<div dir="ltr"><div>I've closed all the ports except port 465 as weblate connects using that, email delivery at the moment doesn't</div><div>work as expected like you said this is seen in the logs so it might take a while;</div><div><br></div><div>to=<<a href="mailto:ibiamchihurumnaya@gmail.com">ibiamchihurumnaya@gmail.com</a>>, relay=<a href="http://gmail-smtp-in.l.google.com">gmail-smtp-in.l.google.com</a>[2607:f8b0:4023:c0d::1a]:25, delay=0.99, delays=0.03/0/0.43/0.53, dsn=5.7.1, status=bounced (host <a href="http://gmail-smtp-in.l.google.com">gmail-smtp-in.l.google.com</a>[2607:f8b0:4023:c0d::1a] said: 550-5.7.1 [2001:5a8:601:f::214 19] Our system has detected that this 550-5.7.1 message is likely suspicious due to the very low reputation of the 550-5.7.1 sending domain. To best protect our users from spam, the message has 550-5.7.1 been blocked. Please visit 550 5.7.1 <a href="https://support.google.com/mail/answer/188131">https://support.google.com/mail/answer/188131</a> for more information. k190-20020a6384c7000000b005b96af23fe6si2917767pgd.284 - gsmtp (in reply to end of DATA command))</div><div><br></div><div>I was using dovecot - which is what's using imap - for authentication with postfix but it seems we don't need that so I've uninstalled it.<br> </div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre style="color:rgb(46,52,54);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><span style="font-family:monospace,monospace">-- <br></span></pre><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><span></span><span></span>Ibiam Chihurumnaya <br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><a href="mailto:ibiamchihurumnaya@gmail.com" style="color:rgb(42,118,198)" target="_blank">ibiamchihurumnaya@gmail.com</a><br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><br></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><br></span></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Oct 30, 2023 at 7:10 AM Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Postfix is still listening on port 25 (smtp), 465 (smtps) and 587 <br>
(submission). Does Weblate need to receive email? If not, please turn <br>
these off in Postfix's <a href="http://master.cf" rel="noreferrer" target="_blank">master.cf</a>.<br>
<br>
Ports 143 (imap) and 993 (imaps) are also open. Is this part of Weblate? <br>
If not, can we uninstall the IMAP service?<br>
<br>
<br>
% sudo nmap <a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">weblate.sugarlabs.org</a><br>
Not shown: 989 closed tcp ports (reset)<br>
PORT STATE SERVICE<br>
22/tcp open ssh<br>
25/tcp open smtp<br>
135/tcp filtered msrpc<br>
139/tcp filtered netbios-ssn<br>
143/tcp open imap<br>
443/tcp open https<br>
445/tcp filtered microsoft-ds<br>
465/tcp open smtps<br>
587/tcp open submission<br>
593/tcp filtered http-rpc-epmap<br>
993/tcp open imaps<br>
<br>
<br>
On 2023/10/28 10:48, Chihurumnaya Ibiam wrote:<br>
> Changed the password and restarted the containers and nginx.<br>
> <br>
> -- <br>
> <br>
> Ibiam Chihurumnaya<br>
> <a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a> <mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a>><br>
> <br>
> <br>
> <br>
> <br>
> On Sat, Oct 28, 2023 at 6:35 PM Chihurumnaya Ibiam <br>
> <<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a> <mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a>>> wrote:<br>
> <br>
> Nope, there's no root password.<br>
> <br>
> Although weblate itself has a trivial password, I'll change it and<br>
> update the docker environment file.<br>
> <br>
> -- <br>
> <br>
> Ibiam Chihurumnaya<br>
> <a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a> <mailto:<a href="mailto:ibiamchihurumnaya@gmail.com" target="_blank">ibiamchihurumnaya@gmail.com</a>><br>
> <br>
> <br>
> <br>
> <br>
> On Sat, Oct 28, 2023 at 6:06 PM Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a><br>
> <mailto:<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>>> wrote:<br>
> <br>
> Then it's possible that they guessed the root password.<br>
> <br>
> Was it something trivial or predictable, like "weblate" or<br>
> "sugarlabs"?<br>
> <br>
> <br>
> On October 28, 2023 4:49:26 PM UTC, Alex Perez<br>
> <<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a> <mailto:<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a>>> wrote:<br>
> <br>
> It is definitely listening on a public port, but it is not<br>
> an open relay:<br>
> <br>
> <br>
> <br>
> Bernie Innocenti wrote on 10/28/23 9:34 AM:<br>
>> Ibiam, is the SMTP server on weblate listening on a public<br>
>> port?<br>
>><br>
>><br>
>> On October 28, 2023 3:22:31 PM UTC, Alex Perez<br>
