Open relay from localhost and other questions

Robert Moskowitz rgm at htt-consult.com
Thu Apr 20 15:51:11 CEST 2017 


On 04/20/2017 04:51 AM, Dino Edwards wrote:
>
> In the @lookup_sql_dsn I have the following which works with no problem:
>
> @lookup_sql_dsn = (
>
> ['DBI:mysql:database=dbase;host=127.0.0.1;port=3306',
>
> 'sqluser',
>
> 'somepassword']);
>
> I’m not exactly sure what you are attempting to do with the 
> $sql_select_policy statement, maybe you can elaborate?
>

To lookup the valid users and mail originating from them is accepted 
going to anyone.

And the error did not occur last night.  I can't find anything that I 
updated since Apr 10, but the powerup I did yesterday (this test system 
has been down all of Passover), may have read in fresh configs that 
fixed a mysql access issue that I missed.


Of course root at z9m9z.test.htt-consult.com is not a user in the database, 
or an alias of one.  Only users at the domain level 
(root at test.htt-consult.com) are currently defined.  I think this is a 
postfixadmin problem...


> *From:*amavis-users 
> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org] 
> *On Behalf Of *Robert Moskowitz
> *Sent:* Wednesday, April 19, 2017 4:49 PM
> *To:* amavis-users at amavis.org
> *Subject:* Open relay from localhost and other questions
>
> This is my new test setup.
>
> I end amavis.conf with:
>
>
> 1;  # insure a defined return value
> $mydomain = 'test.htt-consult.com';
> $helpers_home = "$MYHOME/var";              # working directory for 
> SpamAssassin, -S
> $myhostname = 'z9m9z.test.htt-consult.com';           #  must be a 
> fully-qualified domain name!
> $log_level = 1; # set the log level to one
> $sa_tag_level_deflt = -99; # I want to see the headers so change to -99
> $sa_tag2_level_deflt = 5.0; # start with 5
> $sa_kill_level_deflt = 9;
> $sa_dsn_cutoff_level = 9;
> $sa_quarantine_cutoff_level = 50;
> $notify_method = 'smtp:[127.0.0.1]:10025';
> $forward_method = 'smtp:[127.0.0.1]:10025';
> $final_banned_destiny = D_DISCARD;
> $final_spam_destiny = D_PASS;
> @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 
> [2607:f4b8:3::]/48
>                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 
> 50.253.254.0/28);
> @lookup_sql_dsn =
>    ( 
> ['DBI:mysql:database=postfix;host=localhost;mysql_socket=/var/lib/mysql/mysql.sock', 
> 'postfix','postfixpassword] );
> $sql_select_white_black_list = undef;
> $sql_select_policy = 'SELECT "Y" as local, 1 as id FROM domain WHERE 
> CONCAT("@",domain) IN (%k)';
> 1;  # insure a defined return value
>
> This was done by appending my specific options after the 1; line then 
> adding my own 1; line.
>
> root at z9m9z.test.htt-consult.com <mailto:root at z9m9z.test.htt-consult.com>
>
> is NOT in the postfix database
>
> In postfix/mail.cf I have:
>
> postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
>
> and in master.cf I have:
>
> smtpd     pass  -       -       n       -       -       smtpd
> pickup    unix  n       -       n       60      1       pickup
>       -o content_filter=
> amavis unix -     -     y     -     2     lmtp
>       -o lmtp_data_done_timeout=1200
>       -o lmtp_send_xforward_command=yes
>       -o disable_dns_lookups=yes
>       -o max_use=20
>
>
> I am seeing the following in maillog from logwatch:
>
> Lots of questions.  The 4th line has a amavis SQL failure.
> Then concern that it is coming from an open relay?
> Amavis gets called a 2nd then 3rd time?  Should I put content_filter= 
> with gmgr so it does not call amavis?
>
> thanks
>
> Apr 10 03:34:36 z9m9z postfix/pickup[1501]: C735BB25B: uid=0 from=<root>
>
> Apr 10 03:34:37 z9m9z postfix/cleanup[2077]: C735BB25B: 
> message-id=<20170410073436.C735BB25B at z9m9z.test.htt-consult.com> 
> <mailto:20170410073436.C735BB25B at z9m9z.test.htt-consult.com>
>
> Apr 10 03:34:37 z9m9z postfix/qmgr[3107]: C735BB25B: 
> from=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, size=5300, nrcpt=1 (queue 
> active)
>
> Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) NOTICE: reconnecting in 
> response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL 
