On Tue, Dec 03, 2019 at 05:05:15PM +0000, Raf Czlonka wrote:
>
> Hi Chris,
>
> Is rdns anywhere in your smtpd.conf? You forgot to attach, so only
> guessing here...
>
> Regards,
>
> Raf
Sorry. This is for the server with the problem.
I can't guarantee that it was exactly like this, since I've been
fiddling.
Please note that are hosted here for website.
no-seas-necio.ninja
strengthcouragewisdom.rocks
capuchado.com
/etc/hosts for here
127.0.0.1 localhost
::1 localhost
162.255.139.10 no-seas-necio.ninja
162.255.139.11 bennettconstruction.us
162.255.139.12 capuchado.com
162.255.139.13 strengthcouragewisdom.rocks
162.255.139.14 mail.freedomforlife.rocks
--------------------------------------------------------------------
cowboyup.xyz and bennettconstruction.us are (just as of a few days ago)
using a CNAME for mail. and www.
bennettconstruction.us has not used a CNAME for years.
----------------------------------------------------
mail is on 172.107.202.138/29
/etc/hosts for there (where problem showed up)
127.0.0.1 localhost
::1 localhost
172.107.202.138 freedomforlife.rocks
172.107.202.139 mail.no-seas-necio.ninja
172.107.202.140 cowboyup.xyz
172.107.202.141 mail.strengthcouragewisdom.rocks
172.107.202.142 mail.capuchado.com
Everything signed with Let's Encrypt correctly
pki mail.no-seas-necio.ninja cert "/etc/ssl/mail.no-seas-necio.ninja.fullchain.pem"
pki mail.no-seas-necio.ninja key "/etc/ssl/private/mail.no-seas-necio.ninja.key"
pki cowboyup.xyz cert "/etc/ssl/cowboyup.xyz.fullchain.pem"
pki cowboyup.xyz key "/etc/ssl/private/cowboyup.xyz.key"
pki mail.strengthcouragewisdom.rocks cert "/etc/ssl/mail.strengthcouragewisdom.rocks.fullchain.pem"
pki mail.strengthcouragewisdom.rocks key "/etc/ssl/private/mail.strengthcouragewisdom.rocks.key"
pki mail.capuchado.com cert "/etc/ssl/mail.capuchado.com.fullchain.pem"
pki mail.capuchado.com key "/etc/ssl/private/mail.capuchado.com.key"
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS is so 80s"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS is so 80s"
filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"
filter "dkimsignNSNN" proc-exec "filter-dkimsign -d mail.no-seas-necio.ninja -s 20191006 -k /etc/mail/dkim/mail.no-seas-necio.ninja.dkim.key" user _dkimsign group _dkimsign
filter "dkimsignSCWR" proc-exec "filter-dkimsign -d mail.strengthcouragewisdom.rocks -s 10312019scwr -k /etc/mail/dkim/mail.strengthcouragewisdom.rocks.dkim.key" user _dkimsign group _dkimsign
table aliases file:/etc/mail/aliases
table addrnames file:/etc/mail/addrnames
action "maildir" maildir alias <aliases>
action "outbound" relay helo-src <addrnames>
listen on lo0
listen on socket filter { check_dyndns, check_rdns, check_fcrdns, senderscore, dkimsignNSNN, dkimsignSCWR }
listen on 172.107.202.139 hostname "no-seas-necio.ninja" tls pki mail.no-seas-necio.ninja \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, dkimsignNSNN }
listen on 172.107.202.140 hostname "cowboyup.xyz" tls pki cowboyup.xyz \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore }
listen on 172.107.202.141 hostname "strengthcouragewisdom.rocks" tls pki mail.strengthcouragewisdom.rocks \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, dkimsignSCWR }
listen on 172.107.202.142 hostname "capuchado.com" tls pki mail.capuchado.com \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore }
match from any for domain "no-seas-necio.ninja" action "maildir"
match from any for domain "strengthcouragewisdom.rocks" action "maildir"
match from any for domain "capuchado.com" action "maildir"
match from any for domain "cowboyup.xyz" action "maildir"
match from local for any action "outbound"
table /etc/mail/addrnames (for problem server) is:
172.107.202.139 no-seas-necio.ninja
172.107.202.141 strengthcouragewisdom.rocks
172.107.202.142 capuchado.com
I can also send maillogs for here and there.
Also smtpd.conf for here too. Which I also have been fiddling with.
Obviously I need to get git on this to keep track of my changes
properly. My mistake.
Chris Bennett
No comments:
Post a Comment