>> <<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a>> <mailto:<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a>> wrote:<br>
>><br>
>> FYI. The e-mail being sent from weblate appears to be<br>
>> incorrectly configured. I don't have time to deal with<br>
>> this in a timely manner, but perhaps someone else<br>
>> does. The recipient, <a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a><br>
>> <mailto:<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>>, reported they received a<br>
>> message from our weblate host, which they reported as<br>
>> spam.<br>
>><br>
>><br>
>> -------- Forwarded Message --------<br>
>> Subject: Re: [Sonic #7314311] [ABUSE] E-mail spam<br>
>> alert (23739548 from 192.184.220.214) re Good Day<br>
>> Date: Fri, 27 Oct 2023 16:43:16 -0700<br>
>> From: Sonic Abuse <<a href="mailto:abuse@sonic.net" target="_blank">abuse@sonic.net</a>><br>
>> <mailto:<a href="mailto:abuse@sonic.net" target="_blank">abuse@sonic.net</a>><br>
>> To: <a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a> <mailto:<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a>><br>
>><br>
>><br>
>><br>
>> Hello,<br>
>> Recently a message was sent from your mailbox"<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>" <mailto:<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>> and one of the receipts has reported it as spam. I have included the original headers below.<br>
>> If you sent this email, and you believe it was marked as spam incorrectly, you may want to contact the recipient.<br>
>> However if you did not send this email, it is likely that your mailbox was compromised and needs to be secured.<br>
>> If you have any questions, you can respond to this email or contact our customer support department.<br>
>><br>
>> --1698095665.7060_boundary<br>
>> Content-Type: message/feedback-report<br>
>><br>
>> Feedback-Type: abuse<br>
>> User-Agent: mspam/1.3<br>
>> Version: 1<br>
>> Source-IP: 192.184.220.214<br>
>> <a href="mailto:Original-Rcpt-To%3Ajohnl@iecc.com" target="_blank">Original-Rcpt-To:johnl@iecc.com</a> <mailto:<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>><br>
>> Received-Date: 23 Oct 2023 05:57:47 -0000<br>
>><br>
>> --1698095665.7060_boundary<br>
>> Content-Type: message/rfc822<br>
>> Content-Disposition: inline; filename="23739548.eml"<br>
>><br>
>> Return-Path:<<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>> <mailto:<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>><br>
>> X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) <a href="http://ongal.iecc.com" rel="noreferrer" target="_blank">ongal.iecc.com</a> <<a href="http://gal.iecc.com" rel="noreferrer" target="_blank">http://gal.iecc.com</a>><br>
>> X-Spam-Flag: YES<br>
>> X-Spam-Level: ****************<br>
>> X-Spam-Status: Yes, score=16.6 required=4.4 tests=ADVANCE_FEE_3_NEW_FRM_MNY,<br>
>> BAYES_50,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LONG,<br>
>> FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO,HK_SCAM,HTML_MESSAGE,<br>
>> LOTS_OF_MONEY,MIME_HTML_ONLY,MIXED_HREF_CASE,MONEY_ATM_CARD,<br>
>> MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,SPF_HELO_PASS,SPF_PASS<br>
>> autolearn=spam autolearn_force=no version=4.0.0<br>
>> X-Spam-Report:<br>
>> * -0.0 SPF_PASS SPF: sender matches SPF record<br>
>> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record<br>
>> * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%<br>
>> * [score: 0.4611]<br>
>> * 1.6 DEAR_BENEFICIARY BODY: Dear Beneficiary:<br>
>> * 0.0 HTML_MESSAGE BODY: HTML included in message<br>
>> * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<br>
>> * 2.0 MIXED_HREF_CASE Has href in mixed case<br>
>> * 1.1 HK_SCAM No description available.<br>
>> * 0.0 LOTS_OF_MONEY Huge... sums of money<br>
>> * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From<br>
>> * 0.0 FILL_THIS_FORM Fill in a form with personal information<br>
>> * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information<br>
>> * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?<br>
>> * 1.0 MONEY_ATM_CARD Lots of money on an ATM card<br>
>> * 2.1 MONEY_FRAUD_5 Lots of money and many fraud phrases<br>
>> * 1.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money<br>
>> * 0.4 FORM_FRAUD_5 Fill a form and many fraud phrases<br>
>> <a href="mailto:Delivered-To%3Ajohnl@iecc.com" target="_blank">Delivered-To:johnl@iecc.com</a> <mailto:<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>><br>
>> Received: (qmail 24861 invoked from network); 23 Oct 2023 05:57:47 -0000<br>
