[Postfixbuch-users] Verdacht auf Backscatter
Leo Unglaub
leo.unglaub at gmx.at
Mo Mär 9 16:38:48 CET 2009
Hallo Liste,
wir haben heute einen kleinen Mailserver von einer neuen Partnerfirma zu
unserem Wartungsbereich hinzubekommen. Das ist ein uralter 1GHZ-Rechner
mit Postfix und Cyrus drauf. Aber er läuft. Ich habe mir den Rechner mal
angeschaut und hege den Verdacht, dass dieser Rechner ein Backscatter
ist. Denn die mailq ist andauernd mit mailer-daemons vollgestopft. Ich
habe mit mal das LOG-File angeschaut und folgendes entdeckt.
> 228 received
> 383 delivered
> 0 forwarded
> 6 deferred (14 deferrals)
> 2 bounced
> 1305 rejected (77%)
> 0 reject warnings
> 0 held
> 0 discarded (0%)
>
> 191688k bytes received
> 375668k bytes delivered
> 65 senders
> 56 sending hosts/domains
> 69 recipients
> 37 recipient hosts/domains
Ein postconf -n ergibt folgendes:
> mail:/srv# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/config/canonical
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> delay_warning_time = 4h
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps = hash:/etc/postfix/config/local_recipient_maps
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
> message_size_limit = 61457280
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> mydomain = e-c-o.at
> myhostname = mail.e-c-o.at
> mynetworks = 127.0.0.0/8
> myorigin = /etc/mailname
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relayhost =
> sender_canonical_maps = hash:/etc/postfix/config/canonical
> smtp_sasl_auth_enable = no
> smtp_sasl_security_options = noanonymous
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_non_fqdn_sender, reject_non_fqdn_recipient,
> reject_unknown_recipient_domain, reject_non_fqdn_hostname,
> reject_invalid_hostname, reject_rhsbl_client rhsbl.sorbs.net,
> reject_rhsbl_sender rhsbl.sorbs.net, reject_rbl_client
> cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client unconfirmed.dsbl.org, reject_rbl_client
> ix.dnsbl.manitu.net, reject_rbl_client
> dialup.blacklist.jippg.org, reject_rbl_client cbl.abuseat.org,
> reject_unauth_pipelining
> smtpd_recipient_limit = 3000
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_invalid_hostname,
> reject_non_fqdn_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_destination, reject_unlisted_recipient,
> reject_unauth_pipelining
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = %myhostname
> virtual_alias_domains = hash:/etc/postfix/config/virtual_alias_domains
> virtual_alias_maps = hash:/etc/postfix/config/virtual_alias_maps
> virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
Das sieht aber eigentlich ganz okay aus oder übersehe ich da etwas?
Vielen Dank im Voraus
Viele Grüße
Sam
Mehr Informationen über die Mailingliste Postfixbuch-users