Blacklists do not work on Linux

  • 3679053
  • 01-Sep-2006
  • 27-Apr-2012

Environment

Novell GroupWise 7 Support Pack 1
Novell GroupWise 7.0.1 Hot Patch 2
Novell Open Enterprise Server Support Pack 2

Situation

Blacklists do not work
GroupWise Internet Agent on Linux does not block connections from Blacklisted IP Address

Resolution

This issue has been reported to the development
Workaround

Disable IPv6 as described in KB 10098152, How To: Disable IPV6 on SLES9.

Additional Information

Steps To Duplicate

1. Set up a GroupWise System including MTA, POA and GWIA with GroupWise 7.0.1 Agent or latest GroupWise Hot Patch on a Linux Server
2. Please make sure that the Linux System can connect to the Internet
3. Launch ConsoleOne and connect to the GroupWise Domain
4. Highlight the Domain Object hold GroupWise Internet Agent on the left hand side
5. Use the drop-down list to display Gateways
6. Right Click on the GWIA object and select Properties
7. Click Access Control | Blacklists
8. Add xbl.spamhaus.org and sbl.spamhaus.org
9. Click Apply and Close
10. Please make sure that GWIA automatically restarts itself after the above changes are made
11. Please login as user using GroupWise Client and try sending a mail to the Internet to make sure GWIA can resolve domain names and send emails outside
12. Now we need to try telnetting to GWIA on Port 25 using a blacklisted IP Address. One of the black listed ip address is 80.99.103.108. Please follow the steps listed below to telnet GWIA on Port 25 using a blacklisted IP Address

a. Launch YaST on Linux
b. Click Network Devices | Network Card |
c. Click Change on the Existing Network Card
d. Click Edit on the Network Card
e. Click Advanced | Virtual Aliases
f. Add IP Address 80.99.103.109 and save the changes
g. Restart GroupWise Internet Agent
h. GWIA will come up and bind itself to both the IP Addresses
i. Change the IP Address of a windows workstation connected to the same switch as the Linux Server and give it the blacklisted ip address 80.99.103.108. This Windows box should only have one ip address and that is the Blacklisted IP Address
j. Telnet to GWIA on Port 25 from the above mentioned workstation and it shows the greeting and it allows us to send email using telnet (GWIA should have blocked the IP Address)

If the above procedure is followed with a NetWare server, the IP Address will be blocked as soon as we Telnet to the GroupWise Internet Agent.