Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - djfininho

Pages: [1]
1
SSL / All sites have stopped ERR_SSL_PROTOCOL_ERROR
« on: September 26, 2023, 02:26:20 AM »
Help please!

All sites have stopped running and all are giving the error ERR_SSL_PROTOCOL_ERROR

Rebuild apache web service
I disabled the firewall
I restarted server
I recreated certificate
I executed command
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

Nothing resolved, port 443 is open, does anyone have any ideas to help resolve this?

2
E-Mail / I received email from my own email account
« on: June 02, 2023, 07:10:08 PM »
Hello, I have another problem.

Friends would like to understand how this is possible and how to prevent this from happening.
It's as if I had sent an email to myself, when looking at the headers I noticed that the ip is not from my server.

Ip: 210.86.179.238 (unknown)
Domain: travelyamu.com (unknown)

My host has:
rDns Ok
dkim: ok
spf: ok
Dmarc: Ok
Ip: Ok (not blacklisted)

I just think that Spamassassin is not working well, because this email ended up in the inbox, ignoring the spam box

I don't understand how this still happens...
I would like to understand these headers, and solve this problem.


Code: [Select]
Return-Path: <sales@travelyamu.com>
Delivered-To: contact@xxxxxxxxxx.xxx
Received: from server.xxxxxxxxxx.xxx
    by server.xxxxxxxxxx.xxx with LMTP
    id +P6fLMGEd2Q8oRcARjsZHA
    (envelope-from <sales@travelyamu.com>)
    for <contact@xxxxxxxxxx.xxx>; Wed, 31 May 2023 13:32:49 -0400
Received: by server.xxxxxxxxxx.xxx (Postfix, from userid 65534)
    id A19EE4121FC7; Wed, 31 May 2023 13:32:49 -0400 (-04)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxxxxxxx.xxx;
    s=default; t=1685554369;
    bh=RCwBhXFv13WAYkTWI9Cnim8HL4OwdIpgQ/eUQEz3aPw=;
    h=Reply-To:From:To:Subject:Date;
    b=YqZX2Zlv2rGPe2HU34fu7/ZmDLObGWHWYhEjHyWIArJREPnZvWX1NxvdUVZTYzpIH
    KicVt9VTvMv5EJ4uKKmAgtmpZwaT1pCRWME0xywTiYKb7dXgcfpOfv9SKWv4aWRGLq
    P7IdfMG77Lrclgs5Y25mqeGVB5x7hTIqy6ArXlWg=
Received: from 6069247.yamu.asia (6069247.yamu.asia [162.240.65.200])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by server.xxxxxxxxxx.xxx (Postfix) with ESMTPS id B0935412187D
    for <contact@xxxxxxxxxx.xxx>; Wed, 31 May 2023 13:32:46 -0400 (-04)
Authentication-Results: server.xxxxxxxxxx.xxx;
    dkim=pass (2048-bit key, unprotected) header.d=travelyamu.com header.i=@travelyamu.com header.a=rsa-sha256 header.s=default header.b=ohs+C4Z0
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=travelyamu.com; s=default; h=Content-Transfer-Encoding:Content-Type:
    MIME-Version:Message-ID:Date:Subject:To:From:Reply-To:Sender:Cc:Content-ID:
    Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
    :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
    List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=RCwBhXFv13WAYkTWI9Cnim8HL4OwdIpgQ/eUQEz3aPw=; b=ohs+C4Z0e4GReFCsnrKN4XBj4A
    LIhIifxaik9UkuwcaFmEqIaKeam6piWSpsGdfzF+Bdm6lsfBpoUWw9JZykX8IXVr5LrLY7tJEHKWU
    ASpKyTF/6as0+lxe2LCOCxGCeHMvmJqB9Iqox/Vi3jD5DTA3FdE+cVRYPn1YXDI4LS4Y/CZWfbqB0
    +DOGKEu+sEuCJNSReNdNr8lXAsNj2M2EW6fIJbZ/fOvguAzovhExjoN+lpCnotHp9w86BK4vU/rfG
    HS++vnkPApJxSgCJauofBEgpKiie6A4aTXrZs5CdHqAdT/DmPCVKjx5FSdChSRfNIE9vn8mXmLO//
    EGxNCaAQ==;
Received: from ppp-210-86-179-238.revip.asianet.co.th ([210.86.179.238]:60062 helo=travelyamu.com)
    by 6069247.yamu.asia with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.96)
    (envelope-from <sales@travelyamu.com>)
    id 1q4Pgh-0002aT-0M
    for contact@xxxxxxxxxx.xxx;
    Wed, 31 May 2023 12:32:42 -0500
Reply-To: contact@xxxxxxxxxx.xxx
From: contact@xxxxxxxxxx.xxx
To: contact@xxxxxxxxxx.xxx
