Koozali.org: home of the SME Server

Block sending for unauthenticated internal users to internal users on port25

Offline ReetP

  • *
  • 3,722
  • +5/-0
Mar,

Please read this because this is a classic a case : http://xyproblem.info/

You have come here and asked a question because you are stuck and don't know how to fix things and users here are doing their best to assist you. Some of them having been using SME for over 20 years. You should try and trust what they say, and answer their questions precisely. They are not doing this for fun, and most are not getting paid either, unlike you.

You have not been very detailed, consistent, methodical or accurate with your comments and replies which makes it REALLY hard to help you.

Lets go back and remember your ORIGINAL question:

Quote
Our internal users connect to the e-mail through secure pop / imap./
Currently the server accepts mails from internal users to internal users unauthenticated on port 25

Now look where we have got to. We finally discover your SME is in server-gateway running its own firewall, and behind a data center firewall, and not a local network in sight:

This appears to be a non standard use of SME server & it does not surprise me that you are having problems & that our suggestions do not work for you.
I dis agree because it is normal to keep your server in datacenter and the datacenter has thier own firewall

Now, you can disagree all you want, but the point you are missing is that SME is designed to be used in certain ways, and if you don't follow the methods then it will not function as you expect, no matter what you do.

Hmmm:

Quote
User1 is able to send mail to user2 without password and any authentications on port 25.
both: the server and the client are now on the same subnet.

Quote
it is a mail server located in EU and the local network is in different area.

So it is a server in a data center behind a firewall on the same subnet as the clients which are somewhere else entirely.

Really?

The email is an independent function regardless the other network or its location.

You don't understand much about email then. Yes, it is an independent "process". BUT how it works will depend on its network and location and a number of other factors.... as you have discovered.

Quote
What I think it is miss function in qmail.

Ok so which function in qmail is that? Or is it part of the xyproblem?

Your problem is not really understanding how SME (and email in general) works in the first place, and if we could "just fix qmail you would be OK".

"User doesn't know how to do X, but thinks they can fumble their way to a solution if they can just manage to do Y."

You have decided what the problem is, and how it can be fixed, without actually understanding any of it. All you want is confirmation bias, not a proper solution. No one here can fix that.

Quote
We will see on the other server which is I am working on.

That is entirely dependent on where it is and what you are actually trying to prove.

So, go right back to the start.

I suggest you run this and picpaste the content somewhere where we can look at it:

https://your.server.ip/server-manager/cgi-bin/bugreport

I also suggest you draw a network layout which we can actually see. It might help people to visualize the situation. Server, firewall, subnets, etc etc

Can you also post the output of:

Code: [Select]
cat /var/service/qpsmtpd/config/peers/local |grep -n cvm-unix
This is where Authentication should be set, not qpsmtpd:
Code: [Select]
config show smtpd
Code: [Select]
config show ssmtpd
Thank you.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Mar

  • ***
  • 73
  • +0/-0
Mar,
Dear ReetP, thanks,
Please read this because this is a classic a case : http://xyproblem.info/
I didn't mean to be in such case but may be unintentionally that happened. I'm sorry fro this but it happened I will try to avoid that in future

You have come here and asked a question because you are stuck and don't know how to fix things and users here are doing their best to assist you. Some of them having been using SME for over 20 years. You should try and trust what they say, and answer their questions precisely. They are not doing this for fun, and most are not getting paid either, unlike you.

You have not been very detailed, consistent, methodical or accurate with your comments and replies which makes it REALLY hard to help you.
First, thank you so much for help and it was and still much appreciated from my side. of course I didn't mean not to describe my problem well, but maybe I wasn't good to describe it well

Lets go back and remember your ORIGINAL question:

Now look where we have got to. We finally discover your SME is in server-gateway running its own firewall, and behind a data center firewall, and not a local network in sight:

Now, you can disagree all you want, but the point you are missing is that SME is designed to be used in certain ways, and if you don't follow the methods then it will not function as you expect, no matter what you do.

Hmmm:

So it is a server in a data center behind a firewall on the same subnet as the clients which are somewhere else entirely.
The server is running its own firewall but the datacenter firewall is just redirecting the traffic to SME mail server this is exactly how it is

Really?
Here there is miss understanding or .. however the original email server is in a data-center but the test environment I made was on a local network so the test SME server an the client are on the same subnet

You don't understand much about email then. Yes, it is an independent "process". BUT how it works will depend on its network and location and a number of other factors.... as you have discovered.

