1 Topic by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Topic: Dashboard shows <> as top ten senders

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

iRedMail 0.9.2
CentOS 6.x
Linux MySQL
Apache
IredAdmin Pro


NOTED: several posts like this:
http://www.iredmail.org/forum/topic9485 … works.html


Postfix has the following values:
mynetworks = 127.0.0.0/8 10.0.0.0/24
mynetworks_style = subnet
smtpd_relay_restrictions = permit_mynetworks

Settings.py has the following:
plugins = ['reject_null_sender', 'amavisd_wblist', 'sql_alias_access_policy', 'sql_user_restrictions']


Dashboard still shows heavy senders use by "<>" in the Top 10 Senders field.  Is this in fact likely to be a breach of password, error in MYNETWORKS configuration and/or relay, or ____? 

Cheers.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: Dashboard shows <> as top ten senders

It is an empty FROM Address, this happens when an incoming email requests a notification of arrival/read, it'll reply with no FROM Address.

7t3chguy's Website

3 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

7t3chguy wrote:

It is an empty FROM Address, this happens when an incoming email requests a notification of arrival/read, it'll reply with no FROM Address.

"It'll" replay...  Meaning postfix will reply to any notice request as an empty from value?    If correct, is that a problem and/or increase blacklist risks as spammer? 

How does on know that is the case verse a scenario where someone has obtained a users password and is passing e-mail (spamming) without a from value.  Thus, the null sender scenario I believe Zhang references in one post?

4 Reply by pbf343 (edited by pbf343 2015-07-07 02:51:32)

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

Afraid I'm not convinced for items like this reason... 

The iRedAdmin-Pro has blacklist options.  ? - web blacklist plugin.  Yet it seems to be failing. 

Example:  keep getting credit card offers from a group of IPs associated with this domain.   Yet the IPs of sending machine are in the list, the domain name is in the list, etc. and still accepts the mail. 


Received: from ajay152.downloadimage.info (ajay152.downloadimage.info [109.120.168.152])

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=downloadimage.info;
h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=bounce@downloadimage.info;
bh=3hQqZoLdNZ5jBLoP0CNJJQwVrsQ=;
b=l4nTJ5GN2ZFRp8w17mU7DWDQ6syQ7pFKSKQHD+Y7WOUmR0D0zW8E+B7YM4Oebui0UClMdeWoYUfP
   asyuQaj3JZgAisd7s3cmhsuis5cq4edHsTZGSuwEqarpR6/6tMcyFdITdCwhOcIublGHEgHgLSDb
   aYJoshyyeh0SMLw9kDg=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=downloadimage.info;
b=dZbD/XwpNpk+jeC1J08BIWt5CgOAihuP2I9RL+BlS5bS9eT1MF+4d8yNxVl3lZyPoHSwHzfrJknv
   Fjcp1XJFf7Apj7+48N1ghoSrLVTG75WhFAmwsdgV8mHN4RFYcdBrcPW1wvOjvFekOcWRSjdPfs4h
   silVEVT4RQgkh3SOFYs=;


Assuming I understand correctly, this is one of the plugins (amavisd_wblist) in the settings.py file.
plugins = ['reject_null_sender', 'amavisd_wblist', 'sql_alias_access_policy', 'sql_user_restrictions']

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

iRedAPD plugin 'amavisd_wblist' is used for white/blacklisting for inbound messages. If it doesn't work as expected, please turn on debug mode in iRedAPD and paste related log in /var/log/iredapd.log here. Reference:
http://www.iredmail.org/docs/debug.iredapd.html

About the null sender, please check both iRedAPD (with debug enabled) and Postfix log, check whether your Postfix sent many non-delivery notifications, or received many emails with null senders.

