[Postfixbuch-users] reject_sender_login_mismatch ausgetrickst ?

Uwe Driessen driessen at fblan.de
Mi Jun 27 22:12:51 CEST 2007 



Immer noch Problem das dieser Kunde sein Postfix relay mit Fetchmail nicht im Griff hat. 

Trotz den Restriktionen kann er Mails mit from=<dhardt at yyyyyyyyy.local> schicken.
Wo habe ich da was übersehen das das angenommen wird eigen sollen solche Mails doch direkt
abgewiesen werden 


smtpd_recipient_restrictions = permit_mynetworks,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient, 
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_tls_clientcerts,
   reject_multi_recipient_bounce,
   reject_sender_login_mismatch,
   reject_unverified_recipient,
   reject_unlisted_recipient,
   reject_unlisted_sender,
   reject_authenticated_sender_login_mismatch,
   permit_sasl_authenticated,
   reject_invalid_helo_hostname,
   reject_non_fqdn_helo_hostname,
   reject_unauth_pipelining,
   reject_unauth_destination,
   reject_unknown_helo_hostname,
   check_client_access pcre:/etc/postfix/maps/ausnahme,
   check_client_access pcre:/etc/postfix/maps/dynip,
   check_sender_ns_access hash:/etc/postfix/maps/bogus_dns,
   check_helo_access pcre:/etc/postfix/helo_checks,
   check_sender_access pcre:/etc/postfix/apostroph,
   check_sender_mx_access cidr:/etc/postfix/maps/bogus_mx,
   check_sender_access hash:/etc/postfix/maps/access,
   check_policy_service inet:127.0.0.1:12525
   check_policy_service inet:127.0.0.1:60000,
   check_recipient_access hash:/etc/postfix/roleaccount,
   reject_rbl_client zen.spamhaus.org,
   reject_rhsbl_sender dsn.rfc-ignorant.org,

smtpd_reject_unlisted_sender = yes




Jun 27 22:00:17 fblan postfix/smtpd[14697]: C78754DCD06:
client=p54B4F9A4.dip.t-dialin.net[84.180.249.164], sasl_method=DIGEST-MD5,
sasl_username=dhardt at yyyyyyyyy.de
Jun 27 22:00:17 fblan postfix/cleanup[14463]: C78754DCD06:
message-id=<19710D561E52024FB72AD04F4FBBE0872CC3 at vincent.yyyyyyyyy.local>
Jun 27 22:00:17 fblan postfix/qmgr[452]: C78754DCD06: from=<dhardt at yyyyyyyyy.local>,
size=2530, nrcpt=1 (queue active)
Jun 27 22:00:17 fblan postfix/smtpd[14697]: disconnect from
p54B4F9A4.dip.t-dialin.net[84.180.249.164]
Jun 27 22:00:18 fblan amavis[11144]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to
sys-syslog
Jun 27 22:00:21 fblan amavis[11144]: [ 3] mail 1 is not known spam.
Jun 27 22:00:22 fblan postfix/smtpd[14462]: connect from localhost.localdomain[127.0.0.1]
Jun 27 22:00:22 fblan postfix/smtpd[14462]: 8A2BC4DCE5C:
client=localhost.localdomain[127.0.0.1]
Jun 27 22:00:22 fblan postfix/cleanup[14463]: 8A2BC4DCE5C:
message-id=<19710D561E52024FB72AD04F4FBBE0872CC3 at vincent.yyyyyyyyy.local>
Jun 27 22:00:22 fblan postfix/qmgr[452]: 8A2BC4DCE5C: from=<dhardt at yyyyyyyyy.local>,
size=2991, nrcpt=1 (queue active)
Jun 27 22:00:22 fblan postfix/smtpd[14462]: disconnect from
localhost.localdomain[127.0.0.1]
Jun 27 22:00:22 fblan amavis[11144]: (11144-07) Passed,<dhardt at yyyyyyyyy.local> ->
<Dirk.Hardt at gmx.de>, quarantine QqeQi-fWR9w5, Message-ID:
<19710D561E52024FB72AD04F4FBBE0872CC3 at vincent.yyyyyyyyy.local>, Hits: 1.733
Jun 27 22:00:22 fblan postfix/lmtp[14699]: C78754DCD06: to=<Dirk.Hardt at gmx.de>,
relay=127.0.0.1[127.0.0.1]:10024, delay=4.9, delays=0.11/0.02/0.01/4.7, dsn=2.6.0,
status=sent (250 2.6.0 Ok, id=11144-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 8A2BC4DCE5C)
Jun 27 22:00:22 fblan postfix/qmgr[452]: C78754DCD06: removed
Jun 27 22:00:22 fblan postfix/smtp[14705]: 8A2BC4DCE5C: to=<Dirk.Hardt at gmx.de>,
relay=mx0.gmx.net[213.165.64.100]:25, delay=0.3, delays=0.07/0.02/0.17/0.04, dsn=5.1.8,
status=bounced (host mx0.gmx.net[213.165.64.100] said: 550 5.1.8 Cannot resolve your
domain {mx074} (in reply to MAIL FROM command))
Jun 27 22:00:22 fblan postfix/cleanup[14463]: E222F4DCE5D:
message-id=<20070627200022.E222F4DCE5D at mail.fblan.de>
Jun 27 22:00:22 fblan postfix/qmgr[452]: E222F4DCE5D: from=<>, size=5629, nrcpt=1 (queue
active)
Jun 27 22:00:22 fblan postfix/bounce[14706]: 8A2BC4DCE5C: sender non-delivery
notification: E222F4DCE5D
Jun 27 22:00:22 fblan postfix/qmgr[452]: 8A2BC4DCE5C: removed
Jun 27 22:00:23 fblan postfix/smtp[14705]: E222F4DCE5D: to=<dhardt at yyyyyyyyy.local>,
relay=none, delay=0.07, delays=0.02/0/0.05/0, dsn=5.4.4, status=bounced (Host or domain
name not found. Name service error for name=yyyyyyyyy.local type=AAAA: Host not found)
Jun 27 22:00:23 fblan postfix/qmgr[452]: E222F4DCE5D: removed


