Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
Hi
On 06.09.2020, at 19:03, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Maybe an outgoing iptables filter on port 25 for everything except adele.box alias mail.squeak.org would help avoid accidental blacklisting in the future ? Best -Tobias
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
Hi Tobias,
On Sun, 6 Sep 2020, Tobias Pape wrote:
Hi
On 06.09.2020, at 19:03, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Maybe an outgoing iptables filter on port 25 for everything except adele.box alias mail.squeak.org would help avoid accidental blacklisting in the future ?
Indeed. I've just set that up. But, I think it won't solve the problem. SqueakMap connects to the local mail server which (as I understand) forwards all emails to mail.squeak.org - aka adele. ted is not whitelisted on mail.squeak.org, so all emails are rejected by adele due to ted's IP being blacklisted on zen.spamhaus.org. ted's IP is blacklisted due to policy, so that can't be changed: https://www.spamhaus.org/pbl/query/PBL1660625
So, I think the solution is to either whitelist ted on adele, or make SqueakMap connect to adele directly. The latter won't solve the issue with other emails, like logwatch.
If other servers also have their own local relays, then more images sending emails will run into this issue.
Levente
Best -Tobias
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
On 07.09.2020, at 01:32, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi Tobias,
On Sun, 6 Sep 2020, Tobias Pape wrote:
Hi
On 06.09.2020, at 19:03, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Maybe an outgoing iptables filter on port 25 for everything except adele.box alias mail.squeak.org would help avoid accidental blacklisting in the future ?
Indeed. I've just set that up. But, I think it won't solve the problem. SqueakMap connects to the local mail server which (as I understand) forwards all emails to mail.squeak.org - aka adele. ted is not whitelisted on mail.squeak.org, so all emails are rejected by adele due to ted's IP being blacklisted on zen.spamhaus.org. ted's IP is blacklisted due to policy, so that can't be changed: https://www.spamhaus.org/pbl/query/PBL1660625
So, I think the solution is to either whitelist ted on adele, or make SqueakMap connect to adele directly. The latter won't solve the issue with other emails, like logwatch.
Ted is whitelisted, as are all our servers, as long as they use the private IP (starting with 10.) as originating IP:
adele% cat /etc/postfix/main.cf … mynetworks = 127.0.0.0/8 10.177.128.0/17 10.208.128.0/17 162.242.237.143/32 …
ted% ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 162.242.226.14/24 brd 162.242.226.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 10.176.130.111/19 brd 10.176.159.255 scope global eth1 …
In any case, the servers I set up, I _think_ I preferred postfix; however, I always put adele as relay. That als should fix it…
Best regards -Tobias
If other servers also have their own local relays, then more images sending emails will run into this issue.
Levente
Best -Tobias
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
Hi Tobias,
On Mon, 7 Sep 2020, Tobias Pape wrote:
On 07.09.2020, at 01:32, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi Tobias,
On Sun, 6 Sep 2020, Tobias Pape wrote:
Hi
On 06.09.2020, at 19:03, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Maybe an outgoing iptables filter on port 25 for everything except adele.box alias mail.squeak.org would help avoid accidental blacklisting in the future ?
Indeed. I've just set that up. But, I think it won't solve the problem. SqueakMap connects to the local mail server which (as I understand) forwards all emails to mail.squeak.org - aka adele. ted is not whitelisted on mail.squeak.org, so all emails are rejected by adele due to ted's IP being blacklisted on zen.spamhaus.org. ted's IP is blacklisted due to policy, so that can't be changed: https://www.spamhaus.org/pbl/query/PBL1660625
So, I think the solution is to either whitelist ted on adele, or make SqueakMap connect to adele directly. The latter won't solve the issue with other emails, like logwatch.
Ted is whitelisted, as are all our servers, as long as they use the private IP (starting with 10.) as originating IP:
adele% cat /etc/postfix/main.cf … mynetworks = 127.0.0.0/8 10.177.128.0/17 10.208.128.0/17 162.242.237.143/32
ted is not among those prefixes, as its IP address begins with 10.176. Where are these ranges coming from? Should I add ted there?
…
ted% ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 162.242.226.14/24 brd 162.242.226.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 10.176.130.111/19 brd 10.176.159.255 scope global eth1 …
In any case, the servers I set up, I _think_ I preferred postfix; however, I always put adele as relay. That als should fix it…
adele's firewall rules didn't allow connections to port 25 from 10.0.0.0/8. I just enabled that.
Also, ted is trying to connect the public IP of adele (via mail.squeak.org). Unless there's some routing magic in place right now redirecting packets to the internal network, ted will not be whitelisted on adele. That can be changed, but then ted is still not whitelisted because of mynetworks.
Levente
Best regards -Tobias
If other servers also have their own local relays, then more images sending emails will run into this issue.
