Eu instalei psad no meu sistema Ubuntu 13 e configurei-o para enviar e-mails (tenho postfix instalado como servidor de e-mail com um relé smtp para Mandrill servidores) para algum endereço de e-mail, mas parece que o que ele envia não é compatível com os filtros do mandrill.
Esta seria uma chamada de API que atinge o mandril:
{
"from_email": null,
"from_name": null,
"send_at": null,
"async": false,
"raw_message": "Received: from pulsr.io (unknown [95.85.35.223])\n\t(Authenticated sender: [email protected])\n\tby ip-10-75-135-250 (Postfix) with ESMTPSA id C030E3C0CF4\n\tfor <[email protected]>; Mon, 14 Apr 2014 15:10:27 +0000 (UTC)\nReceived: by pulsr.io (Postfix, from userid 0)\n\tid 7E42B61753; Mon, 14 Apr 2014 11:10:27 -0400 (EDT)\nSubject: [psad-status] firewall setup warning on pulsr!\nTo: <[email protected]>\nX-Mailer: mail (GNU Mailutils 2.99.98)\nMessage-Id: <[email protected]>\nDate: Mon, 14 Apr 2014 11:10:27 -0400 (EDT)\nFrom: root@pulsr (root)\n\n[-] You may just need to add a default logging rule to the /sbin/ip6tables\n 'filter' 'INPUT' chain on pulsr. For more information,\n see the file \"FW_HELP\" in the psad sources directory or visit:\n\n http://www.cipherdyne.org/psad/docs/fwconfig.html\n",
"ip_pool": null,
"to": [
"[email protected]"
],
"return_path_domain": null,
"key": "MY_MANDRILL_API_KEY"
}
E eles responderiam com:
[
{
"email": "[email protected]",
"status": "rejected",
"_id": "a8c60b80ad3745e48398516bea7ca768",
"reject_reason": "invalid-sender"
}
]
Deve ser algo com a string raw_message
, pois outros e-mails com êxito têm os mesmos valores de null
nas propriedades, mas com um% diferente% co_de.
Um exemplo de email de trabalho seria:
{
"async": false,
"send_at": null,
"ip_pool": null,
"from_name": null,
"to": [
"[email protected]"
],
"return_path_domain": null,
"raw_message": "Received: from pulsr.io (unknown [95.85.35.223])\n\t(Authenticated sender: [email protected])\n\tby ip-10-33-35-82 (Postfix) with ESMTPSA id 894FE2031D\n\tfor <[email protected]>; Mon, 14 Apr 2014 12:52:04 +0000 (UTC)\nReceived: by pulsr.io (Postfix, from userid 0)\n\tid 51038608D5; Mon, 14 Apr 2014 08:52:04 -0400 (EDT)\nFrom: Pulsr <[email protected]>\nSubject: RKHunter\nTo: <[email protected]>\nX-Mailer: mail (GNU Mailutils 2.99.98)\nMessage-Id: <[email protected]>\nDate: Mon, 14 Apr 2014 08:52:04 -0400 (EDT)\n\nPlease inspect this machine, because it may be infected.",
"from_email": null,
"key": "MY_MANDRILL_API_KEY"
}
Com a resposta:
[
{
"email": "[email protected]",
"status": "sent",
"_id": "ab8df939be544023a8afb77be5a1e7a8",
"reject_reason": null
}
]
Estou tentando há dois dias descobrir o que está acontecendo, mas não tenho ideia. Uma pequena ajuda seria ótima se alguém encontrasse o mesmo problema antes (talvez com o SMTP do Google como retransmissão).
EDITAR : meu arquivo raw_message
do Postfix:
# RFC requirement
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
# Local user mail notification off
biff = yes
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# Hostname
myhostname = pulsr.io
# Domain
mydomain = pulsr.io
#virtual_alias_maps = hash:/etc/postfix/virtual
#virtual_alias_domains = /etc/postfix/vhosts.txt
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = pulsr localhost.pulsr.io localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Mandrill
relayhost = [smtp.mandrillapp.com]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
# Add Missing Headers
always_add_missing_headers = yes