User Tools

Site Tools


system:annoyances

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
system:annoyances [2021-04-25T10:58:14+0000]
michael_paoli
system:annoyances [2021-05-06T06:05:20+0000] (current)
michael_paoli reverted the temporarily increase of max queue time from 4 days to 7 days
Line 93: Line 93:
   * postmaster@tmp.balug.org to Internet worked ... can the incoming defend against some of the more egregious spam attempts? ...   * postmaster@tmp.balug.org to Internet worked ... can the incoming defend against some of the more egregious spam attempts? ...
   * rejects relay attempt   * rejects relay attempt
-  * also rejects relay attempt when spoofing VM host - even when "​reverse"​ DNS also spoofs same localhost name, so that's good, and looks like it may already be somewhat better than on that balug VM (looks like spam was making past that and getting ​snnaged/rejected later in the process - but at huge cost to filesystem space and logs and such). ​ So, now "​just"​ get mailman (mailman2) working "well enough",​ and should have a base model template that can be applied to balug to improve relative to current state ... though quite a bit more anti-spam should also be added to reject a bunch of other crud too.+  * also rejects relay attempt when spoofing VM host - even when "​reverse"​ DNS also spoofs same localhost name, so that's good, and looks like it may already be somewhat better than on that balug VM (looks like spam was making past that and getting ​snaged/rejected later in the process - but at huge cost to filesystem space and logs and such). ​ So, now "​just"​ get mailman (mailman2) working "well enough",​ and should have a base model template that can be applied to balug to improve relative to current state ... though quite a bit more anti-spam should also be added to reject a bunch of other crud too.
   * So, mailman (mailman2) - need that to be able to handle using pipes in aliases ... that's configured on the balug VM, but not tmp.balug.org VM ... it's //​somewhere//​ in the config ... but not trivial to find and nail down exactly where, so ... resuming working on that ... will try to more directly compare the two configs between the two hosts, ... and see where that may be buried - there'​s a lot 'o config stuff for exim4.   * So, mailman (mailman2) - need that to be able to handle using pipes in aliases ... that's configured on the balug VM, but not tmp.balug.org VM ... it's //​somewhere//​ in the config ... but not trivial to find and nail down exactly where, so ... resuming working on that ... will try to more directly compare the two configs between the two hosts, ... and see where that may be buried - there'​s a lot 'o config stuff for exim4.
 Relevant difference should be somewhere in ... Relevant difference should be somewhere in ...
Line 209: Line 209:
   * (done) oh ... should resize the queue directories for efficiency/​space (on most *nix filesystem types, directories grow, but never shrink).   * (done) oh ... should resize the queue directories for efficiency/​space (on most *nix filesystem types, directories grow, but never shrink).
   * (done) restart exim4   * (done) restart exim4
-  * send do relevant follow-up list postings to BALUG-Admin and BALUG-Talk+  * (done) ​send out relevant follow-up list postings to BALUG-Admin and BALUG-Talk
 There'​s then still further anti-spam stuff, etc. to do, but that should be "​better enough"​ to reenable exim4 service.\\ There'​s then still further anti-spam stuff, etc. to do, but that should be "​better enough"​ to reenable exim4 service.\\
 So ... resizing of those directories ... So ... resizing of those directories ...
Line 377: Line 377:
 // still getting Berkeley DB error diagnostics // still getting Berkeley DB error diagnostics
 // stopped exim4, did a dump & (re)load of DB (with db_dump & db_load), restarted exim4 ... seems to be running okay now without those Berkeley DB errors // stopped exim4, did a dump & (re)load of DB (with db_dump & db_load), restarted exim4 ... seems to be running okay now without those Berkeley DB errors
 +</​file>​
 +Analyzed the mail queue again. ​ Found one more abuser with a bunch 'o queued mail.\\ ​
 +That particular abuser had 332 queued mail messages - all of which were subscription requests that been processed - but not confirmed, for the same email address
 +and all from the same IPv4 address. ​ All the queued emails were confirmation emails - emails to that email address to get confirmation of the subscription
 +request. ​ The email domain appears legitimate, but the IP address dubious at best (no reverse DNS, etc.)\\
 +Anyway, removed those 332 queued email messages ... that then dropped the queue to only 20 remaining queued messages - all of which appear legitimate.\\ ​
 +Analyzed logs further, notably for web and email traffic/​attempts. ​ Looks like most all that problematic email was from bad web bots repeatedly and voluminously subscribing (well, attempting to subscribe) that, and one other email address, to BALUG'​s various lists - causing confirmation emails to be queued. ​ Looks like two such emails got delivered, but all (or almost all?) of the others got deferred by the receiving MTAS (there were only 2 email addresses). ​ So, perhaps bad bot trying to do DoS/DDoS against those two target emails? ​ Could potentially block the IP address but ... whack-a-mole - would likely just pop up on another IP.\\ 
 +Checked the mail queue again - after subtracting out target addresses that have already been successfully delivered to, there remain at the moment only 6 unique email addresses presently showing any delivery issues.
