Search Again: Re: Windows and QuickDNS From: Dave Cooper Date: Wednesday, June 6, 2001 Time: 5:30:35 pm Tightening security involved the following items: To disable SMTP relay for ASIP 6.x to prevent spam, follow these directions= . 1. (involves software updating which was done long ago) 2. Launch the Mail Admin application. 3. From the "Server" menu, select "Mail Server Settings." * Click the "Mail In" tab, and put a checkmark in the "Require Local "From" Addresses to exist in Users & Groups." =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 4. From the "Server" menu, select "Advanced Mail Server Settings." * Click the "Network" tab and select "Always Check DNS." * Click the "Anti-Spam" tab and put a checkmark in "CheckIncoming SMTP Connections." * Put a mark in the radio button "Use default server for spam rejection" (Real-time Blackhole List). Note - all known spammers and relayers of spam will be prevented from connecting to your server. * Put a checkmark in "Log connection if SMTP name does not match IP address." * Put a checkmark in "Reject if name does not match address." =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Note: This will lock out relayers spoofing your email server DNS name, but it will also lock out email servers with misconfigured DNS settings (which happens very frequently). =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 5. From the "Server" menu, select "Show Host List" * Delete all hosts on external networks except those you have modified manually. Do not delete hosts on your local network. =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 6. From the "Server" menu, select "Edit Default Host Profile" * Click the "Mail From" tab and put a checkmark in "Deliver mail from this host to local addressed only (no SMTP relay)." * Optionally, put a checkmark in "Log recipient rejections to error log.= " This allows you to log anyone attempting to relay through you. * Click the "Mail To" tab, and remove the checkmark (if present) for "Relay all SMTP mail via ...." * Click the "Network", and select "Use Advanced Settings." I know a lot of this is Apple mail server specific. A couple of these item= s were already implemented, but know they are all turned on. I'd not tried going straight to the IP of the mail server, but doing so didn't solve the problem, either the static unroutable or the real number. Thanks,=20 Dave David R. Cooper Information Systems Manager Acton Institute=20 161 Ottawa Ave. NW Suite 301 Grand Rapids, MI 49503 e-mail: dcooper@acton.org phone: 616-454-3442 fax: 616-454-9454 http://www.acton.org/ > From: "QuickDNS Talk" <quickdns-talk@lists.menandmice.com> > Date: Wed, 6 Jun 2001 20:00:01 +0000 > To: "QuickDNS Talk" <quickdns-talk@lists.menandmice.com> > Subject: Quickdns-Talk Digest #903 - 06/06/01 >=20 > Quickdns-Talk Digest #903 - Mi vikudagur, 6. juni 2001 >=20 > Re: Off: DNS Expert and MacosX > by "Men & Mice Support" <cbuxton@menandmice.com> > Re: class d reverse zones > by "Men & Mice Support" <cbuxton@menandmice.com> > Re: Keys > by "Men & Mice Support" <cbuxton@menandmice.com> > Re: Keys > by "Seth Long" <slong@soundpublishing.com> > Windows and QuickDNS > by "Dave Cooper" <dcooper@acton.org> > Cache from hell > by "Aaron Lynch" <a.list@ninewire.com> > Re: Windows and QuickDNS > by "andrew" <andrew@ardentmicro.com> > Re: Keys > by "Ross Markbreiter" <ross@thewwwstore.com> > Re: name server "discovery" ? > by "Aaron Lynch" <a.list@ninewire.com> > Hang on quit > by "Seth Long" <slong@soundpublishing.com> > Re: Hang on quit > by "David M. Dantowitz" <david@dantowitz.com> >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Off: DNS Expert and MacosX > From: "Men & Mice Support" <cbuxton@menandmice.com> > Date: Wed, 6 Jun 2001 02:46:04 -0700 >=20 > At 7:42 PM +0200 6/5/01, Joakim wrote: >> --On 01-06-05 18.41 +0200 Joakim <joakim@infinit.se> wrote: >>=20 >>>> Interesting. I don't experience that problem, and I