6 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:

iRedAPD plugin 'amavisd_wblist' is used for white/blacklisting for inbound messages. If it doesn't work as expected, please turn on debug mode in iRedAPD and paste related log in /var/log/iredapd.log here. Reference:
http://www.iredmail.org/docs/debug.iredapd.html

2015-07-07 11:31:46 DEBUG Returned SQL Record: ('', '', '', '')
2015-07-07 11:31:46 DEBUG No recipient restriction.
2015-07-07 11:31:46 DEBUG <-- Result: DUNNO
2015-07-07 11:31:46 DEBUG Error while closing Amavisd database connection: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:31:46 INFO [208.53.48.191] bounces+1605752-468f-user=domain_name.com@mail8.shared.hubspot.com -> user@domain_name.com, DUNNO
2015-07-07 11:31:46 DEBUG Session ended
2015-07-07 11:31:46 DEBUG Closed SQL connection.
2015-07-07 11:31:46 DEBUG smtp session: request=smtpd_access_policy
2015-07-07 11:31:46 DEBUG smtp session: protocol_state=RCPT
2015-07-07 11:31:46 DEBUG smtp session: protocol_name=ESMTP
2015-07-07 11:31:46 DEBUG smtp session: client_address=x.x.x.x
2015-07-07 11:31:46 DEBUG smtp session: client_name=5053c91.responsideexpension.link
2015-07-07 11:31:46 DEBUG smtp session: reverse_client_name=5053c91.responsideexpension.link
2015-07-07 11:31:46 DEBUG smtp session: helo_name=5053c91.responsideexpension.link
2015-07-07 11:31:46 DEBUG smtp session: sender=HomeSolarDeals@responsideexpension.link
2015-07-07 11:31:46 DEBUG smtp session: recipient=josh@domain_name.com
2015-07-07 11:31:46 DEBUG smtp session: recipient_count=0
2015-07-07 11:31:46 DEBUG smtp session: queue_id=
2015-07-07 11:31:46 DEBUG smtp session: instance=1974.559bf0e2.4fedc.0
2015-07-07 11:31:46 DEBUG smtp session: size=6956
2015-07-07 11:31:46 DEBUG smtp session: etrn_domain=
2015-07-07 11:31:46 DEBUG smtp session: stress=
2015-07-07 11:31:46 DEBUG smtp session: sasl_method=
2015-07-07 11:31:46 DEBUG smtp session: sasl_username=
2015-07-07 11:31:46 DEBUG smtp session: sasl_sender=
2015-07-07 11:31:46 DEBUG smtp session: ccert_subject=
2015-07-07 11:31:46 DEBUG smtp session: ccert_issuer=
2015-07-07 11:31:46 DEBUG smtp session: ccert_fingerprint=
2015-07-07 11:31:46 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-07-07 11:31:46 DEBUG smtp session: encryption_protocol=
2015-07-07 11:31:46 DEBUG smtp session: encryption_cipher=
2015-07-07 11:31:46 DEBUG smtp session: encryption_keysize=0
2015-07-07 11:31:46 DEBUG --> Apply plugin: reject_null_sender
2015-07-07 11:31:46 DEBUG <-- Result: DUNNO
2015-07-07 11:31:46 DEBUG Creating Amavisd database connection.
2015-07-07 11:31:46 DEBUG Error while creating Amavisd database connection: (1045, "Access denied for user 'amavisd'@'localhost' (using password: YES)")
2015-07-07 11:31:46 DEBUG Skip plugin, error while getting db cursor: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:31:46 DEBUG --> Apply plugin: sql_alias_access_policy
2015-07-07 11:31:46 DEBUG SQL: query access policy: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='josh@domain_name.com'
                AND address <> goto
                AND active=1
            LIMIT 1
   
2015-07-07 11:31:46 DEBUG SQL: record: None
2015-07-07 11:31:46 DEBUG <-- Result: DUNNO (Not mail alias)
2015-07-07 11:31:46 DEBUG --> Apply plugin: sql_user_restrictions
2015-07-07 11:31:46 DEBUG SQL to get restriction rules of sender (homesolardeals@responsideexpension.link):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='homesolardeals@responsideexpension.link'
        LIMIT 1
   
