[Postfixbuch-users] Virenattacke seit letzter Nacht

[chris]

>>> Meiner trotz policyd-weight und header_checks schon ;-)
>>> http://www.pebcak.de/tmp/virustats.png
>>>
>> Wieviel davon kommt von <> bzw ging an postmaster/abuse? :)
>>
hi
nur policyd-weight ohne header_checks hatte ich keinen einzigen noch zu
gesicht bekommen. habs erst bemerkt als ich das log angesehen hab.

letzde versíon mit default settings.

Nov 22 18:24:56 netfinity postfix/policyd-weight[1561]: weighted check: 
IN_DYN_NJABL=3.25 NOT_IN_BL_NJABL=-1.5 NOT_IN_SPAMCOP=-1.5
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5
(check from: bund - helo: jwcaihsd)  FROM_NOT_FAILED_HELO=6.25
FROM_MULTIPARTED=5.44 <client=80.138.107.243> <helo=jwcaihsd.de>
<from=bka.bund at bka.bund.de>, rate: 13.44
Nov 22 18:24:56 netfinity postfix/policyd-weight[1561]: decided action=550
Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to
correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo:
jwcaihsd.de, MTA hostname: p508A6BF3.dip.t-dialin.net[80.138.107.243]
(helo/hostname mismatch)
Nov 22 18:24:56 netfinity postfix/policyd-weight[8406]: cache: purged 2
from HAM cache
Nov 22 18:24:56 netfinity postfix/smtpd[1558]: NOQUEUE: reject: RCPT from
p508A6BF3.dip.t-dialin.net[80.138.107.243]: 550 <saschalena110 at scd.at>:
Recipient address rejected: Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to get
removed from DNSBLs; MTA helo: jwcaihsd.de, MTA hostname:
p508A6BF3.dip.t-dialin.net[80.138.107.243] (helo/hostname mismatch);
from=<BKA.Bund at bka.bund.de> to=<saschalena110 at scd.at> proto=SMTP
helo=<jwcaihsd.de>
Nov 22 18:24:56 netfinity postfix/policyd-weight[8406]: cache: purged 21
from SPAM cache
Nov 22 18:24:56 netfinity postfix/policyd-weight[1561]: decided action=550
temporarily blocked because of previous errors - retrying too fast.
penalty: 30 seconds x 1 retries.
.
.
Das kommt dann hunderte male, dann ist es wieder für eine zeit aus
.
.
.
Nov 22 18:25:11 netfinity postfix/smtpd[1558]: too many errors after RCPT
from p508A6BF3.dip.t-dialin.net[80.138.107.243]
Nov 22 18:25:11 netfinity postfix/smtpd[1558]: disconnect from
p508A6BF3.dip.t-dialin.net[80.138.107.243]


mfg Chris