If you rely on your Domino server to handle all your mail, you probably have had numerous attacks on your server over time or even lately, as I did last week.
My personal Domino server is a mix of real code, websites, and active email, with various half-coded things and weird templates or customer testing.
However, I started getting harassed by sites looking for open SMTP accounts recently and figured something was amiss in my configuration document.
The official blacklist servers worked fine, but some of these rogues were missing.
Looking at my log file, I found a few domains/IP addresses and put them into the deny access group known as the Private Blacklist Filter found in the Servers Configuration document, as shown below.
But that wasn't enough to stop them. They kept coming.
I wondered if 12.02.FP2 had some problems, so I opened a ticket with HCL.
Turns out the problem was on my end, but I still have some questions, but first, what was the problem?
I had a default configuration document, which was fine, but I also had a separate one for my server explicitly named a relic from a test issue.
The explicit one took over the default one, and so while I thought I was maintaining one list, I was wasting my time.
I deleted the explicit one and just focused on the default document, it is my server after all.
And all was good, sort of.
I wanted to understand why I was still getting a few spam emails.
I had set the server to Log and tag instead of Log and reject.
Here is where the problems got worse.
I decided to block all spam and set all fields to Log and reject messages. You probably can guess what happened next.
My inbox was very clean. Very few emails came through.
I thought I would whitelist what I needed, like bank mail, and HCL support mail (not so simple, someone at HCL should look into their SMTP issues that have them on a blacklist).
Still not getting lots of mail.
Next, I looked at what else was set in the doc and saw the verify domain lookup option was set, and rightly so as this does a great job.
However, I have learned that many organizations don't have good, clean SMTP/DKIM/SPF entries, and thus, they are getting blocked.
Sadly, I had to revert back to Log and tag to interact with customers and business partners.
Customers of mine with issues were notified, as was HCL, but if you have been playing with SMTP, something else always pops up. It needs babysitting.
While my mail is more stable now, I know I lost a few entities that got the denied server message and probably will not resend anything in the future. Which is a problem as some are bills and other items of usefulness.
If you are a new Domino administrator be careful with how you edit your Configuration document.
No comments:
Post a Comment