This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
system:annoyances [2021-04-27T07:23:46+0000] michael_paoli |
system:annoyances [2021-04-28T12:58:28+0000] michael_paoli |
||
---|---|---|---|
Line 563: | Line 563: | ||
# That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). Should see results in logs | # That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). Should see results in logs | ||
quite soon (if not already). | quite soon (if not already). | ||
+ | </file> | ||
+ | <file> | ||
+ | Not seeing an SPF failure in the logs ... quite yet. | ||
+ | Let's test something that should fail ... | ||
+ | Drats - test made it through, even though the config should'a rejected it. | ||
+ | Oh, let's also add berkeleylug.com to the email domains, so that should work. | ||
+ | # DEBIAN_PRIORITY=medium dpkg-reconfigure exim4-config | ||
+ | # systemctl start exim4.service | ||
+ | Let's try sending to postmaster@berkeleylug.com | ||
+ | and yes, that got delivered fine. | ||
+ | So ... why is SPF check not working? | ||
+ | </file> | ||
+ | <file> | ||
+ | # systemctl stop exim4.service | ||
+ | # ls -d /usr/*bin/*exim*conf* | ||
+ | /usr/sbin/update-exim4.conf /usr/sbin/update-exim4.conf.template | ||
+ | # update-exim4.conf | ||
+ | # systemctl start exim4.service | ||
+ | SPF check still not working. | ||
+ | </file> | ||
+ | <file> | ||
+ | Wordpress email ... something to circle back on later. | ||
+ | For now, for header it uses: | ||
+ | From: WordPress <wordpress@berkeleylug.com> | ||
+ | Looks like the only bit of that that's easy to change is the domain. Looks like it uses php mail. There are plugins to change that, but | ||
+ | that's then more complications. As for envelope, since it's using Apache, between that and exim, that ends up as: | ||
+ | MAIL FROM:<www-data@balug.org> | ||
+ | Again, not simple to change that. More to circle back on for later. | ||
+ | For now, dropped in aliases for www-data and wordpress, so at least attempts to those - and for now at least, won't bounce at those domains if | ||
+ | attempted. So, that should help deliverability (and, on the receiving side, probably some more spam for postmaster as I presently aliased those to | ||
+ | postmaster ... "good enough" for now). | ||
+ | </file> | ||
+ | <file> | ||
+ | Looks like the SPF checks are now working. | ||
+ | I also found an older spdf process running and killed that off - maybe that made the difference? | ||
+ | So, yes, and seeing SPF fail/rejects in the log e.g.: | ||
+ | # fgrep -ai spf rejectlog | ||
+ | 2021-04-28 02:29:33 H=(sweja-se.mail.protection.outlook.com) [183.199.220.44] F=<oefydgodea@ottawa.ca> rejected RCPT <rsvp@balug.org>: SPF check failed. | ||
+ | 2021-04-28 03:50:56 H=(smail1.vub.sk) [222.77.253.120] F=<jhylunrrhc@swebolt.se> rejected RCPT <rsvp@balug.org>: SPF check failed. | ||
+ | # dig +noall +answer +nottl ottawa.ca. TXT ottawa.ca. SPF swebolt.se. TXT swebolt.se. SPF | fgrep \"v=spf | ||
+ | ottawa.ca. IN TXT "v=spf1 include:spf.protection.outlook.com include:_spf.esolutionsgroup.ca include:emsd1.com -all" | ||
+ | swebolt.se. IN TXT "v=spf1 mx ip4:167.99.44.246 include:spf.protection.outlook.com a:smtp05.dgcsystems.net -all" | ||
+ | # spfquery --scope mfrom --id oefydgodea@ottawa.ca --ip 183.199.220.44; echo "$?" | ||
+ | fail | ||
+ | Please see http://www.openspf.org/Why?s=mfrom;id=oefydgodea%40ottawa.ca;ip=183.199.220.44;r=balug-sf-lug-v2.balug.org | ||
+ | ottawa.ca: Sender is not authorized by default to use 'oefydgodea@ottawa.ca' in 'mfrom' identity (mechanism '-all' matched) | ||
+ | Received-SPF: fail (ottawa.ca: Sender is not authorized by default to use 'oefydgodea@ottawa.ca' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from="oefydgodea@ottawa.ca"; client-ip=183.199.220.44 | ||
+ | 1 | ||
+ | # spfquery --scope mfrom --id jhylunrrhc@swebolt.se --ip 222.77.253.120; echo "$?" | ||
+ | fail | ||
+ | Please see http://www.openspf.org/Why?s=mfrom;id=jhylunrrhc%40swebolt.se;ip=222.77.253.120;r=balug-sf-lug-v2.balug.org | ||
+ | swebolt.se: Sender is not authorized by default to use 'jhylunrrhc@swebolt.se' in 'mfrom' identity (mechanism '-all' matched) | ||
+ | Received-SPF: fail (swebolt.se: Sender is not authorized by default to use 'jhylunrrhc@swebolt.se' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from="jhylunrrhc@swebolt.se"; client-ip=222.77.253.120 | ||
+ | 1 | ||
+ | # | ||
+ | </file> | ||
+ | <file> | ||
+ | Wrote a handy little program to summarize the exim rejectlog failure from the most recent few such log files: | ||
+ | # Rejectlog_report | ||
+ | 6313 Unrouteable address | ||
+ | 1013 relay not permitted | ||
+ | 8 SPF check failed | ||
+ | 7 SMTP protocol synchronization error (input sent without waiting for greeting) | ||
+ | 7 maximum allowed line length | ||
+ | 3 unqualified address not permitted | ||
+ | 1 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised) | ||
+ | 1 missing or malformed local part | ||
+ | 1 syntactically invalid | ||
+ | # | ||
+ | Look at least the top couple items would be good candidates for adding configurations for fail2ban. | ||
+ | Some others beyond that may also be worth doing - but not as high a priority. | ||
</file> | </file> |