Open blazux opened 4 years ago
It looks like you have an open relay due to misconfigured networking on your kubernetes.
You excluded the most interesting part of the log, where the bad guy connects to you postfix. My bet would be that these excluded line tell you that connection comes from 127.0.0.1. You need to find out why and rectify it.
Apr 21 08:45:47 mail postfix/smtpd[187]: connect from localhost[127.0.0.1]
A specific advice cannot be given here as it depends, on what how network is setup and configured within your cluster and how connectivity from the bad guy to your pod actually works, you need to experiment a bit and trace how that happens.
If you google a bit, you will find a lot of similar reports for docker / kubernetes setup with other popular container based mail server implementation, which are also due to networking misconfiguration.
A couple of examples:
Hi,
Thanks for the reply, the network configuration is done thanks to the service embedded in the helm charts, the only change I've made is to turn the daemonset/nodeport into a replicaset/loadbalancer :
mailu-front LoadBalancer 10.233.54.52 10.180.0.61 110:32293/TCP,995:31537/TCP,143:30923/TCP,993:30553/TCP,25:32291/TCP,465:30046/TCP,587:30056/TCP,10025:30733/TCP,10143:31558/TCP,80:32548/TCP 36d
The "connect from localhost" message has nothing to deal with the problem, it's due to the liveness probe connecting every 10 seconds to check if server is still alive (this is also part of the helm deployment)
I've created this issue as requested by Kayou :
kaiyou Okay, could you open an issue on the mater? Looking at the code, there might be something wrong with our SRS implementation. We'd have to figure out how it can be used maliciously, but definitely something is fishy around the fact that we do not use the original sender domain in the construct for the SRS string.
Sorry, I meant kubernetes networking configuration, not the one specific to mailu as per helm chart.
The "connect from localhost" message has nothing to deal with the problem, it's due to the liveness probe connecting every 10 seconds to check if server is still alive (this is also part of the helm deployment)
Yep, that checks, yet the most interesting part of the log is missing.
Pinging @kaiyou as apparently this was discussed on Matrix. Background: SRS was added recently on master: Mailu/Mailu#1349
Hi There,
The Mailu
-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.
To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu
, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.
In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi all,
I had a strange case of thousand of mails being relayed by mailu for a user that does'nt exist, here are the logs from postfix:
User prabesca@my-own-domain.com does'nt exist, I don't know ow this manage to get through.
I'm running the helm deployment on a kubernetes 1.17.2 :
root@k8p1:~/helm_charts/mailu/mailu# cat Chart.yaml apiVersion: v1 appVersion: "1.8" description: Mailu mail system name: mailu version: 0.0.6
Cheers,