[Postfixbuch-users] logcheck und chkrootkit

Andreas v. Heydwolff listmail at sandpsych.at
Do Nov 2 12:42:17 CET 2006 

Sandy Drobic wrote:
> Andreas von Heydwolff wrote:

>> Komischerweise kommen die logcheck-Mails in meinem Postfach auf dem 
>> Mailserver an, die chkrootkit-Mails aber nicht: 

--- snip ---

> Was steht im Log, wenn die Mail durchläuft?
> Wie sieht "postconf -n" aus?

> Sandy

Danke. Hier die Infos:

Nov  2 06:27:38 mail at localhost postfix/smtpd[18053]: connect from 
unknown[10.0.1.1]
Nov  2 06:27:38 mail at localhost postfix/smtpd[18053]: AF062C0A4: 
client=unknown[10.0.1.1]
Nov  2 06:27:38 mail at localhost postfix/cleanup[17447]: AF062C0A4: 
message-id=<20061102052733.91F101E13 at firewall.meine.domain>
Nov  2 06:27:38 mail at localhost postfix/smtpd[18053]: disconnect from 
unknown[10.0.1.1]
Nov  2 06:27:38 mail at localhost postfix/qmgr[4122]: AF062C0A4: 
from=<root at firewall.meine.domain>, size=821, nrcpt=1 (queue active)
Nov  2 06:28:09 mail at localhost postfix/smtpd[18060]: connect from 
localhost.localdomain[127.0.0.1]
Nov  2 06:28:09 mail at localhost postfix/smtpd[18060]: E301EC0A5: 
client=localhost.localdomain[127.0.0.1]
Nov  2 06:28:10 mail at localhost postfix/cleanup[17447]: E301EC0A5: 
message-id=<20061102052733.91F101E13 at firewall.meine.domain>
Nov  2 06:28:10 mail at localhost postfix/smtpd[18060]: disconnect from 
localhost.localdomain[127.0.0.1]
Nov  2 06:28:10 mail at localhost amavis[13095]: (13095-06-2) Passed CLEAN, 
[10.0.1.1] <root at firewall.meine.domain> -> <root at firewall.meine.domain>, 
Message-ID: <20061102052733.91F101E13 at firewall.meine.domain>, mail_id: 
rJa9+cMwGZs3, Hits: -1.787, queued_as: E301EC0A5, 31255 ms
Nov  2 06:28:10 mail at localhost postfix/lmtp[17448]: AF062C0A4: 
to=<root at firewall.meine.domain>, relay=127.0.0.1[127.0.0.1], delay=32, 
status=sent (250 2.6.0 Ok, id=13095-06-2, from MTA([127.0.0.1]:10025): 
250 Ok: queued as E301EC0A5)
Nov  2 06:28:10 mail at localhost postfix/qmgr[4122]: E301EC0A5: 
from=<root at firewall.meine.domain>, size=1293, nrcpt=1 (queue active)
Nov  2 06:28:10 mail at localhost postfix/qmgr[4122]: AF062C0A4: removed
Nov  2 06:28:10 mail at localhost postfix/smtp[18061]: connect to 
firewall.meine.domain[10.0.0.1]: Connection refused (port 25)
Nov  2 06:28:10 mail at localhost postfix/smtp[18061]: E301EC0A5: 
to=<root at firewall.meine.domain>, relay=none, delay=1, status=deferred 
(connect to firewall.meine.domain[10.0.0.1]: Connection refused)

und

== postconf -n (auf dem Mailserver)==

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:127.0.0.1:10024
home_mailbox = Maildir/
inet_interfaces = $myhostname localhost.$mydomain 10.0.1.10
local_destination_concurrency_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
mailbox_command = /usr/bin/maildrop -d ${USER}
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, mail, 
meine.domain
myhostname = mail.meine.domain
mynetworks = 127.0.0.0/8 10.0.0.0/24 10.0.1.0/24 192.168.1./24
mynetworks_style = subnet
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks 
reject_unauth_destination    check_policy_service inet:127.0.0.1:60000

== postconf -n auf der fw ==

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = 127.0.0.1,10.0.1.1
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = firewall.meine.domain
mynetworks = 127.0.0.0/8,10.0.1.10/8
myorigin = /etc/mailname
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
transport_maps = hash:/etc/postfix/transport


Könnte es ein Problem sein, dass die Namensauflösung von mail nach 
firewall nicht funktioniert? Die Firewall hat nur einen Namen und der 
ergibt die andere, "falsche" DMZ-IP-Adresse, wenn ich vom Mailserver aus 
auf die Firewall zugreifen will.

Andreas
-- 

--
Dr. Andreas von Heydwolff -- FA für Psychiatrie - ÖÄK-Diplom
psychotherapeutische Medizin - Psychotherapeut (Analytische Psychologie)
Sandwirtg. 13, 1060 Wien, Tel. +43/1/587 45 75, Fax -9
Di, Mi 9-12; Mo 13-18, Di 13:30-17, Do 13:30-19  www.sandpsych.at

Mehr Informationen über die Mailingliste Postfixbuch-users