of your own system setup though, you could have issues if you do relay from external systems or you use SFP records.




>>> Alberto Towns<atowns@tyar.com.mx> 4/5/2016 12:30 PM >>>


Hello Everyone,

My users are receiving emails from "itself" to "itself" with infected links. I checked and if I telnet to the gwia port 25 and issue

helo xyz.com

mail from: user1@xyz.com

rctp to:user1@xyz.com

data

click this surpise link! you won! http://infected.bad

.

it works...

Is there any way to disable this in the agent?




Many thanks
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Disable in smtp agent mail from itselself to itself

Hi,

Have you ensured that relaying, outside of your exception list, is turned off?

Please let us know.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Yes Indeed is turned off.





>>> laurabuckley<laurabuckley@no-mx.forums.microfocus.com> 4/5/2016 1:56 PM >>>







Hi,




Have you ensured that relaying, outside of your exception list, is

turned off?




Please let us know.




Cheers,







--

Laura Buckley

Technical Consultant

IT Dynamics, South Africa




If you find this post helpful and are logged into the web interface,

please show your appreciation and click on the star below...

------------------------------------------------------------------------
laurabuckley's Profile: https://forums.novell.com/member.php?userid=122


View this thread: https://forums.novell.com/showthread.php?t=497711
0 Likes
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Ya we had the same is issue. The spammer.com was sending email and the from line would be an internal email address.



It wasn't a relay it was a direct smtp delivery.



If you look at the MIME headers you can see the "real" source of the message.



The sender is just "spooffing the Return-Path: and the From: records in the SMTP messages.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


the only issue I have with this scenario is that our outlook clients would not be able to send mail to other internal domains.

This company has:

1.com

2.com

3.com

4.com

If I use the an exception, I assume 1 cannot send email to 2,3or 4 .com using outlook. Is it?



>>> Erich D. Flynn<EFlynn@grcc.edu> 4/5/2016 1:42 PM >>>


We modified the Default Class of Service on the SMTP incoming, we have an exception that prevents mail to @ourdomain and that stopped it for us. Mail from us to us should not be going through the GWIA.




Be aware of your own system setup though, you could have issues if you do relay from external systems or you use SFP records.



>>> Alberto Towns<atowns@tyar.com.mx> 4/5/2016 12:30 PM >>>


Hello Everyone,

My users are receiving emails from "itself" to "itself" with infected links. I checked and if I telnet to the gwia port 25 and issue

helo xyz.com

mail from: user1@xyz.com

rctp to:user1@xyz.com

data

click this surpise link! you won! http://infected.bad

..

it works...

Is there any way to disable this in the agent?




Many thanks
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Did you manage to solve it?



>>> Erich D. Flynn<EFlynn@grcc.edu> 4/5/2016 2:59 PM >>>


Ya we had the same is issue. The spammer.com was sending email and the from line would be an internal email address.




It wasn't a relay it was a direct smtp delivery.




If you look at the MIME headers you can see the "real" source of the message.




The sender is just "spooffing the Return-Path: and the From: records in the SMTP messages.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable in smtp agent mail from itselself to itself

Hi.

Am 05.04.2016 um 20:42 schrieb Erich D. Flynn:
> We modified the Default Class of Service on the SMTP incoming, we have an
> exception that prevents mail to @ourdomain


I hope that's mail *from* @ourdomain, to would be a tad drastic...

Note that this (and any other solution that universally drops messages
from it's own domain, has severe side-effects. For instance, your GWIA
will be unabe to send any administrative mail to internal users. Error
messages, delivery warnings, basially anything that GWIA generates a
mail for will be undeliverable, which will create a new undeliverable,
which will be undeliverable....

You get the picture. It's possible, but a *really* bad idea to do it
that way.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable in smtp agent mail from itselself to itself

Am 05.04.2016 um 18:30 schrieb Alberto Towns:
> Hello Everyone,
> My users are receiving emails from "itself" to "itself" with infected links.


That's how SMTP works. The sender address is meaningless and can be faked.


> Is there any way to disable this in the agent?


You already got an answer. But you *really* need to look into a proper
anti-spam device or software like GWAVA if you need to deal with this.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Yes we did what I posted earlier, modified the Default Class of Service on the SMTP incoming, add an exception that prevents mail to @ourdomain.



You could also set the Reject if PTR record doesn't exist under SMTP security, but we found so many sysadmins don't have their DNS setup properly that we were blocking legitimate email.