Subject: Your personal data has leaked due to suspected harmful activities. #927654
Date: 1 Jun 2023 00:32:40 +0700
Message-ID: <20230601003240.B847EDDBCF98D765@xxxxxxxxxx.xxx>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 6069247.yamu.asia
X-AntiAbuse: Original Domain - Return-Path: <sales@travelyamu.com>
Delivered-To: contact@xxxxxxxxxx.xxx
Received: from server.xxxxxxxxxx.xxx
    by server.xxxxxxxxxx.xxx with LMTP
    id +P6fLMGEd2Q8oRcARjsZHA
    (envelope-from <sales@travelyamu.com>)
    for <contact@xxxxxxxxxx.xxx>; Wed, 31 May 2023 13:32:49 -0400
Received: by server.xxxxxxxxxx.xxx (Postfix, from userid 65534)
    id A19EE4121FC7; Wed, 31 May 2023 13:32:49 -0400 (-04)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxxxxxxx.xxx;
    s=default; t=1685554369;
    bh=RCwBhXFv13WAYkTWI9Cnim8HL4OwdIpgQ/eUQEz3aPw=;
    h=Reply-To:From:To:Subject:Date;
    b=YqZX2Zlv2rGPe2HU34fu7/ZmDLObGWHWYhEjHyWIArJREPnZvWX1NxvdUVZTYzpIH
    KicVt9VTvMv5EJ4uKKmAgtmpZwaT1pCRWME0xywTiYKb7dXgcfpOfv9SKWv4aWRGLq
    P7IdfMG77Lrclgs5Y25mqeGVB5x7hTIqy6ArXlWg=
Received: from 6069247.yamu.asia (6069247.yamu.asia [162.240.65.200])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by server.xxxxxxxxxx.xxx (Postfix) with ESMTPS id B0935412187D
    for <contact@xxxxxxxxxx.xxx>; Wed, 31 May 2023 13:32:46 -0400 (-04)
Authentication-Results: server.xxxxxxxxxx.xxx;
    dkim=pass (2048-bit key, unprotected) header.d=travelyamu.com header.i=@travelyamu.com header.a=rsa-sha256 header.s=default header.b=ohs+C4Z0
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=travelyamu.com; s=default; h=Content-Transfer-Encoding:Content-Type:
    MIME-Version:Message-ID:Date:Subject:To:From:Reply-To:Sender:Cc:Content-ID:
    Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
    :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
    List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=RCwBhXFv13WAYkTWI9Cnim8HL4OwdIpgQ/eUQEz3aPw=; b=ohs+C4Z0e4GReFCsnrKN4XBj4A
    LIhIifxaik9UkuwcaFmEqIaKeam6piWSpsGdfzF+Bdm6lsfBpoUWw9JZykX8IXVr5LrLY7tJEHKWU
    ASpKyTF/6as0+lxe2LCOCxGCeHMvmJqB9Iqox/Vi3jD5DTA3FdE+cVRYPn1YXDI4LS4Y/CZWfbqB0
    +DOGKEu+sEuCJNSReNdNr8lXAsNj2M2EW6fIJbZ/fOvguAzovhExjoN+lpCnotHp9w86BK4vU/rfG
    HS++vnkPApJxSgCJauofBEgpKiie6A4aTXrZs5CdHqAdT/DmPCVKjx5FSdChSRfNIE9vn8mXmLO//
    EGxNCaAQ==;
Received: from ppp-210-86-179-238.revip.asianet.co.th ([210.86.179.238]:60062 helo=travelyamu.com)
    by 6069247.yamu.asia with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.96)
    (envelope-from <sales@travelyamu.com>)
    id 1q4Pgh-0002aT-0M
    for contact@xxxxxxxxxx.xxx;
    Wed, 31 May 2023 12:32:42 -0500
Reply-To: contact@xxxxxxxxxx.xxx
From: contact@xxxxxxxxxx.xxx
To: contact@xxxxxxxxxx.xxx
Subject: Your personal data has leaked due to suspected harmful activities. #927654
Date: 1 Jun 2023 00:32:40 +0700
Message-ID: <20230601003240.B847EDDBCF98D765@xxxxxxxxxx.xxx>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 6069247.yamu.asia
X-AntiAbuse: Original Domain - xxxxxxxxxx.xxx
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - travelyamu.com
X-Get-Message-Sender-Via: 6069247.yamu.asia: authenticated_id: sales@travelyamu.com
X-Authenticated-Sender: 6069247.yamu.asia: sales@travelyamu.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - travelyamu.com
X-Get-Message-Sender-Via: 6069247.yamu.asia: authenticated_id: sales@travelyamu.com
X-Authenticated-Sender: 6069247.yamu.asia: sales@travelyamu.com
X-Source:
X-Source-Args:
X-Source-Dir:

3
E-Mail / postfix sending email every minute
« on: May 27, 2023, 12:25:27 PM »
More this problem now.
I recently noticed that postfix issues this log every minute, but I can't find these emails sent or the email account used for sending and receiving.