Levente
Best -Tobias
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
Hi All,
I've added ted to mynetworks. Mails from ted, including those from SqueakMap should now delivered properly.
Levente
On Mon, 7 Sep 2020, Levente Uzonyi wrote:
Hi Tobias,
On Mon, 7 Sep 2020, Tobias Pape wrote:
On 07.09.2020, at 01:32, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi Tobias,
On Sun, 6 Sep 2020, Tobias Pape wrote:
Hi
On 06.09.2020, at 19:03, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Maybe an outgoing iptables filter on port 25 for everything except adele.box alias mail.squeak.org would help avoid accidental blacklisting in the future ?
Indeed. I've just set that up. But, I think it won't solve the problem. SqueakMap connects to the local mail server which (as I understand) forwards all emails to mail.squeak.org - aka adele. ted is not whitelisted on mail.squeak.org, so all emails are rejected by adele due to ted's IP being blacklisted on zen.spamhaus.org. ted's IP is blacklisted due to policy, so that can't be changed: https://www.spamhaus.org/pbl/query/PBL1660625
So, I think the solution is to either whitelist ted on adele, or make SqueakMap connect to adele directly. The latter won't solve the issue with other emails, like logwatch.
Ted is whitelisted, as are all our servers, as long as they use the private IP (starting with 10.) as originating IP:
adele% cat /etc/postfix/main.cf … mynetworks = 127.0.0.0/8 10.177.128.0/17 10.208.128.0/17 162.242.237.143/32
ted is not among those prefixes, as its IP address begins with 10.176. Where are these ranges coming from? Should I add ted there?
…
ted% ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 162.242.226.14/24 brd 162.242.226.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 10.176.130.111/19 brd 10.176.159.255 scope global eth1 …
In any case, the servers I set up, I _think_ I preferred postfix; however, I always put adele as relay. That als should fix it…
adele's firewall rules didn't allow connections to port 25 from 10.0.0.0/8. I just enabled that.
Also, ted is trying to connect the public IP of adele (via mail.squeak.org). Unless there's some routing magic in place right now redirecting packets to the internal network, ted will not be whitelisted on adele. That can be changed, but then ted is still not whitelisted because of mynetworks.
Levente
Best regards -Tobias
If other servers also have their own local relays, then more images sending emails will run into this issue.
Levente
Best -Tobias
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote: > It doesn't appear to be responding to requests (gateway time-out)
How do we make Squeak use our own email server? Is it a matter of simply specifying the correct server name in the correct place?
How do mail servers know that the password request email was sent directly from Squeak and therefore to block it? I'm still learning, thanks.
On Sun, Sep 6, 2020 at 12:03 PM Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
On Sun, 6 Sep 2020, Chris Muller wrote:
How do we make Squeak use our own email server? Is it a matter of simply specifying the correct server name in the correct place?
When you send an email with SMTPClient, you have to specify a server - aka a relay - you want to use to deliver emails. I just downloaded the SqueakMap image and it's using localhost as the mail server. Localhost has a mail server set up, but it's probably not configured properly to forward emails to mail.squeak.org. Probably the best would be if SqueakMap sent mails directly to mail.squeak.org.
I don't know who installed exim on that machine and why, but it was very likely a mistake and unless there is an explanation for it (nothing in the admin log), I'll remove it soon.
How do mail servers know that the password request email was sent directly from Squeak and therefore to block it? I'm still learning, thanks.
That's quite complicated. When you connect to an SMTP server, the first command is EHLO (or HELO), in which you claim your domain name. That is the first thing the server will verify (along with your IP address) based on information available in DNS. If you try to send an email from the SqueakMap server directly, you'll fail right at this point, because that server is not a legit source of @squeak.org emails according to the DNS records.
Levente
On Sun, Sep 6, 2020 at 12:03 PM Levente Uzonyi leves@caesar.elte.hu wrote:
Hi All,
(CC'd board as well)
I have restarted the image. It seemed to have been locked up by trying to send a password recovery email directly from the server instead of using our own mail server[1]. This is bad practice and the IP of the server has been rightfully added to some spam blacklists, hence the blocked image (which expects that email sending always succeeds...). Outgoing emails should go through our own mail server. This needs to be changed ASAP, as I suppose a few more password reminders will result in a locked up image again.
Levente
[1] Relevant parts of the stack trace in case someone wants to have a look at the image:
SMUtilities class>>mail:subject:message: SMUtilities class>>mailPassword:for: [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil ifFalse: [account := model accountForUsername...]}
On Sat, 5 Sep 2020, David T. Lewis wrote:
Forwarding to the box-admins list.
The web interface for map.squeak.org is not responding, and updating a SqueakMap Package Loader from Squeak is not working. Presumably the server needs to be bumped.
I'm not sure who has the keys to this?
Thanks, Dave
On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
It doesn't appear to be responding to requests (gateway time-out)
box-admins@lists.squeakfoundation.org