>>> Alberto Towns<atowns@tyar.com.mx> 4/5/2016 6:35 PM >>>


Did you manage to solve it?




>>> Erich D. Flynn<EFlynn@grcc.edu> 4/5/2016 2:59 PM >>>


Ya we had the same is issue. The spammer.com was sending email and the from line would be an internal email address.




It wasn't a relay it was a direct smtp delivery.




If you look at the MIME headers you can see the "real" source of the message.




The sender is just "spooffing the Return-Path: and the From: records in the SMTP messages.
0 Likes
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Correct.



You would have to setup a second GWIA that your clients use different from the MX record. Don't use the exception rule on that one.



This can be nice for your all your outbound mail as well. If you occasionally get black-listed (we are a College), You can flip all your outbound email to the other GWIA, until you get it resolved.



We don't support any client other then native GroupWise, Webaccess or GroupWise mobility (No exchange or mac mail) so its not a issue for us.




>>> Alberto Towns<atowns@tyar.com.mx> 4/5/2016 5:37 PM >>>


the only issue I have with this scenario is that our outlook clients would not be able to send mail to other internal domains.

This company has:

1.com

2.com

3.com

4.com

If I use the an exception, I assume 1 cannot send email to 2,3or 4 .com using outlook. Is it?
0 Likes
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


This has not been an issue because the exception is on the SNMP inbound not on outbound or relay.



I really should read all the messages in the news group before responding to them.





>>> Massimo Rosen<mrosenNO@SPAMcfc-it.de> 4/6/2016 8:02 AM >>>



Hi.




Am 05.04.2016 um 20:42 schrieb Erich D. Flynn:


> We modified the Default Class of Service on the SMTP incoming, we have an



> exception that prevents mail to @ourdomain





I hope that's mail *from* @ourdomain, to would be a tad drastic...




Note that this (and any other solution that universally drops messages

from it's own domain, has severe side-effects. For instance, your GWIA

will be unabe to send any administrative mail to internal users. Error

messages, delivery warnings, basially anything that GWIA generates a

mail for will be undeliverable, which will create a new undeliverable,

which will be undeliverable....




You get the picture. It's possible, but a *really* bad idea to do it

that way.




CU,

--

Massimo Rosen

Novell Knowledge Partner

No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable in smtp agent mail from itselself to itself

Am 06.04.2016 um 15:13 schrieb Erich D. Flynn:
> This has not been an issue because the exception is on the SNMP inbound not on
> outbound or relay.


Yes, it is an issue, as all Mails GWIA generates will be send outbound
via regular SMTP to itself, and as such will come back inbound.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
erichflynn Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Its my understanding that messages are transfered to and from the GWIA via the messaging queues not a service port, unless its configured for TCP/IP port 7102 (still not SMTP) and thats why the gateway has to have a domain owner with an active MTA.



If a message is sent to a internal recipient from the GWIA its put in a folder that the MTA grabs and delivers to POA over the message transfer port (7101).



SMTP isn't used for any of this communication.




>>> Massimo Rosen<mrosenNO@SPAMcfc-it.de> 4/6/2016 9:20 AM >>>



Am 06.04.2016 um 15:13 schrieb Erich D. Flynn:


> This has not been an issue because the exception is on the SNMP inbound not on



> outbound or relay.





Yes, it is an issue, as all Mails GWIA generates will be send outbound

via regular SMTP to itself, and as such will come back inbound.




CU,

--

Massimo Rosen

Novell Knowledge Partner

No emails please!
http://www.cfc-it.de
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable in smtp agent mail from itselself to itself


Many thanks.



>>> Erich D. Flynn<EFlynn@grcc.edu> 4/6/2016 7:43 AM >>>


Yes we did what I posted earlier, modified the Default Class of Service on the SMTP incoming, add an exception that prevents mail to @ourdomain.




You could also set the Reject if PTR record doesn't exist under SMTP security, but we found so many sysadmins don't have their DNS setup properly that we were blocking legitimate email.



>>> Alberto Towns<atowns@tyar.com.mx> 4/5/2016 6:35 PM >>>


Did you manage to solve it?



>>> Erich D. Flynn<EFlynn@grcc.edu> 4/5/2016 2:59 PM >>>


Ya we had the same is issue. The spammer.com was sending email and the from line would be an internal email address.




It wasn't a relay it was a direct smtp delivery.




If you look at the MIME headers you can see the "real" source of the message.




The sender is just "spooffing the Return-Path: and the From: records in the SMTP messages.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.