 +
 +More anti-spam to do ... SPF ... looks like config files can have that enabled ...\\ 
 +<​file>​
 +conf.d/​acl/​30_exim4-config_check_rcpt
 +  # This is quite costly in terms of DNS lookups (~6 lookups per mail). ​ Do not
 +  # enable if that's an issue. ​ Also note that if you enable this, you must
 +  # install "​spf-tools-perl"​ which provides the spfquery command.
 +  # Missing spf-tools-perl will trigger the "​Unexpected error in
 +  # SPF check" warning.
 +  .ifdef CHECK_RCPT_SPF
 +  deny
 +    message = [SPF] $sender_host_address is not allowed to send mail from \
 +              ${if def:​sender_address_domain {$sender_address_domain}{$sender_helo_name}}. ​ \
 +              Please see \
 +              http://​www.openspf.org/​Why?​scope=${if def:​sender_address_domain \
 +
 +$ dpkg -l spf-tools-perl | grep '^ii '
 +ii  spf-tools-perl 2.9.0-4 ​     all          SPF tools (spfquery, spfd) based on the Mail::SPF Perl module
 +$ nc -z www.openspf.org. 80
 +nc: unable to connect to address www.openspf.org.,​ service 80
 +$ nc -z www.openspf.org. 443
 +nc: unable to connect to address www.openspf.org.,​ service 443
 +
 +
 +So, is spf-tools-perl still applicable, or is it just the diagnostic that's out-of-date referring to a service that's no longer (at least pesently)
 +reachable?
 +
 +$ dpkg -L spf-tools-perl | sort | grep -e bin/ -e '/​man/​.*spf'​
 +/​usr/​bin/​spfquery.mail-spf-perl
 +/​usr/​sbin/​spfd.mail-spf-perl
 +/​usr/​share/​man/​man1/​spfquery.mail-spf-perl.1p.gz
 +/​usr/​share/​man/​man8/​spfd.mail-spf-perl.8p.gz
 +$ man spfquery
 +...
 +$ spfquery --scope mfrom --identity balug.org --ip-address $(dig +short balug.org. A)
 +pass
 +balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +Received-SPF:​ pass (balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=balug.org;​ client-ip=96.86.170.229
 +$ echo $?
 +0
 +$ spfquery --scope mfrom --identity balug.org --ip-address 8.8.8.8; echo $?
 +neutral
 +balug.org: Default neutral result due to no mechanism matches
 +balug.org: Default neutral result due to no mechanism matches
 +Received-SPF:​ neutral (balug.org: Default neutral result due to no mechanism matches) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=balug.org;​ client-ip=8.8.8.8
 +3
 +
 +neutral ? - are we missing something that ought say that should fail???
 +Anyway, looks like spfquery probably works fine, but the web site may be no longer available (DDoS from spammers, or ???).
 +
 +$ spfquery --scope mfrom --identity lists.balug.org --ip-address $(dig +short balug.org. A)
 +pass
 +lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +Received-SPF:​ pass (lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=lists.balug.org;​ client-ip=96.86.170.229
 +$ spfquery --scope mfrom --identity lists.balug.org --ip-address 8.8.8.8
 +neutral
 +lists.balug.org:​ Default neutral result due to no mechanism matches
 +lists.balug.org:​ Default neutral result due to no mechanism matches
 +Received-SPF:​ neutral (lists.balug.org:​ Default neutral result due to no mechanism matches) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=lists.balug.org;​ client-ip=8.8.8.8
 +
 +
 +Again with the neutral. ​ Those ought be hard fail.
