I have an AppEngine app that uses Firebase auth to manage users.
I recently added a custom domain to the AppEngine app, and that worked fine.
Now I'm trying to manage the Password Reset template and change the sender email to match my domain. But when I follow the instructions to add the 2 TXT records and 2 CNAME records, the verification never completes. It's been in this state for almost 2 days. What am I doing wrong?
Instructions are:
Edit the DNS settings Firebase provided to match these patterns:
CNAME 1
HOST: firebase1._domainkey
VALUE: mail-YOURDOMAIN-com.dkim1._domainkey.firebasemail.com.
CNAME 2
HOST: firebase2._domainkey
VALUE: mail-YOURDOMAIN-com.dkim2._domainkey.firebasemail.com.
TXT 1
HOST: #
VALUE: v=spf1 include:_spf.firebasemail.com ~all
TXT 2
HOST: #
VALUE: firebase=YOURDOMAIN
For quite some time we have been getting the following error from yahoo:
mail.log:6452:Apr 22 19:21:06 aegir postfix/smtp[8997]: 87BCF4C93F: host mta7.am0.yahoodns.net[67.195.228.110] said: 421 4.7.0 [IPTS04] Messages from 188.93.125.68 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to end of DATA command)
If someone did get the similar, how did you solve this issue?
I've been trying to contact Yahoo but everytime I get automated response and ticket closure as I send it.
What other thing I can offer is DMARC report if its relevant:
https://mxtoolbox.com/DmarcReportAnalyzer.aspx?id=F-9a3a8364-6cba-41f9-b93f-cfc32155a3f6
Test for headers and every check seems to be working alright:
https://www.mail-tester.com/test-m5ytebosm
Google email is showing everything is pass:
gmail email
gmail header
For now I've tried changing OpenDKIM to relaxed/relaxed from relaxed/simple.
Removed p=quarantine and added p=none
Sorted out SPF record for official signing domain just in case, added another IP address where resourcecenter is found.
Will provide additional info if needed.
I purchased a domain from domain.com, followed the steps of firebase custom domain connect up to second point (Verify ownership). I added the TXT record as described.
Verified with dig -t txt +noall +answer my-domain.com and the response holds 2 records:
my-domain.com. 3455 IN TXT "v=spf1 ip4:66.96.128.0/18 ?all"
and
my-domain.com. 3455 IN TXT "google-site-verification=verification code"
The Firebase console keeps alerting
We couldn't verify your domain my-domain.com. Please check your settings and try again.
What could be the possible error & what can I try next?
I'm facing a serious problem with my elasticsearch server.
I'm using ES 1.7 on a symfony2 project with fosElasticaBundle.
The ES index has been deleted two times today, and I can't figure out why.
Here are the log I can read in my cluster.log:
[cluster.metadata] [server] [index] deleting index
[cluster.metadata] [server] [warning] deleting index
[cluster.metadata] [server] [please_read] creating index, cause [api], templates [], shards [5]/[1], mappings []
[cluster.metadata] [server] [please_read] update_mapping [info] (dynamic)
The thing is that my ES never faced such kind of issue in the past monthes while the website was on pre-prod.
Do you think this can comes from an attack ? Or an configuration error ?
This is very likely coming from an attack. if you do a <Endpoint>/please_read/_search you will probably see a note like
{
"_index": "please_read",
"_type": "info",
"_id": "AVmZfnjEAQ_HIp2JODbw",
"_score": 1.0,
"_source": {
"Info": "Your DB is Backed up at our servers, to restore send 0.5 BTC to the Bitcoin Address then send an email with your server ip",
"Bitcoin Address": "12JNfaS2Gzic2vqzGMvDEo38MQSX1kDQrx",
"Email": "elasticsearch#mail2tor.com"
}
You should try to make your elasticsearch cluster installation more secure to avoid such downfalls.
There have also been reports of attacks on open to internet databases like mongo/elasticsearch eg. http://www.zdnet.com/article/first-came-mass-mongodb-ransacking-now-copycat-ransoms-hit-elasticsearch/
I concur with #dejavu013, this is most likely database ransomware, I would advise securing your elasticsearch with the free and opensource https://github.com/floragunncom/search-guard, or premium solutions like Elastic's Shield, now part of the Elastic X-Pack or Compose's Hosted Elasticsearch.
many elasticsearch clusters was attacked in the last week:
http://www.zdnet.com/article/first-came-mass-mongodb-ransacking-now-copycat-ransoms-hit-elasticsearch/
this is how you can secure it:
http://code972.com/blog/2017/01/107-dont-be-ransacked-securing-your-elasticsearch-cluster-properly
This was indeed an attack as #dejavu013 said.
I started to secure my datas by allowing only localhost to access to my elasticseach datas.
To do so, I've edited my config file elasticseach.yml and added those two lines :
networt.host: 127.0.0.1
http.port: 9200
So only localhost can access to the datas and make requests.
How do i configure my DNS record to point to galaxy?
I bought a domain with the following attributes:
Type: CNAME Record
Host: www
I am kinda lost here, I don't know where I should actually configure my DNS. In my project, or the website I registered my domain in? and how?
The following is my host records:
In Galaxy
Log into galaxy
Click on your app.
Click on settings.
In domains, click add new domain and enter your domain
In the description for the Domains and Encryption section you will see an address that looks something like us-east-1.galaxy-ingress.meteor.com. Copy this down.
On your host
Create a new custom resource record Name: *, Type: CNAME, Data: us-east-1.galaxy-ingress.meteor.com (or paste yours if it differs in galaxy).
Create a new custom resource record Name: www, Type: CNAME, Data: us-east-1.galaxy-ingress.meteor.com (or paste yours if it differs in galaxy).
Let me know if you have any questions! There is a bit more to a full deployment, the docs on http://galaxy-guide.meteor.com/deploy-guide.html go in depth on how to setup everything else.