[Postfixbuch-users] Versagt Postfix bei den restrictions?

Stefan Bielenberg sbielenberg at ulysea.com
Mi Jan 17 10:02:23 CET 2007


Hallo,

mein Mailserver hatte wohl heute Nacht eine Reihe von Tests durch
Spammer durchzustehen, dabei wurden fast alle Anfragen schon vor der
Annahme der Mail abgelehnt. Dies geschah entweder durch die Postfix
restrictions oder durch den policy-weight. Wie z.b. hier:

connect from catv-5062bc61.catv.broadband.hu[80.98.188.97]
NOQUEUE: reject: RCPT from
catv-5062bc61.catv.broadband.hu[80.98.188.97]: 550
<thisisjusttestmessageatall at example.com>: Recipient address rejected:
User unknown in virtual alias table; from=<nauseaanthracite at abrix.ru>
to=<thisisjusttestmessageatall at example.com> proto=ESMTP
helo=<catv-5062bc61.catv.broadband.hu>
disconnect from catv-5062bc61.catv.broadband.hu[80.98.188.97]

Allerdings ging eine Mail durch und musste nach Annahme und Scan mit
Amavis durch local wieder gebounced werden, weil der User nicht gefunden
wurde. Wie kann das sein das die Mail soweit kommt? Obwohl es die
gleiche nicht vorhandene Empfängeradresse wie in den vorhergegangenen
Versuchen war, nur von einem anderen Rechner. Damit erkannte zwar der
policy-weight nicht, die Postfix restrictions hätten aber was erkennen
müssen, oder nicht? Hier der komplette Dialog aus dem Log:

