[Postfixbuch-users] Massenmail header_check

Markus Ebel me at hamtec.de
Do Aug 11 11:40:49 CEST 2005


Hallo,

wir werdem im Moment auf einem Konto mit einer Massenmail 
bombardiert. Ich habe daraufhin folgenden header_check eingefuegt:

/^Return-Path:\s*.*pblome at mmc-kiel.com.*/    DISCARD Massenmail Blome

Merkwuerdigerweise kommen aber noch weiterhin Mail durch:

Aug 11 01:26:54 mail postfix/smtpd[18360]: 67BEA185F: 
client=unknown[62.217.61.50]
Aug 11 01:26:54 mail postfix/cleanup[18362]: 67BEA185F: discard: 
header Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; 
from=<pblome at mmc-kiel.c
om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
Aug 11 01:26:55 mail postfix/smtpd[18360]: 9906D185F: 
client=unknown[62.217.61.50]
Aug 11 01:26:56 mail postfix/cleanup[18037]: 9906D185F: discard: 
header Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; 
from=<pblome at mmc-kiel.c
om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
Aug 11 01:26:56 mail postfix/smtpd[18360]: F0790185F: 
client=unknown[62.217.61.50]
Aug 11 01:26:57 mail postfix/cleanup[18362]: F0790185F: discard: 
header Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; 
from=<pblome at mmc-kiel.c
om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
Aug 11 01:26:58 mail postfix/smtpd[18360]: 29E32185F: 
client=unknown[62.217.61.50]
Aug 11 01:26:58 mail postfix/cleanup[18037]: 29E32185F: discard: 
header Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; 
from=<pblome at mmc-kiel.c
om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
Aug 11 01:27:00 mail postfix/smtpd[18360]: 49642185F: 
client=unknown[62.217.61.50]
Aug 11 01:27:00 mail postfix/cleanup[18362]: 49642185F: message-
id=<001101c59cd4$0824b3b0$0a00a8c0 at intra.out.de>
Aug 11 01:27:00 mail postfix/nqmgr[28848]: 49642185F: 
from=<pblome at mmc-kiel.com>, size=9657, nrcpt=1 (queue active)
Aug 11 01:27:00 mail amavis[17603]: (17603-08) ESMTP::10024 
/var/lib/amavis/tmp/amavis-20050811T004601-17603: <pblome at mmc-
kiel.com> -> <rw at XXXXX.de>
Received: SIZE=9657 from mail.XXXXX.de ([127.0.0.1]) by localhost 
(mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17603-08 
for <rw at firmenp
rovider.de>; Thu, 11 Aug 2005 01:27:00 +0200 (CEST)
Aug 11 01:27:00 mail amavis[17603]: (17603-08) Checking: <pblome at mmc-
kiel.com> -> <rw at XXXXX.de>
Aug 11 01:27:00 mail amavis[17603]: (17603-08) p001 1 Content-Type: 
text/plain, size: 1691 B, name:
Aug 11 01:27:01 mail postfix/smtpd[18360]: 77526A76D: 
client=unknown[62.217.61.50]
Aug 11 01:27:01 mail postfix/cleanup[18037]: 77526A76D: discard: 
header Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; 
from=<pblome at mmc-kiel.c
om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
Aug 11 01:27:01 mail amavis[17603]: (17603-08) FWD via SMTP: 
[127.0.0.1]:10025 <pblome at mmc-kiel.com> -> <rw at XXXXX.de>
Aug 11 01:27:01 mail postfix/smtpd[18376]: connect from 
localhost[127.0.0.1]
Aug 11 01:27:01 mail postfix/smtpd[18376]: C85D0186E: 
client=localhost[127.0.0.1]
Aug 11 01:27:01 mail postfix/cleanup[18362]: C85D0186E: message-
id=<001101c59cd4$0824b3b0$0a00a8c0 at intra.out.de>
Aug 11 01:27:01 mail postfix/nqmgr[28848]: C85D0186E: 
from=<pblome at mmc-kiel.com>, size=10096, nrcpt=1 (queue active)
Aug 11 01:27:01 mail postfix/smtpd[18376]: disconnect from 
localhost[127.0.0.1]
Aug 11 01:27:01 mail postfix/local[18377]: C85D0186E: 
to=<rw at XXXXX.de>, relay=local, delay=0, status=sent (mailbox)
Aug 11 01:27:01 mail amavis[17603]: (17603-08) Passed CLEAN, 
[62.217.61.50] <pblome at mmc-kiel.com> -> <rw at XXXXX.de>, Message-ID: 
<001101c59cd4$0824b3b
0$0a00a8c0 at intra.out.de>, Hits: -1.65, 1498 ms
Aug 11 01:27:01 mail amavis[17603]: (17603-08) TIMING [total 1502 ms] 
- SMTP EHLO: 2 (0%), SMTP pre-MAIL: 0 (0%), SMTP pre-DATA-flush: 2 
(0%), SMTP DATA: 78 (
5%), body_hash: 1 (0%), mime_decode: 17 (1%), get-file-type1: 8 (1%), 
parts_decode: 0 (0%), AV-scan-1: 403 (27%), spam-wb-list: 2 (0%), SA 
msg read: 1 (0%), S
A parse: 7 (0%), SA check: 868 (58%), update_cache: 2 (0%), fwd-
connect: 6 (0%), fwd-mail-from: 1 (0%), fwd-rcpt-to: 1 (0%), write-
header: 7 (0%), fwd-data: 0
 (0%), fwd-data-end: 76 (5%), fwd-rundown: 2 (0%), main_log_entry: 14 
(1%), update_snmp: 1 (0%), unlink-1-files: 1 (0%), rundown: 0 (0%)
Aug 11 01:27:01 mail postfix/smtp[18374]: 49642185F: 
to=<rw at XXXXX.de>, orig_to=<rw at XXXXX.de>, relay=127.0.0.1[127.0.0.1], 
delay=1, status=sent (250
2.6.0 Ok, id=17603-08, from MTA: 250 Ok: queued as C85D0186E)

Die meisten werden gefiltert, aber trotzdem flutschen welche durch.
Kann es sein, da ja mehere Mail pro Sekunde kommen, der Filter 
"ueberlastet" wird und dann nicht mehr greift ?
Die Mails die durchkommen enthalten den Return-Path welcher durch den 
header_check eigentlich discarded werden sollten:

1. Headerzeile: Return-Path: <pblome at mmc-kiel.com>

Hat jemand ne Idee woran das liegen koennte ??

Danke und
Gruss
 Markus



Mehr Informationen über die Mailingliste Postfixbuch-users