use it all the >>>> time under Classic. Can you tell me the name of the zone you're >>>> analyzing when it quits? >>>=20 >>> inet2001.isoc.org >>=20 >> It looks like one of the nameservers involved was running BIND 9 >> wich is able to respond with multiple records in every "chunk" when >> it returns data. >>=20 >> We turned that option off, and now DNS Expert is happy as ever. >=20 > Interesting. I'll report this to the development team, who are hard > at work making DNS Expert compatible with Bind 9. > ____________________________________________________________________ > Chris Buxton Men & Mice > cbuxton@menandmice.com We Make DNS Easy! >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: class d reverse zones > From: "Men & Mice Support" <cbuxton@menandmice.com> > Date: Wed, 6 Jun 2001 02:49:36 -0700 >=20 > At 10:14 AM -0700 6/5/01, Global Homes Webmaster wrote: >> On 06/05/01 at 07:32, Men & Mice Support wrote: >>=20 >>> The zone name would be the same as the PTR record name. Each zone >>> would have a name such as 200.104.243.64.in-addr.arpa. It would have >>> the following records: >>>=20 >>> <zone name> NS dns.quantumleap.net. >>> <zone name> PTR <canonical name of host> >>>=20 >>> You would not create any other records than these in each zone. You >>> would create one zone per IP address. >>=20 >> Wouldn't you also need an SOA record? (Or were you just treating that as= a >> given?) >=20 > Sorry, yes, you do need an SOA record. In QuickDNS, the SOA record is > a given - you can't remove the SOA record from a zone, and it doesn't > show up as a normal record. > ____________________________________________________________________ > Chris Buxton Men & Mice > cbuxton@menandmice.com We Make DNS Easy! >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Keys > From: "Men & Mice Support" <cbuxton@menandmice.com> > Date: Wed, 6 Jun 2001 02:50:45 -0700 >=20 > At 12:08 PM -0700 6/5/01, Ross Markbreiter wrote: >> Hi Chris, >> I bought the New Version but how do you get 2 licences for the slave ser= ver? >> Ross >=20 > Talk to the sales department. I'm not involved in that side of things. > <mailto:sales@menandmice.com> > ____________________________________________________________________ > Chris Buxton Men & Mice > cbuxton@menandmice.com We Make DNS Easy! >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Keys > From: "Seth Long" <slong@soundpublishing.com> > Date: Wed, 6 Jun 2001 06:51:54 -0700 >=20 > On Wednesday, June 6, 2001, at 02:50 AM, Men & Mice Support wrote: >=20 >> At 12:08 PM -0700 6/5/01, Ross Markbreiter wrote: >>> Hi Chris, >>> I bought the New Version but how do you get 2 licences for the slave >>> server? >>> Ross >>=20 >> Talk to the sales department. I'm not involved in that side of things. >> <mailto:sales@menandmice.com> >=20 > Chris, >=20 > That would be fine if the Sales Dept. would return emails. I've tried > twice in the last 30 days with no response. >=20 > -- > Seth Long > Director of Information Technology > Sound Publishing, Inc. > Tacoma, WA > 253.383.0980 - voice > 877.231.4015 - voice > 253.627.2253 - fax >=20 > Macintosh: Drink upstream from the herd >=20 > ---------------------------------------------------------------------- >=20 > Subject: Windows and QuickDNS > From: "Dave Cooper" <dcooper@acton.org> > Date: Wed, 06 Jun 2001 13:02:35 -0400 >=20 > Hi, >=20 > After recently tightening security on our mail server, all of my Windows > boxes (Win95,98,2000) are unable to send mail to the mail server. The er= ror > message indicates that the reverse DNS look is returning a different name= , > etc. My Macs are ok. Does QuickDNS 2.21 work with Windows? If so can y= ou > offer any hint as to what isn't set up in my configuration? >=20 > Thanks, >=20 > Dave >=20 >=20 > David R. Cooper > Information Systems Manager > Acton Institute > 161 Ottawa Ave. NW > Suite 301 > Grand Rapids, MI 49503 > e-mail: dcooper@acton.org > phone: 616-454-3442 > fax: 616-454-9454 > http://www.acton.org/ >=20 >=20 >=20 >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Cache from hell > From: "Aaron Lynch" <a.list@ninewire.com> > Date: Wed, 06 Jun 2001 10:24:49 -0700 >=20 > I'm having the most amazing problem. >=20 > I few days ago, I added bess-proxy.thevilla.org into DNS with a private l= an > IP (10.0.1.15) >=20 > Now I need to change it to a public lan IP. > (63.231.1.75) >=20 > And I can't. I have gone so far as to completely delete the entire zone! > If I take the record out, DNS Expert says that the name doesn't exist. (l= ike > it should) >=20 > If I add it in anew, with the 63 addr... IP dns expert reports back with = the > ten dot addr! >=20 > These particular servers are 3.0.1. Any Ideas? >=20 >=20 > -- Aaron Lynch > System Administrator > NineWire Digital Solutions || http://ninewire.com >=20 > Truth is generally the best vindication against slander. > Abraham Lincoln (1809-1865) >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Windows and QuickDNS > From: "andrew" <andrew@ardentmicro.com> > Date: Wed, 6 Jun 2001 13:27:15 -0400 >=20 > what did you do to"tighten" security? >=20 > Have you tried editing the account settings to target the mailserver's IP > address instead of its name...and does that work? >=20 >=20 >=20 > ----- Original Message ----- > From: "Dave Cooper" <dcooper@acton.org> > To: <quickdns-talk@lists.menandmice.com> > Sent: Wednesday, June 06, 2001 1:02 PM > Subject: Windows and QuickDNS >=20 >=20 >> Hi, >>=20 >> After recently tightening security on our mail server, all of my Windows >> boxes (Win95,98,2000) are unable to send mail to the mail server. The > error >> message indicates that the reverse DNS look is returning a different nam= e, >> etc. My Macs are ok. Does QuickDNS 2.21 work with Windows? If so can > you >> offer any hint as to what isn't set up in my configuration? >>=20 >> Thanks, >>=20 >> Dave >>=20 >>=20 >> David R. Cooper >> Information Systems Manager >> Acton Institute >> 161 Ottawa Ave. NW >> Suite 301 >> Grand Rapids, MI 49503 >> e-mail: dcooper@acton.org >> phone: 616-454-3442 >> fax: 616-454-9454 >> http://www.acton.org/ >>=20 >>=20 >>=20 >>=20 >>=20 >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Keys > From: "Ross Markbreiter" <ross@thewwwstore.com> > Date: Wed, 06 Jun 2001 10:58:03 -0700 >=20 > Chris, > Is there a fix for the windows bug that you can not delete a domain entry= . > Ross >=20 >> At 12:08 PM -0700 6/5/01, Ross Markbreiter wrote: >>> Hi Chris, >>> I bought the New Version but how do you get 2 licences for the slave se= rver? >>> Ross >>=20 >> Talk to the sales department. I'm not involved in that side of things. >> <mailto:sales@menandmice.com> >> ____________________________________________________________________ >> Chris Buxton Men & Mice >> cbuxton@menandmice.com We Make DNS Easy! >=20 > Ross Markbreiter > Director Sales > The World Wide Web Store, Inc > 4349 Van Nuys Blvd. > Sherman Oaks, Ca 91403 > http://www.worldwidewebstore.com > Ph:818-905-6787 > Fax:818-905-6783 > Toll Free-888-999-7522 > ross@thewwwstore.com >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: name server "discovery" ? > From: "Aaron Lynch" <a.list@ninewire.com> > Date: Wed, 06 Jun 2001 11:11:13 -0700 >=20 > A) why can't he just enter in your nameservers addresses? It's an easy f= ix. > B) The only 'discovery' I know is DHCP or BOOTP. >=20 > HOWEVER, it would not surprise me in the least if Windows will get that i= nfo > from a primary domain controller or from active directory somehow. (frank= ly > it wouldn't surprise me if microsoft ran a port scan of the whole network= , > and sent the result to redmond.) >=20 > However, since you are not running a win server for him to specifically g= et > that info from, it doesn't exist. If he can't resolve names, he should > _try_ adding a nameserver first, then bitch if that doesn't work. >=20 >=20 > On 6/5/01 6:42 AM, The