Ok so which function in qmail is that? Or is it part of the xyproblem?
I mean block sending emails between users on my server without authentication using port 25

Your problem is not really understanding how SME (and email in general) works in the first place, and if we could "just fix qmail you would be OK".
Yes, of course

"User doesn't know how to do X, but thinks they can fumble their way to a solution if they can just manage to do Y."

You have decided what the problem is, and how it can be fixed, without actually understanding any of it. All you want is confirmation bias, not a proper solution. No one here can fix that.
"hold on -  am not fighting am really searching to find a solution for my problem"

That is entirely dependent on where it is and what you are actually trying to prove.

So, go right back to the start.

I suggest you run this and picpaste the content somewhere where we can look at it:

https://your.server.ip/server-manager/cgi-bin/bugreport

I also suggest you draw a network layout which we can actually see. It might help people to visualize the situation. Server, firewall, subnets, etc etc
The server is Datacenter in EU and it is working as email server only. users are in another country with different subnet and different type of firewall so the users are totally can't reach it from LAN and they use it only as email server so they are not reaching the server from LAN they connect to the server VIA internet.
Can you also post the output of:

Code: [Select]
cat /var/service/qpsmtpd/config/peers/local |grep -n cvm-unix///
14:auth/auth_cvm_unix_local cvm_socket /var/lib/cvm/cvm-unix-local.socket enable_smtp no enable_ssmtp yes
////

This is where Authentication should be set, not qpsmtpd:
Code: [Select]
config show smtpd////
smtpd=service
    Authentication=disabled
    Instances=40
    InstancesPerIP=5
    MaximumDateOffset=0
    PatternsScan=disabled
    Proxy=blocked
    TCPPort=25
    TCPProxyPort=25
    VirusScan=enabled
    access=public
    status=enabled
    tnef2mime=enabled

////
Code: [Select]
config show ssmtpd////
ssmtpd=service
    Authentication=enabled
    Instances=10
    TCPPort=465
    access=public
    status=enabled

////
Again, many thanks, and I am really read 10th of pages how about qmail is working and how SME also is working.
thanks

Thank you.
« Last Edit: October 29, 2019, 10:15:10 AM by Mar »

Offline Mar

  • ***
  • 73
  • +0/-0
Dear ReetP,
Any updates or further solutions?
Regards

Offline ReetP

  • *
  • 3,722
  • +5/-0
I have been in holiday and this is not my 'job'. I'll reply as and when I can. You don't need to nag me.

Dear ReetP,
Any updates or further solutions?
Regards

Yes. I'd like you to square this circle.

Topic:
Quote
Topic: Block sending for unauthenticated internal users to internal users on port25

Statement in you last quote:
Quote
users are in another country with different subnet and different type of firewall so the users are totally can't reach it from LAN and they use it only as email server so they are not reaching the server from LAN they connect to the server VIA internet.

So you have no internal users.

Until you can actually figure out exactly what problem you are trying to solve I am not sure anyone can help you.

Note your test setup does NOT replicate your real setup so your results will vary and cannot be used as a strict test.

I also said run a bug report and paste it and draw a rough network layout and paste it for us to see.

I suggest you do what you are asked, not what you think you have been asked.

Thanks.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Mar

  • ***
  • 73
  • +0/-0
Thanks for reply,
The issue I faced exactly, one of the users received an email from some one outside the company that is clear from the message header and it seems from South America, but and the message looks like if the user send the email to him self. so the sender and receiver are the same which is the user himself.
but of course the user didn't send an email to himself.
Below part of the message:
"Hello!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your device.I've been watching you for a few months now. " until end of the message.
this exactly what I'm facing.

