I heard that port 25 is blocked on GCP, but I changed inbound and outbound ports for the SMTP server to 2525 which should be fine theoretically. I didn't know that when I registered.
When I'm trying to send emails using MDaemon Mail Server I'm getting Socket Error 10060.
What should be issue?
I opened all the needed ports on GCP firewall and Windows firewall is disabled.
Tried both Windows Server 2016 and 2019
Fri 2020-12-11 17:23:03.722: ----------
Fri 2020-12-11 17:27:42.719: REMOTE message: pd3501000000001.msg
Fri 2020-12-11 17:27:42.719: * Session 00000014; child 0001
Fri 2020-12-11 17:27:42.719: * From: [censored]
Fri 2020-12-11 17:27:42.719: * To: ins-pn02qrxe#isnotspam.com
Fri 2020-12-11 17:27:42.719: * Subject: testing
Fri 2020-12-11 17:27:42.719: * Message-ID: <WC20201211165159.320001#[censored]>
Fri 2020-12-11 17:27:42.719: * Size: 2133; <c:\mdaemon\queues\remote\pd3501000000001.msg>
Fri 2020-12-11 17:27:42.740: Resolving MX record for isnotspam.com (DNS Server: 10.172.0.1)...
Fri 2020-12-11 17:27:42.753: * P=010 S=000 D=isnotspam.com TTL=(59) MX=[isnotspam.com]
Fri 2020-12-11 17:27:42.753: Attempting SMTP connection to isnotspam.com
Fri 2020-12-11 17:27:42.753: Resolving A record for isnotspam.com (DNS Server: 10.172.0.1)...
Fri 2020-12-11 17:27:42.757: * D=isnotspam.com TTL=(59) A=[74.208.156.227]
Fri 2020-12-11 17:27:42.757: Attempting SMTP connection to 74.208.156.227:2525
Fri 2020-12-11 17:27:42.757: Waiting for socket connection...
Fri 2020-12-11 17:28:03.761: * Socket error 10060 - The connection timed out.
Fri 2020-12-11 17:28:03.761: * This message is 35 minutes old; it has 25 minutes left in this queue
Fri 2020-12-11 17:28:03.762: SMTP session terminated (Bytes in/out: 0/0)
Thank you in advance for any kind of help!
As you mentioned, you should be able to use any port for any service My recommendation is to use ports 465 or 587, since they were designed to SMTP. And follow the guidance shared by Mahboob.
Or also, you can review the following guidance about use port 2525.
Related
I have a site running on my computer using Apache 2.4 which I can easily access by using my local ipv4 address and respective port 80. The port 80 is bound to port 22*** using portmap.io and is configured with OpenVpn/tcp on my computer.I have allowed access to Apache HTTP server and Apache Server Monitor through the firewall.I have also increased keepAlive timeout in apche server to 600s, max connections.i have Listen 80 and LISTEN 22*** and ServerName as http://awm-22***.portmap.host:22*** in my httpd.conf file.You can look into for more options here.Apache handler configuration
I am using PHP as backend language.
Since the port 80 is bound to port 22470, whenever I try access my site from another device(which also uses the same wifi network as the computer running the server) using the local ipv4 address of my computer(which is running the server) and port 80 i.e
192.168..:80, it automatically redirects the browser to 192.168..:22*** and I can access my site with no difficuty. Access log in apcache server:
192.168.**.** - - [15/Dec/2022:10:08:02 +0530] "GET /abc%20xyz%20klm/ HTTP/1.1" 200 12049
192.168.**.** - - [15/Dec/2022:10:08:02 +0530] "GET /SPR/b/get_captcha.php?rand=29842778 HTTP/1.1" 200 4057
But when I try access the same site from another device(which also uses the same wifi network as the computer running the server) using the ipv4 address provided by OpenVpn to my computer(which is running the server):10.9..* and port 80 i.e 10.9..*:80, it shows TOOK TOO LONG TO RESPPOND error on the browser.But the browser's header has the following:
http://10.9.**.**4:22470/abc%20xyz%20klm/
Then why is it not loading the page. No log in apache access log file.
