Koozali.org: home of the SME Server
Other Languages => Italiano => Topic started by: ello on December 30, 2022, 12:40:53 PM
-
buon giorno
Mi ritrovo con un problema sull email, ho un server sme 10 configurato come server-gateway e controller di dominio, sette utenti, nome dominio miaazienda.it e server di posta configurato su nome dominio.
da circa una una settimana da due utenti partono, senza nessuna azione da parte degli utenti, migliaia di e-mail a utenti sconosciuti. Mi sono ritrovato in una situazione simile a tre anni fà e con l'aiuto di Fumetto e di qmHandle risolvei il problema, ora invece la coda si rigenera ogni volta questa e la mia configurazione:
config show qpsmtpd
qpsmtpd=service
Authentication=enabled
Bcc=disabled
BccMode=cc
BccUser=maillog
DKIMSigning=enabled
DNSBL=disabled
Instances=40
InstancesPerIP=5
LogLevel=6
MaxScannerSize=25000000
MaximumDateOffset=0
PatternsScan=disabled
Proxy=transparent
RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
RHSBL=disabled
RelayRequiresAuth=enabled
SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
TCPPort=25
TCPProxyPort=25
TlsBeforeAuth=1
UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
URIBL=disabled
VirusScan=enabled
access=public
qplogsumm=disabled
status=enabled
tnef2mime=enabled
tail -f /var/log/qmail/current | tai64nlocal
2022-12-30 12:33:18.833825500 new msg 1077589914
2022-12-30 12:33:18.833826500 info msg 1077589914: bytes 6319 from <noreply-dmarc-support@google.com> qp 31665 uid 400
2022-12-30 12:33:18.899622500 starting delivery 18: msg 1077589914 to local admin@sme.studiogelda.it
2022-12-30 12:33:18.899623500 status: local 2/20 remote 0/20
2022-12-30 12:33:18.899651500 delivery 17: success: did_1+0+1/
2022-12-30 12:33:18.899888500 status: local 1/20 remote 0/20
2022-12-30 12:33:18.899889500 end msg 1077589910
2022-12-30 12:33:18.916513500 delivery 18: success: did_1+0+1/
2022-12-30 12:33:18.916646500 status: local 0/20 remote 0/20
2022-12-30 12:33:18.916683500 end msg 1077589914
2022-12-30 12:36:53.860294500 warning: unable to stat mess/0/1075550449
2022-12-30 12:36:53.860808500 new msg 1077589910
2022-12-30 12:36:53.860809500 info msg 1077589910: bytes 5568 from <abuse@seznam.cz> qp 31699 uid 453
2022-12-30 12:36:53.918753500 starting delivery 19: msg 1077589910 to local alias-localdelivery-dmarc-feedback@studiogelda.it
2022-12-30 12:36:53.918760500 status: local 1/20 remote 0/20
2022-12-30 12:36:53.968770500 warning: unable to stat mess/0/1075550449
2022-12-30 12:36:53.969039500 new msg 1075186061
2022-12-30 12:36:53.969040500 info msg 1075186061: bytes 5701 from <abuse@seznam.cz> qp 31702 uid 400
2022-12-30 12:36:54.010522500 delivery 19: success: forward:_qp_31702/did_0+0+1/
2022-12-30 12:36:54.010832500 status: local 0/20 remote 0/20
2022-12-30 12:36:54.010834500 starting delivery 20: msg 1075186061 to local dmarc-feedback@sme.studiogelda.it
2022-12-30 12:36:54.010835500 status: local 1/20 remote 0/20
2022-12-30 12:36:54.010836500 end msg 1077589910
2022-12-30 12:36:54.060834500 warning: unable to stat mess/0/1075550449
2022-12-30 12:36:54.060835500 new msg 1077589910
2022-12-30 12:36:54.060836500 info msg 1077589910: bytes 5818 from <abuse@seznam.cz> qp 31705 uid 400
2022-12-30 12:36:54.110820500 starting delivery 21: msg 1077589910 to local alias-localdelivery-admin@studiogelda.it
2022-12-30 12:36:54.110829500 status: local 2/20 remote 0/20
2022-12-30 12:36:54.110854500 delivery 20: success: did_0+1+0/qp_31705/
2022-12-30 12:36:54.111039500 status: local 1/20 remote 0/20
2022-12-30 12:36:54.111041500 end msg 1075186061
2022-12-30 12:36:54.160896500 warning: unable to stat mess/0/1075550449
2022-12-30 12:36:54.161125500 new msg 1075186061
2022-12-30 12:36:54.161126500 info msg 1075186061: bytes 5942 from <abuse@seznam.cz> qp 31708 uid 400
2022-12-30 12:36:54.202741500 starting delivery 22: msg 1075186061 to local admin@sme.studiogelda.it
2022-12-30 12:36:54.202765500 status: local 2/20 remote 0/20
2022-12-30 12:36:54.202791500 delivery 21: success: forward:_qp_31708/did_0+0+1/
2022-12-30 12:36:54.202934500 status: local 1/20 remote 0/20
2022-12-30 12:36:54.202948500 end msg 1077589910
2022-12-30 12:36:54.219774500 delivery 22: success: did_1+0+1/
2022-12-30 12:36:54.219980500 status: local 0/20 remote 0/20
2022-12-30 12:36:54.219982500 end msg 1075186061
ovviamente ringrazio anticipatamente per l'aiuto ricevuto
-
from the qmail log you post i can only see email getting in(mostly from sezman.cz). none trying to get out.
