relay abuse through SRS about helm-charts HOT 6 OPEN

It looks like you have an open relay due to misconfigured networking on your kubernetes.

You excluded the most interesting part of the log, where the bad guy connects to you postfix. My bet would be that these excluded line tell you that connection comes from 127.0.0.1. You need to find out why and rectify it.

Apr 21 08:45:47 mail postfix/smtpd[187]: connect from localhost[127.0.0.1]

A specific advice cannot be given here as it depends, on what how network is setup and configured within your cluster and how connectivity from the bad guy to your pod actually works, you need to experiment a bit and trace how that happens.

If you google a bit, you will find a lot of similar reports for docker / kubernetes setup with other popular container based mail server implementation, which are also due to networking misconfiguration.

A couple of examples:

• mailcow/mailcow-dockerized#1145
• docker-mailserver/docker-mailserver#1405 (comment)

from helm-charts.

Hi,

Thanks for the reply, the network configuration is done thanks to the service embedded in the helm charts, the only change I've made is to turn the daemonset/nodeport into a replicaset/loadbalancer :
mailu-front LoadBalancer 10.233.54.52 10.180.0.61 110:32293/TCP,995:31537/TCP,143:30923/TCP,993:30553/TCP,25:32291/TCP,465:30046/TCP,587:30056/TCP,10025:30733/TCP,10143:31558/TCP,80:32548/TCP 36d

The "connect from localhost" message has nothing to deal with the problem, it's due to the liveness probe connecting every 10 seconds to check if server is still alive (this is also part of the helm deployment)

I've created this issue as requested by Kayou :

kaiyou
Okay, could you open an issue on the mater?
Looking at the code, there might be something wrong with our SRS implementation.
We'd have to figure out how it can be used maliciously, but definitely something is fishy around
the fact that we do not use the original sender domain in the construct for the SRS string.

from helm-charts.

Sorry, I meant kubernetes networking configuration, not the one specific to mailu as per helm chart.

The "connect from localhost" message has nothing to deal with the problem, it's due to the liveness probe connecting every 10 seconds to check if server is still alive (this is also part of the helm deployment)

Yep, that checks, yet the most interesting part of the log is missing.

from helm-charts.

Pinging @kaiyou as apparently this was discussed on Matrix.
Background: SRS was added recently on master: Mailu/Mailu#1349

from helm-charts.

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the 😃 icon to the top-right).

• 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
• 🎉 if you find it a nice bonus, but no deal-breaker
• 🚀 if you want to work on it yourself!
  We want to keep this voting open for 2 weeks from now, so please help out!

from helm-charts.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from helm-charts.