When I try access the same site from another device(which also uses the same wifi network as the computer running the server) using the url provided to me by portmap.io i.e: http://awm-22***.portmap.host:22***/,
The server takes too long to respond error is shown in the browser.
Access log in apcache server:
10.9.0.1 - - [15/Dec/2022:10:21:33 +0530] "GET / HTTP/1.0" 302 -
10.9.0.1 - - [15/Dec/2022:10:21:34 +0530] "GET /abc%20xyz%20klm HTTP/1.0" 301 256
OpenVpn Log:
Thu Dec 15 10:32:30 2022 SIGHUP[hard,] received, process restarting
Thu Dec 15 10:32:30 2022 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Thu Dec 15 10:32:30 2022 OpenVPN 2.5.7 [git:release/2.5/3d792ae9557b959e] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2022
Thu Dec 15 10:32:30 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Thu Dec 15 10:32:30 2022 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
Thu Dec 15 10:32:35 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]193.161.193.99:1194
Thu Dec 15 10:32:35 2022 Attempting to establish TCP connection with [AF_INET]193.161.193.99:1194 [nonblock]
Thu Dec 15 10:32:35 2022 TCP connection established with [AF_INET]193.161.193.99:1194
Thu Dec 15 10:32:35 2022 TCP_CLIENT link local: (not bound)
Thu Dec 15 10:32:35 2022 TCP_CLIENT link remote: [AF_INET]193.161.193.99:1194
Thu Dec 15 10:32:41 2022 [193.161.193.99] Peer Connection Initiated with [AF_INET]193.161.193.99:1194
Thu Dec 15 10:32:42 2022 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
Thu Dec 15 10:32:42 2022 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
Thu Dec 15 10:32:42 2022 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Thu Dec 15 10:32:42 2022 open_tun
Thu Dec 15 10:32:42 2022 tap-windows6 device [OpenVPN TAP-Windows6] opened
Thu Dec 15 10:32:42 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.**.234/255.255.255.252 on interface {798F492A-574C-4BC6-87C5-A62C6D058EC1} [DHCP-serv: 10.9.**.233, lease-time: 31536000]
Thu Dec 15 10:32:42 2022 Successful ARP Flush on interface [12] {798F492A-574C-4BC6-87C5-A62C6D058EC1}
Thu Dec 15 10:32:42 2022 IPv4 MTU set to 1500 on interface 12 using service
These are my firewall rules:
Inbound rules
Inbound rule for Port 80 Outbound rules
Firewall monitoring Domain and Private Profiles
Firewall monitoring Public Profile
What is causing the problem? Any solution will be of great help. Thanks in advance.
I am using PiVPN on my Raspberry Pi.
It connects correctly but it does not route traffic to my LAN.
My topology is the following:
LAN: 192.168.1.0/24
VPN network: 10.192.125.0/24
Laptop connected to mobile (192.168.43.1) via tethering
Laptop attempting to connect to VPN
server.conf:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.192.125.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
# push "route 192.168.1.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
mssfix 1350
This is my OVPN client conf:
client
dev tun
proto udp
remote <my_host> 1194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-auth>
...
</tls-auth>
After connecting, I have the following routing table on the client:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.192.125.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.43.1 0.0.0.0 UG 600 0 0 wlp1s0
10.192.125.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
<PUBLIC_IP> 192.168.43.1 255.255.255.255 UGH 0 0 0 wlp1s0
128.0.0.0 10.192.125.1 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp1s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.23.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
192.168.43.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0
Here I also tried explicitly pushing a route to 192.168.1.0, with no noticeable change.
On the OpenVPN server I have the following IPTABLES configuration:
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-INGRESS all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 10.192.125.0/24 ctstate RELATED,ESTABLISHED /* openvpn-forward-rule */
ACCEPT all -- 10.192.125.0/24 anywhere /* openvpn-forward-rule */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 10.192.125.0/24 anywhere /* openvpn-nat-rule */
MASQUERADE all -- anywhere anywhere ADDRTYPE match src-type LOCAL
MASQUERADE all -- 172.19.0.0/16 anywhere
I enabled forwarding on the kernel by adding net.ipv4.ip_forward=1 on sysctl.conf.