2015-07-07 11:31:46 DEBUG Returned SQL Record: None
2015-07-07 11:31:46 DEBUG SQL to get restriction rules of recipient (josh@domain_name.com):
            SELECT
                allowedrecipients, rejectedrecipients,
                allowedsenders, rejectedsenders
            FROM mailbox
            WHERE username='josh@domain_name.com'
            LIMIT 1
       
2015-07-07 11:31:46 DEBUG Returned SQL Record: ('', '', '', '')
2015-07-07 11:31:46 DEBUG No recipient restriction.
2015-07-07 11:31:46 DEBUG <-- Result: DUNNO
2015-07-07 11:31:46 DEBUG Error while closing Amavisd database connection: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:31:46 INFO [76.74.216.217] HomeSolarDeals@responsideexpension.link -> josh@domain_name.com, DUNNO
2015-07-07 11:31:46 DEBUG Session ended
2015-07-07 11:31:46 DEBUG Closed SQL connection.





2015-07-07 11:37:37 DEBUG Returned SQL Record: ('', '', '', '')
2015-07-07 11:37:37 DEBUG No recipient restriction.
2015-07-07 11:37:37 DEBUG <-- Result: DUNNO
2015-07-07 11:37:37 DEBUG Error while closing Amavisd database connection: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:37:37 INFO [70.39.66.198] info@debsurfed.com -> user@domain_name.com, DUNNO
2015-07-07 11:37:37 DEBUG Session ended
2015-07-07 11:37:37 DEBUG Closed SQL connection.
2015-07-07 11:37:38 DEBUG Connect from 127.0.0.1, port 38014.
2015-07-07 11:37:38 DEBUG smtp session: request=smtpd_access_policy
2015-07-07 11:37:38 DEBUG smtp session: protocol_state=RCPT
2015-07-07 11:37:38 DEBUG smtp session: protocol_name=ESMTP
2015-07-07 11:37:38 DEBUG smtp session: client_address=x.x.x.x
2015-07-07 11:37:38 DEBUG smtp session: client_name=mail-ig0-f177.google.com
2015-07-07 11:37:38 DEBUG smtp session: reverse_client_name=mail-ig0-f177.google.com
2015-07-07 11:37:38 DEBUG smtp session: helo_name=mail-ig0-f177.google.com
2015-07-07 11:37:38 DEBUG smtp session: sender=doug+caf_=user=domain_name.com@marcshomes.net
2015-07-07 11:37:38 DEBUG smtp session: recipient=user@domain_name.com
2015-07-07 11:37:38 DEBUG smtp session: recipient_count=0
2015-07-07 11:37:38 DEBUG smtp session: queue_id=
2015-07-07 11:37:38 DEBUG smtp session: instance=1b96.559bf242.44037.0
2015-07-07 11:37:38 DEBUG smtp session: size=5900
2015-07-07 11:37:38 DEBUG smtp session: etrn_domain=
2015-07-07 11:37:38 DEBUG smtp session: stress=
2015-07-07 11:37:38 DEBUG smtp session: sasl_method=
2015-07-07 11:37:38 DEBUG smtp session: sasl_username=
2015-07-07 11:37:38 DEBUG smtp session: sasl_sender=
2015-07-07 11:37:38 DEBUG smtp session: ccert_subject=
2015-07-07 11:37:38 DEBUG smtp session: ccert_issuer=
2015-07-07 11:37:38 DEBUG smtp session: ccert_fingerprint=
2015-07-07 11:37:38 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-07-07 11:37:38 DEBUG smtp session: encryption_protocol=TLSv1.2
2015-07-07 11:37:38 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2015-07-07 11:37:38 DEBUG smtp session: encryption_keysize=128
2015-07-07 11:37:38 DEBUG --> Apply plugin: reject_null_sender
2015-07-07 11:37:38 DEBUG <-- Result: DUNNO
2015-07-07 11:37:38 DEBUG Creating Amavisd database connection.
2015-07-07 11:37:38 DEBUG Error while creating Amavisd database connection: (1045, "Access denied for user 'amavisd'@'localhost' (using password: YES)")
2015-07-07 11:37:38 DEBUG Skip plugin, error while getting db cursor: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:37:38 DEBUG --> Apply plugin: sql_alias_access_policy
2015-07-07 11:37:38 DEBUG SQL: query access policy: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='user@domain_name.com'
                AND address <> goto
                AND active=1
            LIMIT 1
   