Defendant "Joseph D'Andrea" <JoeDan@West21.com> > Confessed: >=20 >> I have a co-lo client in our facility and his box is running >> windows2000. That's his first problem. ;-) He claims that he doesn't >> have to provide any name servers in his TCP/IP set-up because when >> there are no name servers specified, windows2000 will "discover" the >> "closest" name servers and use them. I know he's full of it because >> he is also convinced that _every_ name server on the entire internet >> gets a "root update" at 5am and 5pm every day. >>=20 >> How does this relate to QDNS... well he's saying that since I'm his >> ISP and since he can't resolve certain DNS names and numbers then my >> name server (QDNS) must be wrong. Is there such a thing as name >> server discovery? >>=20 >> Thanks, >> ___Joe___ >>=20 >> _________________________________________________ >> Joseph D'Andrea JoeDan@West21.com >> WEST21.com Internet services for the 21st Century >> http://www.west21.com/ >> _________________________________________________ >>=20 >>=20 >=20 > -- Aaron Lynch > System Administrator > NineWire Digital Solutions || http://ninewire.com >=20 >=20 > <insert Witty Signature Here> >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Hang on quit > From: "Seth Long" <slong@soundpublishing.com> > Date: Wed, 06 Jun 2001 12:02:09 -0700 >=20 > I have 3 copies of QDNS 3.5 running on 3 Performa 6360s under OS 9.1 and = all > are exhibiting the following behavior: >=20 > Select Quit from File menu or cmd-Q from keyboard and the computer locks = up. > Mouse still works but keyboard fails and system is unresponsive. Force Qu= it > freezes machine entirely. >=20 > Any thoughts? >=20 > -- > Seth Long > Director of Information Technology > Sound Publishing, Inc. > Tacoma, Washington > 877.231.4015 - voice > 253.383.0980 - voice > 253.381.4145 - cell > 253.627.2253 - fax > slong@soundpublishing.com > www.soundpublishing.com >=20 > Macintosh: Drink Upstream From The Herd >=20 >=20 > ---------------------------------------------------------------------- >=20 > Subject: Re: Hang on quit > From: "David M. Dantowitz" <david@dantowitz.com> > Date: Wed, 6 Jun 2001 15:47:41 -0400 >=20 > Seen the same hang on quit thing with 2.x in the past. Kinda gave up and > try not to quit the software :-) >=20 > In one case things got better removing all prefs and starting over. >=20 > Might be that the app uses the entire RAM allocation when it starts... > perhaps some left over would be wise for system stuff? I can see an > interrupt happening during the apps run and some stack space colliding > with other data... maybe. >=20 > Just a recommendation if 3.x still does the same. >=20 > --- >=20 > David Dantowitz -- Dantowitz Consulting & Research, Inc. > V 201-532-3053 F 973-564-8641 W http://www.dantowitz.com/ >=20 > Web Hosting, Location-based web searches and custom CD-ROMs, > Shockwave & internet software for email, fax, and encryption. >=20 >=20 >=20 > ---------------------------------------------------------------------- > End of Quickdns-Talk Digest >=20 >=20

Messages In This Thread: Windows and QuickDNS by Dave Cooper on Jun 6, 2001 at 10:02:47 am Re: Windows and QuickDNS by andrew on Jun 6, 2001 at 10:27:52 am Re: Windows and QuickDNS by Men & Mice Support on Jun 6, 2001 at 2:33:14 pm Re: Windows and QuickDNS by Aaron Lynch on Jun 6, 2001 at 3:30:35 pm Re: Windows and QuickDNS by Men & Mice Support on Jun 6, 2001 at 4:03:36 pm Re: Windows and QuickDNS by Dave Cooper on Jun 6, 2001 at 5:30:35 pm Re: Windows and QuickDNS by Dave Cooper on Jun 6, 2001 at 5:37:11 pm Re: Windows and QuickDNS by Men & Mice Support on Jun 6, 2001 at 9:55:57 pm Re: Windows and QuickDNS by Dave Cooper on Jun 8, 2001 at 8:36:47 am Re: Windows and QuickDNS by Men & Mice Support on Jun 8, 2001 at 9:50:57 am Re: Windows and QuickDNS by Sam Narayanan on Jun 10, 2001 at 12:35:08 pm Re: Windows and QuickDNS by micaelac on Jun 11, 2001 at 6:08:00 pm