[Postfixbuch-users] check_sender_access matcht nicht

Do Jul 12 18:53:00 CEST 2012

Hallo liebe Liste!

Mein Problem ist, dass trotz eines Eintrags in check_sender_access eine 
Sender-Adresse durchkommt, obwohl
die Regel matchen und damit rejecten sollte. Ehrlich gesagt, weiss ich 
nicht, wo der Fehler liegen könnte. Ich bin
für jeden Tipp dankbar.

Es geht um die Absenderadresse werner at unseredomain.com. Eigentlich 
sollte der Eintrag unseredomain.com in
der sender_checks matchen. Der Sender-Host 158.7.30.147 ist *nicht* in 
der my_networks drin, so dass permit_my_networks
nicht das Poblem sein dürfte. Wir haben clamsmtp mit postfix 
2.7.1-1+squeeze1 im Einsatz.

Danke.

Gruß

Axel

=== die Email, die durchkam ===
Return-Path: <testes54 at scccontrols.com>
X-Envelope-To: werner at unseredomain.com
X-Spam-Status: No, hits=0.0 required=4.0
         tests=AWL: -0.000,BAYES_00: -1.665,HTML_MESSAGE: 0.001,
         MIME_HTML_ONLY: 0.001,TOTAL_SCORE: -1.663,autolearn=ham
X-Spam-Level:
Received: from mx1.unseredomain.com ([1.2.3.4])
         by mail.unseredomain.com
         for werner at unseredomain.com;
         Wed, 11 Jul 2012 19:54:18 +0200
Received: from [158.7.30.147] (helo=wgvgqgideqc.tfslkanbf.net)
         by 201-120-21-56-sta.prod-empresarial.com.mx with esmtpa (Exim 
4.69)
         (envelope-from )
         id 1MM2Z6-7534xl-7B
         for werner at unseredomain.com; Wed, 11 Jul 2012 11:54:17 -0600
Date: Wed, 11 Jul 2012 11:54:17 -0600
From: <werner at unseredomain.com>
X-Mailer: The Bat! (v2.11) Personal
X-Priority: 3 (Normal)
Message-ID: <9449885930.2ED34LBQ599166 at cghpj.gebwpt.org>
To: < werner at unseredomain.com>
Subject: Information zur JOBBORSE
MIME-Version: 1.0
Content-Type: text/html;
   charset=us-ascii
Content-Transfer-Encoding: 7bit
X-AV-Checked: ClamAV using ClamSMTP

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>

<b>Wir suchen einen Operationsmanager.</b><br>
[...]
</BODY></HTML>

=== Logmeldung ===
Jul 11 19:54:17 mx1 postfix/smtpd[3901]: warning: 201.120.21.56: 
hostname dsl-201-120-21-56-sta.prod-empresarial.com.mx verification 
failed: Name
  or service not known
Jul 11 19:54:17 mx1 postfix/smtpd[3901]: connect from unknown[201.120.21.56]
Jul 11 19:54:17 mx1 postfix/smtpd[3901]: NOQUEUE: 
client=unknown[201.120.21.56]
Jul 11 19:54:18 mx1 clamsmtpd: 1050FF: accepted connection from: 127.0.0.1
Jul 11 19:54:18 mx1 postfix/smtpd[3905]: connect from localhost[127.0.0.1]
Jul 11 19:54:18 mx1 postfix/smtpd[3905]: A0E0C207B: 
client=unknown[201.120.21.56]
Jul 11 19:54:18 mx1 postfix/cleanup[3906]: A0E0C207B: 
message-id=<9449885930.2ED34LBQ599166 at cghpj.gebwpt.org>
Jul 11 19:54:18 mx1 postfix/qmgr[4159]: A0E0C207B: 
from=<testes54 at scccontrols.com>, size=1846, nrcpt=1 (queue active)
Jul 11 19:54:18 mx1 clamsmtpd: 1050FF: from=testes54 at scccontrols.com, 
to=werner at unseredomain.com, status=CLEAN
Jul 11 19:54:18 mx1 postfix/smtpd[3901]: proxy-accept: END-OF-MESSAGE: 
250 2.0.0 Ok: queued as A0E0C207B; from=<testes54 at scccontrols.com> 
to=<werner at unseredomain.com> proto=ESMTP 
helo=<201-120-21-56-sta.prod-empresarial.com.mx>
Jul 11 19:54:18 mx1 postfix/smtpd[3905]: disconnect from 
localhost[127.0.0.1]
Jul 11 19:54:18 mx1 postfix/smtp[3908]: A0E0C207B: to=< 
werner at unseredomain.com>, relay=mail.unseredomain.com[1.2.3.4]:65001, 
delay=0.16, delays=0.11/0.03/0/0.02, dsn=2.0.0, status=sent (250 2.0.0 
4ffdbdca-000034c4 Message accepted for delivery)
Jul 11 19:54:18 mx1 postfix/qmgr[4159]: A0E0C207B: removed

=== main.cf ===
smtpd_recipient_restrictions =
                 reject_non_fqdn_sender,
                 reject_non_fqdn_recipient,
                 reject_unknown_recipient_domain,
                 reject_unlisted_recipient,
                 permit_mynetworks,
                 reject_unknown_sender_domain,
                 reject_unauth_destination,
                 check_sender_access hash:/etc/postfix/sender_whitelist,
                 reject_invalid_helo_hostname,
                 reject_non_fqdn_helo_hostname,
                 check_recipient_access 
pcre:/etc/postfix/recipient_checks.pcre,
                 check_helo_access pcre:/etc/postfix/helo_checks.pcre,
                 check_sender_access hash:/etc/postfix/sender_checks,
                 [div. DNSBL]
                 permit

smtpd_data_restrictions =
                 reject_unauth_pipelining,
                 permit
=== master.cf ===
[...]
smtp      inet  n       -       -       -       10       smtpd
   -o smtpd_proxy_filter=127.0.0.1:10026
   -o smtpd_client_connection_count_limit=5
   -o smtpd_proxy_options=speed_adjust
[...]
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet  n -       n       -       16      smtpd
   -o smtp_proxy_filter=
   -o receive_override_options=no_unknown_recipient_checks
   -o smtpd_helo_restrictions=
   -o smtpd_client_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=
   -o mynetworks_style=host
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

=== sender_whitelist ===
einuser at blablub.de OK

=== sender_checks ===
unseredomain.com      554 unseredomain.com sender? No, you are not 
sending from within out network.

=== recipient_checks ===
/^\@/           550 Invalid address format.
/[!%\@].*\@/    550 This server disallows weird address syntax.
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/      OK

=== helo_checks ===
/^localhost$/                 550 Don't use my own domain (localhost)
/^localhost\.localdomain$/    550 Don't use my own domain 
(localhost.localdomain)
/^unseredomain\.com$/      550 Don't use my own domain