[ext] Integration SPF

Timm Schneider t.schneider at tms-itdienst.at
Di Jan 8 15:55:25 CET 2019 

Jan  8 15:54:40 web postfix/smtpd[9579]: connect from 
listi.jpberlin.de[91.198.250.5]
Jan  8 15:54:41 web postfix/smtpd[9579]: Anonymous TLS connection 
established from listi.jpberlin.de[91.198.250.5]: TLSv1.2 with cipher 
ADH-AES256-GCM-SHA384 (256/256 bits)
Jan  8 15:54:41 web policyd-spf[9585]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=91.198.250.5; 
helo=listi.jpberlin.de; 
envelope-from=postfixbuch-users-bounces at listen.jpberlin.de; 
receiver=<UNKNOWN>
Jan  8 15:54:41 web postfix/smtpd[9579]: 8B493441CE9: 
client=listi.jpberlin.de[91.198.250.5]
Jan  8 15:54:41 web postfix/cleanup[9588]: 8B493441CE9: 
message-id=<754158a5-eb96-bad5-0801-da538edeb101 at tms-itdienst.at>
Jan  8 15:54:41 web postfix/qmgr[9573]: 8B493441CE9: 
from=<postfixbuch-users-bounces at listen.jpberlin.de>, size=16466, nrcpt=1 
(queue active)
Jan  8 15:54:41 web postfix/local[9589]: 8B493441CE9: 
to=<timm at mail.tms-it.net>, orig_to=<t.schneider at tms-itdienst.at>, 
relay=local, delay=0.58, delays=0.57/0/0/0, dsn=2.0.0, status=sent 
(delivered to mailbox)
Jan  8 15:54:41 web postfix/qmgr[9573]: 8B493441CE9: removed
Jan  8 15:54:41 web postfix/smtpd[9579]: disconnect from 
listi.jpberlin.de[91.198.250.5] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 
quit=1 commands=7


