Part of the beauty of our own IP address space is security provided by
knowing your neighbors.
I'd never run an open SIP or mail server on the wide internet anymore.
Spam filtering is a big headache.
Again, I'd firewall everyone but us for the mail port:
iptables -A INPUT -s ! 44.0.0.0/8 -p tcp --dport 25 -j DROP
If you have a google apps account (free for non profits) you can use
them as a mail exchanger.
Set your DNS records, to something like this:
gvcity.ampr.org MX 10 gvcity
gvcity.ampr.org MX 20 aspmx.l.google.com
Outside (non 44 net) IP will timeout with a direct connect to
44.2.14.1 and will move try the next exchanger preference, in this
case google.
Google will accept the mail on your behalf, and they have good spam
filtering (better than I could ever figure out how to incorporate with
sendmail) and then I typically use fetchmail to transfer the mail from
google back into my local mailboxes.
If someone else wants to document a mailserver setup with spam
protection, I'm all eyeballs on that one. I'm sure a number of people
would appreciate that tutorial.
Here is what I'd do.
Only allow 44 net to talk to the mail host directly:
iptables -A INPUT -s ! 44.0.0.0/8 -p tcp --dport 25 -j DROP
Set a MX record and set up an exchanger for any external mail you need
to deal with.
What we do is run all inbound and outbound email to/from the Internet through a mail gateway. Then the gateway can implement all of the modern spam avoidance functions, including even which specific user addresses will be relayed.
Michael
N6MEF
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message --------
From: William Lewis <kg6baj(a)n1oes.org>
Date:02/09/2014 11:54 AM (GMT-08:00)
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: [44net] Mail Hacker
(Please trim inclusions from previous messages)
_______________________________________________
Hello group:
Need some collective help here on a mail system hacker issue I've been having.
First, the IP address on my system he's coming in on is 44.2.14.1
This person is dumping thousands of random emails into my system and some
of them will match BBS AREA patterns and get forwarded out to my forward
partners.
At first, I set up a log book scan script to look for bad logins, and then
ban the IP address, but then I found out that since my 44.2.14.1 ip address
goes "around" my firewall via UCSD, the block rules literally have zero effect.
I found a common "from" (online...@....) line in his emails, so in my
"rewrite" file I used this command "onl*@* | *@* refuse" but that also had
zero effect.
Then I tried telling JNOS "stop smtp" and "stop pop3" and that had zero effect.
JNOS's email system uses very old RFC rules, and none of the modern RFC
rules, so it's easy for this hacker to login to my JNOS mail server and
dump this junk. Luckily most get held, but as stated, a few match forward
patterns, so they slip through.
Right now I've completely taken my JNOS off-line until a fix can be found.
Anyone have some suggestions on blocking smtp and pop3 when my 44.2.14.1
address is live to global net ?
Any advise is appreciated in advance.
Thanks
Bill
KG6BAJ
Chris:
I'm wondering if the index page issue only effects "Coordinators" ??
I've seen some postings here that some are logging in and all is ok.
But the index page is suppose to show the extra "coordinator" link that
non-coordinators don't see when they login.
Here is the total source code my browsers get "after" logging in.
=========================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type></HEAD>
<BODY></BODY></HTML>
=========================================================================
That's it. That's all that comes through.
Hope that helps.
Bill
At 02:56 AM 2/8/2014, you wrote:
>(Please trim inclusions from previous messages)
>_______________________________________________
>Hit your refresh button, probably cached from a previous visit ;-)
The first batch of annual portal email reminders just went out; there
were 60 folks who haven't logged in to the portal in over a year.
These reminders are currently scheduled to go out monthly. Starting this
July, I think we'll consider someone inactive after 18 months of no login.
(That's six reminders, so they can't say they weren't warned.)
Be sure to keep the portal up to date if you change your email or other
contact data to avoid having problems.
Please remember that current registration with the portal is necessary
to maintain allocations, gateway registration in the encap database,
and other functions of the portal. It's especially important for
coordinators to keep it up to date.
Thanks!
- Brian
It looks like the INDEX template has an error.
If you login, go ahead and get the blank screen, and then manually type in
the url: https://portal.ampr.org/gateways_index.php
you will see what you're suppose to.
So.... Looks like a hiccup in the index file.
(but just my $0.02 worth)
Bill
KG6BAJ
Could someone provide the existing schema for the portal back end
database. I'm taking a database class as well as a web programming
class and would like to study it as it presently exists.
Eric
AF6EP
Same here..
Bill
KG6BAJ
At 07:45 PM 2/7/2014, you wrote:
>(Please trim inclusions from previous messages)
>_______________________________________________
>After I login I just get a blank screen.
>
>-Neil
>
>--
>Neil Johnson
>http://erudicon.com
>_________________________________________
>44Net mailing list
>44Net(a)hamradio.ucsd.edu
>http://hamradio.ucsd.edu/mailman/listinfo/44net
Hey Guys
Apologies for my abscence and if there has been any reqests for space in 44.136.0.0/16. We moved and waiting for someone to leave or be disconnected so we can geta DSL port. We are living in the world of 3g/4g and it is not really that crash hot for a perm connection.
We have been advised that they are about to do an upgrade to be told oh we did that last december.
Anyway hope to be back online soon
Samantha
vk4aa|vk4ttt
