Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   Configuring Setroubleshhot (http://www.linux-archive.org/fedora-selinux-support/708370-configuring-setroubleshhot.html)

Arthur Dent 09-29-2012 06:17 PM
Configuring Setroubleshhot
 
Hello all,

I have just had a weird email indicating that my server is spamming.
This resulted from my attempt to get setroubleshoot to send email
notifications.

I don't really understand how this happened, and I keep looking at the
headers wondering exactly what went on...

This is the message I received:
================================8<================ =====================
The original message was received at Sat, 29 Sep 2012 17:18:17 +0100
from localhost [127.0.0.1]
with id q8TGIHxg001451

----- The following addresses had permanent fatal errors -----
<root@localhost.localdomain>
(reason: 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)

----- Transcript of session follows -----
... while talking to el-tio.edelhost.de.:
>>> DATA
<<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients
550 5.1.1 <SELinux_Troubleshoot@mydomain.org>... User unknown
================================8<================ =====================

These are the headers for that email. As far as I can tell the email
never left my server.
================================8<================ =====================
Return-path: <MAILER-DAEMON@mydomain.org>
X-spam-checker-version: SpamAssassin 3.3.2 (2011-06-06) on mydomain.org
X-spam-level:
X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS, T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2
Received: from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100
Date: Sat, 29 Sep 2012 17:18:19 +0100
From: Mail Delivery Subsystem <MAILER-DAEMON@mydomain.org>
Message-id: <201209291618.q8TGIJxg001453@mydomain.org>
To: postmaster@mydomain.org
Mime-version: 1.0
Content-type: multipart/report; report-type=delivery-status; boundary="q8TGIJxg001453.1348935499/mydomain.org"
Subject: Postmaster notify: see transcript for details
Auto-submitted: auto-generated (postmaster-notification)
X-evolution-source: 1292576305.15554.21@localhost.localdomain
================================8<================ =====================

This was attached. I do not understand how this came about:
================================8<================ =====================
Reporting-MTA: dns; mydomain.org
Received-From-MTA: DNS; localhost
Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100

Final-Recipient: RFC822; root@localhost.localdomain.org
Action: failed
Status: 5.7.1
Remote-MTA: DNS; el-tio.edelhost.de
Diagnostic-Code: SMTP; 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100
================================8<================ =====================

And the actual mail was a standard setroubleshoot report detailing an
AVC.

I admit I probably do not have this set up right, but I don't know what
I have done wrong.

In /var/lib/setroubleshoot/email_alert_recipients I have simply:
root@localhost.localdomain filter_type=after_first

Note that there is no ".org" after that.

I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.

What do I have to do to fix this?

Thanks...

Mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 10-01-2012 09:39 AM
Configuring Setroubleshhot
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/29/2012 02:17 PM, Arthur Dent wrote:
> Hello all,
>
> I have just had a weird email indicating that my server is spamming. This
> resulted from my attempt to get setroubleshoot to send email
> notifications.
>
> I don't really understand how this happened, and I keep looking at the
> headers wondering exactly what went on...
>
> This is the message I received:
> ================================8<================ ===================== The
> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from
> localhost [127.0.0.1] with id q8TGIHxg001451
>
> ----- The following addresses had permanent fatal errors -----
> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable; Client
> host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2 13:01:07
> +0200. Your admin should visit
> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)
>
> ----- Transcript of session follows ----- ... while talking to
> el-tio.edelhost.de.:
>>>> DATA
> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked
> using ix.dnsbl.manitu.net; Your e-mail service was detected by
> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07
> +0200. Your admin should visit
> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0
> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1
> <SELinux_Troubleshoot@mydomain.org>... User unknown
> ================================8<================ =====================
>
> These are the headers for that email. As far as I can tell the email never
> left my server.
> ================================8<================ =====================
> Return-path: <MAILER-DAEMON@mydomain.org> X-spam-checker-version:
> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level:
> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS,
> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2 Received:
> from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id
> q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep 2012
> 17:18:19 +0100 From: Mail Delivery Subsystem <MAILER-DAEMON@mydomain.org>
> Message-id: <201209291618.q8TGIJxg001453@mydomain.org> To:
> postmaster@mydomain.org Mime-version: 1.0 Content-type: multipart/report;
> report-type=delivery-status;
> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster
> notify: see transcript for details Auto-submitted: auto-generated
> (postmaster-notification) X-evolution-source:
> 1292576305.15554.21@localhost.localdomain
> ================================8<================ =====================
>
> This was attached. I do not understand how this came about:
> ================================8<================ =====================
> Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost
> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100
>
> Final-Recipient: RFC822; root@localhost.localdomain.org Action: failed
> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code: SMTP;
> 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using
> ix.dnsbl.manitu.net; Your e-mail service was detected by el-tio.edelhost.de
> (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin
> should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100
> ================================8<================ =====================
>
> And the actual mail was a standard setroubleshoot report detailing an AVC.
>
> I admit I probably do not have this set up right, but I don't know what I
> have done wrong.
>
> In /var/lib/setroubleshoot/email_alert_recipients I have simply:
> root@localhost.localdomain filter_type=after_first
>
> Note that there is no ".org" after that.
>
> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.
>
> What do I have to do to fix this?
>
> Thanks...
>
> Mark
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
First thing I would do is check mail as root and try to send a mail message to
root@localhost.localdomain