Jan 17 08:36:06 mail postfix/smtpd[5289]: connect from
S010600104b2428d8.vf.shawcable.net[70.69.108.80]
Jan 17 08:36:15 mail postfix/policyd-weight[21725]: weighted check:
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 IN_SPAMCOP=3.75 NOT_IN_BL_NJABL=-1.5
ORDB_ORG=ERR CL_IP_EQ_HELO_IP=-2 (check from: .accessinsurancegroup. -
helo: .s010600104b2428d8.vf.shawcable. - helo-domain: .shawcable.)
FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.938 <client=70.69.108.80>
<helo=s010600104b2428d8.vf.shawcable.net>
<from=gridlockmortician at accessinsurancegroup.com>
<to=thisisjusttestmessageatall at example.com>, rate: 0.688
Jan 17 08:36:15 mail postfix/policyd-weight[21725]: decided
action=PREPEND X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5
IN_SPAMCOP=3.75 NOT_IN_BL_NJABL=-1.5 ORDB_ORG=ERR CL_IP_EQ_HELO_IP=-2
(check from: .accessinsurancegroup. - helo:
.s010600104b2428d8.vf.shawcable. - helo-domain: .shawcable.)
FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.938 <client=70.69.108.80>
<helo=s010600104b2428d8.vf.shawcable.net>
<from=gridlockmortician at accessinsurancegroup.com>
<to=thisisjusttestmessageatall at example.com>, rate: 0.688
Jan 17 08:36:15 mail postfix/smtpd[5289]: 080E553802A3:
client=S010600104b2428d8.vf.shawcable.net[70.69.108.80]
Jan 17 08:36:15 mail postfix/cleanup[5391]: 080E553802A3:
message-id=<01c73a0a$32ff8900$6c822ecf at gridlockmortician>
Jan 17 08:36:15 mail postfix/qmgr[16042]: 080E553802A3:
from=<gridlockmortician at accessinsurancegroup.com>, size=1513, nrcpt=1
(queue active)
Jan 17 08:36:15 mail amavis[1795]: (01795-02) ESMTP::10024
/var/amavis/tmp/amavis-20070117T081925-01795:
<gridlockmortician at accessinsurancegroup.com> ->
<thisisjusttestmessageatall at example.com> SIZE=1513 Received: from
mail.example.com ([127.0.0.1]) by localhost (mail.example.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP for
<thisisjusttestmessageatall at example.com>; Wed, 17 Jan 2007 08:36:15
+0100 (CET)
Jan 17 08:36:15 mail amavis[1795]: (01795-02) Checking: fpvcvn0FnkzY
[70.69.108.80] <gridlockmortician at accessinsurancegroup.com> ->
<thisisjusttestmessageatall at example.com>
Jan 17 08:36:15 mail amavis[1795]: (01795-02) p001 1 Content-Type:
text/plain, size: 58 B, name:
Jan 17 08:36:15 mail postfix/smtpd[5289]: disconnect from
S010600104b2428d8.vf.shawcable.net[70.69.108.80]
Jan 17 08:36:16 mail amavis[1795]: (01795-02) SPAM-TAG,
<gridlockmortician at accessinsurancegroup.com> ->
<thisisjusttestmessageatall at example.com>, No, score=4.62
2 tagged_above=-999 required=5 tests=[BAYES_99=3.5,
DATE_IN_PAST_03_06=1.122]
Jan 17 08:36:16 mail postfix/smtpd[5409]: connect from
localhost.localdomain[127.0.0.1]
Jan 17 08:36:16 mail postfix/smtpd[5409]: 61CC353802A4:
client=localhost.localdomain[127.0.0.1]
Jan 17 08:36:16 mail postfix/cleanup[5391]: 61CC353802A4:
message-id=<01c73a0a$32ff8900$6c822ecf at gridlockmortician>
Jan 17 08:36:16 mail postfix/qmgr[16042]: 61CC353802A4:
from=<gridlockmortician at accessinsurancegroup.com>, size=2185, nrcpt=1
(queue active)
Jan 17 08:36:16 mail postfix/smtpd[5409]: disconnect from
localhost.localdomain[127.0.0.1]
Jan 17 08:36:16 mail amavis[1795]: (01795-02) FWD via SMTP:
<gridlockmortician at accessinsurancegroup.com> ->
<thisisjusttestmessageatall at example.com>, BODY=8BITM
IME 250 2.6.0 Ok, id=01795-02, from MTA([127.0.0.1]:10025): 250 Ok:
queued as 61CC353802A4
Jan 17 08:36:16 mail amavis[1795]: (01795-02) Passed,
<gridlockmortician at accessinsurancegroup.com> ->
<thisisjusttestmessageatall at example.com>, Message-ID:
<01c73a0a$32ff8900$6c822ecf at gridlockmortician>, Hits: 4.622
Jan 17 08:36:16 mail postfix/smtp[5394]: 080E553802A3:
to=<thisisjusttestmessageatall at example.com>,
orig_to=<thisisjusttestmessageatall at example.com>, relay=127.0
.0.1[127.0.0.1], delay=10, status=sent (250 2.6.0 Ok, id=01795-02, from
MTA([127.0.0.1]:10025): 250 Ok: queued as 61CC353802A4)
Jan 17 08:36:16 mail postfix/qmgr[16042]: 080E553802A3: removed
Jan 17 08:36:16 mail amavis[1795]: (01795-02) TIMING [total 1104 ms] -
SMTP greeting: 3 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP
pre-DATA-flush: 6 (1%)1, SMTP DATA: 35 (3%)4, check_init: 1 (0%)4,
digest_hdr: 1 (0%)4, digest_body: 0 (0%)4, gen_mail_id: 0 (0%)4,
mime_decode: 12 (1%)5, get-file-type1: 29 (3%)8, decompose_part: 3
(0%)8, parts_decode: 0 (0%)8, check_header: 3 (0%)9, AV-scan-1: 6 (0%)9,
AV-scan-2: 710 (64%)73, spam-wb-list: 2 (0%)74, SA msg read: 1 (0%)74,
SA parse: 4 (0%)74, SA check: 157 (14%)88, SA finish: 4 (0%)89,
update_cache: 2 (0%)89, decide_mail_destiny: 2 (0%)89, fwd-connect: 51
(5%)93, fwd-mail-from: 3 (0%)94, fwd-rcpt-to: 3 (0%)94, fwd-data-cmd: 1
(0%)94, write-header: 1 (0%)94, fwd-data-contents: 1 (0%)94,
fwd-data-end: 48 (4%)99, fwd-rundown: 2 (0%)99, prepare-dsn: 1 (0%)99,
main_log_entry: 4 (0%)99, update_snmp: 3 (0%)100, SMTP pre-response: 3
(0%)100, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 1
(0%)100
Jan 17 08:36:16 mail postfix/local[5410]: 61CC353802A4:
to=<thisisjusttestmessageatall at example.com>, relay=local, delay=0,
status=bounced (unknown user: "thisisjusttestmessageatall")

Schon mal besten Dank und Grüße,
Stefan




Mehr Informationen über die Mailingliste Postfixbuch-users