Re: Configuring Setroubleshhot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/01/2012 06:28 AM, Arthur Dent wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 09/29/2012 02:17 PM, Arthur Dent wrote:
>>> Hello all,
>>> 
>>> I have just had a weird email indicating that my server is spamming. 
>>> This resulted from my attempt to get setroubleshoot to send email 
>>> notifications.
>>> 
>>> I don't really understand how this happened, and I keep looking at the 
>>> headers wondering exactly what went on...
>>> 
>>> This is the message I received: 
>>> ================================8<=====================================
>>>
>>> 
The
>>> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from 
>>> localhost [127.0.0.1] with id q8TGIHxg001451
>>> 
>>> ----- The following addresses had permanent fatal errors ----- 
>>> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable; 
>>> Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your
>>> e...2 13:01:07 +0200. Your admin should visit 
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)
>>> 
>>> ----- Transcript of session follows ----- ... while talking to 
>>> el-tio.edelhost.de.:
>>>>>> DATA
>>> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked 
>>> using ix.dnsbl.manitu.net; Your e-mail service was detected by 
>>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 
>>> +0200. Your admin should visit 
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0 
>>> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1 
>>> <SELinux_Troubleshoot@xxxxxxxxxxxx>... User unknown 
>>> ================================8<=====================================
>>>
>>>
>>> 
These are the headers for that email. As far as I can tell the email
>>> never left my server. 
>>> ================================8<=====================================
>>>
>>> 
Return-path: <MAILER-DAEMON@xxxxxxxxxxxx> X-spam-checker-version:
>>> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level: 
>>> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, 
>>> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2 
>>> Received: from localhost (localhost) by mydomain.org (8.14.5/8.14.5)
>>> id q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep
>>> 2012 17:18:19 +0100 From: Mail Delivery Subsystem 
>>> <MAILER-DAEMON@xxxxxxxxxxxx> Message-id:
>>> <201209291618.q8TGIJxg001453@xxxxxxxxxxxx> To: postmaster@xxxxxxxxxxxx
>>> Mime-version: 1.0 Content-type: multipart/report; 
>>> report-type=delivery-status; 
>>> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster 
>>> notify: see transcript for details Auto-submitted: auto-generated 
>>> (postmaster-notification) X-evolution-source: 
>>> 1292576305.15554.21@localhost.localdomain 
>>> ================================8<=====================================
>>>
>>>
>>> 
This was attached. I do not understand how this came about:
>>> ================================8<=====================================
>>>
>>> 
Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost
>>> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100
>>> 
>>> Final-Recipient: RFC822; root@xxxxxxxxxxxxxxxxxxxxxxxxx Action: failed 
>>> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code:
>>> SMTP; 554 5.7.1 Service unavailable; Client host [82.43.145.228]
>>> blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by 
>>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07
>>> +0200. Your admin should visit
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 
>>> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100 
>>> ================================8<=====================================
>>>
>>>
>>> 
And the actual mail was a standard setroubleshoot report detailing an
>>> AVC.
>>> 
>>> I admit I probably do not have this set up right, but I don't know
>>> what I have done wrong.
>>> 
>>> In /var/lib/setroubleshoot/email_alert_recipients I have simply: 
>>> root@localhost.localdomain       filter_type=after_first
>>> 
>>> Note that there is no ".org" after that.
>>> 
>>> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.
>>> 
>>> What do I have to do to fix this?
>>> 
>>> Thanks...
>>> 
>>> Mark
>>> 
>>> 
>>> 
>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>> First thing I would do is check mail as root and try to send a mail 
>> message to root@localhost.localdomain
> 
> Thanks. I can't try that until I get home this evening (the sysadmin here 
> at work has blocked the ssh port I use).
> 
> However, what puzzles me is why the mail goes outside the network at all. 
> I'm sure that when I had this working previously (on F15) it was just a 
> system mail delivered directly.
> 
> I'm sure I've got something wrong in my setup but I can't see where I'm 
> going wrong.
> 
> This has actually caused a massive problem for me as I am now listed on 
> several blacklists and the mail I send from my account often disappears 
> into the ether - presumably because my correspondent's ISP take an 
> aggressive approach to using blacklists to block mail.
> 
> Once I have sorted this out I will have to ask how to get off these 
> blacklists!
> 
> Thanks
> 
> Mark
> 
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
I don't know and have not looked at this code in a long time, there could be a
bug in the way it was implemented.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBpmzYACgkQrlYvE4MpobNKJQCdHg5z0BbvR1JqeZYXY7RJl1rK
NEIAni7uZreDwb00vc4BhmX+KhKhCRaV
=K3pU
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux