Closed lunaticds closed 5 years ago
Hi
I had similar problem, I solved it by tuning karma.ini and giving more points for authentication, so try to add in /data/haraka/config/karma.ini
[result_awards]
162 = auth | pass | match | auth | 18 | Authentication success
default value is 9, I added 9 so now it's 18, you can test and add different values.
here you can find defaults: /jails/haraka/root/Haraka/node_modules/haraka-plugin-karma/config/karma.ini
Thank you Piotr. I've looked at what you've suggested and I found that tuning auth surprisingly didn't quite manage to solve the issue (though the logs make it seem like the culprit).
I've had to tune the negative score under Thresholds which seems to have at least made the service usable again; though I need to wind the score I've used back a bit. (server is production so more interested in restoration at this point!).
I couldn't find the right configuration file without your help, so it certainly pointed me in the right direction.
Thanks again.
There are a lot of inputs to karma. You need to look at some sample messages with high karma scores and see what rules are contributing to the negative scores. The karma rules are logged and they correspond with the rules in karma.ini
. If you use the watch
and log-reader
plugins, the data is easier to grok. Grab a message id and view it using watch. Example:
79E66078-E5D5-474A-AA86-9E02CA5EAFB7
Then adjust/tune the rules accordingly.
Here's an example I just pulled from my server:
Policy Rules
-7, DNS Blacklist (b.barracudacentral.org)
-6, FCrDNS has no rDNS (has_rdns)
-6, DNS Blacklist (psbl.surriel.com)
-5, DNS Blacklist (zen.spamhaus.org)
-5, DNS Blacklist (truncate.gbudb.net)
-3, DNS Blacklist (bl.spamcop.net)
-3, DNS Blacklist (dnsbl-1.uceprotect.net)
-3, SPF soft fail (SoftFail)
-2, IP reputation is spam-only (all_bad)
-2, DNS Blacklist (dnsbl.sorbs.net)
-1, IP reputation is negative (-1)
-1, DNS Blacklist (dnsbl.justspam.org)
-1, Geographic distance is unusual for ham (4000)
-1, Geographic distance is unusual for ham (8000)
-1, HELO host fails forward DNS (forward_dns)
-1, IP reputation is very poor (-3)
-1, RFC Ignorant MTA (rfc5321.MailFrom)
-1, RFC Ignorant MTA (rfc5321.RcptTo)
Steps to Resolve
Disinfect your host/network
Set up https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
Maintain DNS properly
Clean up DNSBL listing
Use valid HELO hostname
Use a RFC compliant MTA
Raw Logs
79E66078-E5D5-474A-AA86-9E02CA5EAFB7
Feb 2 15:03:28 [NOTICE] [core] connect ip=123.200.6.11 port=51600 local_ip=:: local_port=25
Feb 2 15:03:29 [INFO] [karma] score: 0, good: 0, bad: 8, connections: 8, history: -8, fail:all_bad
Feb 2 15:03:29 [INFO] [p0f] os="Linux 3.x" link_type="generic tunnel or VPN" distance=22 total_conn=1
Feb 2 15:03:30 [INFO] [fcrdns] ptr_multidomain: false, has_rdns: false, ptr_name_has_ips: false, fail:has_rdns
Feb 2 15:03:30 [INFO] [access] fail:invalid domain: NXDOMAIN
Feb 2 15:03:30 [INFO] [geoip] AS, BD, 13688km
Feb 2 15:03:30 [INFO] [dnsbl] fail:b.barracudacentral.org, dnsbl.sorbs.net, zen.spamhaus.org, bl.spamcop.net, truncate.gbudb.net, dnsbl.justspam.org, dnsbl-1.uceprotect.net, psbl.surriel.com