When tracerouting a host from the LAN, I see it uses the OpenVPN server as the gateway.
# traceroute 192.168.1.101
traceroute to 192.168.1.101 (192.168.1.101), 30 hops max, 60 byte packets
1 10.192.125.1 (10.192.125.1) 163.487 ms 163.746 ms 163.754 ms
2 * * *
...
These are the logs on the client when connecting:
Mon Nov 7 08:19:19 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Mon Nov 7 08:19:19 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Private Key Password: ***********************
Mon Nov 7 08:19:23 2022 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Nov 7 08:19:23 2022 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Nov 7 08:19:24 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]<PUBLIC_IP>:1194
Mon Nov 7 08:19:24 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Nov 7 08:19:24 2022 UDP link local: (not bound)
Mon Nov 7 08:19:24 2022 UDP link remote: [AF_INET]<PUBLIC_IP>:1194
Mon Nov 7 08:19:24 2022 TLS: Initial packet from [AF_INET]<PUBLIC_IP>:1194, sid=68ddb126 123bae54
Mon Nov 7 08:19:24 2022 VERIFY OK: depth=1, CN=Easy-RSA CA
Mon Nov 7 08:19:24 2022 VERIFY KU OK
Mon Nov 7 08:19:24 2022 Validating certificate extended key usage
Mon Nov 7 08:19:24 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Nov 7 08:19:24 2022 VERIFY EKU OK
Mon Nov 7 08:19:24 2022 VERIFY X509NAME OK: CN=raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5
Mon Nov 7 08:19:24 2022 VERIFY OK: depth=0, CN=raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5
Mon Nov 7 08:19:24 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Nov 7 08:19:24 2022 [raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5] Peer Connection Initiated with [AF_INET]<PUBLIC_IP>:1194
Mon Nov 7 08:19:25 2022 SENT CONTROL [raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5]: 'PUSH_REQUEST' (status=1)
Mon Nov 7 08:19:25 2022 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,block-outside-dns,redirect-gateway def1,route 192.168.1.0 255.255.255.0,route-gateway 10.192.125.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.192.125.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Nov 7 08:19:25 2022 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.7)
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: timers and/or timeouts modified
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: --ifconfig/up options modified
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: route options modified
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: route-related options modified
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: peer-id set
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Nov 7 08:19:25 2022 OPTIONS IMPORT: data channel crypto options modified
Mon Nov 7 08:19:25 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Nov 7 08:19:25 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 7 08:19:25 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 7 08:19:25 2022 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp1s0 HWADDR=a4:97:b1:8e:37:af
Mon Nov 7 08:19:25 2022 TUN/TAP device tun0 opened
Mon Nov 7 08:19:25 2022 TUN/TAP TX queue length set to 100
Mon Nov 7 08:19:25 2022 /sbin/ip link set dev tun0 up mtu 1500
Mon Nov 7 08:19:25 2022 /sbin/ip addr add dev tun0 10.192.125.3/24 broadcast 10.192.125.255
Mon Nov 7 08:19:25 2022 /sbin/ip route add <PUBLIC_IP>/32 via 192.168.1.254
Mon Nov 7 08:19:25 2022 /sbin/ip route add 0.0.0.0/1 via 10.192.125.1
Mon Nov 7 08:19:25 2022 /sbin/ip route add 128.0.0.0/1 via 10.192.125.1
Mon Nov 7 08:19:25 2022 /sbin/ip route add 192.168.1.0/24 via 10.192.125.1
Mon Nov 7 08:19:25 2022 Initialization Sequence Completed
Finally, PiVPN seems to be happy about the configuration:
root#raspberrypi:~# cat /tmp/debug.log
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
Branch: master
Commit: f8cb945af15a1ca0cf063475c6e1557c6e8da06c
Author: 4s3ti
Date: Fri Jun 10 16:10:57 2022 +0200
Summary: Merge branch 'test'
=============================================
:::: Installation settings ::::
PLAT=Debian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=wlan1
dhcpReserv=1
IPv4addr=192.168.1.223/24
IPv4gw=192.168.1.254
install_user=pi
install_home=/home/pi
VPN=openvpn
pivpnPROTO=udp
pivpnPORT=1194
