search

msimerson / Mail-Toaster-6

Mail Toaster 6
https://github.com/msimerson/Mail-Toaster-6/wiki
BSD 3-Clause "New" or "Revised" License
46 stars 16 forks source link

Unable to send mail from external clients #387

Closed lunaticds closed 5 years ago

lunaticds commented 5 years ago

Expected behavior

I have a fairly vanilla and recent mail-toaster build. Just discovered than any time a user tries to connect off network (using authenticated SMTP), they seem to be getting bad karma scores, and the messages are rejected. Have seen this predominantly with users connecting via mobile (cellular) networks.

Observed behavior

Example logs: Feb 2 14:15:19 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] hook=unrecognized_command plugin=karma function=hook_unrecognized_command params=AUTH retval=DENY msg="very bad karma score: -12" Feb 2 14:15:27 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] client [144.48.37.4] half closed connection Feb 2 14:15:27 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [karma] score: -12, good: 0, bad: 68, connections: 69, history: -68, awards: 004,005,007,086,132, fail:all_bad, cmd:(AUTH,PLAIN AGRhdmlkQGRzd2ViaG9zdGluZy5uZXQARHVtYm9kczI4Iw==) Feb 2 14:15:27 haraka haraka[3249]: [NOTICE] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] disconnect ip=144.48.37.4 rdns=NXDOMAIN helo=[10.8.3.33] relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="500 very bad karma score: -12" time=15.107

I cannot for the life of me work out where/how I can disable karma for authenticated users.

Steps to reproduce

pfrejowski commented 5 years ago

Hi

I had similar problem, I solved it by tuning karma.ini and giving more points for authentication, so try to add in /data/haraka/config/karma.ini 

[result_awards]
162 = auth                | pass    | match  | auth      |  18  | Authentication success

default value is 9, I added 9 so now it's 18, you can test and add different values.

here you can find defaults: /jails/haraka/root/Haraka/node_modules/haraka-plugin-karma/config/karma.ini

lunaticds commented 5 years ago

Thank you Piotr. I've looked at what you've suggested and I found that tuning auth surprisingly didn't quite manage to solve the issue (though the logs make it seem like the culprit).

I've had to tune the negative score under Thresholds which seems to have at least made the service usable again; though I need to wind the score I've used back a bit. (server is production so more interested in restoration at this point!). I couldn't find the right configuration file without your help, so it certainly pointed me in the right direction.
Thanks again.

msimerson commented 5 years ago

There are a lot of inputs to karma. You need to look at some sample messages with high karma scores and see what rules are contributing to the negative scores. The karma rules are logged and they correspond with the rules in karma.ini. If you use the watch and log-reader plugins, the data is easier to grok. Grab a message id and view it using watch. Example:

79E66078-E5D5-474A-AA86-9E02CA5EAFB7

Then adjust/tune the rules accordingly.

Here's an example I just pulled from my server:

Policy Rules
-7, DNS Blacklist (b.barracudacentral.org)
-6, FCrDNS has no rDNS (has_rdns)
-6, DNS Blacklist (psbl.surriel.com)
-5, DNS Blacklist (zen.spamhaus.org)
-5, DNS Blacklist (truncate.gbudb.net)
-3, DNS Blacklist (bl.spamcop.net)
-3, DNS Blacklist (dnsbl-1.uceprotect.net)
-3, SPF soft fail (SoftFail)
-2, IP reputation is spam-only (all_bad)
-2, DNS Blacklist (dnsbl.sorbs.net)
-1, IP reputation is negative (-1)
-1, DNS Blacklist (dnsbl.justspam.org)
-1, Geographic distance is unusual for ham (4000)
-1, Geographic distance is unusual for ham (8000)
-1, HELO host fails forward DNS (forward_dns)
-1, IP reputation is very poor (-3)
-1, RFC Ignorant MTA (rfc5321.MailFrom)
-1, RFC Ignorant MTA (rfc5321.RcptTo)
Steps to Resolve
Disinfect your host/network
Set up https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
Maintain DNS properly
Clean up DNSBL listing
Use valid HELO hostname
Use a RFC compliant MTA
Raw Logs
79E66078-E5D5-474A-AA86-9E02CA5EAFB7

