• SMTP Server settings

    From bamageek@21:1/140 to All on Sun Feb 10 02:10:25 2019
    I have the SMTP configurtion set up to use gmail to send messages from the
    BBS using a BBS account I created. All that seems to work fine. Tonight I started thinking about receiving emails into the BBS from my davesbbs.com domain. I configured a SMTP server to receive from port 25 and opened up my port. I changed my DNS MX record to route email traffic to the BBS. I can see in the logs when I try to send an email to myself that it is trying:
    2019.02.09 21:01:22 SMTP > Connect on slot 1/8 (209.85.208.171)
    + 2019.02.09 21:01:22 SMTP 1-HostName mail-lj1-f171.google.com
    + 2019.02.09 21:01:22 SMTP 1-C: EHLO Data: mail-lj1-f171.google.com
    + 2019.02.09 21:01:22 SMTP 1-C: MAIL Data: FROM:<bamageek205@gmail.com>
    + 2019.02.09 21:01:22 SMTP 1-User: bamageek205 Domain: gmail.com
    + 2019.02.09 21:01:22 SMTP 1-Refused by domain: bamageek205@gmail.com
    + 2019.02.09 21:01:22 SMTP 1-C: QUIT Data:
    + 2019.02.09 21:01:22 SMTP 1-Connection closed
    + 2019.02.09 21:01:23 SSH 1-Session failed

    I could be totally missing this. Any idea what I'm doing wrong?

    --- Mystic BBS v1.12 A41 2018/12/27 (Raspberry Pi/32)
    * Origin: Dave's BBS (21:1/140)
  • From g00r00@21:1/108 to bamageek on Sun Feb 10 03:21:38 2019
    I could be totally missing this. Any idea what I'm doing wrong?

    You may not be doing anything wrong. Mystic doesn't allow unknown e-mails into the BBS system. Your BBS users can send e-mail back and forth, but it doesn't allow outside random Internet e-mail in.

    I may change that someday, though. Mystic leverages the e-mail protocols for BBS integration, not to be an Internet e-mail relay. In other words, for things like password reset, account validation and upgrades, or pushing BBS private messages to your phone and allowing you to respond to other BBS users privately using your phone's e-mail client. That sort of thing.

    A general theme in my approach to things with Mystic is to use Internet in ways that enhance the actual usage of a BBS, not to provide a standalone Internet servers/services.

    But like I said, I am leaning towards removing this restriction. Part of the reasons its there in addition to it just falling outside of my philosophy is that e-mail doesn't translate well to an 80x25 text interface. E-mail often has html for example and you end up getting a BBS mailbox full of gibberish.

    You also cannot stop the "spam train" once you have a BBS user's e-mail address on marketing mailing lists, etc. You could end up with constant connections to your server with the purpose of spam e-mail being sent and there is little you can do to stop the connections.

    --- Mystic BBS v1.12 A43 2019/02/08 (Linux/64)
    * Origin: Sector 7 (21:1/108)
  • From Fireball@21:4/145 to g00r00 on Sun Feb 10 06:01:31 2019
    On 09 Feb 2019, g00r00 said the following...

    You also cannot stop the "spam train" once you have a BBS user's e-mail address on marketing mailing lists, etc. You could end up with constant connections to your server with the purpose of spam e-mail being sent
    and there is little you can do to stop the connections.


    Send all incoming email through spamassassin and let that do the work. That's what I do with Synchronet now and it works pretty well. Also, don't allow unauthenticated relays, that's just asking for trouble.

    As far as html in emails, I'm sure that could be stripped out, and you could even use python to do the preprocessing if you wanted to cheat a bit. Here's some snippets of code: https://stackoverflow.com/questions/753052/strip-html-from-strings-in-python/19 730306

    All of my BBSes get slammed on every open port with connections from script kiddies. Thank goodness for IP blocking and the fact that none use a standard known server, except for sshd on a non-standard port.

    Fireball

    --- Mystic BBS v1.12 A43 2019/02/08 (Linux/64)
    * Origin: Fireball Express!!! Mystic Edition (21:4/145)
  • From bamageek@21:1/140 to g00r00 on Sun Feb 10 12:54:55 2019
    You may not be doing anything wrong. Mystic doesn't allow unknown
    e-mails into the BBS system. Your BBS users can send e-mail back and forth, but it doesn't allow outside random Internet e-mail in.
    But like I said, I am leaning towards removing this restriction. Part
    of the reasons its there in addition to it just falling outside of my philosophy is that e-mail doesn't translate well to an 80x25 text interface. E-mail often has html for example and you end up getting a
    BBS mailbox full of gibberish.