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnSEARCHDOMAIN=
pivpnHOST=REDACTED
TWO_POINT_FOUR=0
pivpnENCRYPT=2048
USE_PREDEFINED_DH_PARAM=1
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=1
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnDEV=tun0
pivpnNET=10.192.125.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS=""
UNATTUPG=1
INSTALLED_PACKAGES=(dnsutils grepcidr bsdmainutils iptables-persistent openvpn expect unattended-upgrades)
HELP_SHOWN=1
=============================================
:::: Server configuration shown below ::::
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.192.125.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
# push "route 192.168.1.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
mssfix 1350
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
=============================================
:::: Client template file shown below ::::
client
dev tun
proto udp
remote REDACTED 1194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
=============================================
:::: Recursive list of files in ::::
::: /etc/openvpn/easy-rsa/pki shows below :::
/etc/openvpn/easy-rsa/pki/:
Default.txt
MirkoSmartphone.ovpn
Motog8Mirko3.ovpn
ca.crt
crl.pem
dh2048.pem
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
openssl-easyrsa.cnf
private
revoked
safessl-easyrsa.cnf
serial
serial.old
ta.key
vars
vars.example
/etc/openvpn/easy-rsa/pki/issued:
MirkoSmartphone.crt
Motog8Mirko3.crt
motog8mirko.crt
raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.crt
/etc/openvpn/easy-rsa/pki/private:
MirkoSmartphone.key
Motog8Mirko3.key
ca.key
motog8mirko.key
raspberrypi_f55e286b-94c2-4b4c-b43b-a5e53bf7e7d5.key
/etc/openvpn/easy-rsa/pki/revoked:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/revoked/private_by_serial:
/etc/openvpn/easy-rsa/pki/revoked/reqs_by_serial:
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Iptables FORWARD rule set
:: [OK] OpenVPN is running
:: [OK] OpenVPN is enabled (it will automatically start on reboot)
:: [OK] OpenVPN is listening on port 1194/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: Snippet of the server log ::::
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: REDACTED:33665 peer info: IV_SSO=webauth,openurl
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: REDACTED:33665 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: REDACTED:33665 [Motog8Mirko3] Peer Connection Initiated with [AF_INET]REDACTED:33665
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI_sva: pool returned IPv4=10.192.125.2, IPv6=(Not enabled)
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/Motog8Mirko3
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: Learn: 10.192.125.3 -> Motog8Mirko3/REDACTED:33665
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: primary virtual IP for Motog8Mirko3/REDACTED:33665: 10.192.125.3
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 Data Channel: using negotiated cipher 'AES-256-GCM'
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 Data Channel MTU parms [ L:1549 D:1350 EF:49 EB:406 ET:0 EL:3 ]
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 SENT CONTROL [Motog8Mirko3]: 'PUSH_REPLY,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,block-outside-dns,redirect-gateway def1,route-gateway 10.192.125.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.192.125.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 PUSH: Received control message: 'PUSH_REQUEST'
Nov 7 08:49:16 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_0] 0:3 0:2 t=1667807356[0] r=[0,64,15,1,1] sl=[61,3,64,528]
Nov 7 08:49:17 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
Nov 7 08:49:17 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
Nov 7 08:49:19 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
Nov 7 08:49:19 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
Nov 7 08:49:23 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
Nov 7 08:49:23 raspberrypi ovpn-server[142996]: Motog8Mirko3/REDACTED:33665 MULTI: bad source address from client [10.88.113.212], packet dropped
=============================================
:::: Debug complete ::::
I am trying to send a mail with a non root user (also by tuleap application) but i have some trouble.
