Cisco purchases for dummies

I have a modest Cisco Small Business Router C850 series router for over two years now, and I’m fairly happy about it. However when I tried to find IPv6 commands on it, I stumbled upon things like “what’s this ipv6 thing you’re talking about?”. Ignorant as I am about these things, I figured out on Cisco.com that the 850 series doesn’t support IPv6 in general. So when I finally decided to get a 1841, I guessed that it would support it out of the box.

The thing about Cisco is that they’re selling their operating system IOS under different versions and feature sets. And the standard 1841-BASE feature set, doesn’t know anything but simple IPv4 routing.

When you do some research via comparing these feature sets on the feature navigator you can conclude that only the Feature sets: Adv. Enterprise Services and Adv. IP Services actually contain IPv6 capabilities. Neither IP Base or Advanced Security has IPv6.

Being a simple consumer with no real way to upgrade my license or software, I had to buy a new 1841 with Adv. IP Services, which is about 1000 euro’s more than the standard model.

Open-Relay Testing

With SpamAssassin having a full time job filtering our incoming mail for spam, and QMail reporting a large queue of either bounced mail going nowhere and mails that appear to be bounced from elsewhere to your own mailserver – you wonder if there’s nothing awefully wrong with your setup (next to the fact that obviously our email addresses have been published on the Net way too often).

QMail is one hell of a buggy and complicated piece of software, but it still does its job someway or the other. And so I wondered if I hadn’t misconfigured something to make it an open-relay.

So the obvious first way to figure this out was to google around for ways to test this. I found this web-page that proposed a simple telnet test. I opened up the terminal and started typing those mail from rcpt to lines and discovered the SMTP Daemon was happy to receive mail from anyone to anywhere. I was however testing from the local network and I did want that to be Ok. But how was I supposed to test if its an open-relay to the rest of the world?

I looked up the file rcpthosts (/var/qmail/control/rcpthosts), it seemed fine, only the domains that I was serving with VPopmail were there. The other file I needed to take a look at was /etc/tcp.smtp, which contained the line 192.168.0.:allow,RELAYCLIENT=”".

Since the line hinted at 192.168.0.* being able to relay, but others weren’t, I tried testing with the extra ethernet interface I had on the server (containing the 192.168.2.0 network). It again however seemed the Daemon was fine with relaying from these addresses, so I was getting worried from this point.

Luckily I found a service online that was able to test for open-relay from outside of the local network. By registering on Abuse.net and going to http://www.abuse.net/relay.html I was able to let the remote script test my mailserver on several ways to get the server to relay to other domains. Except for 1 strange exception that proved to be a false-positive, all tests failed. And thus I was a happy camper again, knowing that at least that part of the inherently flawed mailing system was alright.