Feb 2 15:03:30 [INFO] [asn] asn: 23688, org: Link3 Technologies Ltd., asn_score: -115, asn_connections: 114, asn_good: 0, asn_bad: 115, fail:asn:all_bad
Feb 2 15:03:35 [INFO] [helo.checks] helo_host: maerke.nl, ips: 5.157.84.112, fail:rdns_match, forward_dns(no IP match), pass:match_re, bare_ip, dynamic, big_co(not), valid_hostname, host_mismatch
Feb 2 15:03:35 [INFO] [spf] identity=helo ip=123.200.6.11 domain="maerke.nl" mfrom= result=SoftFail
Feb 2 15:03:35 [INFO] [spf] scope: helo, result: SoftFail, domain: maerke.nl
Feb 2 15:03:40 [INFO] [1] [spf] identity=mfrom ip=123.200.6.11 domain="maerke.nl" mfrom= result=SoftFail
Feb 2 15:03:40 [INFO] [1] [spf] scope: mfrom, result: SoftFail, domain: maerke.nl
Feb 2 15:03:40 [INFO] [1] [qmail-deliverable] not local
Feb 2 15:03:40 [INFO] [1] [karma] RFC ignorant env addr format: MAIL FROM:
Feb 2 15:03:44 [INFO] [1] [known-senders] []
Feb 2 15:03:44 [NOTICE] [1] [core] sender code=CONT msg=""
Feb 2 15:03:45 [INFO] [1] [qmail-deliverable] not deliverable
Feb 2 15:03:45 [INFO] [1] [karma] illegal envelope address format: RCPT TO:
Feb 2 15:03:49 [NOTICE] [1] [core] recipient code=OK msg="" sender=JosephAllen@maerke.nl
Feb 2 15:03:50 [INFO] [1] [core] client [123.200.6.11] half closed connection
Feb 2 15:03:50 [INFO] [1] [karma] score: -50, good: 0, bad: 8, connections: 8, history: -8, awards: 004,005,007,086,001,002,111,120,116,114,112,119,115,113,133,151,012,013, fail:all_bad, rfc5321.MailFrom, rfc5321.RcptTo, rcpt_to
Feb 2 15:03:50 [INFO] [1] [karma] score: -50, good: 0, bad: 8, connections: 8, history: -8, awards: 004,005,007,086,001,002,111,120,116,114,112,119,115,113,133,151,012,013, fail:all_bad, rfc5321.MailFrom, rfc5321.RcptTo, rcpt_to
Feb 2 15:03:50 [NOTICE] [1] [core] disconnect ip=123.200.6.11 rdns=NXDOMAIN helo=maerke.nl relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=1 rcpts=0/0/1 msgs=0/0/0 bytes=0 lr="550 I cannot deliver mail for " time=21.559
Expected behavior
I have a fairly vanilla and recent mail-toaster build. Just discovered than any time a user tries to connect off network (using authenticated SMTP), they seem to be getting bad karma scores, and the messages are rejected. Have seen this predominantly with users connecting via mobile (cellular) networks.
Observed behavior
Example logs: Feb 2 14:15:19 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] hook=unrecognized_command plugin=karma function=hook_unrecognized_command params=AUTH retval=DENY msg="very bad karma score: -12" Feb 2 14:15:27 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] client [144.48.37.4] half closed connection Feb 2 14:15:27 haraka haraka[3249]: [INFO] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [karma] score: -12, good: 0, bad: 68, connections: 69, history: -68, awards: 004,005,007,086,132, fail:all_bad, cmd:(AUTH,PLAIN AGRhdmlkQGRzd2ViaG9zdGluZy5uZXQARHVtYm9kczI4Iw==) Feb 2 14:15:27 haraka haraka[3249]: [NOTICE] [5D00A95B-0ACB-452D-9E33-685F6A6C4B72] [core] disconnect ip=144.48.37.4 rdns=NXDOMAIN helo=[10.8.3.33] relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="500 very bad karma score: -12" time=15.107
I cannot for the life of me work out where/how I can disable karma for authenticated users.
Steps to reproduce