2015-07-07 11:37:38 DEBUG SQL: record: None
2015-07-07 11:37:38 DEBUG <-- Result: DUNNO (Not mail alias)
2015-07-07 11:37:38 DEBUG --> Apply plugin: sql_user_restrictions
2015-07-07 11:37:38 DEBUG SQL to get restriction rules of sender (doug+caf_=user=domain_name.com@marcshomes.net):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='doug+caf_=user=domain_name.com@marcshomes.net'
        LIMIT 1
   
2015-07-07 11:37:38 DEBUG Returned SQL Record: None
2015-07-07 11:37:38 DEBUG SQL to get restriction rules of recipient (user@domain_name.com):
            SELECT
                allowedrecipients, rejectedrecipients,
                allowedsenders, rejectedsenders
            FROM mailbox
            WHERE username='user@domain_name.com'
            LIMIT 1
       
2015-07-07 11:37:38 DEBUG Returned SQL Record: ('', '', '', '')
2015-07-07 11:37:38 DEBUG No recipient restriction.
2015-07-07 11:37:38 DEBUG <-- Result: DUNNO
2015-07-07 11:37:38 DEBUG Error while closing Amavisd database connection: AmavisdDBWrap instance has no attribute 'cursor'
2015-07-07 11:37:38 INFO [209.85.213.177] doug+caf_=usern=domain_name.com@marcshomes.net -> user@domain_name.com, DUNNO
2015-07-07 11:37:38 DEBUG Session ended
2015-07-07 11:37:38 DEBUG Closed SQL connection.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

pbf343 wrote:

2015-07-07 11:31:46 DEBUG Error while creating Amavisd database connection: (1045, "Access denied for user 'amavisd'@'localhost' (using password: YES)")

You don't have correct SQL username/password for Amavisd sql database in /opt/iredapd/settings.py. Please fix it, restart iRedAPD service, then try again.

8 Reply by pbf343 (edited by pbf343 2015-07-07 23:59:05)

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:
pbf343 wrote:

2015-07-07 11:31:46 DEBUG Error while creating Amavisd database connection: (1045, "Access denied for user 'amavisd'@'localhost' (using password: YES)")

You don't have correct SQL username/password for Amavisd sql database in /opt/iredapd/settings.py. Please fix it, restart iRedAPD service, then try again.

Yes, will do. Thank you!

Does that map to amavisd database, users table? 


Back later with update as out for few.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

iRedAPD plugin `amavisd_wblist` queries Amavisd sql database.

in old iRedMail releases, we have white/blacklisting offered by Policyd/Cluebringer, and Amavisd, white/blacklists are not shared. so we develop `amavisd_wblist` plugin to make it possible.

10 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:

iRedAPD plugin `amavisd_wblist` queries Amavisd sql database.

in old iRedMail releases, we have white/blacklisting offered by Policyd/Cluebringer, and Amavisd, white/blacklists are not shared. so we develop `amavisd_wblist` plugin to make it possible.


Thanks. 

So does the settings.py map to the mysql database, user: amavid/password or is this value in different database/location?

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

You should set Amavisd SQL database credential in /opt/iredapd/settings.py. Check /opt/iredapd/settings.py.sample for sample settings.

12 Reply by pbf343 (edited by pbf343 2015-07-08 23:07:30)

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:

You should set Amavisd SQL database credential in /opt/iredapd/settings.py. Check /opt/iredapd/settings.py.sample for sample settings.

Hello,
My apologies for making this more complex than it really should be.  However, I'm not clear on what your stating to set the password too, so please bear with me as I try to communicate it more clearly. 