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBpZMMACgkQrlYvE4MpobNADQCfZvTcySZ0l9 BWZ7FpUVZLYP89
9cIAoLdL3/hZwjiTQKVL/B5mV6EC1ROC
=xt2G
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

"Arthur Dent" 10-01-2012 10:28 AM
Configuring Setroubleshhot
 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/29/2012 02:17 PM, Arthur Dent wrote:
>> Hello all,
>>
>> I have just had a weird email indicating that my server is spamming.
>> This
>> resulted from my attempt to get setroubleshoot to send email
>> notifications.
>>
>> I don't really understand how this happened, and I keep looking at the
>> headers wondering exactly what went on...
>>
>> This is the message I received:
>> ================================8<================ =====================
>> The
>> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from
>> localhost [127.0.0.1] with id q8TGIHxg001451
>>
>> ----- The following addresses had permanent fatal errors -----
>> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable;
>> Client
>> host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your e...2
>> 13:01:07
>> +0200. Your admin should visit
>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)
>>
>> ----- Transcript of session follows ----- ... while talking to
>> el-tio.edelhost.de.:
>>>>> DATA
>> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked
>> using ix.dnsbl.manitu.net; Your e-mail service was detected by
>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07
>> +0200. Your admin should visit
>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0
>> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1
>> <SELinux_Troubleshoot@mydomain.org>... User unknown
>> ================================8<================ =====================
>>
>> These are the headers for that email. As far as I can tell the email
>> never
>> left my server.
>> ================================8<================ =====================
>> Return-path: <MAILER-DAEMON@mydomain.org> X-spam-checker-version:
>> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level:
>> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS,
>> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2
>> Received:
>> from localhost (localhost) by mydomain.org (8.14.5/8.14.5) id
>> q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep 2012
>> 17:18:19 +0100 From: Mail Delivery Subsystem
>> <MAILER-DAEMON@mydomain.org>
>> Message-id: <201209291618.q8TGIJxg001453@mydomain.org> To:
>> postmaster@mydomain.org Mime-version: 1.0 Content-type:
>> multipart/report;
>> report-type=delivery-status;
>> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster
>> notify: see transcript for details Auto-submitted: auto-generated
>> (postmaster-notification) X-evolution-source:
>> 1292576305.15554.21@localhost.localdomain
>> ================================8<================ =====================
>>
>> This was attached. I do not understand how this came about:
>> ================================8<================ =====================
>> Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost
>> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100
>>
>> Final-Recipient: RFC822; root@localhost.localdomain.org Action: failed
>> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code: SMTP;
>> 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked using
>> ix.dnsbl.manitu.net; Your e-mail service was detected by
>> el-tio.edelhost.de
>> (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07 +0200. Your admin
>> should visit http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
>> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100
>> ================================8<================ =====================
>>
>> And the actual mail was a standard setroubleshoot report detailing an
>> AVC.
>>
>> I admit I probably do not have this set up right, but I don't know what
>> I
>> have done wrong.
>>
>> In /var/lib/setroubleshoot/email_alert_recipients I have simply:
>> root@localhost.localdomain filter_type=after_first
>>
>> Note that there is no ".org" after that.
>>
>> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.
>>
>> What do I have to do to fix this?
>>
>> Thanks...
>>
>> Mark
>>
>>
>>
>> -- selinux mailing list selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
> First thing I would do is check mail as root and try to send a mail
> message to
> root@localhost.localdomain

Thanks. I can't try that until I get home this evening (the sysadmin here
at work has blocked the ssh port I use).

However, what puzzles me is why the mail goes outside the network at all.
I'm sure that when I had this working previously (on F15) it was just a
system mail delivered directly.

I'm sure I've got something wrong in my setup but I can't see where I'm
going wrong.

This has actually caused a massive problem for me as I am now listed on
several blacklists and the mail I send from my account often disappears
into the ether - presumably because my correspondent's ISP take an
aggressive approach to using blacklists to block mail.

Once I have sorted this out I will have to ask how to get off these
blacklists!