>> Authentication-Results:<a href="http://iecc.com" rel="noreferrer" target="_blank">iecc.com</a> <<a href="http://iecc.com" rel="noreferrer" target="_blank">http://iecc.com</a>>; spf=passspf.mailfrom=<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a> <mailto:<a href="mailto:spf.mailfrom" target="_blank">spf.mailfrom</a>=<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>> spf.helo=<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">weblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> smtp.remote-ip="192.184.220.214"; dmarc=pass header.from=<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">weblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> polrec.p=quarantine polrec.pct=5<br>
>> Received: <a href="http://fromweblate.sugarlabs.org" rel="noreferrer" target="_blank">fromweblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> (<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">weblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> [192.184.220.214])<br>
>> <a href="http://bymail1.iecc.com" rel="noreferrer" target="_blank">bymail1.iecc.com</a> <<a href="http://mail1.iecc.com" rel="noreferrer" target="_blank">http://mail1.iecc.com</a>> ([64.57.183.56])<br>
>> with ESMTPS via TCP (port 51298/25) id 720822916<br>
>> tls TLS1_3_ECDHE_RSA_AES_256_GCM_AEAD; 23 Oct 2023 05:57:47 -0000<br>
>> Received: <a href="http://fromweblate.sugarlabs.org" rel="noreferrer" target="_blank">fromweblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> (<a href="http://60-251-35-90.hinet-ip.hinet.net" rel="noreferrer" target="_blank">60-251-35-90.hinet-ip.hinet.net</a> <<a href="http://60-251-35-90.hinet-ip.hinet.net" rel="noreferrer" target="_blank">http://60-251-35-90.hinet-ip.hinet.net</a>> [60.251.35.90])<br>
>> (Authenticated sender: root)<br>
>> <a href="http://byweblate.sugarlabs.org" rel="noreferrer" target="_blank">byweblate.sugarlabs.org</a> <<a href="http://weblate.sugarlabs.org" rel="noreferrer" target="_blank">http://weblate.sugarlabs.org</a>> (Postfix) with ESMTPSA id 879DA68732<br>
>> for<<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>> <mailto:<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>>; Sun, 22 Oct 2023 22:50:32 -0700 (PDT)<br>
>> <a href="mailto:Reply-To%3Aolivera4good@gmail.com" target="_blank">Reply-To:olivera4good@gmail.com</a> <mailto:<a href="mailto:olivera4good@gmail.com" target="_blank">olivera4good@gmail.com</a>><br>
>> From: Info<<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>> <mailto:<a href="mailto:root@weblate.sugarlabs.org" target="_blank">root@weblate.sugarlabs.org</a>><br>
>> <a href="mailto:To%3Ajohnl@iecc.com" target="_blank">To:johnl@iecc.com</a> <mailto:<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>><br>
>> Subject: Good Day<br>
>> Date: 23 Oct 2023 13:50:34 +0800<br>
>> Message-ID:<<a href="mailto:20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org" target="_blank">20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org</a>> <mailto:<a href="mailto:20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org" target="_blank">20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org</a>><br>
>> MIME-Version: 1.0<br>
>> Content-Type: text/html;<br>
>> charset="iso-8859-1"<br>
>> Content-Transfer-Encoding: quoted-printable<br>
>> X-DCC-iecc-Metrics:<a href="http://gal.iecc.com" rel="noreferrer" target="_blank">gal.iecc.com</a> <<a href="http://gal.iecc.com" rel="noreferrer" target="_blank">http://gal.iecc.com</a>> 1107; Body=1 Fuz1=1 Fuz2=1<br>
>> X-Tag: tagged by spamassassin<br>
>><br>
>> Logan P.<br>
>><br>
>> <a href="mailto:support@sonic.net" target="_blank">support@sonic.net</a> <mailto:<a href="mailto:support@sonic.net" target="_blank">support@sonic.net</a>> Sonic LLC<br>
>> Sonic.net Support 2260 Apollo Way<br>
>> 1.855.394.0100 (Tech Support) Santa Rosa, CA 95407<br>
>> 1.707.547.2199 (FAX)<a href="http://sonic.com/support" rel="noreferrer" target="_blank">http://sonic.com/support</a> <<a href="http://sonic.com/support" rel="noreferrer" target="_blank">http://sonic.com/support</a>><br>
>><br>
>> -- <br>
>> Sent with K-9 Mail.<br>
> <br>
> -- <br>
> Sent with K-9 Mail.<br>
> _______________________________________________<br>
> Systems mailing list<br>
> <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>><br>
> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
> <<a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a>><br>
> <br>
> <br>
> _______________________________________________<br>
> Systems mailing list<br>
> <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
<br>
-- <br>
_ // Bernie Innocenti<br>
\X/ <a href="https://codewiz.org/" rel="noreferrer" target="_blank">https://codewiz.org/</a><br>
<br>
</blockquote></div>