# SMTP spaming issue

## Net_Spy

Dear All,

             I've just install sendmail 8.x along with calmav , mailscanner , spamassisn , dcc . Now what I want my mail server to detect spam not avoid my WAN interface ip to get listed in spaming-list  , an other thing is that I want my all clients to send 25 mails in per hour . Here is the code below for my firewall.sh that reads the users from mailuser list

```

#! /bin/sh

#

iptables -F -t filter

iptables -I INPUT -i eth1 -p tcp --dport 25 -j DROP

echo Please Wait.

cat /home/scripts/mailusers | grep -v '^#' |grep -v '^\ ' | awk '{print $1 }' | sed "/^ /d;/^$/d;" | grep -v "ADDS" | grep -v Block | grep -v "Adds" | while read smtp

do

iptables -I INPUT -i eth1 -s $smtp -p tcp --dport 25 -m limit --limit-burst 25 -j ACCEPT

done

echo 1 > /proc/sys/net/ipv4/ip_forward

exit 0

```

I did the basic configuration in sendmail just start relaying . kindly let me know how to configure dcc and its whiteclnt , whitelist , graylist and blacklist . I think the above rule just prevent not to have more the 25 connection for smtp from a single client/IP . Looking forward for your kind response.

 Regards

   Net_Spy

----------

## cach0rr0

if you're starting from scratch...any particular reason to use sendmail? 

This is a fairly straightforward guide for a mail filter using postfix, which should require very  little configuration to customize for your environment

http://www.gentoo.org/doc/en/mailfilter-guide.xml

You could do that, and then utilize something like policyd to enforce rate-limiting upon users. Personally I would be opposed to limiting SMTP traffic at the network level, and would prefer doing so at the SMTP level itself (e.g. within the mail system). Otherwise it seems you'd just be continuously introducing seemingly arbitrary delays into the sending of your users' mail.

----------

## vaguy02

 *Quote:*   

> 
> 
>  #! /bin/sh
> 
> #
> ...

 

This isn't going to work. As soon as it hits the first drop, it drops the port 25, it doesn't continue. the dport 25 accept will never be reached.

----------

## Net_Spy

if there is an error in iptable script correct me and there is ano ther issue as well which I don't know that what's wrong my ip still getting black list in spamhaus.org , how to prevent my ip to get blacklist . Looking forward for your kind response .

Regards

Net_Spy

----------

## Net_Spy

let me clear you regarding sript see that loop pramter there is a file name mailuser it contains my clients ip those who i allowed to use smtp or else it will drop the request on eth1 which is my lan interface. 

  Regards 

  Net_Spy

----------

## vaguy02

You need to put the accept mailusers before the drop

IE.

 *Quote:*   

> 
> 
> #! /bin/sh
> 
> #
> ...

 

iptables is a linear language, the first time a rule is met, that is what it will proceed with. So therefore, you have to allow then drop, you can't drop then allow.

---

As for your other issue, have you tested to see if your mail server will accept a relay? If your mail server is acting as a relay, this can easily explain why you are being blacklisted.

example: http://www.abuse.net/relay.html  Type in your hostname of the mail server or the ip and it will attempt open relay calls, if any succeed, you have an open relay = bad!

----------

## Net_Spy

Well thanks for your reply ive checked that website 

```

Mail relay testing

Connecting to x.x.x.x for anonymous test ...

Relay test result

Could not connect, test failed.

```

well ive allowed three subnet in /etc/mail/access file

10.100 <= local subnet and two more ip that are real IP ( global IP) and what about the limiting user to send not more then 20 mails. Looking forward for your kind response.

 Regards

  Net_Spy

----------

## vaguy02

Okay, the problem with using iptables to filter your port 25 traffic, is the fact that other mail servers won't be able to see your mail server. Say, I sent you an email from gmail. Gmail mail servers would do a DNS lookup and find your MX entry. They would try that IP address, if iptables does not allow gmail to access your port 25 SMTP mail server, the attempt fails and the email is queued on their servers. They will continue to try to deliever the message for X number of times depending on their conf file. 