when we use a root user with command
echo “TR : This is a test of sending mail” | mail -s Test <mail>
it return this log and my email is sent
Mar 10 16:59:09 localhost sendmail[11969]: t2AGx9Up011969: from=root, size=258, class=0, nrcpts=1, msgid=<201503101659.t2AGx9Up011969#localhost.localdomain>, relay=root#localhost
Mar 10 16:59:09 localhost sendmail[11970]: t2AGx9Js011970: from=<root#localhost.localdomain>, size=521, class=0, nrcpts=1, msgid=<201503101659.t2AGx9Up011969#localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Mar 10 16:59:09 localhost sendmail[11969]: t2AGx9Up011969: to=<my mail>, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30258, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2AGx9Js011970 Message accepted for delivery)
Mar 10 16:59:12 localhost sendmail[11972]: STARTTLS=client, relay=<my SMTP server>, version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 10 16:59:15 localhost sendmail[11972]: t2AGx9Js011970: to=<my mail>, ctladdr=<root#localhost.localdomain> (0/0), delay=00:00:06, xdelay=00:00:06, mailer=relay, pri=120521, relay=<my SMTP server> [IP], dsn=2.0.0, stat=Sent (OK id=1YVNUv-002ihW-JJ)
but when we use an other use (like codendiadm as used by tuleap) with the same command, it return this log without sending mail
Mar 10 16:59:53 localhost sendmail[12024]: t2AGxrhg012024: from=codendiadm, size=258, class=0, nrcpts=1, msgid=<201503101659.t2AGxrhg012024#localhost.localdomain>, relay=codendiadm#localhost
Mar 10 16:59:53 localhost sendmail[12025]: t2AGxr16012025: from=<codendiadm#localhost.localdomain>, size=556, class=0, nrcpts=1, msgid=<201503101659.t2AGxrhg012024#localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Mar 10 16:59:53 localhost sendmail[12024]: t2AGxrhg012024: to=<my mail>, ctladdr=codendiadm (495/492), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30258, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2AGxr16012025 Message accepted for delivery)
Mar 10 16:59:57 localhost sendmail[12027]: STARTTLS=client, relay=<my SMTP server>, version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 10 17:00:00 localhost sendmail[12027]: t2AGxr16012025: to=<my mail>, ctladdr=<codendiadm#localhost.localdomain> (495/492), delay=00:00:07, xdelay=00:00:07, mailer=relay, pri=120556, relay=<my SMTP server> [IP], dsn=5.1.1, stat=User unknown
Mar 10 17:00:00 localhost sendmail[12027]: t2AGxr16012025: t2AH0016012027: DSN: User unknown
Try to remove sendmail and install postfix instead. And tell me if it works better this way. You'll find how to do it here.
On our server, we keep receiving spam with the following headers. We are using whm 11.44 and exim.
Return path is always:
Return-path: <>
and it says Received: from unknown (HELO localhost)
Both which raise flags. We're just not sure exactly how to stop/reject them.
From - Mon Feb 16 14:27:02 2015
X-Account-Key: account3
X-UIDL: UID10475-1296887657
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <>
Envelope-to: me#myserver.com
Delivery-date: Mon, 16 Feb 2015 09:13:38 -0600
Received: from [122.160.73.62] (port=10732 helo=122.160.73.62)
by myserver.myserver.com with smtp (Exim 4.82)
id 1YNN0Z-00056c-7P
for me#myserver.com; Mon, 16 Feb 2015 08:50:47 -0600
Received: from unknown (HELO localhost) (intlimd#highgrove.net#214.92.72.48)
by 122.160.73.62 with ESMTPA; Mon, 16 Feb 2015 20:23:11 +0530
From: intlimd#highgrove.net
To: myemail#myserver.com
Subject: Do not disapoint your girl this night
http://mandatory.natur.com/ Real magic in your life
Can you please check the full logs of your this mail with the following command and let me know so that we can assist you.
cat /var/log/exim_mainlog | grep 1YNN0Z-00056c-7P
I find out my server is sending a spam. Spam is sent by postfix server. It has large queue of emails, that are going to be sent without my help. I cant understand which script is added these emails to postfix queue.
Now I have these questions:
How to determine what script is adding mails to postfix queue?
