[Box-Admins] [squeak-dev] SqueakMap down?
Levente Uzonyi
leves at caesar.elte.hu
Mon Sep 7 16:53:37 UTC 2020
Hi All,
I've added ted to mynetworks. Mails from ted, including those from
SqueakMap should now delivered properly.
Levente
On Mon, 7 Sep 2020, Levente Uzonyi wrote:
> Hi Tobias,
>
> On Mon, 7 Sep 2020, Tobias Pape wrote:
>
>>
>>> On 07.09.2020, at 01:32, Levente Uzonyi <leves at caesar.elte.hu> wrote:
>>>
>>> Hi Tobias,
>>>
>>> On Sun, 6 Sep 2020, Tobias Pape wrote:
>>>
>>>> Hi
>>>>
>>>>> On 06.09.2020, at 19:03, Levente Uzonyi <leves at caesar.elte.hu> wrote:
>>>>>
>>>>> Hi All,
>>>>>
>>>>> (CC'd board as well)
>>>>>
>>>>> I have restarted the image. It seemed to have been locked up by trying
>>>>> to send a password recovery email directly from the server instead of
>>>>> using our own mail server[1].
>>>>> This is bad practice and the IP of the server has been rightfully added
>>>>> to some spam blacklists, hence the blocked image (which expects that
>>>>> email sending always succeeds...).
>>>>> Outgoing emails should go through our own mail server. This needs to be
>>>>> changed ASAP, as I suppose a few more password reminders will result in
>>>>> a locked up image again.
>>>>
>>>> Maybe an outgoing iptables filter on port 25 for everything except
>>>> adele.box alias mail.squeak.org would help avoid accidental blacklisting
>>>> in the future ?
>>>
>>> Indeed. I've just set that up. But, I think it won't solve the problem.
>>> SqueakMap connects to the local mail server which (as I understand)
>>> forwards all emails to mail.squeak.org - aka adele.
>>> ted is not whitelisted on mail.squeak.org, so all emails are rejected by
>>> adele due to ted's IP being blacklisted on zen.spamhaus.org.
>>> ted's IP is blacklisted due to policy, so that can't be changed:
>>> https://www.spamhaus.org/pbl/query/PBL1660625
>>>
>>> So, I think the solution is to either whitelist ted on adele, or make
>>> SqueakMap connect to adele directly. The latter won't solve the issue with
>>> other emails, like logwatch.
>>
>> Ted is whitelisted, as are all our servers, as long as they use the
>> private IP (starting with 10.) as originating IP:
>>
>> adele% cat /etc/postfix/main.cf
>> …
>> mynetworks = 127.0.0.0/8 10.177.128.0/17 10.208.128.0/17 162.242.237.143/32
>
> ted is not among those prefixes, as its IP address begins with 10.176.
> Where are these ranges coming from?
> Should I add ted there?
>
>> …
>>
>> ted% ip a
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
>> UP group default qlen 1000
>> inet 162.242.226.14/24 brd 162.242.226.255 scope global eth0
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
>> UP group default qlen 1000
>> inet 10.176.130.111/19 brd 10.176.159.255 scope global eth1
>> …
>>
>>
>> In any case, the servers I set up, I _think_ I preferred postfix; however,
>> I always put adele as relay. That als should fix it…
>
> adele's firewall rules didn't allow connections to port 25 from 10.0.0.0/8. I
> just enabled that.
>
> Also, ted is trying to connect the public IP of adele (via mail.squeak.org).
> Unless there's some routing magic in place right now redirecting packets to
> the internal network, ted will not be whitelisted on adele.
> That can be changed, but then ted is still not whitelisted because of
> mynetworks.
>
>
> Levente
>
>>
>> Best regards
>> -Tobias
>>
>>>
>>> If other servers also have their own local relays, then more images
>>> sending emails will run into this issue.
>>>
>>>
>>> Levente
>>>
>>>> Best
>>>> -Tobias
>>>>
>>>>>
>>>>>
>>>>> Levente
>>>>>
>>>>> [1] Relevant parts of the stack trace in case someone wants to have a
>>>>> look at the image:
>>>>>
>>>>> SMUtilities class>>mail:subject:message:
>>>>> SMUtilities class>>mailPassword:for:
>>>>> [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil
>>>>> ifFalse: [account := model accountForUsername...]}
>>>>>
>>>>>
>>>>> On Sat, 5 Sep 2020, David T. Lewis wrote:
>>>>>
>>>>>> Forwarding to the box-admins list.
>>>>>>
>>>>>> The web interface for map.squeak.org is not responding, and updating
>>>>>> a SqueakMap Package Loader from Squeak is not working. Presumably the
>>>>>> server needs to be bumped.
>>>>>>
>>>>>> I'm not sure who has the keys to this?
>>>>>>
>>>>>> Thanks,
>>>>>> Dave
>>>>>>
>>>>>>
>>>>>> On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
>>>>>>> It doesn't appear to be responding to requests (gateway time-out)
>>
>>
>
More information about the Box-Admins
mailing list