Am 08.01.19 um 15:54 schrieb Timm Schneider:
> Hallo Ralf
> 
> Ich habe den Fehler gefunden.
> In meinem Debian9 heisst es unter /var/pool/postfix/private nicht 
> policyd-spf, sondern nur policy-spf, daher ging es nicht.
> 
> Danke für den Tip mit /var/spool.
> 
> 
> 
> Ciao
> Timm
> 
> 
> 
> Am 08.01.19 um 15:38 schrieb Timm Schneider:
>> Hallo Ralf
>>
>> das mit dem postfix-policyd und policyd ist mir vorhin auch aufgefallen.
>>
>> Nun schaut es so aus, Postfix wurde restartet.
>>
>> Jan  8 15:36:43 web postfix/smtpd[9148]: warning: connect to 
>> private/policyd-spf: No such file or directory
>> Jan  8 15:36:44 web postfix/smtpd[9148]: warning: connect to 
>> private/policyd-spf: No such file or directory
>> Jan  8 15:36:44 web postfix/smtpd[9148]: warning: problem talking to 
>> server private/policyd-spf: No such file or directory
>> Jan  8 15:36:44 web postfix/smtpd[9148]: NOQUEUE: reject: RCPT from 
>> unknown[84.20.61.91]: 451 4.3.5 <t.schneider at tms-itdienst.at>: 
>> Recipient address rejected: Server configuration problem; 
>> from=<radsport at musikmarkt.com> to=<t.schneider at tms-itdienst.at> 
>> proto=ESMTP helo=<[192.168.0.103]>
>>
>>
>>
>> Hier noch meine postconf -n vielleicht ist ja da ein Fehler drin.
>>
>>
>>
>> root at web:/usr/bin# postconf -n
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> body_checks = pcre:/etc/postfix/body_checks
>> broken_sasl_auth_clients = yes
>> compatibility_level = 2
>> header_checks = pcre:/etc/postfix/header_checks
>> inet_interfaces = all
>> inet_protocols = all
>> mailbox_size_limit = 0
>> masquerade_classes = envelope_sender, header_sender, header_recipient
>> masquerade_exceptions = root
>> message_size_limit = 50240000
>> mydestination = $myhostname, localhost.$mydomain, listen.$mydomain
>> mydomain = tms-it.net
>> myhostname = mail.tms-it.net
>> mynetworks = 127.0.0.0/8 83.137.45.96/27 192.168.0.0/16 10.0.0.0/8 
>> [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = $myhostname
>> readme_directory = no
>> recipient_delimiter = +
>> relayhost =
>> smtp_tls_loglevel = 1
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> smtpd_recipient_restrictions = check_client_access 
>> hash:/etc/postfix/relays, permit_mynetworks, reject_rbl_client 
>> blacklist.rbl.ispa.at, check_policy_service unix:private/policyd-spf 
>> check_policy_service inet:127.0.0.1:10040 check_sender_access 
>> hash:/etc/postfix/access, regexp:/etc/postfix/sender_regexp, 
>> permit_sasl_authenticated, reject_unauth_pipelining, 
>> reject_unknown_client_hostname, check_recipient_access 
>> hash:/etc/postfix/recipient_rfc, reject_invalid_helo_hostname, 
>> reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, 
>> reject_non_fqdn_recipient, reject_unknown_sender_domain, 
>> reject_unknown_recipient_domain, 
>> reject_unauthenticated_sender_login_mismatch, reject_rbl_client 
>> mail.de.bl.blocklist.de, reject_rbl_client ix.dnsbl.manitu.net, 
>> reject_rbl_client sbl.spamhaus.org, reject_rbl_client 
>> pbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client 
>> bl.spamcop.net, reject_unverified_recipient, reject_unauth_destination
>> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
>> defer_unauth_destination
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = mail
>> smtpd_sasl_security_options = noanonymous
>> smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tms-it.net/cert.pem
>> smtpd_tls_key_file = /etc/letsencrypt/live/mail.tms-it.net/privkey.pem
>> smtpd_tls_loglevel = 1
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>> virtual_alias_domains = hash:/etc/postfix/virtual
>> virtual_alias_maps = hash:/etc/postfix/virtual
>> root at web:/usr/bin#
>>
>>
>> Ciao
>> Timm
>>
>>
>> Am 08.01.19 um 15:31 schrieb Ralf Hildebrandt:
>>> * Timm Schneider <t.schneider at tms-itdienst.at>:
>>>> Hallo Ralf
>>>>
>>>> Habe das mal so eingebetet und nun bekomme ich diese Meldung im Log.
>>>>
>>>> Jan  8 15:11:31 web postfix/smtpd[8565]: warning: connect to 
>>>> private/postfix-policyd-spf: No such file or directory
>>>> Jan  8 15:11:32 web postfix/smtpd[8565]: warning: connect to 
>>>> private/postfix-policyd-spf: No such file or directory
>>>> Jan  8 15:11:32 web postfix/smtpd[8565]: warning: problem talking to 
>>>> server private/postfix-policyd-spf: No such file or directory
>>>> Jan  8 15:11:32 web postfix/smtpd[8565]: NOQUEUE: reject: RCPT from 
>>>> unknown[84.20.61.91]: 451 4.3.5 <t.schneider at tms-itdienst.at>: 
>>>> Recipient
>>>> address rejected: Server configuration problem; 
>>>> from=<radsport at musikmarkt.com> to=<t.schneider at tms-itdienst.at> 
>>>> proto=ESMTP
>>>> helo=<[192.168.0.103]>
>>>
>>> postfix wurde zwischendurch neu gestartet?
>>>
>>>>> Das macht ja postfix, wegen des master.cf eintrags:
>>>>>
>>>>> policy-spf  unix  -       n       n       -       -       spawn 
>>>>> user=nobody argv=/usr/bin/policyd-spf
>>>
>>> Da dieser master.cf Eintrag "private" ist, wird der Socket
>>> /var/spool/postfix/private/policyd-spf erzeugt (nicht 
>>> postfix-policyd-spf)
>>>
>>> Prüf mal ob der master.cf Eintrag und der main.cf eintrag zusammenpassen
>>>
>>
> 

-- 
TMS IT-Dienst
Timm Schneider
Hinterstadt 2 - Eingang Jungmairgasse 2
4840 Vöcklabruck(VB)
Austria
T(AT).+43.720.501 078(kostenlos per ENUM erreichbar)
T(DE).+49.89.2441 3327
T(CH).+41.32.510 9875
F.+43.720.501 078 57
3CX Gratis: https://www.tms-itdienst.at/telefonserver
My personal Click2Meet URL is: 
https://tmspbx-at.3cx.net/join/timmschneider686283

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 4287 bytes
Beschreibung: S/MIME Cryptographic Signature
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20190108/0dbcbd89/attachment-0001.p7s>

Mehr Informationen über die Mailingliste Postfixbuch-users