[Postfixbuch-users] postfix versucht Daten vom Absender in der Datenbank zu finden - warum

thomas polnik postfix at polnik.de
Mo Feb 4 22:59:55 CET 2008


Hallo,

folgende Einträge finden sich im Logfile:

## snip ##
==> /var/log/mail <==
Feb  4 22:34:50 joschka postfix/smtpd[30536]: connect from
ilpostino.jpberlin.de[213.203.238.6]
Feb  4 22:34:50 joschka postfix/smtpd[30536]: D8E0A29444B:
client=ilpostino.jpberlin.de[213.203.238.6]
Feb  4 22:34:50 joschka postfix/cleanup[30584]: D8E0A29444B:
message-id=<47A784A9.6040609 at eyb.de>
Feb  4 22:34:50 joschka postfix/qmgr[30469]: D8E0A29444B:
from=<postfixbuch-users-bounces at listi.jpberlin.de>, size=3430, nrcpt=1
(queue active)
Feb  4 22:34:50 joschka postfix/smtpd[30536]: disconnect from
ilpostino.jpberlin.de[213.203.238.6]
Feb  4 22:34:51 joschka postfix/smtp[30586]: D8E0A29444B:
to=<postfix at polnik.de>, relay=web2.dns-net.de[212.91.229.242]:25,
delay=0.3, delays=0.12/0.01/0.01/0.16, dsn=2.0.0, status=sent (250 2.0.0
m14LZ9M09299 Message accepted for delivery)
Feb  4 22:34:51 joschka postfix/qmgr[30469]: D8E0A29444B: removed

==> /tmp/query.log <==
080204 22:34:50    2376 Query       SELECT destination FROM
virtual_alias WHERE email='listi.jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='listi.jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='postfixbuch-users-bounces at listi.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='listi.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='.de'
                   2384 Connect     yyy at localhost on postfix
                   2384 Query       SELECT action FROM transport WHERE
domain='postfix at polnik.de'
                   2385 Connect     yyy at localhost on postfix
                   2385 Query       SELECT destination FROM
virtual_alias WHERE email='postfix at polnik.de'
                   2385 Query       SELECT destination FROM
virtual_alias WHERE email='@polnik.de'
                   2386 Connect     yyy at localhost on postfix
                   2386 Query       SELECT destination FROM
virtual_alias WHERE email='postfix at polnik.de'
                   2386 Query       SELECT destination FROM
virtual_alias WHERE email='@polnik.de'
                   2376 Query       SELECT destination FROM
virtual_alias WHERE email='polnik.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='polnik.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='postfix at polnik.de'
080204 22:35:21    2383 Quit

## snap ##

Mir ist derzeit noch nicht klar, warum postfix versucht, Daten vom
Absender postfixbuch-users-bounces at listi.jpberlin.de in der in der
Virtualalias- und in Transporttabelle zu finden, also folgende Anfragen:

080204 22:34:50    2376 Query       SELECT destination FROM
virtual_alias WHERE email='listi.jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='listi.jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='jpberlin.de'
                   2377 Query       SELECT destination FROM transport
WHERE domain='de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='postfixbuch-users-bounces at listi.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='listi.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='.jpberlin.de'
                   2378 Query       SELECT destination FROM transport
WHERE domain='.de'

Für mich sind das erstmal Datenbankabfragen, deren Motivation ich mir
nicht erklären kann ... und wie ich diese steuern kann. smtpd -v in der
master.cf hat leider auch nicht viel gebracht; ich kann nur sehen, daß
diese Dinge abgefragt werden, aber nicht in welchem Kontext (= Parameter
in der main.cf)

Der Mailserver ist lediglich ein vorgeschaltetes System, welches schon
mal ein wenig vorfiltert, es wird aber keine inhaltliche Prüfung
vorgenommen. Wenn die Checks keinen Grund für eine Ablehnung finden,
wird die Mail per transport an den eigentlichen Mailserver weitergeleitet.

In der Transporttabelle stehen die Ziele zu den Mails und die
Restriktionsklassen zu den Emailadressen.

Folgende Dinge sind evtl. aus der Konfiguration interessant:
# Definition der globalen Aliaseinträge
virtual_alias_maps = mysql:/etc/postfix/virtual_alias.sql

# Transporttabelle
transport_maps = mysql:/etc/postfix/transport.sql

# Restriktionen
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_client_restrictions=
smtpd_sender_restrictions =

smtpd_recipient_restrictions =
    reject_non_fqdn_recipient,
    check_recipient_access mysql:/etc/postfix/relay_recipients.sql,
    reject

smtpd_restriction_classes =     recipient_no_protect,
                                                recipient_low_protect,
                                                recipient_medium_protect,
                                                recipient_high_protect,
                                                recipient_dont_accept,

# Keine Einschränkungen (postmaster/abuse/hostmaster)
recipient_no_protect= permit

# geringe Einschränkungen
recipient_low_protect=
                                    ##Black/Whitelists => keine Blacklist
                                    check_client_access
regexp:/etc/postfix/client_whitelist.regexp
                                    ## helo restriction => keine
                                    ## client restriction => keine
                                    ## sender restriction
                                    reject_non_fqdn_sender
                                    reject_unknown_sender_domain
                                    permit,

# Mittlere Einschränkungen => standard
recipient_medium_protect=
                                    ##Black/Whitelists
                                    check_client_access
regexp:/etc/postfix/client_whitelist.regexp
                                    check_client_access
regexp:/etc/postfix/client_blacklist.regexp
                                    ## helo restriction
                                    reject_non_fqdn_helo_hostname
                                    ## client restriction
                                    reject_unknown_client_hostname
                                    reject_unknown_reverse_client_hostname
                                    ## sender restriction
                                    reject_non_fqdn_sender
                                    reject_unknown_sender_domain
                                    ## RBLs
                                    reject_rbl_client dnsbl.sorbs.net,
                                    reject_rbl_client ix.dnsbl.manitu.net,
                                    permit,


# Das volle Programm
recipient_high_protect    =
                                    ##Black/Whitelists
                                    check_client_access
regexp:/etc/postfix/client_whitelist.regexp
                                    check_client_access
regexp:/etc/postfix/client_blacklist.regexp
                                    ## helo restriction
                                    reject_invalid_helo_hostname
                                    reject_non_fqdn_helo_hostname
                                    reject_unknown_helo_hostname
                                    ## client restriction
                                    reject_unknown_client_hostname
                                    reject_unknown_reverse_client_hostname
                                    ## sender restriction
                                    reject_non_fqdn_sender
                                    reject_unknown_sender_domain
                                    #RBLs
                                    reject_rbl_client dnsbl.sorbs.net,
                                    reject_rbl_client bl.spamcop.net,
                                    reject_rbl_client ix.dnsbl.manitu.net,
                                    reject_rbl_client list.dsbl.org,
                                    reject_rbl_client dnsbl.njabl.org,
                                    permit,

# Annahme wird komplett verweigert
recipient_dont_accept=reject

Datenbank:
# desc transport;
+-------------+----------------------------------------------------------------------------------------------------------------------------------+------+-----+------------------------+-------+
| Field       |
Type                                                                                                                            
| Null | Key | Default                | Extra |
+-------------+----------------------------------------------------------------------------------------------------------------------------------+------+-----+------------------------+-------+
| domain      |
varchar(255)                                                                                                                    
| NO   | PRI |                        |       |
| destination |
varchar(255)                                                                                                                    
| YES  |     | smtp:[ziel.rechn.er] |       |
| action      |
enum('recipient_no_protect','recipient_low_protect','recipient_medium_protect','recipient_high_protect','recipient_dont_accept')
| YES  |     | recipient_high_protect |       |
+-------------+----------------------------------------------------------------------------------------------------------------------------------+------+-----+------------------------+-------+

# desc virtual_alias;
+-------------+--------------+------+-----+---------+-------+
| Field       | Type         | Null | Key | Default | Extra |
+-------------+--------------+------+-----+---------+-------+
| email       | varchar(255) | NO   | PRI |         |       |
| destination | varchar(255) | NO   |     |         |       |
+-------------+--------------+------+-----+---------+-------+

# cat transport.sql
user=yyy
password=xxx
dbname=postfix
table=transport
select_field=destination
where_field=domain
host=127.0.0.1

# cat virtual_alias.sql
user=yyy
password=xxx
dbname=postfix
table=virtual_alias
select_field=destination
where_field=email
hostnames=127.0.0.1

# cat relay_recipients.sql
user=yyy
password=xxx
dbname=postfix
table=transport
select_field=action
where_field=domain
host=127.0.0.1

Viele Grüße,
thomas polnik.




Mehr Informationen über die Mailingliste Postfixbuch-users