Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dual T1)
Scott Race wrote: [...] I've done some basic testing for open relays, so far I have not found anything indicating it's an open relay. Packet sniffing shows connections from a number of IP addresses to the Mailman server. Outside test shows the hostname is not an open relay, and I can't telnet on port 25 with standard HELO command. All internal mail comes to a Barrucuda spam filter unit. /usr/local/mailman/logs/post shows 19 posts today to the various lists. The Postfix logs would be of more benefit I think here, as well as the mail queue. You say you route mails through a Barracuda host, do you allow traffic directly into this machine on port 25 externally? Is this machine hosting lists only, and if so, how is the Barracuda/Postfix server verifying recipients as early as possible (in case the domain is receiving large amounts of bounced mail and is rejecting with a full NDR and not a bounce at SMTP stage? Does outbound mail get delivered direct from Postfix or are you smarthosting to the Barracuda? Thanks. Andrew. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Change list admin password, old one and new one works
In going through some security procedures yesterday, we decided to change our list passwords on all our lists. The new password works, as does the old one still. Restarting mailmanctl process does not fix. We are running Mailman 2.1.13 on RHEL5. Any ideas? Haven't restarted the server yet. Thanks. Scott -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dual T1)
Was scrolling through the maillog just now, nothing out of the ordinary other than list traffic that I can tell. So no, all inbound mail comes to the Barracuda, gets cleaned and sent to the Mailman server. Each day about 600 inbound junk mails get blocked and around 50 legit emails. It is hosting just lists only, no other inbound or outbound mail. Outbound does get sent directly out the Postfix and is not sent through any smart host. Good question on the verifying recipients - not quite sure the exact answer - I think the mailman server is processing bounces because I'll see bounced emails in the log to johnsm...@lists.mydomain.com does not exist. So invalid recipients do seem to hit the Mailman server. Maybe filtering recipients at the Barrcuda could help? On the note of the traffic - today everything is fine. Not sure why for 5 days it was consuming the pipe, but have not found any indication of an open relay or malicious intent. We did throttle back the simulaneous connections, maybe that will help a bit. My Postfix maillog shows a ton of these: (lost connection with spool.santarosa.org[216.222.240.7] while sending end of data -- message may be sent more than once) and (conversation with mail.laguna-hills.ca.us[68.203.215.26] timed out while sending end of data -- message may be sent more than once) 11,968 matches of (lost connection) and 9202 matches of (conversation with) in a log file covering 4 days (Nov 21 01:18 - Nov 24 9:07). One thing that did change was the internal DNS servers on the network, I almost have to assume it has to do with that. -Original Message- From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Wednesday, November 24, 2010 10:34 AM To: Scott Race; mailman-users@python.org Subject: RE: [Mailman-Users] Mailman server consuming entire Internet pipe (dual T1) Scott Race wrote: [...] I've done some basic testing for open relays, so far I have not found anything indicating it's an open relay. Packet sniffing shows connections from a number of IP addresses to the Mailman server. Outside test shows the hostname is not an open relay, and I can't telnet on port 25 with standard HELO command. All internal mail comes to a Barrucuda spam filter unit. /usr/local/mailman/logs/post shows 19 posts today to the various lists. The Postfix logs would be of more benefit I think here, as well as the mail queue. You say you route mails through a Barracuda host, do you allow traffic directly into this machine on port 25 externally? Is this machine hosting lists only, and if so, how is the Barracuda/Postfix server verifying recipients as early as possible (in case the domain is receiving large amounts of bounced mail and is rejecting with a full NDR and not a bounce at SMTP stage? Does outbound mail get delivered direct from Postfix or are you smarthosting to the Barracuda? Thanks. Andrew. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Change list admin password, old one and new one works
Scott Race wrote: In going through some security procedures yesterday, we decided to change our list passwords on all our lists. The new password works, as does the old one still. Restarting mailmanctl process does not fix. If the list shared the old password with the site password, then using the old password (i.e, the site password) will get you past most password prompts in Mailman. http://wiki.list.org/pages/viewpage.action?pageId=4030543 Andrew. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dualT1)
Thanks for the reply. So it sounds like my iptables rule: iptables -A INPUT -p tcp --dport 25 -j REJECT also blocks outbound mail too. Is there a preferred way to secure mailman SMTP traffic with iptables? In our case, we would just need an inbound filter that only accepts mail from a few hosts, I thought this would do it, but mailman wouldn't send mail with rules like this: # accept mail from two hosts, drop the rest iptables -A INPUT -p tcp -s 192.168.1.245 --dport 25 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.246 --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j REJECT For the queues - I guess it's fine today - still reviewing the logs, and I will use those bin utilities to see the messages, that will be helpful...thanks!! Scott -Original Message- From: Mark Sapiro [mailto:m...