-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/01/2012 06:28 AM, Arthur Dent wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 09/29/2012 02:17 PM, Arthur Dent wrote: >>> Hello all, >>> >>> I have just had a weird email indicating that my server is spamming. >>> This resulted from my attempt to get setroubleshoot to send email >>> notifications. >>> >>> I don't really understand how this happened, and I keep looking at the >>> headers wondering exactly what went on... >>> >>> This is the message I received: >>> ================================8<===================================== >>> >>> The >>> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from >>> localhost [127.0.0.1] with id q8TGIHxg001451 >>> >>> ----- The following addresses had permanent fatal errors ----- >>> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable; >>> Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your >>> e...2 13:01:07 +0200. Your admin should visit >>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228) >>> >>> ----- Transcript of session follows ----- ... while talking to >>> el-tio.edelhost.de.: >>>>>> DATA >>> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked >>> using ix.dnsbl.manitu.net; Your e-mail service was detected by >>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 >>> +0200. Your admin should visit >>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0 >>> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1 >>> <SELinux_Troubleshoot@xxxxxxxxxxxx>... User unknown >>> ================================8<===================================== >>> >>> >>> These are the headers for that email. As far as I can tell the email >>> never left my server. >>> ================================8<===================================== >>> >>> Return-path: <MAILER-DAEMON@xxxxxxxxxxxx> X-spam-checker-version: >>> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level: >>> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, >>> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2 >>> Received: from localhost (localhost) by mydomain.org (8.14.5/8.14.5) >>> id q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep >>> 2012 17:18:19 +0100 From: Mail Delivery Subsystem >>> <MAILER-DAEMON@xxxxxxxxxxxx> Message-id: >>> <201209291618.q8TGIJxg001453@xxxxxxxxxxxx> To: postmaster@xxxxxxxxxxxx >>> Mime-version: 1.0 Content-type: multipart/report; >>> report-type=delivery-status; >>> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster >>> notify: see transcript for details Auto-submitted: auto-generated >>> (postmaster-notification) X-evolution-source: >>> 1292576305.15554.21@localhost.localdomain >>> ================================8<===================================== >>> >>> >>> This was attached. I do not understand how this came about: >>> ================================8<===================================== >>> >>> Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost >>> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100 >>> >>> Final-Recipient: RFC822; root@xxxxxxxxxxxxxxxxxxxxxxxxx Action: failed >>> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code: >>> SMTP; 554 5.7.1 Service unavailable; Client host [82.43.145.228] >>> blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by >>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 >>> +0200. Your admin should visit >>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 >>> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100 >>> ================================8<===================================== >>> >>> >>> And the actual mail was a standard setroubleshoot report detailing an >>> AVC. >>> >>> I admit I probably do not have this set up right, but I don't know >>> what I have done wrong. >>> >>> In /var/lib/setroubleshoot/email_alert_recipients I have simply: >>> root@localhost.localdomain filter_type=after_first >>> >>> Note that there is no ".org" after that. >>> >>> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all. >>> >>> What do I have to do to fix this? >>> >>> Thanks... >>> >>> Mark >>> >>> >>> >>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >> First thing I would do is check mail as root and try to send a mail >> message to root@localhost.localdomain > > Thanks. I can't try that until I get home this evening (the sysadmin here > at work has blocked the ssh port I use). > > However, what puzzles me is why the mail goes outside the network at all. > I'm sure that when I had this working previously (on F15) it was just a > system mail delivered directly. > > I'm sure I've got something wrong in my setup but I can't see where I'm > going wrong. > > This has actually caused a massive problem for me as I am now listed on > several blacklists and the mail I send from my account often disappears > into the ether - presumably because my correspondent's ISP take an > aggressive approach to using blacklists to block mail. > > Once I have sorted this out I will have to ask how to get off these > blacklists! > > Thanks > > Mark > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I don't know and have not looked at this code in a long time, there could be a bug in the way it was implemented. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBpmzYACgkQrlYvE4MpobNKJQCdHg5z0BbvR1JqeZYXY7RJl1rK NEIAni7uZreDwb00vc4BhmX+KhKhCRaV =K3pU -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
