Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

How to avoid Mail Proxy being used to spam or forward mail

(Last modified: 10Feb2003)

This document (10013929) is provided subject to the disclaimer at the end of this document.


How to avoid Mail Proxy being used to spam or forward mail


Novell BorderManager 3.0

Novell BorderManager 3.5

Telnet to the BorderManager public IP address

Receive a 220 service ready

If this was GWIA there would be a different screen


Duplicate by typing:
1. helo  
2. mail from: <>  
3. rcpt to: <>
4. data
5. type in message
6. end the mail with a return "." return
7. should respond with "250 OK
8. See solution 4.0.18689443.2270424

Result: Receive an email message from, which confirms that Mail Proxy is being used as a mail forwarder (allowing spam of unsuspecting domains).

Use the following access rules to block incoming "relay" requests. (Using as the example mail domain).

(1) Action: Allow
 Access Type:  Port
Origin Server Port:25
 Source: IP Address or Range
 Destination: Any

(2) Action: Allow
Access Type:  Application Proxy
Service:  Mail Proxy
Source: Any

(3) Action: Deny
Access Type:  Application Proxy
Service: Mail Proxy
 Source Any
Access: SMTP
 Destination: Any
Rule 1 will block all spam requests. The IP address could be the internal SMTP server or the subnet range of all internal workstations. If Internet non-routable address ranges (like 10.X.X.X or 192.168.X.X) are used on the private segments then all the better.

Rule 2 allows the SMTP mail proxy to forward mail with destination

Rule 3 block all other SMTP mail.

WORKAROUND:  Use static NAT translation, Enable a secondary IP address that will be translated into the SMTP mail server on the private Network (Assuming the SMTP mail server is able to "disallow mail relay")  

Note: The IP address assigned to the MX record must be used as the Secondary IP address.

1. Unbind primary IPAddress
2. Use INETCFG to bind another IPAddress
3. Then in AUTOEXEC.NCF add the following command: "ADD SECONDARY IPADDRESS X.X.X.X"  (X.X.X.X representing the IP address)
4. INETCFG | bindings | choose public NIC | expert TCPIP bind options | Network Address Translation | enable in static and dynamic | select the table and add a translation from the secondary IP address to the Internal Private Mail server IP address

Test: TELNET to the secondary IP address on port 25. Then see if you can send mail.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10013929
  • Solution ID: 4.0.17354428.2268858
  • Creation Date: 09Aug1999
  • Modified Date: 10Feb2003
    • NovellGroupware


      BorderManager Services

Did this document solve your problem? Provide Feedback