[Box-Admins] [squeak-dev] SqueakMap down?

Levente Uzonyi leves at caesar.elte.hu
Mon Sep 7 16:53:37 UTC 2020 

Hi All,

I've added ted to mynetworks. Mails from ted, including those from 
SqueakMap should now delivered properly.

Levente

On Mon, 7 Sep 2020, Levente Uzonyi wrote:

> Hi Tobias,
>
> On Mon, 7 Sep 2020, Tobias Pape wrote:
>
>> 
>>> On 07.09.2020, at 01:32, Levente Uzonyi <leves at caesar.elte.hu> wrote:
>>> 
>>> Hi Tobias,
>>> 
>>> On Sun, 6 Sep 2020, Tobias Pape wrote:
>>> 
>>>> Hi
>>>> 
>>>>> On 06.09.2020, at 19:03, Levente Uzonyi <leves at caesar.elte.hu> wrote:
>>>>> 
>>>>> Hi All,
>>>>> 
>>>>> (CC'd board as well)
>>>>> 
>>>>> I have restarted the image. It seemed to have been locked up by trying 
>>>>> to send a password recovery email directly from the server instead of 
>>>>> using our own mail server[1].
>>>>> This is bad practice and the IP of the server has been rightfully added 
>>>>> to some spam blacklists, hence the blocked image (which expects that 
>>>>> email sending always succeeds...).
>>>>> Outgoing emails should go through our own mail server. This needs to be 
>>>>> changed ASAP, as I suppose a few more password reminders will result in 
>>>>> a locked up image again.
>>>> 
>>>> Maybe an outgoing iptables filter on port 25 for everything except 
>>>> adele.box alias mail.squeak.org would help avoid accidental blacklisting 
>>>> in the future ?
>>> 
>>> Indeed. I've just set that up. But, I think it won't solve the problem.
>>> SqueakMap connects to the local mail server which (as I understand) 
>>> forwards all emails to mail.squeak.org - aka adele.
>>> ted is not whitelisted on mail.squeak.org, so all emails are rejected by 
>>> adele due to ted's IP being blacklisted on zen.spamhaus.org.
>>> ted's IP is blacklisted due to policy, so that can't be changed:
>>> https://www.spamhaus.org/pbl/query/PBL1660625
>>> 
>>> So, I think the solution is to either whitelist ted on adele, or make 
>>> SqueakMap connect to adele directly. The latter won't solve the issue with 
>>> other emails, like logwatch.
>> 
>> Ted is whitelisted, as are all our servers, as long as they  use the 
>> private IP (starting with 10.) as originating IP:
>> 
>> adele% cat /etc/postfix/main.cf
>>>> mynetworks = 127.0.0.0/8 10.177.128.0/17 10.208.128.0/17 162.242.237.143/32
>
> ted is not among those prefixes, as its IP address begins with 10.176.
> Where are these ranges coming from?
> Should I add ted there?
>
>>>> 
>> ted% ip a
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state 
>> UP group default qlen 1000
>>    inet 162.242.226.14/24 brd 162.242.226.255 scope global eth0
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state 
>> UP group default qlen 1000
>>    inet 10.176.130.111/19 brd 10.176.159.255 scope global eth1
>>>> 
>> 
>> In any case, the servers I set up, I _think_ I preferred postfix; however, 
>> I always put adele as relay. That als should fix it…
>
> adele's firewall rules didn't allow connections to port 25 from 10.0.0.0/8. I 
> just enabled that.
>
> Also, ted is trying to connect the public IP of adele (via mail.squeak.org). 
> Unless there's some routing magic in place right now redirecting packets to 
> the internal network, ted will not be whitelisted on adele.
> That can be changed, but then ted is still not whitelisted because of 
> mynetworks.
>
>
> Levente
>
>> 
>> Best regards
>> 	-Tobias
>> 
>>> 
>>> If other servers also have their own local relays, then more images 
>>> sending emails will run into this issue.
>>> 
>>> 
>>> Levente
>>> 
>>>> Best
>>>> 	-Tobias
>>>> 
>>>>> 
>>>>> 
>>>>> Levente
>>>>> 
>>>>> [1] Relevant parts of the stack trace in case someone wants to have a 
>>>>> look at the image:
>>>>> 
>>>>> SMUtilities class>>mail:subject:message:
>>>>> SMUtilities class>>mailPassword:for:
>>>>> [] in SMSqueakMapView>>mailnewpassword {[username value isEmptyOrNil
>>>>> ifFalse: [account := model accountForUsername...]}
>>>>> 
>>>>> 
>>>>> On Sat, 5 Sep 2020, David T. Lewis wrote:
>>>>> 
>>>>>> Forwarding to the box-admins list.
>>>>>> 
>>>>>> The web interface for map.squeak.org is not responding, and updating
>>>>>> a SqueakMap Package Loader from Squeak is not working. Presumably the
>>>>>> server needs to be bumped.
>>>>>> 
>>>>>> I'm not sure who has the keys to this?
>>>>>> 
>>>>>> Thanks,
>>>>>> Dave
>>>>>> 
>>>>>> 
>>>>>> On Sat, Sep 05, 2020 at 03:44:45PM -0400, Phil B wrote:
>>>>>>> It doesn't appear to be responding to requests (gateway time-out)
>> 
>> 
>

More information about the Box-Admins mailing list