Esoterische Mail Security Gateway von altn

Frank Fiene ffiene at veka.com
Do Jul 29 23:18:04 CEST 2021


N’Abend.

Ich habe einen Kunden, der Mails aus unserem SAP ablehnt,
Hat zwar nichts mit Postfix zu tun, aber dazwischen ist natürlich ein Postfix. :-D

Lest euch mal das Log durch und sagt mir eure Meinung, ist ja SMTP Klartext.

Ich denke ja, dieses System versucht da sehr schlau zu sein, schafft es aber irgendwie nicht.
Sieht für mich so aus, als wenn die schlaue Software über die Message-ID stolpert.

Wie Peer immer sagt: warum sollte man sich Mail Security Gatways installieren, die immer wieder neu erfunden werden.
Ist ja wie die Idee, sich Verschlüsselung selber zu programmieren.

> Tue 2021-07-27 21:10:22: Accepting SMTP connection from [185.254.60.9 : 48572] on port 2025
> Tue 2021-07-27 21:10:22: Sender is not a local domain mail server
> Tue 2021-07-27 21:10:22: Performing PTR lookup (9.60.254.185.IN-ADDR.ARPA)
> Tue 2021-07-27 21:10:22: * D=9.60.254.185.IN-ADDR.ARPA TTL=(191) PTR=[mail1.veka.com <http://mail1.veka.com/>]
> Tue 2021-07-27 21:10:22: * Gathering A records...
> Tue 2021-07-27 21:10:22: * D=mail1.veka.com <http://mail1.veka.com/> TTL=(9) A=[185.254.60.9]
> Tue 2021-07-27 21:10:22: ========== Processing IP scripts
> Tue 2021-07-27 21:10:22: -- Executing: Blacklist --
> Tue 2021-07-27 21:10:22: -- End: Blacklist (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: ========== End IP scripts
> Tue 2021-07-27 21:10:22: --> 220 palomaritaly.net <http://palomaritaly.net/> ESMTP SecurityGateway 8.0.1; Tue, 27 Jul 2021 21:10:22 +0200
> Tue 2021-07-27 21:10:22: <-- EHLO mail1.veka.com <http://mail1.veka.com/>
> Tue 2021-07-27 21:10:22: Skipping IP lookup because HELO matches PTR lookup
> Tue 2021-07-27 21:10:22: ========== Processing HELO scripts
> Tue 2021-07-27 21:10:22: -- Executing: Blacklist --
> Tue 2021-07-27 21:10:22: -- End: Blacklist (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: ========== End HELO scripts
> Tue 2021-07-27 21:10:22: --> 250-palomaritaly.net <http://250-palomaritaly.net/> Hello mail1.veka.com <http://mail1.veka.com/>, pleased to meet you
> Tue 2021-07-27 21:10:22: --> 250-8BITMIME
> Tue 2021-07-27 21:10:22: --> 250-AUTH LOGIN CRAM-MD5
> Tue 2021-07-27 21:10:22: --> 250 SIZE 0
> Tue 2021-07-27 21:10:22: <-- MAIL FROM:<ckuschnereit at veka.com <mailto:ckuschnereit at veka.com>> SIZE=118446
> Tue 2021-07-27 21:10:22: User <ckuschnereit at veka.com <mailto:ckuschnereit at veka.com>> is not local
> Tue 2021-07-27 21:10:22: ========== Processing AUTH scripts
> Tue 2021-07-27 21:10:22: -- Executing: Secure and authenticated port rules --
> Tue 2021-07-27 21:10:22: -- End: Secure and authenticated port rules (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: -- Executing: Dynamic Screening --
> Tue 2021-07-27 21:10:22: * Enabling Dynamic Screening
> Tue 2021-07-27 21:10:22: -- End: Dynamic Screening (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: -- Executing: PTR DNS lookup --
> Tue 2021-07-27 21:10:22: -- End: PTR DNS lookup (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: -- Executing: HELO DNS lookup --
> Tue 2021-07-27 21:10:22: -- End: HELO DNS lookup (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: ========== End AUTH scripts
> Tue 2021-07-27 21:10:22: ========== Processing MAIL scripts
> Tue 2021-07-27 21:10:22: -- Executing: Invalid Sender --
> Tue 2021-07-27 21:10:22: -- End: Invalid Sender (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: -- Executing: IP Shield --
> Tue 2021-07-27 21:10:22: -- End: IP Shield (0.000000 seconds) --
> Tue 2021-07-27 21:10:22: -- Executing: MAIL DNS Lookup --
> Tue 2021-07-27 21:10:22: Performing MAIL lookup (veka.com <http://veka.com/>)
> Tue 2021-07-27 21:10:23: * P=010 D=veka.com <http://veka.com/> TTL=(1) MX=[smtp1.veka.com <http://smtp1.veka.com/>]