Below is the report:
/////////////////////////////////
Configuration report created Sun 27 Oct 2019 10:18:28 AM CET

==================
Base configuration
==================

SME server version: 9.2
SME server mode:    servergateway
Running Kernel:     2.6.32-754.15.3.el6.x86_64



===========================
New RPMs not in base system
===========================
       
Loaded plugins: fastestmirror, post-transaction-actions, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.bio.lmu.de
 * smeaddons: mirrors.mab974.re
 * smeos: mirrors.mab974.re
 * smeupdates: mirrors.mab974.re
 * updates: ftp.rz.uni-frankfurt.de
Extra Packages
DCC.x86_64                           1.3.145-25.el6.sme      @smeupdates-testing
clamav.x86_64                        0.100.2-6.el6.sme       @smeupdates-testing
clamav-db.x86_64                     0.100.2-6.el6.sme       @smeupdates-testing
clamd.x86_64                         0.100.2-6.el6.sme       @smeupdates-testing
e-smith-backup.noarch                2.4.0-45.el6.sme        @smeupdates-testing
e-smith-base.noarch                  5.6.0-36.el6.sme        @smeupdates-testing
e-smith-formmagick.noarch            2.4.0-3.el6.sme         @smeupdates-testing
e-smith-lib.noarch                   2.4.0-18.el6.sme        @smeupdates-testing
e-smith-manager.noarch               2.6.0-25.el6.sme        @smeupdates-testing
hddtemp.x86_64                       0.3-0.20.beta15.el6     @smecontribs       
initscripts.x86_64                   9.03.61-2.el6.sme       @smeupdates-testing
kernel.x86_64                        2.6.32-696.23.1.el6     @smeupdates       
libmcrypt.x86_64                     2.5.8-9.el6             @smecontribs       
openvpn.x86_64                       2.4.2-1.el6             @smecontribs       
perl-CGI-FormMagick.noarch           0.93-6.el6.sme          @smeupdates-testing
perl-Geography-Countries.noarch      2009041301-1.el6.sme    @smeupdates-testing
perl-`-Country.noarch               2.28-1.el6.sme          @smeupdates-testing
perl-Net-Ident.noarch                1.24-1.el6.sme          @smeupdates-testing
perl-Quota.x86_64                    1.7.0-1                 @fws               
perl-Session-Token.x86_64            1.503-1.el6.sme         @smeupdates-testing
perl-rrdtool.x86_64                  1.4.7-1.el6.rfx         @smecontribs       
php-fedora-autoloader.noarch         1.0.0-1.el6             @smecontribs       
php-php-gettext.noarch               1.0.12-1.el6            @smecontribs       
php-tcpdf.noarch                     6.2.13-1.el6            @smecontribs       
php-tcpdf-dejavu-sans-fonts.noarch   6.2.13-1.el6            @smecontribs       
phpMyAdmin.noarch                    4.0.10.19-1.el6         @smecontribs       
pkcs11-helper.x86_64                 1.11-3.el6              @smecontribs       
qmail.x86_64                         1.03-23.el6.sme         @smeupdates-testing
rrdtool.x86_64                       1.4.7-1.el6.rfx         @smecontribs       
smeserver-crontab_manager.noarch     2.4-3.el6.sme           @smecontribs       
smeserver-locale-bg.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-da.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-de.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-el.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-es.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-et.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-fr.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-he.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-hu.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-id.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-it.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-ja.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-nb.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-nl.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-pl.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-pt.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-pt_BR.noarch        2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-ro.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-ru.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-sl.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-sv.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-th.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-tr.noarch           2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-zh_CN.noarch        2.4.0-30.el6.sme        @smeupdates-testing
smeserver-locale-zh_TW.noarch        2.4.0-30.el6.sme        @smeupdates-testing
smeserver-openvpn-s2s.noarch         0.2-6.el6.sme           @smecontribs       
smeserver-password.noarch            1.2.0-10.el6.sme        @smecontribs       
smeserver-phpmyadmin.noarch          4.0.10.2-3.el6.sme      @smecontribs       
smeserver-sme9admin.noarch           1.5-25.el6.sme          @smecontribs       
smeserver-updates.noarch             1.4-2.el6.sme           @smecontribs       
smeserver-userpanel.noarch           1.2-3.el6.sme           @smecontribs       
smeserver-userpanels.noarch          1.1-5.el6.sme           @smecontribs       
smeserver-vacation.noarch            1.1-25.el6.sme          @smecontribs       
spamassassin.x86_64                  3.4.2-2.el6.sme         @smeupdates-testing
sysstat.x86_64                       9.0.4-33el6_9.1         @updates           
 



===========================
Custom and modified templates
===========================
/etc/e-smith/templates-custom/etc/http: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/fail2ban/jail.conf/jail.conf: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/45prune: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/85SOGoAccess: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/home/sogo/GNUstep/Defaults/.GNUstepDefaults/10defaults: MANUALLY_ADDED, ADDITION




