HELO againIt works. Rather efficiently as it happens. So while I must continue to accept email from spammers whose MTAs claim to be my own, I can now grab it and put it directly into a spamtrap database, bypassing the router and regardless of intended
Jolly good.
Category: Domino: Administration
Technorati: Domino: Administration
1. Gerco Wolfswinkel11/12/2003 10:28:58
Hi Chris,
Any noticeable effect on server performance? One of my colleagues wondered about that when discussing this interesting option.
2. Chris Linfoot11/12/2003 11:23:01
No. But nothing trapped yet either 
3. Daniel Koffler12/12/2003 12:29:24
Chris -- If you select the action "Don't accept message", the SMTP task will send a nice 554 error message that I know you love so much 
4. Chris Linfoot12/12/2003 13:26:52
Omigod!
How embarrassing. I didn't believe you, but before posting and saying so, I thought "I'll fix him, I'll try it and then use Telnet to spoof a message from one of my own MTAs and watch gleefully as the message is accepted by the SMTP listener".
So I modified the rule to "when HELO contains mymta.mydomain do not accept message" and waited for "successfully registered x system filters", then tried it. Here is what happened.
$ telnet mymta 25
220 Ready at Fri, 12 Dec 2003 13:17:15 +0000
helo mymta.mydomain
250 mymta.mydomain Hello mymta.mydomain ([10.0.0.1]), pleased to meet you
mail from:<spoofed>
250 spoofed... Sender OK
rcpt to:<me@mydomain>
250 me@mydomain... Recipient OK
data
354 Enter message, end with "." on a line by itself
test
.
554 Message rejected for policy reasons.
quit
That is, the entire message including the data phase is accepted, but the rule does indeed run before the final "250 message accepted for delivery", so the MTA is able to issue a 554 after the data phase and really does reject the message at the protocol level.
Outstanding.
Please tell no-one what an idiot I am 
5. Daniel Koffler12/12/2003 18:27:27
I thought you would like that!
Let no one say my Kung-Fu is not strong.
Actually Lotus deserves most of the credit. I'm just really suprised this technique wasn't released by IBM months ago.
I want to thank you for the ton of ideas for new functionality you've given me. I will be incorporating most of them into the next incarnation of this hack.
Thanks.
6. Daniel Koffler12/12/2003 18:32:14
Oh, and BTW, your last post mentioned: "[I] waited for 'successfully registered x system filters'", you can also use the handy new "set rules" command in the server console to make server rule changes take effect immediately.
Unable to post a comment? Please read this for a possible explanation...
-