Re: [tor-relays] Problem with sendmail on relay
> On 24 Nov. 2016, at 02:18, Tristan wrote: > > Relay=smtpin.rzone.de > > Client CN is *.smtp.rzone.de > > Maybe just a syntax error using smtpin instead of smtp? No, smtpin.rzone.de is the correct MX for gieselbusch.de, it's exactly what sendmail should be using to forward to any address at that domain: $ dig MX gieselbusch.de ; <<>> DiG 9.8.3-P1 <<>> MX gieselbusch.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5602 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;gieselbusch.de.IN MX ;; ANSWER SECTION: gieselbusch.de. 150 IN MX 5 smtpin.rzone.de. ;; ADDITIONAL SECTION: smtpin.rzone.de.1724IN A 81.169.145.97 Tim > > > On Nov 23, 2016 2:06 AM, "teor" wrote: > > > On 23 Nov. 2016, at 18:25, Berta Gieselbusch wrote: > > > > Good morning, > > > > > > I've setup my first relay. Until now everything seems to be working > > fine, but I keep getting mails from logcheck I don't know how to deal with. > > > > The reported errors are: > > > > "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de., > > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > > bits=256/256". > > Hi Berta, > > This mail you just sent came from: > > Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de > [IPv6:2a01:238:20a:202:5300::8]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not > verified)) > > Do you forward mail from your relay to an account on the same email > provider? (Do you forward to the same email address you sent this > mail from?) > > If so, then it looks like your email provider has its TLS misconfigured. > (It looks to me like they don't return any certificates at all.) > > Here are the certificates in question: > https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2 > > It appears that compatibility with sendmail is not a priority: > https://www.telesec.de/en/serverpass-en/support/root-compatibility > > Or perhaps TLS is misconfigured on your sendmail instance. > > Or there's some kind of certificate chain error, where your server does > not believe the root certificate that signed the smtp.rzone.de > certificate. > > In any case, it's nothing to do with Tor. > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay questions
Hi, On 11/23/2016 07:16 PM, Sec INT wrote: > - for server monitoring Im using nagios but it is very difficult to set this > up to monitor bandwidth use does anyone know of a tool to do this? (Im using > webmin to record bandwidth use but it doesnt have any alerting on it) I am using Munin to monitor relay bandwidth. Do you want to monitor it, to just get some information, or is it about bandwidth limits? You can limit your relays by bandwidth and traffic. See the FAQ about this: https://www.torproject.org/docs/faq.html.en#LimitTotalBandwidth > - on atlas i dont seem to have any bandwidth showing? Give it some time. Eventually it will show it correctly. > - what is HSDir and V2dir on atlas flags mean? See the following page: https://tor.stackexchange.com/questions/423/what-are-good-explanations-for-relay-flags But i bet you can easily find the answers on the official pages aswell. > - ive seen the good/bad isp page but this seems quite old is there anywhere > to get more up to date information on good isps? On non-exit nodes I tend to just try it. About exit nodes, I suggest that you ask the ISPs before. To contribute to network diversity I strongly suggest, that you set up some relays at some more exotic ISPs/Countries. Soem stats about relay ASNs: https://metrics.torproject.org/bubbles.html#as Cheers, Matthias signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay questions
i suggest using prometheus for your tor relay stats monitoring because it can easily monitor your bandwidth and any other useful metrics that you like... and it can also render pretty graphs. https://prometheus.io/ On Wed, Nov 23, 2016 at 06:16:05PM +, Sec INT wrote: > > Hi > > Ive been running a relay as a test for a broader rollout including an exit > but Im not sure of a few things and am finding it difficult to get further > information so here goes > - my relay is running at the moment but on atlas it has a line through the > uptime? Is this something with 'Accounting' soft? > - for server monitoring Im using nagios but it is very difficult to set this > up to monitor bandwidth use does anyone know of a tool to do this? (Im using > webmin to record bandwidth use but it doesnt have any alerting on it) > - on atlas i dont seem to have any bandwidth showing? > - what is HSDir and V2dir on atlas flags mean? > - ive seen the good/bad isp page but this seems quite old is there anywhere > to get more up to date information on good isps? > > Im looking at implementing 4-5 relays any suggestions about where and any > isps that may allow tor in these regions? > > > Thanks for any help > Snap > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor relay questions
Hi Ive been running a relay as a test for a broader rollout including an exit but Im not sure of a few things and am finding it difficult to get further information so here goes - my relay is running at the moment but on atlas it has a line through the uptime? Is this something with 'Accounting' soft? - for server monitoring Im using nagios but it is very difficult to set this up to monitor bandwidth use does anyone know of a tool to do this? (Im using webmin to record bandwidth use but it doesnt have any alerting on it) - on atlas i dont seem to have any bandwidth showing? - what is HSDir and V2dir on atlas flags mean? - ive seen the good/bad isp page but this seems quite old is there anywhere to get more up to date information on good isps? Im looking at implementing 4-5 relays any suggestions about where and any isps that may allow tor in these regions? Thanks for any help Snap ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Problem with sendmail on relay
Relay=smtpin.rzone.de Client CN is *.smtp.rzone.de Maybe just a syntax error using smtpin instead of smtp? On Nov 23, 2016 2:06 AM, "teor" wrote: > > > On 23 Nov. 2016, at 18:25, Berta Gieselbusch > wrote: > > > > Good morning, > > > > > > I've setup my first relay. Until now everything seems to be working > > fine, but I keep getting mails from logcheck I don't know how to deal > with. > > > > The reported errors are: > > > > "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de., > > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > > bits=256/256". > > Hi Berta, > > This mail you just sent came from: > > Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de > [IPv6:2a01:238:20a:202:5300::8]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not > verified)) > > Do you forward mail from your relay to an account on the same email > provider? (Do you forward to the same email address you sent this > mail from?) > > If so, then it looks like your email provider has its TLS misconfigured. > (It looks to me like they don't return any certificates at all.) > > Here are the certificates in question: > https://www.telesec.de/en/serverpass-en/support/download-area/category/74- > telesec-serverpass-de-2 > > It appears that compatibility with sendmail is not a priority: > https://www.telesec.de/en/serverpass-en/support/root-compatibility > > Or perhaps TLS is misconfigured on your sendmail instance. > > Or there's some kind of certificate chain error, where your server does > not believe the root certificate that signed the smtp.rzone.de > certificate. > > In any case, it's nothing to do with Tor. > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Problem with sendmail on relay
> On 23 Nov. 2016, at 18:25, Berta Gieselbusch wrote: > > Good morning, > > > I've setup my first relay. Until now everything seems to be working > fine, but I keep getting mails from logcheck I don't know how to deal with. > > The reported errors are: > > "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de., > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > bits=256/256". Hi Berta, This mail you just sent came from: Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not verified)) Do you forward mail from your relay to an account on the same email provider? (Do you forward to the same email address you sent this mail from?) If so, then it looks like your email provider has its TLS misconfigured. (It looks to me like they don't return any certificates at all.) Here are the certificates in question: https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2 It appears that compatibility with sendmail is not a priority: https://www.telesec.de/en/serverpass-en/support/root-compatibility Or perhaps TLS is misconfigured on your sendmail instance. Or there's some kind of certificate chain error, where your server does not believe the root certificate that signed the smtp.rzone.de certificate. In any case, it's nothing to do with Tor. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays