> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/29/2012 02:17 PM, Arthur Dent wrote: >> Hello all, >> >> I have just had a weird email indicating that my server is spamming. >> This >> resulted from my attempt to get setroubleshoot to send email >> notifications. >> >> I don't really understand how this happened, and I keep looking at the >> headers wondering exactly what went on... >> >> This is the message I received: >> ================================8<===================================== >> The >> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from >> localhost [127.0.0.1] with id q8TGIHxg001451 >> >> ----- The following addresses had permanent fatal errors ----- >> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable; >> Client >> host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2 >> 13:01:07 >> +0200. Your admin should visit >> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228) >> >> ----- Transcript of session follows ----- ... while talking to >> el-tio.edelhost.de.: >>>>> DATA >> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked >> using ix.dnsbl.manitu.net; Your e-mail service was detected by >> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 >> +0200. Your admin should visit >> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0 >> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1 >> <SELinux_Troubleshoot@xxxxxxxxxxxx>... User unknown >> ================================8<===================================== >> >> These are the headers for that email. As far as I can tell the email >> never >> left my server. >> ================================8<===================================== >> Return-path: <MAILER-DAEMON@xxxxxxxxxxxx> X-spam-checker-version: >> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level: >> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, >> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2 >> Received: >> from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id >> q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep 2012 >> 17:18:19 +0100 From: Mail Delivery Subsystem >> <MAILER-DAEMON@xxxxxxxxxxxx> >> Message-id: <201209291618.q8TGIJxg001453@xxxxxxxxxxxx> To: >> postmaster@xxxxxxxxxxxx Mime-version: 1.0 Content-type: >> multipart/report; >> report-type=delivery-status; >> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster >> notify: see transcript for details Auto-submitted: auto-generated >> (postmaster-notification) X-evolution-source: >> 1292576305.15554.21@localhost.localdomain >> ================================8<===================================== >> >> This was attached. I do not understand how this came about: >> ================================8<===================================== >> Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost >> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100 >> >> Final-Recipient: RFC822; root@xxxxxxxxxxxxxxxxxxxxxxxxx Action: failed >> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code: SMTP; >> 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using >> ix.dnsbl.manitu.net; Your e-mail service was detected by >> el-tio.edelhost.de >> (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin >> should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 >> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100 >> ================================8<===================================== >> >> And the actual mail was a standard setroubleshoot report detailing an >> AVC. >> >> I admit I probably do not have this set up right, but I don't know what >> I >> have done wrong. >> >> In /var/lib/setroubleshoot/email_alert_recipients I have simply: >> root@localhost.localdomain filter_type=after_first >> >> Note that there is no ".org" after that. >> >> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all. >> >> What do I have to do to fix this? >> >> Thanks... >> >> Mark >> >> >> >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux >> > First thing I would do is check mail as root and try to send a mail > message to > root@localhost.localdomain Thanks. I can't try that until I get home this evening (the sysadmin here at work has blocked the ssh port I use). However, what puzzles me is why the mail goes outside the network at all. I'm sure that when I had this working previously (on F15) it was just a system mail delivered directly. I'm sure I've got something wrong in my setup but I can't see where I'm going wrong. This has actually caused a massive problem for me as I am now listed on several blacklists and the mail I send from my account often disappears into the ether - presumably because my correspondent's ISP take an aggressive approach to using blacklists to block mail. Once I have sorted this out I will have to ask how to get off these blacklists! Thanks Mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