 +... Ah ...:
 +balug.org. IN TXT "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2"​
 +We're missing the -all at the end.
 +Should check all our SPF records, and fix as appropriate.
 +Should probably also add spf version 2, but first things first ...
 +</​file>​
 +<​file>​
 +So ... we have ...:
 +balug.org. ​             600     ​IN ​     SPF     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2"​
 +balug.org. ​             600     ​IN ​     TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2"​
 +tmp.balug.org. ​         300     ​IN ​     TXT     "​v=spf1 ip4:​96.86.170.228 ip6:​2001:​470:​1f05:​19e::​f"​
 +lists.balug.org. ​       600     ​IN ​     SPF     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2"​
 +lists.balug.org. ​       600     ​IN ​     TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2"​
 +
 +berkeleylug.com. ​       172800 ​ IN      SPF     "​v=spf1 -all"
 +berkeleylug.com. ​       172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.com. ​            ​172800 ​ IN      SPF     "​v=spf1 -all"
 +sf-lug.com. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.net. ​            ​172800 ​ IN      SPF     "​v=spf1 -all"
 +sf-lug.net. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.com. ​             172800 ​ IN      SPF     "​v=spf1 -all"
 +sflug.com. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.net. ​             172800 ​ IN      SPF     "​v=spf1 -all"
 +sflug.net. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.org. ​             86400   ​IN ​     SPF     "​v=spf1 -all"
 +sflug.org. ​             86400   ​IN ​     TXT     "​v=spf1 -all"
 +We should:
 +remove the RRs of type SPF (superseded/​obsoleted,​ per RFC(s))
 +add trailing " -all" for those that don't have it
 +Our active sending TTLs look rather short, should probably nudge 'em up to ... 3600 or so? ... at least after they'​re tested out okay.
 +</​file>​
 +
 +<​file>​
 +And after updating, we have:
 +balug.org. ​             3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +lists.balug.org. ​       3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +tmp.balug.org. ​         3600    IN      TXT     "​v=spf1 ip4:​96.86.170.228 ip6:​2001:​470:​1f05:​19e::​f -all"
 +berkeleylug.com. ​       172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.com. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.net. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.com. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.net. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.org. ​             86400   ​IN ​     TXT     "​v=spf1 -all"
 +So ... that now looks better.
 +And let's do a little retest on our earlier:
 +$ spfquery --scope mfrom --identity balug.org --ip-address $(dig +short balug.org. A); echo "​$?"​
 +pass
 +balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +Received-SPF:​ pass (balug.org: 96.86.170.229 is authorized to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=balug.org;​ client-ip=96.86.170.229
 +0
 +$ spfquery --scope mfrom --identity lists.balug.org --ip-address $(dig +short balug.org. A); echo "​$?"​
 +pass
 +lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)
 +Received-SPF:​ pass (lists.balug.org:​ 96.86.170.229 is authorized to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​ip4:​96.86.170.229'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=lists.balug.org;​ client-ip=96.86.170.229
 +0
 +$ spfquery --scope mfrom --identity balug.org --ip-address 8.8.8.8; echo "​$?"​
 +fail
 +Please see http://​www.openspf.org/​Why?​s=mfrom;​id=balug.org;​ip=8.8.8.8;​r=balug-sf-lug-v2.balug.org
 +balug.org: Sender is not authorized by default to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)
 +Received-SPF:​ fail (balug.org: Sender is not authorized by default to use '​balug.org'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=balug.org;​ client-ip=8.8.8.8
 +1
 +$ spfquery --scope mfrom --identity lists.balug.org --ip-address 8.8.8.8; echo "​$?"​
 +fail
 +Please see http://​www.openspf.org/​Why?​s=mfrom;​id=lists.balug.org;​ip=8.8.8.8;​r=balug-sf-lug-v2.balug.org
 +lists.balug.org:​ Sender is not authorized by default to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)
 +Received-SPF:​ fail (lists.balug.org:​ Sender is not authorized by default to use '​lists.balug.org'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from=lists.balug.org;​ client-ip=8.8.8.8
 +1
 +$
 +So, that looks much better now.
