system:annoyances
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
system:annoyances [2021-04-27T07:23:46+0000] michael_paoli |
system:annoyances [2021-04-28T12:58:28+0000] michael_paoli |
||
|---|---|---|---|
| Line 563: | Line 563: | ||
| # That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). Should see results in logs | # That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). Should see results in logs | ||
| quite soon (if not already). | quite soon (if not already). | ||
| + | </file> | ||
| + | <file> | ||
| + | Not seeing an SPF failure in the logs ... quite yet. | ||
| + | Let's test something that should fail ... | ||
| + | Drats - test made it through, even though the config should'a rejected it. | ||
| + | Oh, let's also add berkeleylug.com to the email domains, so that should work. | ||
| + | # DEBIAN_PRIORITY=medium dpkg-reconfigure exim4-config | ||
| + | # systemctl start exim4.service | ||
| + | Let's try sending to postmaster@berkeleylug.com | ||
| + | and yes, that got delivered fine. | ||
| + | So ... why is SPF check not working? | ||
| + | </file> | ||
| + | <file> | ||
| + | # systemctl stop exim4.service | ||
| + | # ls -d /usr/*bin/*exim*conf* | ||
| + | /usr/sbin/update-exim4.conf /usr/sbin/update-exim4.conf.template | ||
| + | # update-exim4.conf | ||
| + | # systemctl start exim4.service | ||
| + | SPF check still not working. | ||
| + | </file> | ||
| + | <file> | ||
| + | Wordpress email ... something to circle back on later. | ||
| + | For now, for header it uses: | ||
| + | From: WordPress <wordpress@berkeleylug.com> | ||
| + | Looks like the only bit of that that's easy to change is the domain. Looks like it uses php mail. There are plugins to change that, but | ||
| + | that's then more complications. As for envelope, since it's using Apache, between that and exim, that ends up as: | ||
| + | MAIL FROM:<www-data@balug.org> | ||
| + | Again, not simple to change that. More to circle back on for later. | ||
| + | For now, dropped in aliases for www-data and wordpress, so at least attempts to those - and for now at least, won't bounce at those domains if | ||
| + | attempted. So, that should help deliverability (and, on the receiving side, probably some more spam for postmaster as I presently aliased those to | ||
| + | postmaster ... "good enough" for now). | ||
| + | </file> | ||
| + | <file> | ||
| + | Looks like the SPF checks are now working. | ||
| + | I also found an older spdf process running and killed that off - maybe that made the difference? | ||
| + | So, yes, and seeing SPF fail/rejects in the log e.g.: | ||
| + | # fgrep -ai spf rejectlog | ||
| + | 2021-04-28 02:29:33 H=(sweja-se.mail.protection.outlook.com) [183.199.220.44] F=<oefydgodea@ottawa.ca> rejected RCPT <rsvp@balug.org>: SPF check failed. | ||
| + | 2021-04-28 03:50:56 H=(smail1.vub.sk) [222.77.253.120] F=<jhylunrrhc@swebolt.se> rejected RCPT <rsvp@balug.org>: SPF check failed. | ||
| + | # dig +noall +answer +nottl ottawa.ca. TXT ottawa.ca. SPF swebolt.se. TXT swebolt.se. SPF | fgrep \"v=spf | ||
| + | ottawa.ca. IN TXT "v=spf1 include:spf.protection.outlook.com include:_spf.esolutionsgroup.ca include:emsd1.com -all" | ||
| + | swebolt.se. IN TXT "v=spf1 mx ip4:167.99.44.246 include:spf.protection.outlook.com a:smtp05.dgcsystems.net -all" | ||
| + | # spfquery --scope mfrom --id oefydgodea@ottawa.ca --ip 183.199.220.44; echo "$?" | ||
| + | fail | ||
| + | Please see http://www.openspf.org/Why?s=mfrom;id=oefydgodea%40ottawa.ca;ip=183.199.220.44;r=balug-sf-lug-v2.balug.org | ||
| + | ottawa.ca: Sender is not authorized by default to use 'oefydgodea@ottawa.ca' in 'mfrom' identity (mechanism '-all' matched) | ||
| + | Received-SPF: fail (ottawa.ca: Sender is not authorized by default to use 'oefydgodea@ottawa.ca' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from="oefydgodea@ottawa.ca"; client-ip=183.199.220.44 | ||
| + | 1 | ||
| + | # spfquery --scope mfrom --id jhylunrrhc@swebolt.se --ip 222.77.253.120; echo "$?" | ||
| + | fail | ||
| + | Please see http://www.openspf.org/Why?s=mfrom;id=jhylunrrhc%40swebolt.se;ip=222.77.253.120;r=balug-sf-lug-v2.balug.org | ||
| + | swebolt.se: Sender is not authorized by default to use 'jhylunrrhc@swebolt.se' in 'mfrom' identity (mechanism '-all' matched) | ||
| + | Received-SPF: fail (swebolt.se: Sender is not authorized by default to use 'jhylunrrhc@swebolt.se' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from="jhylunrrhc@swebolt.se"; client-ip=222.77.253.120 | ||
| + | 1 | ||
| + | # | ||
| + | </file> | ||
| + | <file> | ||
| + | Wrote a handy little program to summarize the exim rejectlog failure from the most recent few such log files: | ||
| + | # Rejectlog_report | ||
| + | 6313 Unrouteable address | ||
| + | 1013 relay not permitted | ||
| + | 8 SPF check failed | ||
| + | 7 SMTP protocol synchronization error (input sent without waiting for greeting) | ||
| + | 7 maximum allowed line length | ||
| + | 3 unqualified address not permitted | ||
| + | 1 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised) | ||
| + | 1 missing or malformed local part | ||
| + | 1 syntactically invalid | ||
| + | # | ||
| + | Look at least the top couple items would be good candidates for adding configurations for fail2ban. | ||
| + | Some others beyond that may also be worth doing - but not as high a priority. | ||
| </file> | </file> | ||
system/annoyances.txt ยท Last modified: 2021-05-06T06:05:20+0000 by michael_paoli
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
