<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Guten Morgen Liste,</p>
<p>ich benutze Postfix und Amavisd auf einem CentOS 7 Server als E-Mail Relay und mir sind unstimmigkeiten in den Logs aufgefallen:</p>
<p>(145710-19) Checking: 0ol2VMESohfo ORIGINATING [10.200.0.138] <123@example.com> -> <456@extern.com></p>
<p>(145710-19) Open relay? Nonlocal recips but not originating: 456@extern.com</p>
<p>Passed CLEAN <strong>{RelayedOpenRelay}, ORIGINATING</strong> [10.200.0.138]:62251 <123@example.com> -> <456@extern.com>, Queue-ID: E4809180131B, Message-ID: <000001d335cd$f2ef1940$d8cd4bc0$@inprosim.de>, mail_id: T0U1QgrmEOV0, Hits: -0.997, size: 2868, queued_as: 16FB7180131F, 1037 ms</p>
<p>Wenn ich von intern nach extern über Port 587 sende wird mir "RelayedOpenRelay" von Amavis gemeldet obwohl originating gesetzt ist. Woran kann das liegen?</p>
<p><br /></p>
<p>In der master.cf ist milter_macro_deamon_name gesetzt.</p>
<p>submission inet n       -       n       -       -       smtpd<br />  -o syslog_name=postfix/submission<br />  -o smtpd_milters=<br />  -o smtpd_tls_security_level=encrypt<br />  -o smtpd_sasl_auth_enable=yes<br />  -o smtpd_sasl_type=dovecot<br />  -o smtpd_sasl_path=inet:imap.proit-services.de:1587<br />  -o smtpd_sasl_security_options=noanonymous<br />  -o smtpd_sasl_local_domain=$myhostname<br />  -o smtpd_recipient_restrictions=<br />  -o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />  -o content_filter=smtp-amavis:[::1]:10024<br />  -o milter_macro_daemon_name=ORIGINATING</p>
<p>smtp-amavis unix -    -    n    -    2 smtp<br />    -o smtp_data_done_timeout=1200<br />    -o smtp_send_xforward_command=yes<br />    -o disable_dns_lookups=yes<br />    -o disable_mime_output_conversion=yes<br />    -o smtp_generic_maps=</p>
<p>Und in amavisd habe ich auch die Policybank auf Port 10024 gesetzt.</p>
<p>$interface_policy{'10024'} = 'ORIGINATING';</p>
<p>$policy_bank{'ORIGINATING'} = {<br />    inet_acl => [qw( 127.0.0.1 [::1] )],<br />    originating => 1,<br />    allow_disclaimers => 1,<br />    virus_admin_maps => ["virusalert\@$mydomain"],<br />    spam_admin_maps  => ["virusalert\@$mydomain"],<br />    warnbadhsender   => 1,<br />    smtpd_discard_ehlo_keywords => ['8BITMIME'],<br />    bypass_spam_checks_maps => [0],<br />    bypass_banned_checks_maps => [1],<br />    terminate_dsn_on_notify_success => 0,<br />    notify_method  => 'smtp:[::1]:10025',<br />    forward_method => 'smtp:[::1]:10025',<br />    final_virus_destiny => 'D_BOUNCE',<br />};</p>
<p>Localdomains sind ebenfalls gesetzt.</p>
<p>postconf -n</p>
<p>address_verify_map = memcache:/etc/postfix/verify_cache<br />address_verify_negative_expire_time = 3d<br />address_verify_negative_refresh_time = 3h<br />address_verify_positive_expire_time = 31d<br />address_verify_positive_refresh_time = 7d<br />address_verify_transport_maps = btree:/etc/postfix/transport_verify,$transport_maps<br />alias_maps = hash:/etc/aliases<br />amavisd_milter = inet:[::1]:8893<br />biff = no<br />bounce_queue_lifetime = 3d<br />bounce_template_file = /etc/postfix/bounce.de-DE.cf<br />command_directory = /usr/sbin<br />config_directory = /etc/postfix<br />content_filter =<br />daemon_directory = /usr/libexec/postfix<br />data_directory = /var/lib/postfix<br />debug_peer_level = 2<br />debug_peer_list =<br />debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 >$config_directory/$process_name.$process_id.log & sleep 5<br />default_database_type = btree<br />default_privs = nobody<br />delay_warning_time = 30m<br />disable_dns_lookups = no<br />disable_vrfy_command = yes<br />html_directory = no<br />inet_interfaces = all<br />inet_protocols = all<br />mail_owner = postfix<br />mail_spool_directory = /var/mail<br />mailbox_size_limit = 52428800<br />mailq_path = /usr/bin/mailq.postfix<br />manpage_directory = /usr/share/man<br />maximal_queue_lifetime = 3d<br />message_size_limit = 52428800<br />mydestination =<br />myhostname = mail.example.com<br />mynetworks = 127.0.0.0/8 [::1]/128 10.200.0.0/24 10.200.1.0/24<br />mynetworks_style = host<br />myorigin = $mydomain<br />newaliases_path = /usr/bin/newaliases.postfix<br />non_smtpd_milters = ${amavisd_milter}<br />opendkim_milter = inet:[::1]:8891<br />opendmarc_milter = inet:[::1]:8899<br />permit_mx_backup_networks =<br />postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_whitelist, cidr:/etc/postfix/postscreen_spf_whitelist.cidr<br />postscreen_bare_newline_action = drop<br />postscreen_bare_newline_enable = no<br />postscreen_blacklist_action = drop<br />postscreen_cache_map = memcache:/etc/postfix/postscreen_cache<br />postscreen_dnsbl_action = enforce<br />postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1<br />postscreen_dnsbl_threshold = 2<br />postscreen_greet_action = enforce<br />postscreen_non_smtp_command_enable = no<br />postscreen_pipelining_enable = no<br />postscreen_whitelist_interfaces = static:all<br />proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache, proxy:btree:/var/lib/postfix/verify_cache<br />queue_directory = /var/spool/postfix<br />recipient_delimiter = +<br />relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf<br />relayhost =<br />sample_directory = /usr/share/doc/postfix-2.11.3/samples<br />sendmail_path = /usr/sbin/sendmail.postfix<br />setgid_group = postdrop<br />show_user_unknown_table_name = no<br />smtp_destination_rate_delay = 0s<br />smtp_fallback_relay =<br />smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem<br />smtp_tls_cert_file = /etc/ssl/certs/proitcrt.pem<br />smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, 3DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA<br />smtp_tls_fingerprint_digest = sha1<br />smtp_tls_key_file = /etc/ssl/certs/privkey.pem<br />smtp_tls_loglevel = 1<br />smtp_tls_mandatory_ciphers = high<br />smtp_tls_mandatory_protocols = !SSLv2, !SSLv3<br />smtp_tls_policy_maps = btree:/etc/postfix/tls_outgoing_policy<br />smtp_tls_security_level = may<br />smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache<br />smtp_use_tls = yes<br />smtpd_banner = $myhostname ESMTP $mail_name<br />smtpd_client_connection_count_limit = 20<br />smtpd_client_connection_rate_limit = 20<br />smtpd_client_message_rate_limit = 50<br />smtpd_client_restrictions =<br />smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access<br />smtpd_helo_required = yes<br />smtpd_helo_restrictions =<br />smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, permit_mynetworks, check_client_access btree:/etc/postfix/client_checks, check_sender_access btree:/etc/postfix/sender_checks, reject_unknown_client_hostname, reject_unauth_destination, reject_unverified_recipient, permit<br />smtpd_reject_footer = \c. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@proit-services.de. In any case, please provide the following information in your problem report: This error message, time ($localtime), client ($client_address) and server ($server_name).<br />smtpd_sender_restrictions =<br />smtpd_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem<br />smtpd_tls_cert_file = /etc/ssl/certs/crt.pem<br />smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem<br />smtpd_tls_eecdh_grade = ultra<br />smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, 3DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA<br />smtpd_tls_fingerprint_digest = sha1<br />smtpd_tls_key_file = /etc/ssl/certs/privkey.pem<br />smtpd_tls_loglevel = 1<br />smtpd_tls_mandatory_ciphers = high<br />smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3<br />smtpd_tls_protocols = !SSLv2,!SSLv3<br />smtpd_tls_received_header = yes<br />smtpd_tls_security_level = may<br />smtpd_use_tls = yes<br />spf_milter = inet:[::1]:8890<br />tls_preempt_cipherlist = yes<br />transport_maps = btree:/etc/postfix/transport<br />unverified_recipient_reject_code = 577<br />unverified_recipient_reject_reason = Recipient address lookup failed<br />unverified_sender_reject_reason = Sender address lookup failed<br />virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf</p>
<p><br /></p>
<p>mail_version = 2.10.1</p>
<p>Amavisd-new 2.11.0-1.el7</p>
<p><br /></p>
<p>Ich verstehe nicht ganz was Amavisd da treibt. Kann mir das jemand bitte erklären?</p>
<p>Vielen Dank im Voraus</p>
<div>-- <br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">Mit freundlichen Grüßen<br /> <br /> Moritz Hofmann</div>
</div>
</body></html>