 +</​file>​
 +<​file>​
 +wordpress also sends mail:
 +From www-data@balug.org Tue Apr 27 02:12:48 2021
 +From: WordPress <​wordpress@berkeleylug.com>​
 +So, @berkeleylug.com needs to be set up to send - and at least minimally receive, email (e.g. postmaster ...)
 +So, ... SPF first, as that has the longer TTL presently ...
 +from:
 +berkeleylug.com. ​       172800 ​ IN      TXT     "​v=spf1 -all"
 +to:
 +berkeleylug.com. ​       3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +
 +And, added bit more for digitalwitness.org. and sf-lug.org. (latter of which thus far still uses @linuxmafia.com for mail), now have:
 +balug.org. ​             3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +lists.balug.org. ​       3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +tmp.balug.org. ​         3600    IN      TXT     "​v=spf1 ip4:​96.86.170.228 ip6:​2001:​470:​1f05:​19e::​f -all"
 +berkeleylug.com. ​       3600    IN      TXT     "​v=spf1 ip4:​96.86.170.229 ip6:​2001:​470:​1f05:​19e::​2 -all"
 +digitalwitness.org. ​    ​86400 ​  ​IN ​     TXT     "​v=spf1 -all"
 +sf-lug.com. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.net. ​            ​172800 ​ IN      TXT     "​v=spf1 -all"
 +sf-lug.org. ​            ​86400 ​  ​IN ​     TXT     "​v=spf1 -all"
 +sflug.com. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.net. ​             172800 ​ IN      TXT     "​v=spf1 -all"
 +sflug.org. ​             86400   ​IN ​     TXT     "​v=spf1 -all"
 +SPF version 2 could be good/better ... but later, not a top priority.
 +</​file>​
 +
 +<​file>​
 +So, let's look into enabling SPF checking upon receipt of incoming ...
 +I also noticed what looks like something about a daemon - which may be preferable for large volumes/​streams of incoming ...
 +let's look at documentation bit more ...
 +$ man spfd.mail-spf-perl
 +$ systemctl list-unit-files | fgrep spf
 +
 +So, nothin'​ in systemd unit files nor exim4 config that supports the spf daemon, so doing that would mean fair bit more manual configuring.
 +For now let's presume spfquery (non-daemonized) is quite "good enough"​ for now - we can change later if we need to.
 +So ... let's configure that ...
 +added ...:
 +# tail -n 1 conf.d/​main/​000_localmacros
 +CHECK_RCPT_SPF = true
 +# systemctl restart exim4.service
 +# That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). ​ Should see results in logs
 +quite soon (if not already).
 +</​file>​
 +<​file>​
 +Not seeing an SPF failure in the logs ... quite yet.
 +Let's test something that should fail ...
 +Drats - test made it through, even though the config should'​a rejected it.
 +Oh, let's also add berkeleylug.com to the email domains, so that should work.
 +# DEBIAN_PRIORITY=medium dpkg-reconfigure exim4-config
 +# systemctl start exim4.service
 +Let's try sending to postmaster@berkeleylug.com
 +and yes, that got delivered fine.
 +So ... why is SPF check not working?
 +</​file>​
 +<​file>​
 +# systemctl stop exim4.service
 +# ls -d /​usr/​*bin/​*exim*conf*
 +/​usr/​sbin/​update-exim4.conf ​ /​usr/​sbin/​update-exim4.conf.template
 +# update-exim4.conf
 +# systemctl start exim4.service
 +SPF check still not working.
 +</​file>​
 +<​file>​
 +Wordpress email ... something to circle back on later.
 +For now, for header it uses:
 +From: WordPress <​wordpress@berkeleylug.com>​
 +Looks like the only bit of that that's easy to change is the domain. ​ Looks like it uses php mail.  There are plugins to change that, but
 +that's then more complications. ​ As for envelope, since it's using Apache, between that and exim, that ends up as:
 +MAIL FROM:<​www-data@balug.org>​
 +Again, not simple to change that.  More to circle back on for later.
 +For now, dropped in aliases for www-data and wordpress, so at least attempts to those - and for now at least, won't bounce at those domains if
 +attempted. ​ So, that should help deliverability (and, on the receiving side, probably some more spam for postmaster as I presently aliased those to
 +postmaster ... "good enough"​ for now).
