Topic: Hash/SHA256 based attachment filter - catched WannaCry

[SchulzStefan]

@Jesper

How can this be solved?

# ./SMEOptimizer.pl --initialize

         SMEOptimizer - Optimize your SME server
by SMEOptimizer.com - Copyright (c) 2016-17, all rights reserved.
 Servers hosted and operated by ScanMailX - www.scanmailx.com

Trying to register with SMEOptimizer...
ERROR: Couldn't register right now - try again later!Online registration for this specific SME server (Version 9.2), requires you to e-mail below unique indentifier to register@smeoptimizer.com.

UUID: 12345

You will receive a regitration confirmation back within 24 hours and the services will automatically be activated.


Sent an email as requested. Here's the answer:

MAILER-DAEMON@swerts-knudsen.dk
failure notice

"Hi. This is the qmail-send program at swerts-knudsen.dk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<jkn@swerts.dk>:
Connected to 176.222.239.100 but sender was rejected.
Remote host said: 550 Sorry but domain not registered with ScanMailX (xyz.de)!"

Domain is registered...

[Knuddi]

@SchulzStefan

I assume that either the SME Optimizer server was offline or the box you try to install on not on the internet?

The UUID which is printed during the attempt to register is odd (do you obfuscate it?). What does your server indicate for SystemID when issuing (12345?):

#config show sysconfig

/Jesper

[SchulzStefan]

Jesper,

thank you for answering.

Server has access to the internet. Server is behind a firewall. Primary (local) domain is different to the subscribed domain. That means the local domain is xyz.local, the domain I registered is xyz.de. Output of config show sysconfig is:

# config show sysconfig
sysconfig=configuration
    InstallEpoch=1291393193
    KeyboardType=pc
    Keytable=de-latin1-nodeadkeys
    Language=de_DE.UTF-8
    PreviousSystemMode=serveronly
    Registration=none
    ReleaseVersion=9.2
    SystemID=12345

The UUID which is printed during the attempt to register is odd (do you obfuscate it?).

Yes, but it's the same as SMEOptimizer wants as unique identifier.

Regards,
stefan

[SchulzStefan]

Another server, which seemed to be successfully installed, brings up the following message:

Your SME server on IP address 84.131.659.13 seems to have SMTP problems.

SMTP Error log
Error message    Cannot open SMTP connection to 84.131.659.13 on port 25!
Last check    2017-06-18 12:03:18


Best regards,
SME Optimizer

Server is behind a firewall and is sending and receiving all email nearly (see Bug wbl/qpsmtpd bounces...) properly.

How to investigate on this?

Regards,
stefan

[Stefano]

If you're using fetchmail your server is not receiving emails, just fetching them

[Knuddi]

SME Optimizer tries to connect to your server (84.131.659.13) on port 25. If that is not possible, then it will report what you listed. So if you are on a DynDNS IP and it changes often then you can have a problem.

[SchulzStefan]

@Jesper,

I tried again registering, no luck.

# ./SMEOptimizer.pl --initialize

         SMEOptimizer - Optimize your SME server
by SMEOptimizer.com - Copyright (c) 2016-17, all rights reserved.
 Servers hosted and operated by ScanMailX - www.scanmailx.com

Trying to register with SMEOptimizer...
ERROR: Couldn't register right now - try again later!Online registration for this specific SME server (Version 9.2), requires you to e-mail below unique indentifier to register@smeoptimizer.com.

UUID: 12345

You will receive a regitration confirmation back within 24 hours and the services will automatically be activated.

I sent again an email and your server says you don't like.

<jkn@swerts.dk>:
Connected to 176.222.239.100 but sender was rejected.
Remote host said: 550 Sorry but domain not registered with ScanMailX (xyz.de)!

As I reported the local domain is different from the email domain. Helo is *.local, email From (Return-Path) is the registered domain. Server has no static IP.

What is checked? The domain from the HELO or the domain in the email-adress? If it's the HELO it's clear that there's nothing registered. It is a LOCAL domain.

If so, then the domain *must* be renamed to a LIVE/REGISTERED domain. Otherwise it'll not work. Am I right?

Regards,
stefan

[Stefano]

https://wiki.contribs.org/Email#Set_Helo_hostname
https://wiki.contribs.org/DB_Variables_Configuration#smtpd

[ReetP]

At a guess I think the issue is that the server uses a dynamic IP which I am not sure the script allows for.

I think it works on the basis that mail servers normally run on a static IP with properly configured dns records.

Whether it could be modified to handle dynamic dns I do not know.

[Stefano]

there's no problem in using a dynamic IP for a mail server (for receiving emails.. sending is another topic)

I have some servers on dynamic IP.. I use dyndns to setup an host for them and point my MX record on that host.. never had any issue, at all

[Knuddi]

I cannot see an attempt to register in the backend (from the -initialize command), so I suspect that it cannot resolve smeoptimizer.com or cannot connect with HTTPS.

Forget the email failure for now - its simply just because this email hasn't been enabled on the server.

[SchulzStefan]

or cannot connect with HTTPS.

Here's the reason - firewall was not opened for this port.

# ./SMEOptimizer.pl  --initialize

         SMEOptimizer - Optimize your SME server
by SMEOptimizer.com - Copyright (c) 2016-17, all rights reserved.
 Servers hosted and operated by ScanMailX - www.scanmailx.com

Trying to register with SMEOptimizer...
Registration successfull!

Will report further if I am on track now.

Regards,
stefan

[SchulzStefan]

@Stefano and ReetP,

thank you for following.

Regards,
stefan

[SchulzStefan]

there's no problem in using a dynamic IP for a mail server (for receiving emails.. sending is another topic)

I have some servers on dynamic IP.. I use dyndns to setup an host for them and point my MX record on that host.. never had any issue, at all

All the years I used my ISP as email relay (SME was/is configured to use fetchmail and SMTP to/from the catchall from my ISP).

From my point of view with SPF, DKIM, DMARC and at least the efforts to fight spam and viruses with SMEOptimizer it's time for me to think about a fix IP. It seems to me a lot easier to configure/control all these settings with a fix IP. If I'm wrong, please point me in the right direction. For now I ordered a fix IP from my provider, at the 26th this month we'll have it.

Maybe there are coming up new/other questions, for now, thank's to all who followed and helped.

Regards,
stefan

[Knuddi]

A static IP is scoring much better (lower spam score) in the receiving end so I would always choose that. Secondly, you are in better control with your SPF and it can be "tighter". Lastly your ISPs SMTP is guaranteed in poor spam conditions... Static IP and no ISP relay - Yes!