So, personally, I don't block any traffic from my port 25, but what I do, is force the email trying to be sent or recieved to fully authenticate itself, meaning. If it's bound for an email account on my server, it verifies that there is actually an email account on my server to receive it. Oppositely, if someone is trying to send a message using my mailservers SMTP, I force it to check both the sender and receiver, meaning that, the sender must have a valid MX lookup, so if xxx.com didn't exist and someone tried to send a message to someone@xxx.com. It would fail and reject the email, also, if someone is sending from joe@mydomain.com and there is no joe@mydomain.com it rejects the email. I would recommend highly that you look at smtp sender and receiver restrictions in postfix.

----------

## Net_Spy

hmmm well im using sendmail 8.x.x , below is the configuration of my sendmail ...

```

divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to

dnl # /etc/mail/sendmail.mc, you will need to regenerate the

dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is

dnl # installed and then performing a

dnl #

dnl #     make -C /etc/mail

dnl #

include(`/usr/share/sendmail-cf/m4/cf.m4')dnl

VERSIONID(`setup for linux')dnl

OSTYPE(`linux')dnl

dnl #

dnl # Do not advertize sendmail version.

dnl #

dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl

dnl #

dnl # default logging level is 9, you might want to set it higher to

dnl # debug the configuration

dnl #

dnl define(`confLOG_LEVEL', `9')dnl

dnl #

dnl # Uncomment and edit the following line if your outgoing mail needs to

dnl # be sent out through an external mail server:

dnl #

dnl#define(`SMART_HOST', `mydomain')dnl

dnl #

define(`confDEF_USER_ID', ``8:12'')dnl

dnl define(`confAUTO_REBUILD')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confTRY_NULL_MX_LIST', `True')dnl

define(`confDONT_PROBE_INTERFACES', `True')dnl

define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl

define(`ALIAS_FILE', `/etc/aliases')dnl

define(`STATUS_FILE', `/var/log/mail/statistics')dnl

define(`UUCP_MAILER_MAX', `2000000')dnl

define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl

define(`confAUTH_OPTIONS', `A')dnl

dnl #

dnl # The following allows relaying if the user authenticates, and disallows

dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links

dnl #

dnl define(`confAUTH_OPTIONS', `A p')dnl

dnl #

dnl # PLAIN is the preferred plaintext authentication method and used by

dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do

dnl # use LOGIN. Other mechanisms should be used if the connection is not

dnl # guaranteed secure.

dnl # Please remember that saslauthd needs to be running for AUTH.

dnl #

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl #

dnl # Rudimentary information on creating certificates for sendmail TLS:

dnl #     cd /usr/share/ssl/certs; make sendmail.pem

dnl # Complete usage:

dnl #     make -C /usr/share/ssl/certs usage

dnl #

dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl

dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl

dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl

dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

dnl #

dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's

dnl # slapd, which requires the file to be readble by group ldap

dnl #

dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl

dnl #

dnl define(`confTO_QUEUEWARN', `4h')dnl

dnl define(`confTO_QUEUERETURN', `5d')dnl

dnl define(`confQUEUE_LA', `12')dnl

dnl define(`confREFUSE_LA', `18')dnl

define(`confTO_IDENT', `0')dnl

dnl FEATURE(delay_checks)dnl

FEATURE(`no_default_msa', `dnl')dnl

FEATURE(`smrsh', `/usr/sbin/smrsh')dnl

FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(use_ct_file)dnl

dnl #

dnl # The following limits the number of processes sendmail can fork to accept

dnl # incoming messages or process its message queues to 20.) sendmail refuses

dnl # to accept connections once it has reached its quota of child processes.

dnl #

dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl

dnl #

dnl # Limits the number of new connections per second. This caps the overhead

dnl # incurred due to forking new sendmail processes. May be useful against

dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address

dnl # limit would be useful but is not available as an option at this writing.)

dnl #

dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl

dnl #

dnl # The -t option will retry delivery if e.g. the user runs over his quota.

dnl #

FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl

FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl

FEATURE(`blacklist_recipients')dnl

EXPOSED_USER(`root')dnl

dnl #

dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment

dnl # the following 2 definitions and activate below in the MAILER section the

dnl # cyrusv2 mailer.

dnl #

dnl define(`confLOCAL_MAILER', `cyrusv2')dnl

dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl

dnl #

dnl # The following causes sendmail to only listen on the IPv4 loopback address

dnl # 127.0.0.1 and not on any other network devices. Remove the loopback

dnl # address restriction to accept email from the internet or intranet.

dnl #

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

DAEMON_OPTIONS(`Port=smtp,Addr=10.100.50.9, Name=MTA')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 587 for

dnl # mail from MUAs that authenticate. Roaming users who can't reach their

dnl # preferred sendmail daemon due to port 25 being blocked or redirected find

dnl # this useful.

dnl #

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 465, but

dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed

dnl # For this to work your OpenSSL certificates must be configured.

dnl #

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl #

dnl # The following causes sendmail to additionally listen on the IPv6 loopback

dnl # device. Remove the loopback address restriction listen to the network.

dnl #

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

dnl #

dnl # enable both ipv6 and ipv4 in sendmail:

dnl #

dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

dnl #

dnl # We strongly recommend not accepting unresolvable domains if you want to

dnl # protect yourself from spam. However, the laptop and users on computers

dnl # that do not have 24x7 DNS do need this.

dnl #

dnl FEATURE(`accept_unresolvable_domains')dnl

dnl #

dnl FEATURE(`relay_based_on_MX')dnl

dnl #

dnl # Also accept email sent to "localhost.localdomain" as local email.

dnl #

LOCAL_DOMAIN(`localhost.localdomain')dnl

dnl #

dnl # The following example makes mail from this host and any additional

dnl # specified domains appear to be sent from mydomain.com

dnl #

dnl MASQUERADE_AS(`mydomain.com')dnl

dnl #

dnl # masquerade not just the headers, but the envelope as well

dnl #

dnl FEATURE(`allmasquerade')dnl

dnl FEATURE(`masquerade_envelope')dnl

dnl #

dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well

dnl #

dnl FEATURE(masquerade_entire_domain)dnl

dnl #

dnl MASQUERADE_DOMAIN(localhost)dnl

dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl

MAILER(smtp)dnl

MAILER(procmail)dnl

dnl MAILER(cyrusv2)dnl

