[Postfixbuch-users] reject_sender_login_mismatch ausgetrickst ?

Uwe Driessen driessen at fblan.de
So Jul 1 01:46:10 CEST 2007


Hallo Liste nächste Runde
Der Kerl bringt mich zur Weisglut.

Er holt sich seine mails so wie es aussieht auch noch von anderen Mailservern ab und
bounced dann über meinen Mailserver Mails die niemals über meinen Server zugestellt sein
können. Dazu kommt dann noch das das sehr wahrscheinlich Pishingmails sind. 

Jun 30 05:06:44 fblan postfix/smtpd[7585]: 7B14D4DCD96:
client=p54B4CFA7.dip.t-dialin.net[84.180.207.167], sasl_method=DIGEST-MD5,
sasl_username=xxxxxx at xxxxxxxx.de
Jun 30 05:06:44 fblan postfix/cleanup[7588]: 7B14D4DCD96:
message-id=<SSRBVb4Fq9a3IY at vivini. xxxxxxxx.local>
Jun 30 05:06:44 fblan postfix/smtpd[7585]: disconnect from
p54B4CFA7.dip.t-dialin.net[84.180.207.167]
Jun 30 05:06:44 fblan postfix/qmgr[23152]: 7B14D4DCD96: from=<>, size=4646, nrcpt=1 (queue
active) Jun 30 05:06:46 fblan amavis[29696]: [ 2] [bootup] Logging initiated
LogDebugLevel=3 to sys-syslog Jun 30 05:06:49 fblan amavis[29696]: [ 3] mail 1 is not
known spam.
Jun 30 05:06:51 fblan postfix/smtpd[7594]: connect from localhost.localdomain[127.0.0.1]
Jun 30 05:06:51 fblan postfix/smtpd[7594]: 401D74DCD9B:
client=localhost.localdomain[127.0.0.1]
Jun 30 05:06:51 fblan postfix/cleanup[7588]: 401D74DCD9B:
message-id=<SSRBVb4Fq9a3IY at vivini.itss-hardt.local>
Jun 30 05:06:51 fblan postfix/qmgr[23152]: 401D74DCD9B: from=<>, size=5167, nrcpt=1 (queue
active) Jun 30 05:06:51 fblan postfix/smtpd[7594]: disconnect from
localhost.localdomain[127.0.0.1] Jun 30 05:06:51 fblan amavis[29696]: (29696-04)
Passed,(?) -> <customer_department-refnum_424pz at volksbank.com>, quarantine xSXcdMDQEa0X,
Message-ID: <SSRBVb4Fq9a3IY at vivini. xxxxxxxx.local>, Hits: -1.185 Jun 30 05:06:51 fblan
postfix/lmtp[7589]: 7B14D4DCD96: to=<customer_department-refnum_424pz at volksbank.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=6.9, delays=0.25/0.02/0.01/6.6, dsn=2.6.0,
status=sent (250 2.6.0 Ok, id=29696-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 401D74DCD9B) Jun 30 05:06:51 fblan postfix/qmgr[23152]: 7B14D4DCD96: removed Jun 30
05:07:21 fblan postfix/smtp[7596]: connect to mail.oevag.volksbank.at[193.111.47.25]:
Connection timed out (port 25)


Die checks laufen alle Auszug vom reject_sender_login_mismatch
Und einen <> als Absender habe ich garantiert nicht in der map drin stehen
Warum greift dieser check nicht bei dieser Mistgurke.


Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_sender_login_mismatch
Jul  1 01:21:47 fblan postfix/smtpd[14285]: >>> START Recipient address RESTRICTIONS <<<
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_authenticated_sender_login_mismatch
Jul  1 01:21:47 fblan postfix/smtpd[14285]: ctable_locate: move existing entry key
driessen at fblan.de
Jul  1 01:21:47 fblan postfix/smtpd[14285]: maps_find: smtpd_sender_login_maps:
hash:/etc/postfix/vhcs2/aliases(0,lock|fold_fix): yyyyyyy at fblan.de = yyyyyyyyy at fblan.de
Jul  1 01:21:47 fblan postfix/smtpd[14285]: mail_addr_find: yyyyyyyyy at fblan.de ->
yyyyyyyyyyy at fblan.de
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_authenticated_sender_login_mismatch status=0
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_unauthenticated_sender_login_mismatch
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_unauthenticated_sender_login_mismatch status=0
Jul  1 01:21:47 fblan postfix/smtpd[14285]: >>> END Recipient address RESTRICTIONS <<<
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks:
name=reject_sender_login_mismatch status=0
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks: name=reject_unlisted_sender
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks: name=reject_unlisted_sender
status=0
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks: name=permit_sasl_authenticated
Jul  1 01:21:47 fblan postfix/smtpd[14285]: generic_checks: name=permit_sasl_authenticated
status=1




Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 / 660045   Fax: 06708 / 661397




Mehr Informationen über die Mailingliste Postfixbuch-users