I've looked at the settings.py and the sample file.  They do both reflect what appears to be the database as follows:
amavisd_db_name = "amavisd"
amavisd_db_user = "amavisd"
amavisd_db_password = "Correct_Password_Value"


That being said, I understand the process to be the following steps.  Would you please correct any errors on my part?
Step 1) Locate the correct database password in MySQL.
Step 2) Insert this value into the amavisd_db_password = "Correct_Password_Value" for the database connection in the settings.py file.
Step 3) Restart the service: iredapd.   

So, in looking in MySQL for the correct database password, I first thought the database password value would be in amavisd database.  However, there is No amavisd user or password in any table of that database.  I could have made a mistake somewhere, but I cannot locate any amavisd user in ANY of the databases/tables OTHER than MySQL itself (amavisd, vmail, etc.).   

Where do I locate the correct amavisd password from MySQL to insert into the settings.py file? 


Additional questions/concerns as result of this:
The amavisd database table: users
a) seem to have values which I find confusing (as possibly wrong).  Those values appear to possibly be related to some of the standard email users on the system.  Does that sound correct?

b) Also in the 'users" table is a value of "@." in the email column.  Should this be in the table?  I ask because the iRedAdmin-Pro web interface page (Whitelists & Blacklists:https://some_domain/iredadmin/system/wblist)  implies that the value of "@." would result in "ALL accounts" possibly being blocked.  So, is this intended to say all email will be blocked?

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

pbf343 wrote:

Where do I locate the correct amavisd password from MySQL to insert into the settings.py file? 

Check 'iRedMail.tips' file. You remember this file?
Or, check '@storage_sql_dsn' setting in Amavisd config file. Reference: http://www.iredmail.org/docs/file.locat … ml#amavisd

pbf343 wrote:

a) seem to have values which I find confusing (as possibly wrong).  Those values appear to possibly be related to some of the standard email users on the system.  Does that sound correct?

Yes. But it could be in additional formats like: @. (a catch-all account), @domain.com (entire domain), @.domain.com (entire + all sub-domains), etc. NOTE: They're used by Amavisd and (some) iRedAPD plugins.

pbf343 wrote:

b) Also in the 'users" table is a value of "@." in the email column.  Should this be in the table?  I ask because the iRedAdmin-Pro web interface page (Whitelists & Blacklists:https://some_domain/iredadmin/system/wblist)  implies that the value of "@." would result in "ALL accounts" possibly being blocked.  So, is this intended to say all email will be blocked?

'amavisd.users' table contains local users. It doesn't mean "block" or "bypass" with just the sql record in `amavisd.users`.

To make it clearer, i wrote a basic tutorial moment ago, it explains how Amavisd uses each tables. Hope it helps:
http://www.iredmail.org/docs/amavisd.sql.db.html

Note: still not yet finished.

14 Reply by pbf343 (edited by pbf343 2015-07-09 00:29:14)

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:
pbf343 wrote:

Where do I locate the correct amavisd password from MySQL to insert into the settings.py file? 

Check 'iRedMail.tips' file. You remember this file?
Or, check '@storage_sql_dsn' setting in Amavisd config file. Reference: http://www.iredmail.org/docs/file.locat … ml#amavisd

Yes remember that file and it has a value.  However, this system was maintained by another person and has had two upgrades (performed by you) so I did not think that file would be accurate today.    Thanks for the tip/tips :-)