    That makes sense I was just thinking since there was a server listening on
    port 25 I should be able to send emails to it so wasn't sure if I was doing something wrong. I know the spam emails can be a problem. I ran into that
    when I was playing around with synchronet. Does the SMTP server need to be active to be able to do password resets and such?

    --- Mystic BBS v1.12 A41 2018/12/27 (Raspberry Pi/32)
    * Origin: Dave's BBS (21:1/140)
  • From g00r00@21:1/108 to Fireball on Sun Feb 10 19:37:49 2019
    Send all incoming email through spamassassin and let that do the work. That's what I do with Synchronet now and it works pretty well. Also,
    don't allow unauthenticated relays, that's just asking for trouble.

    I won't let it relay at all and I can't see a situation where I would allow for it. But I may open up the allowance of incoming e-mail very soon! I have to turn off the domain restriction and investigate to see what else doing so breaks lol :)

    The old Mystic server used to have e-mail spam service support using Blacklist DNS but I removed support for it because I couldn't find a service that supported IPV6 at the time. I will absolutely revisit this if I open up incoming e-mail!

    As far as html in emails, I'm sure that could be stripped out, and you could even use python to do the preprocessing if you wanted to cheat a bit. Here's some snippets of code:

    Yes it can be stripped but the resulting e-mail still ends up being nonsense because of the way the raw text is formatted by the HTML and images. Quoting of course is also majorly broken, etc.

    Its nice if you're using it with someone whose only using text e-mail like to another BBS user or something.

    All of my BBSes get slammed on every open port with connections from script kiddies. Thank goodness for IP blocking and the fact that none
    use a standard known server, except for sshd on a non-standard port.

    I don't even seem to have that problem except on port 23. I usually use a non-standard port though for things, but for stability testing I've had my BBS up for about 2 weeks with port 23 open. Its getting spammed constantly and I just let Mystic auto-ban them.

    --- Mystic BBS v1.12 A43 2019/02/08 (Linux/64)
    * Origin: Sector 7 (21:1/108)
  • From g00r00@21:1/108 to bamageek on Sun Feb 10 19:42:29 2019
    into that when I was playing around with synchronet. Does the SMTP
    server need to be active to be able to do password resets and such?

    No, you just have to configure the SMTP options in Servers > Server Options inside the System Configuration. You do not have to run the POP3 or SMTP servers for password resets by e-mail or for e-mail account validation.

    --- Mystic BBS v1.12 A43 2019/02/08 (Linux/64)
    * Origin: Sector 7 (21:1/108)
  • From Fireball@21:4/145 to g00r00 on Sun Feb 10 20:46:42 2019
    On 10 Feb 2019, g00r00 said the following...

    I won't let it relay at all and I can't see a situation where I would allow for it. But I may open up the allowance of incoming e-mail very soon! I have to turn off the domain restriction and investigate to see what else doing so breaks lol :)


    Good, because open relays are bad. Something's always gonna break! lol

    The old Mystic server used to have e-mail spam service support using Blacklist DNS but I removed support for it because I couldn't find a service that supported IPV6 at the time. I will absolutely revisit this if I open up incoming e-mail!


    Meh, I'm not a fan of DNSBL, but if that's what's supported, then so be it. Also, a whitelist/blacklist setup would be nice.

    Yes it can be stripped but the resulting e-mail still ends up being nonsense because of the way the raw text is formatted by the HTML and images. Quoting of course is also majorly broken, etc.


    I can see that. There's a python library called html2text, which is supposed
    to convert html formatted documents to plain ascii, or a marked down ascii. Could always use the same premise to convert from html to a mystic pipecode format. I know it'd some work, so I'm not holding my breath for it. lol

    Its nice if you're using it with someone whose only using text e-mail
    like to another BBS user or something.


    True! I usually try and send plain text via gmail when I know, or suspect, a BBS is the endpoint.

    All of my BBSes get slammed on every open port with connections from script kiddies. Thank goodness for IP blocking and the fact that none use a standard known server, except for sshd on a non-standard port.

    I don't even seem to have that problem except on port 23. I usually use
    a non-standard port though for things, but for stability testing I've
    had my BBS up for about 2 weeks with port 23 open. Its getting spammed constantly and I just let Mystic auto-ban them.


    All of the default ports are spammed if they're open. They include 22, 23,
    and 25/587 for sure. I have no doubt they're hitting the finger, gopher, and other ports on my Synchronet BBS as well. Just looking at the journal is
    pretty wicked.

    Fireball

    --- Mystic BBS v1.12 A43 2019/02/08 (Linux/64)
    * Origin: Fireball Express!!! Mystic Edition (21:4/145)