-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/29/2012 02:17 PM, Arthur Dent wrote: > Hello all, > > I have just had a weird email indicating that my server is spamming. This > resulted from my attempt to get setroubleshoot to send email > notifications. > > I don't really understand how this happened, and I keep looking at the > headers wondering exactly what went on... > > This is the message I received: > ================================8<===================================== The > original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from > localhost [127.0.0.1] with id q8TGIHxg001451 > > ----- The following addresses had permanent fatal errors ----- > <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable; Client > host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2 13:01:07 > +0200. Your admin should visit > http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228) > > ----- Transcript of session follows ----- ... while talking to > el-tio.edelhost.de.: >>>> DATA > <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked > using ix.dnsbl.manitu.net; Your e-mail service was detected by > el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 > +0200. Your admin should visit > http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0 > Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1 > <SELinux_Troubleshoot@xxxxxxxxxxxx>... User unknown > ================================8<===================================== > > These are the headers for that email. As far as I can tell the email never > left my server. > ================================8<===================================== > Return-path: <MAILER-DAEMON@xxxxxxxxxxxx> X-spam-checker-version: > SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level: > X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, > T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2 Received: > from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id > q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep 2012 > 17:18:19 +0100 From: Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxxxxxxx> > Message-id: <201209291618.q8TGIJxg001453@xxxxxxxxxxxx> To: > postmaster@xxxxxxxxxxxx Mime-version: 1.0 Content-type: multipart/report; > report-type=delivery-status; > boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster > notify: see transcript for details Auto-submitted: auto-generated > (postmaster-notification) X-evolution-source: > 1292576305.15554.21@localhost.localdomain > ================================8<===================================== > > This was attached. I do not understand how this came about: > ================================8<===================================== > Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost > Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100 > > Final-Recipient: RFC822; root@xxxxxxxxxxxxxxxxxxxxxxxxx Action: failed > Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code: SMTP; > 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using > ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de > (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin > should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 > Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100 > ================================8<===================================== > > And the actual mail was a standard setroubleshoot report detailing an AVC. > > I admit I probably do not have this set up right, but I don't know what I > have done wrong. > > In /var/lib/setroubleshoot/email_alert_recipients I have simply: > root@localhost.localdomain filter_type=after_first > > Note that there is no ".org" after that. > > I have not touched /etc/setroubleshoot/setroubleshoot.conf at all. > > What do I have to do to fix this? > > Thanks... > > Mark > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > First thing I would do is check mail as root and try to send a mail message to root@localhost.localdomain -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBpZMMACgkQrlYvE4MpobNADQCfZvTcySZ0l9BWZ7FpUVZLYP89 9cIAoLdL3/hZwjiTQKVL/B5mV6EC1ROC =xt2G -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