Ironically, I also looked in the original "config" file which is also archived on the system.  It has a value which I just tried.  if understanding the logs, it is working now without any db_connection errors at this time.  The value does in fact match the iRedMail.tips file value as well.  So, it appears to have NOT been altered. 
Example:
2015-07-08 12:27:18 DEBUG smtp session: encryption_cipher=
2015-07-08 12:27:18 DEBUG smtp session: encryption_keysize=0
2015-07-08 12:27:18 DEBUG --> Apply plugin: reject_null_sender
2015-07-08 12:27:18 DEBUG <-- Result: DUNNO
2015-07-08 12:27:18 DEBUG Creating Amavisd database connection.
2015-07-08 12:27:18 DEBUG Got db cursor.
2015-07-08 12:27:18 DEBUG --> Apply plugin: amavisd_wblist
2015-07-08 12:27:18 DEBUG Possible policy senders: ['@.', 'fernanda@speedjon.com', '@speedjon.com', '@.speedjon.com', '@com', '@.com', '82.211.35.173', '82.*.*.*', '*.*.*.173', '82.*.35.173', '82.211.35.*', '82.211.*.173', '*.211.35.173', '82.*.*.173', '*.*.35.173', '*.*.*.*', '82.211.*.*']




This still never answered the question as to where in the MySQL database said password lives.  Are you not willing to share where that value resides in the database?  Was I correct and that is just the hashed string of the plain text string?


ZhangHuangbin wrote:

To make it clearer, i wrote a basic tutorial moment ago, it explains how Amavisd uses each tables. Hope it helps:
http://www.iredmail.org/docs/amavisd.sql.db.html

Great, I will read it today.  However, I'm getting an error when following the link.  Maybe it is not published live yet? 

ZhangHuangbin wrote:

Note: still not yet finished.

Agreed.  Watching the iredapd.log via debug mode now.  Testing some inbound e-mail which appears to be arriving.

Dashboard does in fact show Top 10 with "<>" user as high user for the existing period.
I'm thinking that:
   The db connection failure was resulting in system NOT blocking "null user"
   That if corrected the null user block should start taking place now.

Once published and read by me, what else do you recommend to investigate?

Thank you for the replies & help!

15 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

pbf343 wrote:

This still never answered the question as to where in the MySQL database said password lives.  Are you not willing to share where that value resides in the database?  Was I correct and that is just the hashed string of the plain text string?

What do you mean that i'm not willing to share the value? The sql credential defined in Amavisd config file, setting `@storage_sql_dsn` is the right one. The 32-character password is plain password, not hashed, i guess this confuses you.

pbf343 wrote:

Great, I will read it today.  However, I'm getting an error when following the link.  Maybe it is not published live yet? 

Try again: http://www.iredmail.org/docs/amavisd.sql.db.html
I wrote document in Markdown format and submitted to a Mercurial repo, documents are synced every 10 minutes.

pbf343 wrote:

Once published and read by me, what else do you recommend to investigate?

1) Use correct sql credential of amavisd sql db in iRedAPD first.
2) send some testing email to reproduce the issue.
3) Check related log files to figure it out. If you're not sure, paste related log here so that others can help.

16 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

ZhangHuangbin wrote:
pbf343 wrote:

This still never answered the question as to where in the MySQL database said password lives.  Are you not willing to share where that value resides in the database?  Was I correct and that is just the hashed string of the plain text string?

What do you mean that i'm not willing to share the value? The sql credential defined in Amavisd config file, setting `@storage_sql_dsn` is the right one. The 32-character password is plain password, not hashed, i guess this confuses you.

pbf343 wrote:

Great, I will read it today.  However, I'm getting an error when following the link.  Maybe it is not published live yet? 

Try again: http://www.iredmail.org/docs/amavisd.sql.db.html
I wrote document in Markdown format and submitted to a Mercurial repo, documents are synced every 10 minutes.

pbf343 wrote:

Once published and read by me, what else do you recommend to investigate?

1) Use correct sql credential of amavisd sql db in iRedAPD first.
2) send some testing email to reproduce the issue.
3) Check related log files to figure it out. If you're not sure, paste related log here so that others can help.

It worked and is now visible. 

Yes, updated the previous with this snippet.