How to clear postfix queue from spam? (all emails are spam, there are no emails sent by me)
Why reports are recieved by user123? (user123 - is ubuntu user, not original, changed by security reason)
Report from /var/mail/user123:
From MAILER-DAEMON Tue Nov 11 04:01:47 2014
Return-Path: <>
X-Original-To: user123#ubuntu
Delivered-To: user123#ubuntu
Received: by ubuntu (Postfix)
id 8F0D227364; Mon, 10 Nov 2014 15:15:52 -0500 (EST)
Date: Mon, 10 Nov 2014 15:15:52 -0500 (EST)
From: MAILER-DAEMON#ubuntu (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: user123#ubuntu
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="C0BE92ECAB.1415650552/ubuntu"
Message-Id: <20141110201552.8F0D227364#ubuntu>
This is a MIME-encapsulated message.
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host ubuntu.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<quirin.cyrille#orange.fr>: delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; ubuntu
X-Postfix-Queue-ID: C0BE92ECAB
X-Postfix-Sender: rfc822; user123#ubuntu
Arrival-Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
Final-Recipient: rfc822; quirin.cyrille#orange.fr
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; delivery temporarily suspended: host
smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 mwinf5c20 ME
Adresse IP source bloquee pour incident de spam. Client host blocked for
spamming issues. OFR006_102 Ref
http://csi.cloudmark.com/reset-request/?ip=74.218.214.24 [102]
--C0BE92ECAB.1415650552/ubuntu
Content-Description: Undelivered Message Headers
Content-Type: text/rfc822-headers
Return-Path: <user123#ubuntu>
Received: by ubuntu (Postfix, from userid 1006)
id C0BE92ECAB; Wed, 5 Nov 2014 13:50:50 -0500 (EST)
From: =?UTF-8?B?T25seSBDYXNpbm8=?= <only_casino#bingo-chips.us>
To: "MOIDU88480" <quirin.cyrille#orange.fr>
Subject: =?UTF-8?B?Qm9uam91ciBNT0lEVTg4NDgwLiBWZWdhcyBEYXlzIENhc2lubyAtIExhcyBWZWdhcyBzJ2ludml0ZSBjaGV6IHZvdXMgc3VyIFZlZ2FzIERheSBDYXNpbm8h?=
Content-Type: multipart/mixed; boundary="PHP-mixed-3b3472b0874837cf2218d941eec5b6d8"
Message-Id: <20141105185050.C0BE92ECAB#ubuntu>
Date: Wed, 5 Nov 2014 13:50:50 -0500 (EST)
--C0BE92ECAB.1415650552/ubuntu--
Googling gives no result.
My google search queries could be wrong, but I really need to fix this problem.
So any help is appreciated.
If I can provide more useful information please ask it in comments.
P.S. Server is hosting magento and wordpress sites.
P.S.S. 74.218.214.24 - is IP of my dedicated server, not original. It was changed in this post due to security reason.
UPDATE
Some lines from /var/log/mail.log:
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: to=<mywookie#ymail.com>, relay=mta6.am0.yahoodns.net[98.136.216.25]:25, delay=7.7, delays=7.4/0/0.19/0.06, dsn=5.7.1, status=bounced (host mta6.am0.yahoodns.net[98.136.216.25] said: 553 5.7.1 [BL21] Connections will not be accepted from 74.218.214.24, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[10428]: 65EDE3C718: lost connection with mta6.am0.yahoodns.net[98.136.216.25] while sending RCPT TO
Nov 9 06:40:05 u17135818 postfix/pickup[10080]: 1338B3ED4A: uid=1006 from=<user123>
Nov 9 06:40:05 u17135818 postfix/cleanup[12998]: 1338B3ED4A: message-id=<20141109114005.1338B3ED4A#ubuntu>
Nov 9 06:40:05 u17135818 postfix/cleanup[13261]: 133D53ED54: message-id=<20141109114005.133D53ED54#ubuntu>
Nov 9 06:40:05 u17135818 postfix/smtp[10424]: DECBB27368: to=<toshiki_6#hotmail.com>, relay=mx2.hotmail.com[207.46.8.199]:25, delay=9.6, delays=9.3/0.02/0.19/0.06, dsn=5.0.0, status=bounced (host mx2.hotmail.com[207.46.8.199] said: 550 OU-002 (BAY004-MC6F11) Unfortunately, messages from 74.218.214.24 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Nov 9 06:40:05 u17135818 postfix/smtp[12030]: EFA783D645: to=<festefaen#gmail.com>, relay=gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b]:25, delay=7.3, delays=6.6/0/0.09/0.64, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4001:c08::1b] said: 550-5.7.1 [2607:f1c0:841:fe00::66:d8fd 12] Our system has detected that 550-5.7.1 this message is likely unsolicited mail. To reduce the amount of spam 550-5.7.1 sent to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. sd5si10854734igb.33 - gsmtp (in reply to end of DATA command))
...
