SPAMMAIL an admin@

Günther J. Niederwimmer gjn at gjn.priv.at
Do Dez 8 20:31:21 CET 2016 

Am Mittwoch, 7. Dezember 2016, 12:34:16 CET schrieb Günther J. Niederwimmer:
> Hallo Liste,
> 
> Ich habe seit neuestem ein Problem mit Postfix ?
> 
> Das Teil nimmt auf einmal Mails für admin at example.com an und möchte Sie
> weitersenden ?
> 
> So eine richtige Spamschleuder halt?
> 
> Die Frage dabei, ich habe gar keinen User "admin" auf dem Mailsystem
> natürlich ist aber postfix für die Domain example.com zuständig ?
> 
> Die User Verwaltung kommt von Dovecot (LDAP).
> 
> SPF Record ist gesetzt...
 
> im Moment etwas ratlos............ :-(. 

So das admin@ Problem habe ich gelöst in der Master.cf 
SUBMISSION
Richtige Reihenfolge, dann blockkt es die nicht existierenden User 
admin at ..........


Jetzt hätte ich noch eine Frage wie kann postfix erkennen, das er da SPAM 
versendet. denn ein regulärer USER wird natürlich angenommen (?) aber in der 
Mail ist Spam versteckt und postfix möchte das gleich weitersenden (?) ohne die 
Mail zuerst mal einzuliefern ?

eigentlich müsste da ja was greifen amavis, dkim .........

für jeden Hinweis dankbar!

> postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> bounce_template_file = /etc/postfix/bounce.de-DE.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> html_directory = no
> inet_interfaces = all
> inet_protocols = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 20480000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> myhostname = smtp.esslmaier.at
> mynetworks = 127.0.0.0/8, 192.168.55.0/24, 217.xxxx.xxx.208/28,
> [2a02:xxxx:xxxx:xxxx::]/56
> newaliases_path = /usr/bin/newaliases.postfix
> non_smtpd_milters = $smtpd_milters
> postscreen_access_list = permit_mynetworks cidr:/etc/postfix/
> postscreen_access.cidr
> postscreen_bare_newline_action = drop
> postscreen_bare_newline_enable = yes
> postscreen_blacklist_action = drop
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
> postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
> b.barracudacentral.org*2 bad.psky.me*2 psbl.surriel.com bl.blocklist.de
> bl.spamcop.net spam.spamrats.com bl.spameatingmonkey.net dnsbl.cobion.com
> ix.dnsbl.manitu.net hostkarma.junkemailfilter.com dnsbl.inps.de
> list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
> list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].
> [0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.
> [17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_ttl = 1h
> postscreen_dnsbl_whitelist_threshold = -1
> postscreen_greet_action = enforce
> postscreen_non_smtp_command_enable = yes
> postscreen_pipelining_enable = yes
> postscreen_whitelist_interfaces = static:all
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.11.8/README_FILES
> recipient_delimiter = +
> relay_domains = hash:/etc/postfix/relay_domains,
> sample_directory = /usr/share/doc/postfix-2.11.8/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_sasl_type = cyrus
> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> smtp_tls_loglevel = 1
> smtp_tls_mandatory_ciphers = high
> smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5,
> PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
> smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtp_tls_note_starttls_offer = yes
> smtp_tls_protocols = !SSLv2,!SSLv3
> smtp_tls_security_level = may
> smtp_use_tls = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
> smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893,inet:127.0.0.1:10024
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_auth_destination, permit_mynetworks, reject_unauth_destination,
> reject smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = no
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous,
> smtpd_sasl_tls_security_options = noanonymous,
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> smtpd_tls_CApath = /etc/pki/certs
> smtpd_tls_ask_ccert = yes
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/pki/tls/postfix/certs/post_cert.pem
> smtpd_tls_dh1024_param_file = /etc/pki/tls/postfix/private/dh_2048.pem
> smtpd_tls_dh512_param_file = /etc/pki/tls/postfix/private/dh_512.pem
> smtpd_tls_eecdh_grade = ultra
> smtpd_tls_key_file = /etc/pki/tls/postfix/private/post_key.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5,
> PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtpd_tls_protocols = !SSLv2,!SSLv3
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_use_tls = yes
> tls_preempt_cipherlist = yes
> tls_random_bytes = 128
> transport_maps = hash:/etc/postfix/transport, $relay_domains,
> unknown_local_recipient_reject_code = 550
> unverified_recipient_reject_code = 577
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_transport = lmtps:inet:mailstore:24
> 
> Um jede Hilfe dankbar und auf eine Antwort hoffend,


-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

Mehr Informationen über die Mailingliste Postfixbuch-users