[Postfixbuch-users] Fehler bei AMaViS und Backup MX...
Daniel Luttermann
daniel at dlutt.de
Do Sep 24 14:18:49 CEST 2009
Klaus Tachtler schrieb:
> Hallo Liste,
> ich habe folgende Fehlermeldung in meinem Maillog gefunden:
>> Sep 20 04:28:48 nss amavis[5313]: (05313-02) Open relay? Nonlocal recips
>> but not originating: webmaster at omni128.de
> Diese Fehlermeldung erhalte ich immer dann, wenn ich e-Mail's annehme
> für die ich (tachtler.net) der BACKUP MX bin! - Ich bin der BACKUP MX
> für z.B. omni128.de
> Kann mir jemand helfen? - Nachstehend meine Konfigurationen, DANKE!
> Meine amavisd.conf sieht wie folgt aus: (relevanter Auszug, denke ich):
> ...
> @mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/28 );
ich finde die Angabe von "0.0.0.0/32" hier etwas zu weitreichend - das
würde ja eigentlich bedeuten,dass "alle" Netze zu dir gehören.
Ich bin der Ansicht,dass hier eigentlich die Netze analog zu
"mynetworks" von Postfix angegeben werden sollten. Fehlt da nicht noch
die öffentliche IP deines MX?
Evtl. kann amavisd dies nicht richtig zuordnen,da eine E-Mail
eingeht,die als "Originating" markiert werden soll,die IP aber
letztendlich nicht bekannt ist.
> # postconf -n
> address_verify_map = btree:/var/spool/postfix/data/verify
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> body_checks = pcre:/etc/postfix/body_checks
> bounce_queue_lifetime = 1d
> bounce_template_file = /etc/postfix/bounce.de-DE.cf
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> header_checks = pcre:/etc/postfix/header_checks
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> lmtp_generic_maps = btree:/etc/postfix/lmtp_generic_maps
> mail_owner = postfix
> mailbox_transport = cyrus
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = tachtler.net
> maximal_queue_lifetime = 1d
> message_size_limit = 20480000
> mydestination = $myhostname, localhost.$mydomain, localhost,
> $mydomain, $myorigin
> myhostname = mx1.tachtler.net
> mynetworks = 127.0.0.0/8, 192.168.0.0/24
> myorigin = nss.tachtler.net
> newaliases_path = /usr/bin/newaliases.postfix
> parent_domain_matches_subdomains = debug_peer_list,
> fast_flush_domains, mynetworks, permit_mx_backup_networks,
> qmqpd_authorized_clients, relay_domains
> permit_mx_backup_networks = 88.217.187.21/32
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps
> relay_domains =
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_generic_maps = btree:/etc/postfix/smtp_generic_maps
> smtp_tls_loglevel = 1
> smtp_use_tls = yes
> smtpd_client_connection_count_limit = 20
> smtpd_client_recipient_rate_limit = 20
> smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = check_recipient_access
> btree:/etc/postfix/check_recipient_access_rfc, check_client_access
> cidr:/etc/postfix/check_client_access, check_helo_access
> btree:/etc/postfix/check_helo_access, check_sender_access
> btree:/etc/postfix/check_sender_access, check_recipient_access
> btree:/etc/postfix/check_recipient_access, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain, permit_sasl_authenticated,
> permit_mynetworks, reject_rbl_client zen.spamhaus.org,
> reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client
> bl.spamcop.net, reject_rbl_client dnsbl.njabl.org,
> reject_rhsbl_client multi.uribl.com, reject_rhsbl_client
> blackhole.securitysage.com, check_client_access
> btree:/etc/postfix/check_client_access_policyd_weight,
> check_policy_service inet:127.0.0.1:12525, check_policy_service
> unix:postgrey/socket, reject_unverified_recipient,
> permit_mx_backup, reject_unauth_destination, permit
> smtpd_tls_CAfile = /etc/pki/postfix/certs/CAcert.pem
> smtpd_tls_cert_file = /etc/pki/postfix/certs/cert.pem
> smtpd_tls_key_file = /etc/pki/postfix/private/key.pem
> smtpd_tls_received_header = yes
> smtpd_use_tls = yes
> transport_maps = btree:/etc/postfix/transport_maps
> unknown_address_reject_code = 550
> unknown_client_reject_code = 550
> unknown_hostname_reject_code = 550
> unknown_local_recipient_reject_code = 550
> unknown_relay_recipient_reject_code = 550
> unknown_virtual_alias_reject_code = 550
> unknown_virtual_mailbox_reject_code = 550
> unverified_recipient_reject_code = 577
> unverified_sender_reject_code = 577
> virtual_alias_domains = btree:/etc/postfix/virtual_alias_domains
> virtual_alias_maps = btree:/etc/postfix/virtual_alias_maps
blackhole.securitysage.com kannst du entfernen - diese DNSBL gibt es
nicht mehr.
--
Grüße,
Daniel
Mehr Informationen über die Mailingliste Postfixbuch-users