> server has gone away at (eval 129) line 172.
>
> Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) LMTP [127.0.0.1]:10024 
> /var/spool/amavisd/tmp/amavis-20170409T010521-02045-SZAIGFN5: 
> <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com> -> 
> <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com> SIZE=5300 Received: from 
> z9m9z.test.htt-consult.com ([127.0.0.1]) by localhost 
> (z9m9z.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) 
> with LMTP for <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>; Mon, 10 Apr 2017 03:34:38 
> -0400 (EDT)
>
> Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) Checking: SGMxb1MYeOCZ 
> [127.0.0.1] <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com> -> 
> <root at z9m9z.test.htt-consult.com> <mailto:root at z9m9z.test.htt-consult.com>
>
> Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) Open relay? Nonlocal 
> recips but not originating: root at z9m9z.test.htt-consult.com 
> <mailto:root at z9m9z.test.htt-consult.com>
>
> Apr 10 03:34:51 z9m9z postfix/smtpd[2120]: connect from 
> localhost[127.0.0.1]
>
> Apr 10 03:34:52 z9m9z postfix/smtpd[2120]: 9D31F6B28: 
> client=localhost[127.0.0.1]
>
> Apr 10 03:34:52 z9m9z postfix/cleanup[2077]: 9D31F6B28: 
> message-id=<20170410073436.C735BB25B at z9m9z.test.htt-consult.com> 
> <mailto:20170410073436.C735BB25B at z9m9z.test.htt-consult.com>
>
> Apr 10 03:34:52 z9m9z postfix/smtpd[2120]: disconnect from 
> localhost[127.0.0.1]
>
> Apr 10 03:34:52 z9m9z amavis[2045]: (02045-11) SGMxb1MYeOCZ FWD from 
> <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com> -> 
> <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, BODY=7BIT 250 2.0.0 from 
> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9D31F6B28
>
> Apr 10 03:34:52 z9m9z postfix/qmgr[3107]: 9D31F6B28: 
> from=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, size=5795, nrcpt=1 (queue 
> active)
>
> Apr 10 03:34:52 z9m9z amavis[2045]: (02045-11) Passed CLEAN 
> {RelayedOpenRelay}, [127.0.0.1] <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com> -> 
> <root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, Message-ID: 
> <20170410073436.C735BB25B at z9m9z.test.htt-consult.com> 
> <mailto:20170410073436.C735BB25B at z9m9z.test.htt-consult.com>, mail_id: 
> SGMxb1MYeOCZ, Hits: -0.001, size: 5294, queued_as: 9D31F6B28, 14698 ms
>
> Apr 10 03:34:52 z9m9z postfix/lmtp[2099]: C735BB25B: 
> to=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, orig_to=<root>, 
> relay=127.0.0.1[127.0.0.1]:10024, delay=30, delays=15/0.18/0.14/15, 
> dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 
> 250 2.0.0 Ok: queued as 9D31F6B28)
>
> Apr 10 03:34:52 z9m9z postfix/qmgr[3107]: C735BB25B: removed
>
> Apr 10 03:34:52 z9m9z postfix/cleanup[2077]: E8ABF4F8A: 
> message-id=<20170410073436.C735BB25B at z9m9z.test.htt-consult.com> 
> <mailto:20170410073436.C735BB25B at z9m9z.test.htt-consult.com>
>
> Apr 10 03:34:53 z9m9z postfix/local[2126]: 9D31F6B28: 
> to=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, relay=local, delay=0.38, 
> delays=0.09/0.2/0/0.09, dsn=2.0.0, status=sent (forwarded as E8ABF4F8A)
>
> Apr 10 03:34:53 z9m9z postfix/qmgr[3107]: E8ABF4F8A: 
> from=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, size=5947, nrcpt=1 (queue 
> active)
>
> Apr 10 03:34:53 z9m9z postfix/qmgr[3107]: 9D31F6B28: removed
>
> Apr 10 03:34:55 z9m9z postfix/smtp[2128]: Untrusted TLS connection 
> established to z9m9z.htt-consult.com[50.253.254.3]:25: TLSv1.2 with 
> cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> Apr 10 03:34:57 z9m9z postfix/smtp[2128]: E8ABF4F8A: 
> to=<rgm at htt-consult.com> <mailto:rgm at htt-consult.com>, 
> orig_to=<root at z9m9z.test.htt-consult.com> 
> <mailto:root at z9m9z.test.htt-consult.com>, 
> relay=z9m9z.htt-consult.com[50.253.254.3]:25, delay=4.3,
> delays=0.05/0.11/1.9/2.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued 
> as 2B51E6212F)
>
> Apr 10 03:34:57 z9m9z postfix/qmgr[3107]: E8ABF4F8A: removed
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170420/3d5289e4/attachment.html>

More information about the amavis-users mailing list