Feb  2 15:03:28 [NOTICE] [core] connect ip=123.200.6.11 port=51600 local_ip=:: local_port=25
Feb  2 15:03:29 [INFO] [karma] score: 0, good: 0, bad: 8, connections: 8, history: -8, fail:all_bad
Feb  2 15:03:29 [INFO] [p0f] os="Linux 3.x" link_type="generic tunnel or VPN" distance=22 total_conn=1
Feb  2 15:03:30 [INFO] [fcrdns] ptr_multidomain: false, has_rdns: false, ptr_name_has_ips: false, fail:has_rdns
Feb  2 15:03:30 [INFO] [access] fail:invalid domain: NXDOMAIN
Feb  2 15:03:30 [INFO] [geoip] AS, BD, 13688km
Feb  2 15:03:30 [INFO] [dnsbl] fail:b.barracudacentral.org, dnsbl.sorbs.net, zen.spamhaus.org, bl.spamcop.net, truncate.gbudb.net, dnsbl.justspam.org, dnsbl-1.uceprotect.net, psbl.surriel.com
Feb  2 15:03:30 [INFO] [asn] asn: 23688, org: Link3 Technologies Ltd., asn_score: -115, asn_connections: 114, asn_good: 0, asn_bad: 115, fail:asn:all_bad
Feb  2 15:03:35 [INFO] [helo.checks] helo_host: maerke.nl, ips: 5.157.84.112, fail:rdns_match, forward_dns(no IP match), pass:match_re, bare_ip, dynamic, big_co(not), valid_hostname, host_mismatch
Feb  2 15:03:35 [INFO] [spf] identity=helo ip=123.200.6.11 domain="maerke.nl" mfrom= result=SoftFail
Feb  2 15:03:35 [INFO] [spf] scope: helo, result: SoftFail, domain: maerke.nl
Feb  2 15:03:40 [INFO] [1] [spf] identity=mfrom ip=123.200.6.11 domain="maerke.nl" mfrom= result=SoftFail
Feb  2 15:03:40 [INFO] [1] [spf] scope: mfrom, result: SoftFail, domain: maerke.nl
Feb  2 15:03:40 [INFO] [1] [qmail-deliverable] not local
Feb  2 15:03:40 [INFO] [1] [karma] RFC ignorant env addr format: MAIL FROM: 
Feb  2 15:03:44 [INFO] [1] [known-senders] []
Feb  2 15:03:44 [NOTICE] [1] [core] sender  code=CONT msg=""
Feb  2 15:03:45 [INFO] [1] [qmail-deliverable] not deliverable
Feb  2 15:03:45 [INFO] [1] [karma] illegal envelope address format: RCPT TO: 
Feb  2 15:03:49 [NOTICE] [1] [core] recipient  code=OK msg="" sender=JosephAllen@maerke.nl
Feb  2 15:03:50 [INFO] [1] [core] client [123.200.6.11] half closed connection
Feb  2 15:03:50 [INFO] [1] [karma] score: -50, good: 0, bad: 8, connections: 8, history: -8, awards: 004,005,007,086,001,002,111,120,116,114,112,119,115,113,133,151,012,013, fail:all_bad, rfc5321.MailFrom, rfc5321.RcptTo, rcpt_to
Feb  2 15:03:50 [INFO] [1] [karma] score: -50, good: 0, bad: 8, connections: 8, history: -8, awards: 004,005,007,086,001,002,111,120,116,114,112,119,115,113,133,151,012,013, fail:all_bad, rfc5321.MailFrom, rfc5321.RcptTo, rcpt_to
Feb  2 15:03:50 [NOTICE] [1] [core] disconnect ip=123.200.6.11 rdns=NXDOMAIN helo=maerke.nl relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=1 rcpts=0/0/1 msgs=0/0/0 bytes=0 lr="550 I cannot deliver mail for " time=21.559