Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: kruhm on January 14, 2015, 09:34:03 PM

Title: ylmf-pc block
Post by: kruhm on January 14, 2015, 09:34:03 PM

Anyone else seeing a massive amount of connections from ylmf-pc?

Code: [Select]

#pwd
/var/log/qpsmtpd

Code: [Select]

# grep -r ylmf ./* -c
./@400000005477bfce30c30264.s:1365
./@40000000547d71f10ef97924.s:2359
./@4000000054834b92367af004.s:1986
./@40000000548bf1461aa68c44.s:1313
./@4000000054925b78229f3a54.s:2696
./@40000000549c2bdf2b563b0c.s:976
./@4000000054a4f9942fcf1514.s:436
./@4000000054aab8431370ad4c.s:622
./@4000000054b246d93b1972ac.s:482
./current:317

Title: Re: ylmf-pc block
Post by: warren on January 14, 2015, 10:02:28 PM

3 Servers showing following so far :

Code: [Select]

./@4000000054aec7282e873394.s:0
./@4000000054aee13734ab73ac.s:0
./@4000000054af08e924523d9c.s:18
./@4000000054af446907d6ff04.s:224
./@4000000054af869c0a795fa4.s:0
./@4000000054b13e4e113e0254.s:667
./@4000000054b3bbc632530c8c.s:54
./@4000000054b51cce09918bfc.s:815
./@4000000054b6b78000c06bc4.s:710
./current:86


Code: [Select]

./@4000000054a7187130ab4ffc.s:3664
./@4000000054a8a75604864d64.s:331
./@4000000054aabfd41bfa0e54.s:66
./@4000000054ad40661ac04a1c.s:97
./@4000000054af34fb3887ac0c.s:8
./@4000000054b371e216bfe01c.s:118
./@4000000054b376512e2e26b4.u:0
./@4000000054b39c871cdb7574.u:0
./@4000000054b5d34d1b87ad14.s:63
./current:0


Code: [Select]

./@4000000054aa9a051bbbe444.s:0
./@4000000054ac098b38ebfbbc.s:27
./@4000000054ad4db13b0adc4c.s:76
./@4000000054aeb290362f73cc.s:44
./@4000000054b2c4a106821d64.s:238
./@4000000054b5e4561322a0d4.s:677
./current:504


Title: Re: ylmf-pc block
Post by: guest22 on January 14, 2015, 11:10:53 PM

Quote from: kruhm on January 14, 2015, 09:34:03 PM

Anyone else seeing a massive amount of connections from ylmf-pc?

Please Google for ylmf-pc

Title: Re: ylmf-pc block
Post by: CharlieBrady on January 19, 2015, 03:08:21 PM

You should be able to drop those connections early if you add 'ylmf-pc' to the badhelo configuration file (via custom template I think).

Please try it and confirm here.

Title: Re: ylmf-pc block
Post by: warren on January 19, 2015, 03:28:35 PM

confirmed

Quote

2015-01-19 12:41:39.080882500 14911 logging::logterse plugin (deny): ` 70.90.38.41      70-90-38-41-Michigan.hfc.comcastbusiness.net       check_spamhelo   903     Sorry, I don't believe that you are ylmf-pc.    msg denied before queued

Title: Re: ylmf-pc block
Post by: kruhm on February 11, 2015, 05:49:17 PM

For future reference, badhelo is in:
/var/service/qpsmtpd/config/badhelo

While the file is templated, it hasn't made its way into the config-db.

You can see the current values as a guide.

Code: [Select]

cat /etc/e-smith/templates/var/service/qpsmtpd/config/badhelo/20yahoo.com
yahoo.com
Using that info, you can customize this with a template-custom.

Make the dir:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/badhelo
Edit the file:

Code: [Select]

echo ylmf-pc > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/badhelo/20ylmf-pc
Expand and restart the service by signaling the event:

Code: [Select]

signal-event email-update
============================================
This could probably make its way into the config-db with the following:
/etc/e-smith/templates/var/service/qpsmtpd/config/badhelo/20BadHeloItems

Code: [Select]

{
my @badhelo = split /[,:]/, ${qpsmtpd}{BadHelo} || '';

return "# No BadHelo are defined" unless (scalar @badhelo);

return join "\n", @badhelo;
}
Add the values to the config-db:

Code: [Select]

config setprop qpsmtpd BadHelo aol.com,yahoo.com,ylmf-pc
Expand and restart:

Code: [Select]

signal-event email-update

Title: Re: ylmf-pc block
Post by: CharlieBrady on February 11, 2015, 06:03:31 PM

Quote from: kruhm on February 11, 2015, 05:49:17 PM

Edit the file:

Code: [Select]

vi /etc/e-smith/templates-custom/var/service/qpsmtpd/config/badhelo/20ylmf-pc
Insert the following

Code: [Select]

ylmf-pc

You can combine those two steps using:

Code: [Select]

echo ylmf-pc > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/badhelo/20ylmf-pc

with the side benefit that you don't need to know how to use 'vi'.

Title: Re: ylmf-pc block
Post by: guest22 on February 11, 2015, 06:06:34 PM

Quote from: kruhm on February 11, 2015, 05:49:17 PM

============================================
This could probably make its way into the config-db with the following:

Definitely worth a bug report. Thanks.

Title: Re: ylmf-pc block
Post by: kruhm on February 11, 2015, 06:19:15 PM

Updated steps above. Thanks for the improvement.

I'll be glad to open a bug. As soon as my open feature request from 2007 is complete.
http://bugs.contribs.org/show_bug.cgi?id=2409

Title: Re: ylmf-pc block
Post by: guest22 on February 11, 2015, 06:42:05 PM

Quote from: kruhm on February 11, 2015, 06:19:15 PM

I'll be glad to open a bug. As soon as my open feature request from 2007 is complete.
http://bugs.contribs.org/show_bug.cgi?id=2409 (http://bugs.contribs.org/show_bug.cgi?id=2409)

Good point.

Title: Re: ylmf-pc block
Post by: ReetP on February 11, 2015, 09:26:21 PM

Quote from: kruhm on February 11, 2015, 06:19:15 PM

Updated steps above. Thanks for the improvement.

I'll be glad to open a bug. As soon as my open feature request from 2007 is complete.
http://bugs.contribs.org/show_bug.cgi?id=2409

I'll put it on my list of things to fix :-)

Will continue the conversation on the bug.....

Title: Re: ylmf-pc block
Post by: ReetP on June 11, 2015, 01:31:24 AM

Just an update on this thread for future reference.

The fix suggested here for BadHelo for ylmf-pc is incorporated in the WBL contrib.

Bug 2409 is also incorporated in the WBL contrib.