===========================
Modified events
===========================
/etc/e-smith/events/pseudonym-delete/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/bootstrap-console-save/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/pseudonym-create/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/user-delete/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/user-create/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/pseudonym-modify/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme
/etc/e-smith/events/user-modify/S55email-assign: MODIFIED e-smith-qmail-2.4.0-8.el6.sme




=======================
Additional repositories
=======================

base: enabled
centosplus: disabled
contrib: disabled
dag: disabled
epel: disabled
extras: disabled
fasttrack: disabled
fws: enabled
nethsme: disabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: enabled
sogo: disabled
updates: enabled
         

DONE!
/////////////////////////////////////
Regards
Mar
« Last Edit: October 29, 2019, 08:55:25 PM by Mar »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Bit of a mess then. You have been having fun hatcheting it.

Strongly suggest you don't use testing repos unless you absolutely have to. The 'testing' bit gives the game away....

No idea what you have done modifying 'events'. Presumably trying to fix your 'problem'

Quote
The issue I faced exactly, one of the users received an email from some one outside the company that is clear from the message header and it seems from South America, but and the message looks like if the user send the email to him self. so the sender and receiver are the same which is the user himself.

So you've got a spam/spoofed mail....?

Please post the email headers. Did I mention pastebin??
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Mar

  • ***
  • 73
  • +0/-0
Yes, it looks like mail spam/spoofing:

Subject: [SPAM] High level of danger. Your account was under attack.
"
User Agent:Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
Received :(qmail 14185 invoked by alias); 24 Sep 2019 22:59:49 -0000
X-Spam Details

*  3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL    *      [201.254.83.255 listed in zen.spamhaus.org]    *  0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL    *  0.0 FSL_HELO_NON_FQDN_1 No description available.    *  0.0 SPF_NONE SPF: sender does not publish an SPF Record    *  1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date    *  0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP    *      address    *      [201.254.83.255 listed in dnsbl.sorbs.net]    *  2.2 HELO_NO_DOMAIN Relay reports its domain incorrectly    *  2.5 BITCOIN_SPAM_02 BitCoin spam pattern 02    *  3.0 BITCOIN_DEADLINE BitCoin with a deadline    *  2.9 BITCOIN_MALWARE BitCoin + malware
"
Authentication-Results mydomain.com; auth=none; spf=none smtp.mailfrom=mydomain.com; dkim=none
Here the smpt is not my mail smtp it is wrong

Received-SPF none (mydomain.com: No applicable sender policy available) receiver=telnet.mydomain.com; identity=mailfrom; envelope-from="user1@mydomain.com"; helo="[201.254.83.255]"; client-ip=201.254.83.255

Hopefully, I answered your questions.
« Last Edit: October 30, 2019, 01:30:15 PM by Mar »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Yes, it looks like mail spam/spoofing:

Yes it rather looks like does, doesn't it? Not sure we need to fix qmail now.......  :pint:

Quote
Subject: [SPAM] High level of danger. Your account was under attack.

So, Spamassassin tagged it as [SPAM], but you still ignored it?? No one here can help that problem I'm afraid.

Suggest you turn on some email filtering because it looks like you have it all turned off.

Quote
config show qpsmtpd

//
Authentication=enabled
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled << Should be enabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
    RHSBL=disabled << Should be enabled
    RelayRequiresAuth=enabled
    SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
    TlsBeforeAuth=1
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=disabled << worth trying to enable
    access=public
    qplogsumm=disabled
    status=enabled
//

https://wiki.contribs.org/Email
https://wiki.contribs.org/Qpsmtpd
https://wiki.contribs.org/GeoIP
https://wiki.contribs.org/Xt_geoip

Etc.

Look at spamassassin, DNSBL, RHSBL, URIBL, GeoIP.

I'd also ask yourself why you need any rpms from updates-testing and disable that repo to save yourself from any other disasters.

And last I would look at each and every modification you have made and ask yourself two questions.

Do I really know what I am doing?
Do I really need to do this?

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Mar

  • ***
  • 73
  • +0/-0
Yes it rather looks like does, doesn't it? Not sure we need to fix qmail now.......  :pint:

So, Spamassassin tagged it as [SPAM], but you still ignored it?? No one here can help that problem I'm afraid.
yes it is spam , but the issue  here is, I'm afraid if someone from outside the company use it to send mail on behalf of someone else with some orders or something like that

Suggest you turn on some email filtering because it looks like you have it all turned off.

https://wiki.contribs.org/Email
https://wiki.contribs.org/Qpsmtpd
https://wiki.contribs.org/GeoIP
https://wiki.contribs.org/Xt_geoip

Etc.

Look at spamassassin, DNSBL, RHSBL, URIBL, GeoIP.

I'd also ask yourself why you need any rpms from updates-testing and disable that repo to save yourself from any other disasters.

And last I would look at each and every modification you have made and ask yourself two questions.
I didn't do a lot of modifications just I increased the spam filter to be high and ssmtp is enabled

Do I really know what I am doing?
Not clear what do you mean but I'm trying to understand what I do before I do
Do I really need to do this?
As I mentioned before, I am afraid of bad behavior of someone, so at least I'm trying to prevent that so yes I need to do, or at least I need to notify the user that something wrong please be aware or take attention

Offline ReetP

  • *
  • 3,722
  • +5/-0

Quote
yes it is spam , but the issue  here is, I'm afraid if someone from outside the company use it to send mail on behalf of someone else with some orders or something like that

Yup - that is always a risk that someone can forger your address, but there is evidence to show your server has been hacked or misused.

Someone has sent you an email probably via a hacked email server with a forged 'From' address which is very easy to do. You made the wrong assumption about the problem without properly checking logs, emails etc.

The mail was just Junk. Please go and read about mail spoofing/forgery etc etc so you understand the problems with it (which is why email is going to die eventually)

Please enable some proper junk/spam filtering after reading all the manuals here. Then you will not receive these mails at all.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Mar

  • ***
  • 73
  • +0/-0
Yup - that is always a risk that someone can forger your address, but there is evidence to show your server has been hacked or misused.
Thanks, I don't think the server was hacked, I think the sender used an external email server with forged 'from' to send mail, exactly as if I am trying to send to my gmail account using another SMTP but the mail from and to are same but at the end it is not gmail smtp . it is mostly email spoofing. I don't know if this issue has a solution.


Someone has sent you an email probably via a hacked email server with a forged 'From' address which is very easy to do. You made the wrong assumption about the problem without properly checking logs, emails etc.

The mail was just Junk. Please go and read about mail spoofing/forgery etc etc so you understand the problems with it (which is why email is going to die eventually)
I will

Please enable some proper junk/spam filtering after reading all the manuals here. Then you will not receive these mails at all.
Thanks that is what am trying to do
Tank you so much

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Make this change immediately, it should result in blocking (rejecting) mail coming from servers that have been identified as spam sources
config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update

For further info see
https://wiki.contribs.org/SME_Server:Documentation:FAQ:Section04#Real-time_Blackhole_List_.28RBL.29

Personally I would also advise you to use more conservative lists as many of the default lists are too agressive.
ie so as well as the commands I advised above, also do

config setprop qpsmtpd RBLList zen.spamhaus.org
signal-event email-update

config setprop qpsmtpd SBLList dbl.spamhaus.org
signal-event email-update

Also to fix the issue with smeupdates-testing repo being enabled, do

db yum_repositories setprop smeupdates-testing status disabled
signal-event yum-modify

Note that the smeupdates-testing repo SHOULD NOT have a status of enabled (on production servers), it is for use ONLY on a test server, or for installing & testing particular packages (on a production server) to see if they fix a specific issue, while you are monitoring the outcome or effect of having installed that one off test package.
You should not normally install all rpm packages that are in smeupdates-testing repo as they may have unwanted effects & cause your server to become unstable or insecure.

It seems there may be a bit of correction work to do on your server as you do have a lot of packages installed from smeupdates-testing repo, some of them could be causing you to have undesired issues (???), I leave that for another time.

You should do the same for the fws repo

db yum_repositories setprop fws status disabled
signal-event yum-modify
« Last Edit: October 31, 2019, 08:49:00 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mar

  • ***
  • 73
  • +0/-0
Thanks all,
I will do it this weekend.
Thanks so much

Offline janet

  • ****
  • 4,812
  • +0/-0
Mar

Please note the additions edit I just did to my previous post.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mar

  • ***
  • 73
  • +0/-0
Mar

Please note the additions edit I just did to my previous post.
Great, I'm really thankful for you all for your kind support