Nov 11 04:01:54 u17135818 postfix/smtp[17765]: E01792762C: host mx1.free.fr[212.27.48.6] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17797]: 953592B312: host cluster1.eu.messagelabs.com[85.158.143.99] refused to talk to me: 450 Requested action aborted [7.2] 21614, please visit www.messagelabs.com/support for more details about this error message.
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: C7D883257C: from=<user123#ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 0799A259AD: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 90F4332280: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 67B8B2E7C7: from=<user123#ubuntu>, status=expired, returned to sender
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: 9063532F5D: removed
Nov 11 04:01:54 u17135818 postfix/qmgr[17712]: EE4222A874: removed
Nov 11 04:01:54 u17135818 postfix/smtp[17724]: 61C22360A0: to=<lgennuso#princetonhcs.org>, relay=smtp4.princetonhcs.org[209.123.81.114]:25, delay=381492, delays=381485/5.6/0.59/0, dsn=4.5.0, status=deferred (host smtp4.princetonhcs.org[209.123.81.114] refused to talk to me: 550 5.5.0 74.218.214.24 is blacklisted by FortiGuard. This email from IP has been rejected. The email message was detected as spam.)
Nov 11 04:01:54 u17135818 postfix/smtp[17800]: 61B3A3AD2C: to=<bigboy#starbucks.org>, relay=none, delay=259892, delays=259884/2.2/5.5/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=starbucks.org type=MX: Host not found, try again)
Nov 11 04:01:54 u17135818 postfix/smtp[17787]: CD3312175D: host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command)
Nov 11 04:01:54 u17135818 postfix/smtp[17819]: 780C624266: to=<max.charlene#aliceadsl.fr>, relay=mx1.free.fr[212.27.48.7]:25, conn_use=5, delay=227385, delays=227377/6.5/0.66/0.34, dsn=4.0.0, status=deferred (host mx1.free.fr[212.27.48.7] said: 451 too many errors detected from your IP (74.218.214.24), please visit http://postmaster.free.fr/ (in reply to DATA command))
Nov 11 04:01:54 u17135818 postfix/smtp[17778]: CE12E26756: to=<rcataldo#laposte.net>, relay=smtpz4.laposte.net[194.117.213.1]:25, delay=133031, delays=133023/6.5/0.79/0.27, dsn=5.0.1, status=bounced (host smtpz4.laposte.net[194.117.213.1] said: 501 5.0.1 Emetteur invalide. Invalid Sender. LPN007_405 (in reply to MAIL FROM command))
It looks like one service or software triggering this mails. You can block all outgoing mails frompostfix by using the mail relaying options for external domains, this is possible if you don't want to send any mails from your machine.
You can check the maillog file inside /var/log - that will give the more details, also check the command mailq to see how many mails are pending.
Update:-
Do you allowed any of other people in your network to send mail through your machine ?, then you can suspect that case. Few things I can notice from the log is that -
The mail being rejected by the receiver end saying your public IP is flooding mails.
If these mails are coming periodically and not from any of other machines in your network, then you have to find out which process or application doing this. For that you have to use the tcpdump and monitor for the TCP packets. From that you can see that, the mail client first pushing the mail to your local postfix server, then that's being forwarded to the target mail server.
This is the way I can see to find out which application sending mails from your computer.
Hope this will help you to figure out the culprit.