[Postfixbuch-users] habe ich da was falsch gemacht ?

Uwe Driessen driessen at fblan.de
Fr Jan 19 21:49:31 CET 2007 

> -----Original Message-----
> From: postfixbuch-users-bounces at listi.jpberlin.de [mailto:postfixbuch-
> users-bounces at listi.jpberlin.de] On Behalf Of Peer Heinlein
> Sent: Thursday, January 18, 2007 4:47 PM
> To: Eine Diskussionsliste rund um das Postfix-Buch.
> Subject: Re: [Postfixbuch-users] habe ich da was falsch gemacht ?
> 
> Am Donnerstag, 18. Januar 2007 02:25 schrieb Uwe Driessen:
> 
> > Ich habe dauernd connect/lost connection in der Maillog drinne stehen
> > sind zwar eigentlich nur spamer aber ich verstehe das nicht warum in
> 
> 
> Sieht einfach nur nach portscan aus. Postfix sendet ja noch nicht mal
> einen ersten 250.
> 
> Peer
> 

Ich denke ich hab da was gefunden aber warum das so ist entzieht sich meiner
Kenntnis

Ich habe in der Zwischenzeit auch 
mxpool19.ebay.com[66.135.197.25]
bay0-omc3-s25.bay0.hotmail.com[65.54.246.225]
aps74.muc.ec-messenger.com

zu allen diesen Servern stimmt die IP der MX Record's welche auf die
Hauptdomain eingetragen ist nicht mit der Sender IP überein. 
Es wird also keinerlei Kommunikation zwischen den Servern aufgebaut.

Nur warum er gerade diesen Servern keine Antwort bzw. keine Aufforderung zum
Identifizieren und sonstigem sendet verstehe ich nun mal nicht. 

Bin ich zu hart mit meinen Restrictions ? nur Server mit MX record sind doch
eigentlich als Mailserver registriert ?
Anbei Postconf -n evtl. sieht da jemand anderes etwas was gegen RFC verstößt
oder auch evtl. fragwürdig ist oder bin ich gerade über die Grenze zum
B.O.F.H. *gg 

access_map_reject_code = 550
alias_database = hash:/etc/postfix/vhcs2/aliases  hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/vhcs2/aliases hash:/etc/postfix/aliases
anvil_rate_time_unit = 60s
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_destination_concurrency_limit = 30
disable_vrfy_command = yes
inet_protocols = all
invalid_hostname_reject_code = 550
local_destination_concurrency_limit = 20
local_destination_recipient_limit = 30
local_recipient_maps = unix:passwd.byname $alias_maps $alias_database
local_transport = local
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 2000000000
maps_rbl_reject_code = 550
message_size_limit = 30000000
mydestination = $myhostname,  $mydomain, localhost.$mydomain
mydomain = s1.fblan.de
myhostname = mail.fblan.de
mynetworks = XXX.XXX.XXX.XXX/32 127.0.0.1/32 
mynetworks_style = host
myorigin = fblan.de
non_fqdn_reject_code = 550
queue_minfree = 100000000
recipient_delimiter = +
reject_code = 550
relay_domains_reject_code = 550
setgid_group = postdrop
smtp_connect_timeout = 60s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtpd_banner = $myhostname
smtpd_client_connection_rate_limit = 10
smtpd_client_event_limit_exceptions = hash:/etc/postfix/vhcs2/aliases
smtpd_client_message_rate_limit = 5
smtpd_client_restrictions = reject_invalid_hostname
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/ehlo_keyword_address_maps
smtpd_error_sleep_time = 60
smtpd_hard_error_limit = 1
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,   check_sender_mx_access
cidr:/etc/postfix/maps/bogus_mx,   permit_sasl_authenticated,
permit_tls_clientcerts,   check_helo_access pcre:/etc/postfix/helo_checks
hash:/etc/postfix/maps/helo_check,   reject_invalid_hostname,
reject_non_fqdn_hostname,   reject_unauth_pipelining,
reject_unauth_destination,   reject_non_fqdn_sender,
reject_non_fqdn_recipient,   reject_unknown_recipient_domain,
reject_unknown_client_hostname   check_policy_service inet:127.0.0.1:60000
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauthenticated_sender_login_mismatch,
reject_sender_login_mismatch,   permit_sasl_authenticated,
reject_non_fqdn_sender,    reject_non_fqdn_recipient,
reject_unknown_sender_domain,    reject_unknown_recipient_domain,
reject_unknown_client_hostname,   check_helo_access
pcre:/etc/postfix/helo_checks,   reject_unauth_destination,
reject_multi_recipient_bounce,   reject_unauth_pipelining,
reject_invalid_hostname,    reject_non_fqdn_hostname,
reject_unknown_client_hostname   check_recipient_access
hash:/etc/postfix/roleaccount   check_sender_mx_access
cidr:/etc/postfix/maps/bogus_mx   check_policy_service inet:127.0.0.1:60000
reject_rbl_client combined.njabl.org,   reject_rbl_client
dialup.blacklist.jippg.org,   reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl-xbl.spamhaus.org,    reject_rbl_client list.dsbl.org,
reject_rbl_client blackholes.easynet.nl,    reject_rbl_client
unconfirmed.dsbl.org,    reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rbl_client psbl.surriel.com   reject_rbl_client
dnsbl-2.uceprotect.net   reject_rbl_client no-more-funn.moensted.dk
reject_rhsbl_client rhsbl.sorbs.net,   reject_rbl_client multihop.dsbl.org,
reject_rhsbl_sender rhsbl.sorbs.net,   reject_rbl_client
proxies.blackholes.wirehub.net   reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client dynablock.njabl.org,   permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = vhcs.net
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_login_maps = hash:/etc/postfix/vhcs2/aliases
smtpd_sender_restrictions = permit_mynetworks,
reject_unauthenticated_sender_login_mismatch,
reject_sender_login_mismatch,   permit_sasl_authenticated,
permit_tls_clientcerts,   check_sender_access pcre:/etc/postfix/apostroph,
check_sender_mx_access cidr:/etc/postfix/maps/bogus_mx,
reject_non_fqdn_recipient,   reject_non_fqdn_sender,
reject_unknown_client_hostname,   reject_unknown_recipient_domain,
reject_unknown_sender_domain,   reject_unauth_pipelining,
reject_unauthenticated_sender_login_mismatch,   reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000,
strict_rfc821_envelopes = yes
syslog_facility = local4
transport_maps = hash:/etc/postfix/vhcs2/transport
unknown_address_reject_code = 450
unknown_client_reject_code = 550
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_limit = 30000000
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes
virtual_minimum_uid = 107
virtual_transport = virtual
virtual_uid_maps = static:107

eigentlich habe ich mich ja nur ans Buch gehalten *gg

Besten Dank  

 -- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 / 660045
Fax: 06708 / 661397
 --

Mehr Informationen über die Mailingliste Postfixbuch-users