```

----------

## vaguy02

lol, you had to pick the one I'm not using right. I'm a postfix kinda guy. 

Need some help here sendmail experts, is there an equivalent to smtp_restrictions in sendmail?

----------

## Net_Spy

well  following code is allow my pc to send mail although i've added in mailuser list ?? 

I telneted to my mail server on port 25 it doesnt connect it when i disabled that line and recheck it start working.

```
#! /bin/sh

#

iptables -F -t filter

echo Please Wait.

cat /home/scripts/mailusers | grep -v '^#' |grep -v '^\ ' | awk '{print $1 }' | sed "/^ /d;/^$/d;" | grep -v "ADDS" | grep -v Block | grep -v "Adds" | while read smtp

do

iptables -I INPUT -i eth1 -s $smtp -p tcp --dport 25 -m limit --limit-burst 25 -j ACCEPT

done

iptables -I INPUT -i eth1 -p tcp --dport 25 -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward

exit 0 
```

----------

## vaguy02

What IP are you using for your own computer in /home/scripts/mailusers?

----------

## Net_Spy

im using 10.100.20.101 that is my local ip that goes to 10.100.50.9 which is the local interface of smtp-server .

----------

## vaguy02

I was just checking because I see that you are limiting to the eth1 interface and I wanted to make sure you are contacting it through that and not the lo interface.

----------

## Net_Spy

there must be some wrong with iptables rule ?? can you just fix it .

----------

## Net_Spy

I've fixed the iptables rule

```

old :

iptables -I INPUT -i eth1 -p tcp --dport 25 -j DROP 

New:

iptables -A INPUT -i eth1 -p tcp --dport 25 -j DROP 

```

I think the issue was insert cause iptbales work in sequentially if I put -i to insert in the input chain i must also define the number where to insert this rule and -A append will work to insert it at the end.

 Regards

  Net_Spy

----------

## Net_Spy

some body will help me out ... still that iptbale rule does not work

```

New:

iptables -A INPUT -i eth1 -p tcp --dport 25 -j DROP 

```

well it does not let me to send 2 mails infact in rule ive define to limit it to 25 here is the script

```

#! /bin/sh

#

iptables -F -t filter

echo Please Wait.

#iptables -I INPUT -i eth1 -p tcp --dport 25 -j DROP

cat /home/scripts/mailusers | grep -v '^#' | grep -v '^\ ' | awk '{print $1}' | sed "/^ /d;/^$/d;" | grep -v "ADDS" | grep -v Block | grep -v "Adds" | while read smtp

do

iptables -A INPUT -i eth1 -s $smtp -p tcp --dport 25 -m limit  --limit-burst 25 -j ACCEPT

done

iptables -A INPUT -i eth1 -p tcp --dport 25 -j DROP

#iptables -A FORWARD -p tcp -i eth1 --dport 25  -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward

exit 0

```

I dont know what is wrong. Looking forward for your kind response.

 Regard

  Net_Spy

----------

## vaguy02

My recommendation is that no one will know your setup and exactly what you want to accomplish better than you, therefore, I would recommend temporarily putting in a LOG entry into all three strings (INPUT,OUTPUT,FORWARD). This will log all packets going in and out of your system and you can see why your rules aren't working and be able to make corrections.

----------

## Net_Spy

thanks but could you modify that script for me to log the packets ,

 Regards

  Net_Spy

----------

## vaguy02

 *Quote:*   

> 
> 
> #! /bin/sh
> 
> #
> ...

 

This will only work if logging is enabled in your kernel build.

If it is, then

 *Quote:*   

> 
> 
> grep Firewall /var/log/*
> 
> 

 

----------

## Net_Spy

here is the some of the log and my ip was 10.100.20.101

[code]

[code]

/var/log/messages:Jan 21 02:24:02 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=108 TOS=0x10 PREC=0x00 TTL=64 ID=32671 DF

 PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:24:02 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=108 TOS=0x10 PREC=0x00 TTL=64 ID=32672 DF

 PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:24:02 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30675 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=65035 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:23 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=39763 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=65035 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:23 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=32673 DF

PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:23 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39773 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64983 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:23 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

/var/log/messages:Jan 21 02:25:24 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=32676 DF

PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:24 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39832 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64827 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:25 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=39841 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64827 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:25 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=32677 DF

PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:25 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39847 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64775 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:33 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=40636 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64775 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:36 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=332 TOS=0x10 PREC=0x00 TTL=64 ID=32755 DF

 PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:36 smtp kernel: Firewall OUTPUT Log: IN= OUT=eth1

 SRC=10.100.50.9 DST=10.100.20.101 LEN=332 TOS=0x10 PREC=0x00 TTL=64 ID=32756 DF

 PROTO=TCP SPT=10022 DPT=2077 WINDOW=12880 RES=0x00 ACK PSH URGP=0

/var/log/messages:Jan 21 02:25:36 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=41017 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64951 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:36 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=41021 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64367 RES=0x00 ACK URGP=0

/var/log/messages:Jan 21 02:25:36 smtp kernel: Firewall INPUT Log: IN=eth1 OUT=

MAC=00:a0:c9:86:da:65:00:16:17:eb:53:d5:08:00 SRC=10.100.20.101 DST=10.100.50.9

LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=41022 DF PROTO=TCP SPT=2077 DPT=10022 WINDO

W=64367 RES=0x00 ACK PSH URGP=0

[/code]

Regards

 Net_Spy

----------