2015-07-08 12:27:18 DEBUG smtp session: encryption_cipher=
2015-07-08 12:27:18 DEBUG smtp session: encryption_keysize=0
2015-07-08 12:27:18 DEBUG --> Apply plugin: reject_null_sender
2015-07-08 12:27:18 DEBUG <-- Result: DUNNO
2015-07-08 12:27:18 DEBUG Creating Amavisd database connection.
2015-07-08 12:27:18 DEBUG Got db cursor.
2015-07-08 12:27:18 DEBUG --> Apply plugin: amavisd_wblist
2015-07-08 12:27:18 DEBUG Possible policy senders: ['@.', 'fernanda@speedjon.com', '@speedjon.com', '@.speedjon.com', '@com', '@.com', '82.211.35.173', '82.*.*.*', '*.*.*.173', '82.*.35.173', '82.211.35.*', '82.211.*.173', '*.211.35.173', '82.*.*.173', '*.*.35.173', '*.*.*.*', '82.211.*.*']

17 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 247

Re: Dashboard shows <> as top ten senders

In this doc: http://www.iredmail.org/docs/amavisd.sql.db.html
'If sender (of inbound message) is blacklisted, Amavisd will quarantine this email.'

Is the message quarantined as my instances seems to be rejecting e-mail as "blacklisted"  550 when in the system blacklist verse user controlled blacklist?


Question on @domain.tld verse @.domain.tld: 
If I'm reading this correctly, does the @domain.tld NOT block all the subdomains as well?  So that if I want a domain.tld and all sub-domain.tld, I must use @.domain.tld.



"amavisd.users stores mail addresses hosted on your server. Value of column users.email uses same format as amavisd.mailaddr mentioned above."
Can you expand on this comment as to what you mean by email addresses and format matching mailaddr? 
Example:
Do you mean we should see every e-mail address hosted on our system in the database (amavisd.users.email)? So if we host 100 email account, we should see 100 email accounts?
Do you mean we should see every domain.tld hosted on our system in the database (amavisd.users.email) in some format of @domain.tld?  So if we host 100 domains on the system, we should see 100 domains in some form of @domain.tld.
Our system only has 10 entries of e-mail users hosted on our system in amavisd.users.email.  This is not even close to the number of e-mail addresses we host and not even close to the domain.tld in total either.   

The instance I am referring IS still running the previous version to this release.  So there is no amavisd.outbound_wblist (New in iRedMail-0.9.3) at this time.  However, I would think the above amavisd.users.email data would still match this document.

18 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Dashboard shows <> as top ten senders

pbf343 wrote:

'If sender (of inbound message) is blacklisted, Amavisd will quarantine this email.'
Is the message quarantined as my instances seems to be rejecting e-mail as "blacklisted"  550 when in the system blacklist verse user controlled blacklist?

I updated this document to make it clearer:

`amavisd.wblist`: used by Amavisd. If sender (of inbound message) is
      blacklisted, Amavisd will quarantine this email. But if you have iRedAPD
      plugin `amavisd_wblist` enabled, this smtp session will be rejected before
      queued by Postfix, so Amavisd doesn't know this rejected message at all.

pbf343 wrote:

Question on @domain.tld verse @.domain.tld: 
If I'm reading this correctly, does the @domain.tld NOT block all the subdomains as well?  So that if I want a domain.tld and all sub-domain.tld, I must use @.domain.tld.

Correct.

pbf343 wrote:

"amavisd.users stores mail addresses hosted on your server. Value of column users.email uses same format as amavisd.mailaddr mentioned above."
Can you expand on this comment as to what you mean by email addresses and format matching mailaddr? 
Example:
Do you mean we should see every e-mail address hosted on our system in the database (amavisd.users.email)? So if we host 100 email account, we should see 100 email accounts?
Do you mean we should see every domain.tld hosted on our system in the database (amavisd.users.email) in some format of @domain.tld?  So if we host 100 domains on the system, we should see 100 domains in some form of @domain.tld.
Our system only has 10 entries of e-mail users hosted on our system in amavisd.users.email.  This is not even close to the number of e-mail addresses we host and not even close to the domain.tld in total either.   

I updated the document to make it clearer:

`amavisd.users` stores mail addresses hosted on your server. NOTE: you don't
  need to sync all existing mail users in this table, just add mail users you
  want to define a per-account spam policy in this table.