can you post a short output of the qmailhandle list
have you any contrib installed ?
-
buon anno
grazie per la risposta, i contrib da me installati Email-Management, Mailman, qmHandle
tail -f /var/log/qmail/current | tai64nlocal
2023-01-02 10:45:22.954963500 delivery 56: failure: 108.177.119.26_failed_after_I_sent_the_message./Remote_host_said:_550-5.7.26_Unauthenticated_email_from_studiogelda.it_is_not_accepted_due_to/550-5.7.26_domain's_DMARC_policy._Please_contact_the_administrator_of/550-5.7.26_studiogelda.it_domain_if_this_was_a_legitimate_mail._Please_visit/550-5.7.26__https://support.google.com/mail/answer/2451690_to_learn_about_the/550_5.7.26_DMARC_initiative._f26-20020a05640214da00b0048999d127f8si9224318edx.526_-_gsmtp/STARTTLS_proto=TLSv1.2;_cipher=ECDHE-ECDSA-AES128-GCM-SHA256;_subject=/CN=mx.google.com;_issuer=/C=US/O=Google_Trust_Services_LLC/CN=GTS_CA_1C3;/
2023-01-02 10:45:22.955368500 status: local 0/20 remote 0/20
2023-01-02 10:45:23.009269500 bounce msg 1082661849 qp 531
2023-01-02 10:45:23.009320500 end msg 1082661849
2023-01-02 10:45:23.009599500 new msg 1075550461
2023-01-02 10:45:23.009618500 info msg 1075550461: bytes 2543 from <> qp 531 uid 406
2023-01-02 10:45:23.042764500 starting delivery 57: msg 1075550461 to local tufaro@sme.studiogelda.it
2023-01-02 10:45:23.042766500 status: local 1/20 remote 0/20
2023-01-02 10:45:23.076372500 delivery 57: success: did_1+0+1/
2023-01-02 10:45:23.076626500 status: local 0/20 remote 0/20
2023-01-02 10:45:23.076628500 end msg 1075550461
qmHandle -l
1074696119 (5, 5/1074696119)
Return-path: sonia@studiogelda.it
From: sonia@studiogelda.it
To: jmanortiz@gmail.com, chas.andrew@yahoo.com
Subject: 1/2/2023 Message received from TianaBabyGirl458
Date: Mon, 2 Jan 2023 01:06:29 -0800
Size: 6642 bytes
1082661878 (13, 13/1082661878)
Return-path: sonia@studiogelda.it
From: sonia@studiogelda.it
To: itmicronet@hotmail.com, barrycarter248@yahoo.co.uk
Subject: New member ShanaeStudley292 1/2/2023
Date: Mon, 2 Jan 2023 01:06:00 -0800
Size: 6612 bytes
1074874179 (22, 22/1074874179)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: tony_gale2003@yahoo.com, jamesbostwick1965@gmail.com
Subject: 1/2/2023 Message for you from RachelBeany872
Date: Mon, 2 Jan 2023 01:07:40 -0800
Size: 6580 bytes
1075186061 (1, 1/1075186061)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: armanhoseini766@gmail.com, mark.pickup@yahoo.co.uk
Subject: Message received from MollyRage578 1/2/2023
Date: Mon, 2 Jan 2023 01:07:31 -0800
Size: 6621 bytes
1082661868 (3, 3/1082661868)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: archies011@yahoo.com, damordavis66@gmail.com
Subject: 1/2/2023 Dating Request RoxieLuvs585
Date: Mon, 2 Jan 2023 00:58:38 -0800
Size: 6632 bytes
1074874180 (0, 0/1074874180)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: redslady1@yahoo.com, nutbutter365@gmail.com
Subject: New message from LindaNaughty802 1/2/2023
Date: Mon, 2 Jan 2023 01:10:21 -0800
Size: 6499 bytes
1082661869 (4, 4/1082661869)
Return-path: sonia@studiogelda.it
From: sonia@studiogelda.it
To: ivanmanning11@gmail.com, gibbset62.jg@gmail.com
Subject: 1/2/2023 Message for you from TomikaBaby282
Date: Mon, 2 Jan 2023 01:00:15 -0800
Size: 6639 bytes
1082661882 (17, 17/1082661882)
Return-path: sonia@studiogelda.it
From: sonia@studiogelda.it
To: artie4419@gmail.com, knot3love689@yahoo.com
Subject: New member RebbecaInflatableDoll.843 1/2/2023
Date: Mon, 2 Jan 2023 01:06:11 -0800
Size: 6608 bytes
1074867255 (21, 21/1074867255)
Return-path: sonia@studiogelda.it
From: sonia@studiogelda.it
To: willibrownl@outlook.com, italianmike63@yahoo.com
Subject: You've got 1 friend request from DeidreGoldfish558 1/2/2023
Date: Mon, 2 Jan 2023 01:06:47 -0800
Size: 6554 bytes
1074867266 (9, 9/1074867266)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: jonathanr5002@gmail.com, jeremypugh36@yahoo.com
Subject: Message received from CorieAnimal384 1/2/2023
Date: Mon, 2 Jan 2023 01:06:59 -0800
Size: 6614 bytes
1074874174 (17, 17/1074874174)
Return-path: tania@studiogelda.it
From: tania@studiogelda.it
To: getkap21@gmail.com, george729@yahoo.com
Subject: 1/2/2023 Dating Request RachelCutiePants872
Date: Mon, 2 Jan 2023 01:07:35 -0800
Size: 6642 bytes
Total messages: 11
Messages with local recipients: 0
Messages with remote recipients: 11
Messages with bounces: 1
Messages in preprocess: 0
Gmail non accetta più le nostre e-mail ho letto che c'è la possibilità di inserire nell' header della posta la direttiva list-unsubscribe ma sinceramente non so dove agire, per il momento per non aggravare la situazione ho disabilitato gli account che hanno provocato questa situazione. Spamassassin contrassegna come spam livello 4, rifiuto a livello 10, fortunatamente ancora non sono inscritto a nessuna blacklist, spf, dkim, e dmarc configurati e funzionanti.
quest è l'ultimo report ricevuto relativo a dmarc
<?xml version="1.0" encoding="UTF-8"?>
-<feedback>
<version>1.0</version>
-<report_metadata>
<org_name>comcast.net</org_name>
<email>dmarc-admin@alerts.comcast.net</email>
<report_id>v2-1672631168-studiogelda.it</report_id>
-<date_range>
<begin>1672531200</begin>
<end>1672617600</end>
</date_range>
</report_metadata>
-<policy_published>
<domain>studiogelda.it</domain>
<adkim>s</adkim>
<aspf>r</aspf>
<p>reject</p>
<sp>reject</sp>
<pct>100</pct>
<fo>0</fo>
</policy_published>
-<record>
-<row>
<source_ip>151.84.109.14</source_ip>
<count>9</count>
-<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>studiogelda.it</header_from>
<envelope_from>studiogelda.it</envelope_from>
</identifiers>
-<auth_results>
-<dkim>
<domain>studiogelda.it</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
-<spf>
<domain>studiogelda.it</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
-
https://wiki.koozali.org/Email#Outbound_DKIM_signing_.2F_SPF_.2F_DMARC_policy
https://mxtoolbox.com/diagnostic.aspx
Spamassassin ha effetto solo sulla posta in entrata, non in uscita. Se il server continua a rigenerare la posta, dovresti considerare di essere stato violato e agire di conseguenza: verrai presto inserito nella lista nera.
O qualcuno ha le password degli utenti - cambiale immediatamente - o qualcuno ha accesso al tuo server.
Metti offline il server e controlla i tuoi log. Controllare sqpsmtpd per i nomi utente per la posta in uscita.
Verificare la presenza di software aggiuntivo che potrebbe essere stato installato. Fai un bug report completo dal server-manager in basso a sinistra. Incollalo dove possiamo vederlo.
-----------
Spamassassin only affects inbound mail, not outbound.
If the server keeps regenerating mail you should consider you have been hacked and act accordingly - you will get blacklisted soon.
Either someone has the passwords for the users - change them immediately - or someone has access to your server.
Take the server offline and go through your logs.
Check sqpsmtpd for the user names for outgoing mail.
Check for additional software that might have been installed.
Do a complete bug report from the server-manager lower left. Paste it where we can see it.