Thanks

Mark




--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 10-01-2012 01:31 PM
Configuring Setroubleshhot
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/01/2012 06:28 AM, Arthur Dent wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 09/29/2012 02:17 PM, Arthur Dent wrote:
>>> Hello all,
>>>
>>> I have just had a weird email indicating that my server is spamming.
>>> This resulted from my attempt to get setroubleshoot to send email
>>> notifications.
>>>
>>> I don't really understand how this happened, and I keep looking at the
>>> headers wondering exactly what went on...
>>>
>>> This is the message I received:
>>> ================================8<================ =====================
>>>
>>>
The
>>> original message was received at Sat, 29 Sep 2012 17:18:17 +0100 from
>>> localhost [127.0.0.1] with id q8TGIHxg001451
>>>
>>> ----- The following addresses had permanent fatal errors -----
>>> <root@localhost.localdomain> (reason: 554 5.7.1 Service unavailable;
>>> Client host [82.43.145.228] blocked using ix.dnsbl.manitu.net; Your
>>> e...2 13:01:07 +0200. Your admin should visit
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228)
>>>
>>> ----- Transcript of session follows ----- ... while talking to
>>> el-tio.edelhost.de.:
>>>>>> DATA
>>> <<< 554 5.7.1 Service unavailable; Client host [82.43.145.228] blocked
>>> using ix.dnsbl.manitu.net; Your e-mail service was detected by
>>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07
>>> +0200. Your admin should visit
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228 554 5.0.0
>>> Service unavailable <<< 554 5.5.1 Error: no valid recipients 550 5.1.1
>>> <SELinux_Troubleshoot@mydomain.org>... User unknown
>>> ================================8<================ =====================
>>>
>>>
>>>
These are the headers for that email. As far as I can tell the email
>>> never left my server.
>>> ================================8<================ =====================
>>>
>>>
Return-path: <MAILER-DAEMON@mydomain.org> X-spam-checker-version:
>>> SpamAssassin 3.3.2 (2011-06-06) on mydomain.org X-spam-level:
>>> X-spam-status: No, score=-0.3 required=5.0 tests=BAYES_00,NO_RELAYS,
>>> T_TVD_MIME_NO_HEADERS,URIBL_WS_SURBL autolearn=no version=3.3.2
>>> Received: from localhost (localhost) by mydomain.org (8.14.5/8.14.5)
>>> id q8TGIJxg001453; Sat, 29 Sep 2012 17:18:19 +0100 Date: Sat, 29 Sep
>>> 2012 17:18:19 +0100 From: Mail Delivery Subsystem
>>> <MAILER-DAEMON@mydomain.org> Message-id:
>>> <201209291618.q8TGIJxg001453@mydomain.org> To: postmaster@mydomain.org
>>> Mime-version: 1.0 Content-type: multipart/report;
>>> report-type=delivery-status;
>>> boundary="q8TGIJxg001453.1348935499/mydomain.org" Subject: Postmaster
>>> notify: see transcript for details Auto-submitted: auto-generated
>>> (postmaster-notification) X-evolution-source:
>>> 1292576305.15554.21@localhost.localdomain
>>> ================================8<================ =====================
>>>
>>>
>>>
This was attached. I do not understand how this came about:
>>> ================================8<================ =====================
>>>
>>>
Reporting-MTA: dns; mydomain.org Received-From-MTA: DNS; localhost
>>> Arrival-Date: Sat, 29 Sep 2012 17:18:17 +0100
>>>
>>> Final-Recipient: RFC822; root@localhost.localdomain.org Action: failed
>>> Status: 5.7.1 Remote-MTA: DNS; el-tio.edelhost.de Diagnostic-Code:
>>> SMTP; 554 5.7.1 Service unavailable; Client host [82.43.145.228]
>>> blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by
>>> el-tio.edelhost.de (NiX Spam) as spamming at Sat, 29 Sep 2012 13:01:07
>>> +0200. Your admin should visit
>>> http://www.dnsbl.manitu.net/lookup.php?value=82.43.145.228
>>> Last-Attempt-Date: Sat, 29 Sep 2012 17:18:19 +0100
>>> ================================8<================ =====================
>>>
>>>
>>>
And the actual mail was a standard setroubleshoot report detailing an
>>> AVC.
>>>
>>> I admit I probably do not have this set up right, but I don't know
>>> what I have done wrong.
>>>
>>> In /var/lib/setroubleshoot/email_alert_recipients I have simply:
>>> root@localhost.localdomain filter_type=after_first
>>>
>>> Note that there is no ".org" after that.
>>>
>>> I have not touched /etc/setroubleshoot/setroubleshoot.conf at all.
>>>
>>> What do I have to do to fix this?
>>>
>>> Thanks...
>>>
>>> Mark
>>>
>>>
>>>
>>> -- selinux mailing list selinux@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>> First thing I would do is check mail as root and try to send a mail
>> message to root@localhost.localdomain
>
> Thanks. I can't try that until I get home this evening (the sysadmin here
> at work has blocked the ssh port I use).
>
> However, what puzzles me is why the mail goes outside the network at all.
> I'm sure that when I had this working previously (on F15) it was just a
> system mail delivered directly.
>
> I'm sure I've got something wrong in my setup but I can't see where I'm
> going wrong.
>
> This has actually caused a massive problem for me as I am now listed on
> several blacklists and the mail I send from my account often disappears
> into the ether - presumably because my correspondent's ISP take an
> aggressive approach to using blacklists to block mail.
>
> Once I have sorted this out I will have to ask how to get off these
> blacklists!
>
> Thanks
>
> Mark
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I don't know and have not looked at this code in a long time, there could be a
bug in the way it was implemented.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBpmzYACgkQrlYvE4MpobNKJQCdHg5z0BbvR1 JqeZYXY7RJl1rK
NEIAni7uZreDwb00vc4BhmX+KhKhCRaV
=K3pU
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 04:31 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.