> Tue 2021-07-27 21:10:23: * P=010 D=veka.com <http://veka.com/> TTL=(1) MX=[smtp3.veka.com <http://smtp3.veka.com/>]
> Tue 2021-07-27 21:10:23: * P=010 D=veka.com <http://veka.com/> TTL=(1) MX=[smtp2.veka.com <http://smtp2.veka.com/>]
> Tue 2021-07-27 21:10:23: -- End: MAIL DNS Lookup (0.069986 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: SMTP Authentication Required --
> Tue 2021-07-27 21:10:23: -- End: SMTP Authentication Required (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: ========== End MAIL scripts
> Tue 2021-07-27 21:10:23: --> 250 <ckuschnereit at veka.com <mailto:ckuschnereit at veka.com>>, Sender ok
> Tue 2021-07-27 21:10:23: <-- RCPT TO:<acquisti at palomaritaly.net <mailto:acquisti at palomaritaly.net>>
> Tue 2021-07-27 21:10:23: Found user: <acquisti at palomaritaly.net <mailto:acquisti at palomaritaly.net>>
> Tue 2021-07-27 21:10:23: ========== Processing RCPT scripts for recipient: acquisti at palomaritaly.net <mailto:acquisti at palomaritaly.net>
> Tue 2021-07-27 21:10:23: -- Executing: Blacklist --
> Tue 2021-07-27 21:10:23: -- End: Blacklist (0.013997 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: Tarpitting --
> Tue 2021-07-27 21:10:23: * Enabling Tarpitting
> Tue 2021-07-27 21:10:23: -- End: Tarpitting (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: Relaying Denied --
> Tue 2021-07-27 21:10:23: -- End: Relaying Denied (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: Invalid Recipient --
> Tue 2021-07-27 21:10:23: -- End: Invalid Recipient (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: Validate Local Sender --
> Tue 2021-07-27 21:10:23: -- End: Validate Local Sender (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: -- Executing: DNS Blacklists (client IP) --
> Tue 2021-07-27 21:10:23: * zen.spamhaus.org <http://zen.spamhaus.org/> - passed - IP address not found
> Tue 2021-07-27 21:10:23: * bl.spamcop.net <http://bl.spamcop.net/> - passed - IP address not found
> Tue 2021-07-27 21:10:23: -- End: DNS Blacklists (client IP) (0.000000 seconds) --
> Tue 2021-07-27 21:10:23: ========== End RCPT scripts
> Tue 2021-07-27 21:10:23: --> 250 <acquisti at palomaritaly.net <mailto:acquisti at palomaritaly.net>>, Recipient ok
> Tue 2021-07-27 21:10:23: <-- DATA
> Tue 2021-07-27 21:10:23: --> 354 Enter mail, end with <CRLF>.<CRLF>
> Tue 2021-07-27 21:10:23: Message size: 118758 bytes
> Tue 2021-07-27 21:10:23: Message-ID: <ADR460000023082289010004AC1DA874A6EB87CC743D340028C8 at VEKA.COM <mailto:ADR460000023082289010004AC1DA874A6EB87CC743D340028C8 at VEKA.COM>>
> Tue 2021-07-27 21:10:23: Message creation successful: C:\Program Files (x86)\Alt-N Technologies\SecurityGateway\Inbound\28c9a006345043dbba608252ed12f844.MSG
> Tue 2021-07-27 21:10:23: --> 554 Message does not conform to standards; multiple addresses in "From" header
> Tue 2021-07-27 21:10:23: <-- QUIT
> Tue 2021-07-27 21:10:23: --> 221 See ya in cyberspace
> Tue 2021-07-27 21:10:23: SMTP session successful (Bytes in/out: 118878/431)
> Tue 2021-07-27 21:10:23: ----------
Viele Grüße!
i.A. Frank Fiene
-- 
Frank Fiene
IT-Security Manager VEKA Group

Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
http://www.veka.com

PGP-ID: 62112A51
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Threema: VZK5NDWW

VEKA AKTIENGESELLSCHAFT 
Dieselstr. 8 
48324 Sendenhorst 
Deutschland/Germany 
http://www.veka.com 

Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO), 
Pascal Heitmar, Josef L. Beckhoff, Elke Hartleif, Dr. Werner Schuler, 
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Dr. Andreas W. Hillebrand 

HRB 8282 AG Münster/District Court of Münster

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20210729/606a1b0e/attachment-0001.htm>


Mehr Informationen über die Mailingliste Postfixbuch-users