-
grazie per l'assistenza
bug report
==================
Base configuration
==================
SME server version: 10.1
SME server mode: servergateway
SME server previous mode: servergateway
Running Kernel: 3.10.0-1160.81.1.el7.x86_64
===========================
New RPMs not in base system
===========================
Plugin abilitati:fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
* base: it1.mirror.vhosting-it.com
* smeaddons: www.mirrorservice.org
* smeos: www.mirrorservice.org
* smeupdates: www.mirrorservice.org
* updates: it1.mirror.vhosting-it.com
Pacchetti extra
GeoIP.x86_64 1.6.12-9.el7.sme @smecontribs
GeoIP-GeoLite-data.noarch 2018.06-7.el7.sme @smecontribs
GeoIP-GeoLite-data-extra.noarch 2018.06-7.el7.sme @smecontribs
fail2ban-sendmail.noarch 0.11.2-3.el7 @smecontribs
fail2ban-server.noarch 0.11.2-3.el7 @smecontribs
libspf2.x86_64 1.2.11-1.20210922git4915c308.el7 @epel
libspf2-progs.x86_64 1.2.11-1.20210922git4915c308.el7 @epel
perl-Data-Validate-IP.noarch 0.27-13.el7 @smecontribs
perl-Unicode-IMAPUtf7.noarch 2.01-1.of.el7 @smecontribs
smeserver-certificate.noarch 0.0.4-13.el7.sme @smecontribs
smeserver-dhcpmanager.noarch 2.0.4-12.el7.sme @smecontribs
smeserver-email-management.noarch 1.3-5.el7.sme @smecontribs
smeserver-fail2ban.noarch 9:0.1.18-30.el7.sme @smecontribs
smeserver-mailsorting.noarch 1.4-14.el7.sme @smecontribs
smeserver-qmHandle.noarch 1.4-24.el7.sme @smecontribs
smeserver-vacation.noarch 1.1-34.el7.sme @smecontribs
===========================
Custom and modified templates
===========================
/etc/e-smith/templates-custom/etc/dhcpd.conf/20tftp: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dhcpd.conf/16tftp: MANUALLY_ADDED, ADDITION
===========================
Modified events
===========================
=======================
Additional repositories
=======================
base: enabled
centosplus: disabled
epel: disabled
extras: disabled
fasttrack: disabled
libreswan: enabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
sqpsmtpd
@4000000063b2d96439b6ae5c 3699 550 Cannot establish SSL session
@4000000063b2d96439b7cb84 3699 click, disconnecting
@4000000063b2d9652cea9e7c 1102 cleaning up after 3699
@4000000063b2d967045630fc 3704 dispatching EHLO [127.0.0.1]
@4000000063b2d9670463311c 3704 (ehlo) helo: pass
@4000000063b2d967046e6c1c 3704 250-studiogelda.it Hi fixed-189-203-144-192.totalplay.net [189.203.144.192]
@4000000063b2d967046ec9dc 3704 250-PIPELINING
@4000000063b2d967046f79a4 3704 250-8BITMIME
@4000000063b2d967046fbff4 3704 250-SIZE 15000000
@4000000063b2d96704708b14 3704 250 AUTH PLAIN LOGIN
@4000000063b2d96c0d4be47c 3704 dispatching AUTH PLAIN
@4000000063b2d96c0d517a2c 3704 334
@4000000063b2d97008cabd74 Use of uninitialized value $ret in unpack at /usr/share/qpsmtpd/plugins/auth/auth_cvm_unix_local line 124.
@4000000063b2d97008cd596c 3704 (auth-plain) auth::auth_cvm_unix_local: skip: no response from cvm for sonia@studiogelda.it
@4000000063b2d97008d18ba4 3704 535 PLAIN authentication failed for sonia@studiogelda.it
@4000000063b2d9720b0e7f6c 3704 dispatching AUTH LOGIN
@4000000063b2d9720b13693c 3704 334 VXNlcm5hbWU6
@4000000063b2d97426f5ee2c 3704 334 UGFzc3dvcmQ6
@4000000063b2d97719801d44 Use of uninitialized value $ret in unpack at /usr/share/qpsmtpd/plugins/auth/auth_cvm_unix_local line 124.
@4000000063b2d9771989ecfc 3704 (auth-login) auth::auth_cvm_unix_local: skip: no response from cvm for sonia@studiogelda.it
@4000000063b2d9771989fc9c 3704 535 LOGIN authentication failed for sonia@studiogelda.it
@4000000063b2d97a158fd42c 3704 dispatching QUIT
@4000000063b2d97a159477ac 3704 221 studiogelda.it closing connection. Have a wonderful day.
@4000000063b2d97a159828fc 3704 click, disconnecting
@4000000063b2d97a2e34e544 1102 cleaning up after 3704
@4000000063b2d9851d129aa4 3700 (connect) tls: fail, unable to establish SSL
@4000000063b2d9851d164fdc 3700 (deny) logging::logterse: ` 185.172.215.34 Unknown tls 903 Cannot establish SSL session msg denied before queued
@4000000063b2d9851d188644 3700 550 Cannot establish SSL session
@4000000063b2d9851d193ddc 3700 click, disconnecting
@4000000063b2d9852ee30f34 1102 cleaning up after 3700
/quote]