[Postfixbuch-users] Verdacht auf Backscatter

Leo Unglaub leo.unglaub at gmx.at
Mo Mär 9 16:38:48 CET 2009 

Hallo Liste,
wir haben heute einen kleinen Mailserver von einer neuen Partnerfirma zu 
unserem Wartungsbereich hinzubekommen. Das ist ein uralter 1GHZ-Rechner 
mit Postfix und Cyrus drauf. Aber er läuft. Ich habe mir den Rechner mal 
angeschaut und hege den Verdacht, dass dieser Rechner ein Backscatter 
ist. Denn die mailq ist andauernd mit mailer-daemons vollgestopft. Ich 
habe mit mal das LOG-File angeschaut und folgendes entdeckt.

>     228   received
>     383   delivered
>       0   forwarded
>       6   deferred  (14  deferrals)
>       2   bounced
>    1305   rejected (77%)
>       0   reject warnings
>       0   held
>       0   discarded (0%)
>
>  191688k  bytes received
>  375668k  bytes delivered
>      65   senders
>      56   sending hosts/domains
>      69   recipients
>      37   recipient hosts/domains
Ein postconf -n ergibt folgendes:
> mail:/srv# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/config/canonical
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> delay_warning_time = 4h
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps = hash:/etc/postfix/config/local_recipient_maps
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
> message_size_limit = 61457280
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> mydomain = e-c-o.at
> myhostname = mail.e-c-o.at
> mynetworks = 127.0.0.0/8
> myorigin = /etc/mailname
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relayhost =
> sender_canonical_maps = hash:/etc/postfix/config/canonical
> smtp_sasl_auth_enable = no
> smtp_sasl_security_options = noanonymous
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_helo_restrictions = permit_mynetworks,    
> permit_sasl_authenticated,    reject_unauth_destination,    
> reject_non_fqdn_sender,    reject_non_fqdn_recipient,    
> reject_unknown_recipient_domain,    reject_non_fqdn_hostname,    
> reject_invalid_hostname,    reject_rhsbl_client rhsbl.sorbs.net,    
> reject_rhsbl_sender rhsbl.sorbs.net,    reject_rbl_client 
> cbl.abuseat.org,    reject_rbl_client sbl.spamhaus.org,    
> reject_rbl_client unconfirmed.dsbl.org,    reject_rbl_client 
> ix.dnsbl.manitu.net,    reject_rbl_client 
> dialup.blacklist.jippg.org,    reject_rbl_client cbl.abuseat.org,    
> reject_unauth_pipelining
> smtpd_recipient_limit = 3000
> smtpd_recipient_restrictions = permit_mynetworks,        
> permit_sasl_authenticated,        reject_invalid_hostname,        
> reject_non_fqdn_hostname,        reject_non_fqdn_sender,        
> reject_non_fqdn_recipient,        reject_unknown_sender_domain,        
> reject_unknown_recipient_domain,        
> reject_unauth_destination,        reject_unlisted_recipient,        
> reject_unauth_pipelining
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = %myhostname
> virtual_alias_domains = hash:/etc/postfix/config/virtual_alias_domains
> virtual_alias_maps = hash:/etc/postfix/config/virtual_alias_maps
> virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
Das sieht aber eigentlich ganz okay aus oder übersehe ich da etwas?
Vielen Dank im Voraus
Viele Grüße
Sam

Mehr Informationen über die Mailingliste Postfixbuch-users