 +</​file>​
 +<​file>​
 +Looks like the SPF checks are now working.
 +I also found an older spdf process running and killed that off - maybe that made the difference?
 +So, yes, and seeing SPF fail/​rejects in the log e.g.:
 +# fgrep -ai spf rejectlog
 +2021-04-28 02:29:33 H=(sweja-se.mail.protection.outlook.com) [183.199.220.44] F=<​oefydgodea@ottawa.ca>​ rejected RCPT <​rsvp@balug.org>:​ SPF check failed.
 +2021-04-28 03:50:56 H=(smail1.vub.sk) [222.77.253.120] F=<​jhylunrrhc@swebolt.se>​ rejected RCPT <​rsvp@balug.org>:​ SPF check failed.
 +# dig +noall +answer +nottl ottawa.ca. TXT ottawa.ca. SPF swebolt.se. TXT swebolt.se. SPF | fgrep \"​v=spf
 +ottawa.ca. ​             IN      TXT     "​v=spf1 include:​spf.protection.outlook.com include:​_spf.esolutionsgroup.ca include:​emsd1.com -all"
 +swebolt.se. ​            ​IN ​     TXT     "​v=spf1 mx ip4:​167.99.44.246 include:​spf.protection.outlook.com a:​smtp05.dgcsystems.net -all"
 +# spfquery --scope mfrom --id oefydgodea@ottawa.ca --ip 183.199.220.44;​ echo "​$?"​
 +fail
 +Please see http://​www.openspf.org/​Why?​s=mfrom;​id=oefydgodea%40ottawa.ca;​ip=183.199.220.44;​r=balug-sf-lug-v2.balug.org
 +ottawa.ca: Sender is not authorized by default to use '​oefydgodea@ottawa.ca'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)
 +Received-SPF:​ fail (ottawa.ca: Sender is not authorized by default to use '​oefydgodea@ottawa.ca'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from="​oefydgodea@ottawa.ca";​ client-ip=183.199.220.44
 +1
 +# spfquery --scope mfrom --id jhylunrrhc@swebolt.se --ip 222.77.253.120;​ echo "​$?"​
 +fail
 +Please see http://​www.openspf.org/​Why?​s=mfrom;​id=jhylunrrhc%40swebolt.se;​ip=222.77.253.120;​r=balug-sf-lug-v2.balug.org
 +swebolt.se: Sender is not authorized by default to use '​jhylunrrhc@swebolt.se'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)
 +Received-SPF:​ fail (swebolt.se:​ Sender is not authorized by default to use '​jhylunrrhc@swebolt.se'​ in '​mfrom'​ identity (mechanism '​-all'​ matched)) receiver=balug-sf-lug-v2.balug.org;​ identity=mailfrom;​ envelope-from="​jhylunrrhc@swebolt.se";​ client-ip=222.77.253.120
 +1
 +
 +</​file>​
 +<​file>​
 +Wrote a handy little program to summarize the exim rejectlog failure from the most recent few such log files:
 +# Rejectlog_report
 +6313 Unrouteable address
 +1013 relay not permitted
 +8 SPF check failed
 +7 SMTP protocol synchronization error (input sent without waiting for greeting)
 +7 maximum allowed line length
 +3 unqualified address not permitted
 +1 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised)
 +1 missing or malformed local part
 +1 syntactically invalid
 +
 +Look at least the top couple items would be good candidates for adding configurations for fail2ban.
 +Some others beyond that may also be worth doing - but not as high a priority.
 +</​file>​
 +<​file>​
 +// reverted the temporarily increase of max queue time from 4 days to 7 days:
 +# awk '​{if($1~/​^[^#​]/​||$1~/​^#​\*/​||$0~/​^#​ temp/​)print;​}'​ conf.d/​retry/​30_exim4-config
 +*                      *           ​F,​2h,​15m;​ G,​16h,​1h,​1.5;​ F,4d,6h
 +# systemctl reload exim4.service
 +
 </​file>​ </​file>​
system/annoyances.1619348294.txt.bz2 ยท Last modified: 2021-04-25T10:58:14+0000 by michael_paoli