Relay Tracking not working for mails sent from Webmail in ver. 8.16

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

Hello!

Following a few spam episodes gone undetected by the Relay Tracking in CSF/LFD, we have determined that mails sent from cPanel Webmail are not tracked at all by CSF/LFD.

Relay Tracking is working for mails sent from email clients (we have tested this). But mails sent from Webmail are not tracked. We have tested this with all the email software in cPanel (Horde, RoundCube and Squirrel) and on multiple cPanel servers.

log_selector = +incoming_port +smtp_connection +all_parents -retry_defer +subject +arguments +received_recipients

Please take into urgent consideration this problem as we all rely heavily on mail tracking for early spam detection (mandatory for avoiding further problems).

Thanks in advance!
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by ForumAdmin »

You need to post some examples of the log lines that you are seeing from /var/log/exim_mainlog that you believe are not being detected by the exim regex. If you are not seeing lines in the exim log, then the emails are being sent directly via SMTP and there is nothing at all lfd can do about that.
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

Probably I should have made it clear that I tested this myself by sending mails from Webmail (from all 3 webmail software in cPanel) above the threshold set in all Relay Tracking sections and I have not received any warning email. So relay tracking is not working for mails sent from webmail. So I am not speaking about mails sent by SMTP but about mails I have personally sent from Horde, RoundCube and Squirrel.

Of course I made the same test from Thunderbird to make sure that normally I receive relay warnings. And I did receive the warnings. So relay tracking works normally when Webmail is NOT used.

I repeated this test for multiple servers with cPanel and CSF/LFD.
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

I want to ask a forum administrator to please move this thread to Report Bugs. This is a bug report and one of a serious nature and I feel it is not getting the deserved attention.

Thank you!
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by ForumAdmin »

ForumAdmin wrote:You need to post some examples of the log lines that you are seeing from /var/log/exim_mainlog that you believe are not being detected by the exim regex.
Additionally, you should test using the cPanel default setting of log_selector incase it is your setting of that parameter that is causing the problem and if not also post those log lines.
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

Hi,

We already have the default cPanel setting for log_selector.

Here are the lines (of course I've replaced all nameservers and 1.2.3.4 is the IP of the recipient's server). Of course I have sent enough emails to go over the Relay Tracking threshold (also confirmed by receiving the "Relay, remote IP" warning from the recipient's server CSF/LFD). Also I had to remove all hostnames (including the ones in the dummy email addresses) because the forum wouldn't allow me a post with URLs in it.

Mails sent from Squirrel (for which I have not received warnings from the sender's server CSF/LFD)

2016-03-24 14:15:14 1aj4AU-00044F-Dp <= email@sender H=(server) [::1]:43674 P=esmtpa A=dovecot_login:email@sender S=739 id=37ee7bfc8efd077d07203db0b3cf5334.squirrel@server T="Test L1" for email@recipient
2016-03-24 14:15:15 cwd=/var/spool/MailScanner/incoming/28630 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1aj4AU-00044F-Dp 1aj4AU-00044Q-9m
2016-03-24 14:15:15 1aj4AU-00044F-Dp SMTP connection outbound 1458821715 1aj4AU-00044F-Dp sender_net email@recipient
2016-03-24 14:15:15 1aj4AU-00044F-Dp [1.2.3.4] SSL verify error: certificate name mismatch: "/OU=Domain Control Validated/OU=PositiveSSL/CN=server"
2016-03-24 14:15:17 1aj4AU-00044F-Dp => email@recipient R=dkim_lookuphost T=dkim_remote_smtp H=recipient_net [1.2.3.4] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK id=1aj4AW-00041D-3u"
2016-03-24 14:15:17 1aj4AU-00044F-Dp Completed

2016-03-24 14:15:21 1aj4Ab-00046P-2c <= email_sender H=(server) [::1]:43736 P=esmtpa A=dovecot_login:email@sender S=740 id=8aaf0514c1516c16be3a91f5d9f9411b.squirrel T="Test L2" for email@recipient
2016-03-24 14:15:21 cwd=/var/spool/MailScanner/incoming/28630 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1aj4Ab-00046P-2c
2016-03-24 14:15:21 1aj4Ab-00046P-2c SMTP connection outbound 1458821721 1aj4Ab-00046P-2c sender_net email@recipient
2016-03-24 14:15:21 1aj4Ab-00046P-2c [1.2.3.4] SSL verify error: certificate name mismatch: "/OU=Domain Control Validated/OU=PositiveSSL/CN=server"
2016-03-24 14:15:24 1aj4Ab-00046P-2c => email@recipient R=dkim_lookuphost T=dkim_remote_smtp H=recipient_net [1.2.3.4] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK id=1aj4Ac-00046H-AU"
2016-03-24 14:15:24 1aj4Ab-00046P-2c Completed

2016-03-24 14:15:27 1aj4Ah-000498-MX <= email_sender H=(server_sender) [::1]:43846 P=esmtpa A=dovecot_login:email@sender S=741 id=790cd56e5adc31191d39a944a33fd281.squirrel@server T="Test L3" for email@recipient
2016-03-24 14:15:28 cwd=/var/spool/MailScanner/incoming/28630 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1aj4Ah-000498-MX
2016-03-24 14:15:28 1aj4Ah-000498-MX SMTP connection outbound 1458821728 1aj4Ah-000498-MX sender_net email@recipient
2016-03-24 14:15:28 1aj4Ah-000498-MX [1.2.3.4] SSL verify error: certificate name mismatch: "/OU=Domain Control Validated/OU=PositiveSSL/CN=server"
2016-03-24 14:15:30 1aj4Ah-000498-MX => email@recipient R=dkim_lookuphost T=dkim_remote_smtp H=recipient_net [1.2.3.4] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 OK id=1aj4Ai-00049g-Vp"
2016-03-24 14:15:30 1aj4Ah-000498-MX Completed

If you want I can also provide log lines for mails sent from Thunderbird for which I received the warning.
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by ForumAdmin »

Thank you for that. That is showing relaying through the localhost IPv6 address which is indeed not currently tracked. We'll add that to the next release of csf.
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

Hi,

Do you have any rough idea of an ETA?

Thanks!
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by ForumAdmin »

No,we do not provide timescales with our free scripts.
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

Re: Relay Tracking not working for mails sent from Webmail in ver. 8.16

Post by AndyB78 »

Well, thanks at least for clearing up what the problem was. I've disabled IPv6 on the server as we don't really need it (I hope) until the update.
Post Reply