[Postfixbuch-users] Massenmail header_check

b.langehegermann at kreyenborg.de b.langehegermann at kreyenborg.de
Do Aug 11 12:11:55 CEST 2005


e

> Hallo,
> 
> wir werdem im Moment auf einem Konto mit einer Massenmail bombardiert. Ich 
> habe daraufhin folgenden header_check eingefuegt:
> 
> /^Return-Path:\s*.*pblome at mmc-kiel.com.*/    DISCARD Massenmail Blome
> 
> Merkwuerdigerweise kommen aber noch weiterhin Mail durch:
> 
> Aug 11 01:26:54 mail postfix/smtpd[18360]: 67BEA185F: client=unknown[62.217.
> 61.50]
> Aug 11 01:26:54 mail postfix/cleanup[18362]: 67BEA185F: discard: header 
> Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; from=<pblome@
> mmc-kiel.c
> om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
> Aug 11 01:26:55 mail postfix/smtpd[18360]: 9906D185F: client=unknown[62.217.
> 61.50]
> Aug 11 01:26:56 mail postfix/cleanup[18037]: 9906D185F: discard: header 
> Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; from=<pblome@
> mmc-kiel.c
> om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
> Aug 11 01:26:56 mail postfix/smtpd[18360]: F0790185F: client=unknown[62.217.
> 61.50]
> Aug 11 01:26:57 mail postfix/cleanup[18362]: F0790185F: discard: header 
> Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; from=<pblome@
> mmc-kiel.c
> om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
> Aug 11 01:26:58 mail postfix/smtpd[18360]: 29E32185F: client=unknown[62.217.
> 61.50]
> Aug 11 01:26:58 mail postfix/cleanup[18037]: 29E32185F: discard: header 
> Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; from=<pblome@
> mmc-kiel.c
> om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
> Aug 11 01:27:00 mail postfix/smtpd[18360]: 49642185F: client=unknown[62.217.
> 61.50]
> Aug 11 01:27:00 mail postfix/cleanup[18362]: 49642185F: message-
> id=<001101c59cd4$0824b3b0$0a00a8c0 at intra.out.de>
> Aug 11 01:27:00 mail postfix/nqmgr[28848]: 49642185F: from=<pblome at mmc-kiel.
> com>, size=9657, nrcpt=1 (queue active)
> Aug 11 01:27:00 mail amavis[17603]: (17603-08) ESMTP::10024 /var/lib/amavis/
> tmp/amavis-20050811T004601-17603: <pblome at mmc-
> kiel.com> -> <rw at XXXXX.de>
> Received: SIZE=9657 from mail.XXXXX.de ([127.0.0.1]) by localhost (mail [
> 127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17603-08 for <rw@
> firmenp
> rovider.de>; Thu, 11 Aug 2005 01:27:00 +0200 (CEST)
> Aug 11 01:27:00 mail amavis[17603]: (17603-08) Checking: <pblome at mmc-
> kiel.com> -> <rw at XXXXX.de>
> Aug 11 01:27:00 mail amavis[17603]: (17603-08) p001 1 Content-Type: text/
> plain, size: 1691 B, name:
> Aug 11 01:27:01 mail postfix/smtpd[18360]: 77526A76D: client=unknown[62.217.
> 61.50]
> Aug 11 01:27:01 mail postfix/cleanup[18037]: 77526A76D: discard: header 
> Return-Path: <pblome at mmc-kiel.com> from unknown[62.217.61.50]; from=<pblome@
> mmc-kiel.c
> om> to=<rw at XXXXX.de> proto=ESMTP helo=<out.de>: Massenmail Blome
> Aug 11 01:27:01 mail amavis[17603]: (17603-08) FWD via SMTP: [127.0.0.1]:
> 10025 <pblome at mmc-kiel.com> -> <rw at XXXXX.de>
> Aug 11 01:27:01 mail postfix/smtpd[18376]: connect from localhost[127.0.0.1]
> 
> Aug 11 01:27:01 mail postfix/smtpd[18376]: C85D0186E: client=localhost[127.
> 0.0.1]
> Aug 11 01:27:01 mail postfix/cleanup[18362]: C85D0186E: message-
> id=<001101c59cd4$0824b3b0$0a00a8c0 at intra.out.de>
> Aug 11 01:27:01 mail postfix/nqmgr[28848]: C85D0186E: from=<pblome at mmc-kiel.
> com>, size=10096, nrcpt=1 (queue active)
> Aug 11 01:27:01 mail postfix/smtpd[18376]: disconnect from localhost[127.0.
> 0.1]
> Aug 11 01:27:01 mail postfix/local[18377]: C85D0186E: to=<rw at XXXXX.de>, 
> relay=local, delay=0, status=sent (mailbox)
> Aug 11 01:27:01 mail amavis[17603]: (17603-08) Passed CLEAN, [62.217.61.50] 
> <pblome at mmc-kiel.com> -> <rw at XXXXX.de>, Message-ID: <001101c59cd4$0824b3b
> 0$0a00a8c0 at intra.out.de>, Hits: -1.65, 1498 ms
> Aug 11 01:27:01 mail amavis[17603]: (17603-08) TIMING [total 1502 ms] - 
> SMTP EHLO: 2 (0%), SMTP pre-MAIL: 0 (0%), SMTP pre-DATA-flush: 2 (0%), SMTP 
> DATA: 78 (
> 5%), body_hash: 1 (0%), mime_decode: 17 (1%), get-file-type1: 8 (1%), parts_
> decode: 0 (0%), AV-scan-1: 403 (27%), spam-wb-list: 2 (0%), SA msg read: 1 (
> 0%), S
> A parse: 7 (0%), SA check: 868 (58%), update_cache: 2 (0%), fwd-
> connect: 6 (0%), fwd-mail-from: 1 (0%), fwd-rcpt-to: 1 (0%), write-
> header: 7 (0%), fwd-data: 0
>  (0%), fwd-data-end: 76 (5%), fwd-rundown: 2 (0%), main_log_entry: 14 (1%), 
> update_snmp: 1 (0%), unlink-1-files: 1 (0%), rundown: 0 (0%)
> Aug 11 01:27:01 mail postfix/smtp[18374]: 49642185F: to=<rw at XXXXX.de>, orig_
> to=<rw at XXXXX.de>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250
> 2.6.0 Ok, id=17603-08, from MTA: 250 Ok: queued as C85D0186E)
> 
> Die meisten werden gefiltert, aber trotzdem flutschen welche durch.
> Kann es sein, da ja mehere Mail pro Sekunde kommen, der Filter "ueberlastet"
>  wird und dann nicht mehr greift ?
> Die Mails die durchkommen enthalten den Return-Path welcher durch den 
> header_check eigentlich discarded werden sollten:
> 
> 1. Headerzeile: Return-Path: <pblome at mmc-kiel.com>
> 
> Hat jemand ne Idee woran das liegen koennte ??

Bescheiden Frage postmap angewendet???
> 
> Danke und
> Gruss
>  Markus
> -- _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users





Mehr Informationen über die Mailingliste Postfixbuch-users