[Postfixbuch-users] Problem mit Spam via Webseite :-(
Christian Schoepplein
chris at schoeppi.net
Di Jun 5 17:53:57 CEST 2012
Hi zusammen,
erstmal danke euch allen für die Tipps und Hinweise, wie ich das
Spamproblem lösen oder wenigstens eindämmen könnte. Einige der Dinge
habe ich bereits umgesetzt, z.B. die PHP-Settings so geändert, dass ich
sehe aus welchem Webspace der Dreck evtl. kommt.
Mittlerweile bin ich mir aber nicht mehr sicher, ob es wirklich ein
Skript ist. Mehrere Mails der folgenden Art ging gestern über den
Servern, kurz danach waren wir wieder in den Blacklists. as-12.de ist
die Kiste, die auf den Listen landet:
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.as-12.de (Postfix) with ESMTP id 2165329DE00C;
Mon, 4 Jun 2012 21:49:53 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at as-12.de
Received: from mail.as-12.de ([127.0.0.1])
by localhost (mail.as-12.de [127.0.0.1]) (amavisd-new, port
10024)
with LMTP id daoZE8GI3zpp; Mon, 4 Jun 2012 21:49:48 +0200
(CEST)
Received: from as-12.de (localhost.localdomain [127.0.0.1])
by mail.as-12.de (Postfix) with SMTP id D08D329DE007
for <xtra_manish at blackplanet.com>; Mon, 4 Jun 2012 21:49:48
+0200
(CEST)
Received: from bosmat by as-12.de with local (Exim 4.36)
id d3rtsw-jzDceW-ih
for xtra_manish at blackplanet.com; Tue, 05 Jun 2012 01:13:10 +0200
To: xtra_manish <xtra_manish at blackplanet.com>
Subject: Tricky Vicky gave you an access to the intimate gallery
Message-Id: <d3rtsw-jzDceW-ih at as-12.de>
From: Brigid Lockhart <bosmat at williamcalvin.com>
Aus den Logs, ich hoffe ich suche so richtig:
as-12:/var/log# grep "d3rtsw-jzDceW-ih" mail.log
Jun 4 21:49:48 as-12 postfix/cleanup[14852]: D08D329DE007:
message-id=<d3rtsw-jzDceW-ih at as-12.de>
Jun 4 21:49:53 as-12 postfix/cleanup[14852]: 2165329DE00C:
message-id=<d3rtsw-j
zDceW-ih at as-12.de>
Jun 4 21:49:53 as-12 amavis[14631]: (14631-12) Passed SPAMMY, LOCAL
[127.0.0.1]
[127.0.0.1] <bosmat at williamcalvin.com> ->
<xtra_manish at blackplanet.com> Message-ID: <d3rtsw-jzDceW-ih at as-12.de>, mail_id:
daoZE8GI3zpp, Hits 9.834, size: 1173, queued_as: 2165329DE00C, 4287 ms
as-12:/var/log# grep D08D329DE007 mail.log
Jun 4 21:49:48 as-12 postfix/smtpd[14337]: D08D329DE007:
client=localhost.local
domain[127.0.0.1]
Jun 4 21:49:48 as-12 postfix/cleanup[14852]: D08D329DE007:
message-id=<d3rtsw-j
zDceW-ih at as-12.de>
Jun 4 21:49:48 as-12 postfix/qmgr[11362]: D08D329DE007:
from=<bosmat at williamcal
vin.com>, size=1174, nrcpt=2 (queue active)
Jun 4 21:49:53 as-12 postfix/lmtp[15069]: D08D329DE007:
to=<xtra_manish at blackpl
anet.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.3,
delays=0.01/0/0/4.3, dsn
=2.0.0, status=sent (250 2.0.0 Ok, id=14631-12, from
MTA([127.0.0.1]:10025): 250
2.0.0 Ok: queued as 2165329DE00C)
Jun 4 21:49:53 as-12 postfix/qmgr[11362]: D08D329DE007: removed
as-12:/var/log# grep 2165329DE00C mail.log
Jun 4 21:49:53 as-12 postfix/smtpd[15543]: 2165329DE00C:
client=localhost.local
domain[127.0.0.1]
Jun 4 21:49:53 as-12 postfix/cleanup[14852]: 2165329DE00C:
message-id=<d3rtsw-j
zDceW-ih at as-12.de>
Jun 4 21:49:53 as-12 postfix/qmgr[11362]: 2165329DE00C:
from=<bosmat at williamcal
vin.com>, size=1564, nrcpt=3 (queue active)
Jun 4 21:49:53 as-12 amavis[14631]: (14631-12) Passed SPAMMY, LOCAL
[127.0.0.1]
[127.0.0.1] <bosmat at williamcalvin.com> ->
<xtra_manish at blackplanet.com>, Message-ID: <d3rtsw-jzDceW-ih at as-12.de>,
mail_id:
daoZE8GI3zpp, Hits
: 9.834, size: 1173, queued_as: 2165329DE00C, 4287 ms
Jun 4 21:49:53 as-12 postfix/lmtp[15069]: D08D329DE007:
to=<xtra_manish at blackpl
anet.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.3,
delays=0.01/0/0/4.3, dsn
=2.0.0, status=sent (250 2.0.0 Ok, id=14631-12, from
MTA([127.0.0.1]:10025): 250
2.0.0 Ok: queued as 2165329DE00C)
Jun 4 21:49:53 as-12 postfix/smtp[14857]: 2165329DE00C:
to=<xtra_manish at blackpl
anet.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6,
status=bounced
(mail for blackplanet.com loops back to myself)
Jun 4 21:49:59 as-12 postfix/bounce[15677]: 2165329DE00C: sender
non-delivery n
otification: D8FDF29DE007
Jun 4 21:49:59 as-12 postfix/qmgr[11362]: 2165329DE00C: removed
Wenn ich mehr Logs schicken soll, bitte sagen :-).
Hier Auszüge aus meiner Postfix-Konfiguration, gern schick ich auch hier
mehr:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = cw at schoeppi.net
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 2
local_transport = local
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 104857600
mydestination = as-12.de, localhost
mydomain = as-12.de
myhostname = mail.as-12.de
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks permit_sasl_authenticated
reject_unlisted_recipient rejec
t_unknown_sender_domain reject_unknown_recipient_domain
reject_unauth_destinat
ion reject_unauth_pipelining reject_invalid_hostname
reject_non_fqdn_hostname
reject_unauth_destination check_recipient_access
hash:/etc/postfix/greylist
check_sender_access hash:/etc/postfix/reject_unverified_senders
smtpd_restriction_classes = greylist rbl
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
smtpd_tls_cert_file = /etc/ssl/private/mail.as-12.de.crt
smtpd_tls_key_file = /etc/ssl/private/mail.as-12.de.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /data/customers/mail/
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:2000
die master.cf:
smtp inet n - - - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024
-o smtpd_client_connection_count_limit=15
submission inet n - - - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o lmtp_tls_note_starttls_offer=no
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
Auf der Kiste läuft ein apache, mysql und mailmäßig postfix,
postfixpolicyd, amavis und dovecot. Die Webspaces, Postfächer, etc.
werden mit froxlor (http://www.froxlor.org) verwaltet, daher stammt auch
mehr oder weniger die Konfig.
Evtl. fällt ja jemanden bei dem Ganzen etwas auf, gern kann ich auch
weitere Infos schicken.
ciao und nochmal danke,
Christian
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 190 bytes
Beschreibung: Digital signature
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20120605/23115f5f/attachment.asc>
Mehr Informationen über die Mailingliste Postfixbuch-users