@msapiro.net] Sent: Tuesday, November 23, 2010 4:16 PM To: Scott Race; mailman-users@python.org Subject: Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dualT1) Scott Race wrote: Haven't been able to figure out exactly what's up - but I do know if I set an iptables rule to block all inbound port 25 traffic, issues go away - so... So, assuming you are also blocking port 25 connects from the local host via the loopback interface, you are blocking Mailman's connects to Postfix, thus preventing Mailman from connecting to Postfix and the resultant sending from Postfix of whatever Mailman is sending. Take a look at Mailman's queues, particularly virgin, out and retry to see what's there. Use Mailman's bin/dumpdb to see an individual entry's message and metadata or bin/show_quefiles to see one or more entries' messages. [...] At this point I can't tell if I have a Postfix problem or Mailman problem. Any ideas? Thanks!! I suspect the actual network traffic is coming from Postfix sending the stuff that Mailman is delivering to it. The question is what is Mailman doing. Check the queues as above and also Mailman's smtp and perhaps other logs. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dualT1)
On 11/24/2010 11:16 AM, Scott Race wrote: Thanks for the reply. So it sounds like my iptables rule: iptables -A INPUT -p tcp --dport 25 -j REJECT also blocks outbound mail too. Is there a preferred way to secure mailman SMTP traffic with iptables? In our case, we would just need an inbound filter that only accepts mail from a few hosts, I thought this would do it, but mailman wouldn't send mail with rules like this: # accept mail from two hosts, drop the rest iptables -A INPUT -p tcp -s 192.168.1.245 --dport 25 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.246 --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j REJECT I can't really answer that without knowing much more detail about your Mailman/Barracuda/Postfix configuration, but by default, Mailman delivers output (all list posts and other messages FROM Mailman) via SMTP to the MTA listening on localhost port 25 (127.0.0.1:25). If you reject packets with addressed to port 25, Mailman won't be able to deliver anything. Every message in the out/ queue will result in a connection refused upon attempted delivery and will be logged in Mailman's smtp-failure log and put in the retry/ queue to be retried at intervals of DELIVERY_RETRY_WAIT (default 1 hour) for a total time of DELIVERY_RETRY_PERIOD (default 5 days). Accepting port 25 connects from 192.168.1.245 and 192.168.1.246 probably won't help at all with Mailman's outgoing delivery as those connects come from localhost (127.0.0.1). As far as delivery of Mail to Mailman is concerned, this mail is queued by Postfix in Mailman's queues so it gets to the Barracuda appliance somehow which then delivers it to Postfix on some port other than 25 and Postfix either pipes it to Mailman's mail wrapper based on aliases or perhaps via some script like postfix_to_mailman.py depending on how Postfix is configured, and Mailman's Mail wrapper queues the message for Mailman. If you want to secure all SMTP traffic, I suggest you set up a separate SMTP listener in Postfix on some unused port and tell Mailman to deliver to that port by setting SMTPPORT in mm_cfg.py. Then you can block port 25 with iptables or just configure Postfix to not listen on port 25 at all. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Disabling excessive bounces
Hello, I'm having trouble with a list where members are continuously disabled due to excessive bounces. I want to disable bounce removal but I'm not sure how. I've fiddled with the settings under bounce processing but so far nothing I do there is helping. I'm new to mailman so sorry if this is basic but Googling the problem has just resulted in more confusion. thanks simon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Ancient messages
Hi. Excuse my English. I'm in a crisis here. Something went wrong and Mailman stoped working. So, I've run 'mailmanctl -s start' because after the first try Mailman said that there was a lock. And Mailman starts sending again ALL the messages that was sent until today. I mean, every message!! I don't know how to fix that. I've cleaned/removed all files in qfiles directory, restarted Postfix, restarted Mailman, killed all mailman process and start again. After some seconds a huge amount of ancient messages floods my server again. How can I clear EVERYTHING that is stored in Mailman? []s Alexander -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] unknown user: |/usr/local/mailman/mail/mailman post myl...@mydomain.com
Hello, I am migrating my mailing lists from an old cpanel server into a new CentOS 5.5 server (with Webmin). The old server had mailman 2.1.14 installed, on the new one the latest mailman package available is v2.1.9. As I didn't want want to risk migrating my data from a newer version to an older version, I compiled my own mailman 2.1.14 like this: ./configure --with-cgi-gid=apache And for he most part it seems to be working (web pages work, can create lists and subscribe users, and email notifications are received). But, delivering a message to subscribed users is not working. I am getting this inside /var/log/maillog: Nov 24 14:46:10 admin postfix/virtual[17880]: 94B1C2FA8016: to=|/usr/local/mailman/mail/mailman post testli...@gdsolutions.com.ve, orig_to=testli...@gdsolutions.com.ve, relay=virtual, delay=0.02, delays=0.01/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: |/usr/local/mailman/mail/mailman post testli...@gdsolutions.com.ve) As I have spent days trying to make this work, I decided to ask for help. At this point, I am thinking about recompiling mailman with a custom --with-mail-gid. Any advices? This is my setup: python 2.4.3 postfix 2.3.3 spamassassin installed as a daemon virtual domains virtual mailboxes I can send full configuration details as needed. Regards, -- Gustavo Delfino GPG key ID: AA4063D6 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org