Code: [Select]
May 27 08:11:02 server postfix/pickup[575682]: F2E74412187D: uid=1010 from=<agendada>
May 27 08:11:02 server postfix/cleanup[571398]: F2E74412187D: message-id=<20230527121102.F2E74412187D@server.xxxxxxx.xxx.xx>
May 27 08:11:03 server opendkim[1093]: F2E74412187D: DKIM-Signature field added (s=default, d=server.xxxxxxx.xxx.xx)
May 27 08:11:03 server postfix/qmgr[371490]: F2E74412187D: from=<agendada@server.xxxxxxx.xxx.xx>, size=1475, nrcpt=1 (queue active)
May 27 08:11:03 server postfix/local[548309]: F2E74412187D: to=<agendada@server.xxxxxxx.xxx.xx>, orig_to=<agendada>, relay=local, delay=0.55, delays=0.37/0.03/0/0.15, dsn=2.0.0, status=sent (delivered to mailbox)
May 27 08:11:03 server postfix/qmgr[371490]: F2E74412187D: removed
May 27 08:12:02 server postfix/pickup[575682]: 6FDB5412187D: uid=1010 from=<agendada>
May 27 08:12:02 server postfix/cleanup[571398]: 6FDB5412187D: message-id=<20230527121202.6FDB5412187D@server.xxxxxxx.xxx.xx>
May 27 08:12:02 server opendkim[1093]: 6FDB5412187D: DKIM-Signature field added (s=default, d=server.xxxxxxx.xxx.xx)
May 27 08:12:02 server postfix/qmgr[371490]: 6FDB5412187D: from=<agendada@server.xxxxxxx.xxx.xx>, size=1475, nrcpt=1 (queue active)
May 27 08:12:03 server postfix/local[548309]: 6FDB5412187D: to=<agendada@server.xxxxxxx.xxx.xx>, orig_to=<agendada>, relay=local, delay=0.68, delays=0.49/0.05/0/0.14, dsn=2.0.0, status=sent (delivered to mailbox)
May 27 08:12:03 server postfix/qmgr[371490]: 6FDB5412187D: removed
May 27 08:13:03 server postfix/pickup[575682]: 097FC412187D: uid=1010 from=<agendada>
May 27 08:13:03 server postfix/cleanup[571398]: 097FC412187D: message-id=<20230527121303.097FC412187D@server.xxxxxxx.xxx.xx>
May 27 08:13:03 server opendkim[1093]: 097FC412187D: DKIM-Signature field added (s=default, d=server.xxxxxxx.xxx.xx)
May 27 08:13:03 server postfix/qmgr[371490]: 097FC412187D: from=<agendada@server.xxxxxxx.xxx.xx>, size=1475, nrcpt=1 (queue active)
May 27 08:13:03 server postfix/local[548309]: 097FC412187D: to=<agendada@server.xxxxxxx.xxx.xx>, orig_to=<agendada>, relay=local, delay=0.76, delays=0.62/0.07/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
May 27 08:13:03 server postfix/qmgr[371490]: 097FC412187D: removed
May 27 08:13:09 server clamd[923]: SelfCheck: Database status OK.
May 27 08:14:02 server postfix/pickup[575682]: 74670412187D: uid=1010 from=<agendada>
May 27 08:14:02 server postfix/cleanup[571398]: 74670412187D: message-id=<20230527121402.74670412187D@server.xxxxxxx.xxx.xx>
May 27 08:14:02 server opendkim[1093]: 74670412187D: DKIM-Signature field added (s=default, d=server.xxxxxxx.xxx.xx)
May 27 08:14:02 server postfix/qmgr[371490]: 74670412187D: from=<agendada@server.xxxxxxx.xxx.xx>, size=1475, nrcpt=1 (queue active)
May 27 08:14:02 server postfix/local[548309]: 74670412187D: to=<agendada@server.xxxxxxx.xxx.xx>, orig_to=<agendada>, relay=local, delay=0.52, delays=0.43/0/0/0.09, dsn=2.0.0, status=sent (delivered to mailbox)
May 27 08:14:02 server postfix/qmgr[371490]: 74670412187D: removed

4
E-Mail / zombie attack target email account
« on: May 25, 2023, 06:48:30 PM »
Help please

a single email account is receiving around 30 to 50 emails from Undelivered Mail Returned to Sender
FROM: <MAILER-DAEMON@server.xxxxxxxxxxxx.xxx.xxx> TO: <xxxxxxxxx@xxxxxxxxxxxxxxx.xxxx.xxxx>
from different recipients.
but the email is not being used for sending, I believe it is a zombie attack, how to prevent sending emails using your email outside the server?

https://suporte.hostgator.com.br/hc/pt-br/articles/360015544414-O-que-é-um-ataque-de-e-mail-spoofing-

5
SSL / Solução simples para proxy SSL shoutcast
« on: March 07, 2023, 05:44:03 PM »
Solução simples que encontrei para proxy SSL shoutcast

1 - criar subdominio.seusite.com.br
2 - domínio servidores web
3 - Informar porta shoutcast
4 - Informar Ip publico do servidor.

Não sei se é certo, mas resolveu para mim.

Pages: [1]