Nochmal komplette main.cf
postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
anvil_rate_time_unit = 11s
anvil_status_update_time = 660m
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 0
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_destination_concurrency_limit = 10
delay_warning_time = 1h
disable_vrfy_command = yes
hopcount_limit = 20
inet_protocols = all
local_recipient_maps = unix:passwd.byname $alias_maps $alias_database
local_transport = local:$myorigin  hash:/etc/postfix/transport
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 30000000
maximal_queue_lifetime = 4h
message_size_limit = 15240000
myhostname = mail.fblan.de
mynetworks = 193.158.37.130/32 127.0.0.0/8
mynetworks_style = host
myorigin = fblan.de
recipient_delimiter = +
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_rate_limit = 1
smtpd_client_event_limit_exceptions = $mynetworks, hash:/etc/postfix/vhcs2/aliases,
hash:/etc/postfix/aliases, unix:passwd.byname
smtpd_client_message_rate_limit = 20
smtpd_delay_reject = no
smtpd_discard_ehlo_keywords = 8bitmime,silent-discard
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 2
smtpd_helo_required = yes
smtpd_junk_command_limit = 1
smtpd_recipient_restrictions = permit_mynetworks,   reject_non_fqdn_sender,
reject_non_fqdn_recipient,   reject_unknown_sender_domain,
reject_unknown_recipient_domain,   permit_tls_clientcerts,
reject_multi_recipient_bounce,   reject_sender_login_mismatch,
reject_unverified_recipient,   reject_unlisted_recipient,   reject_unlisted_sender,
reject_authenticated_sender_login_mismatch,   permit_sasl_authenticated,
reject_invalid_helo_hostname,   reject_non_fqdn_helo_hostname,   reject_unauth_pipelining,
reject_unauth_destination,   reject_unknown_helo_hostname,   check_client_access
pcre:/etc/postfix/maps/ausnahme,   check_client_access pcre:/etc/postfix/maps/dynip,
check_sender_ns_access hash:/etc/postfix/maps/bogus_dns,   check_helo_access
pcre:/etc/postfix/helo_checks,   check_sender_access pcre:/etc/postfix/apostroph,
check_sender_mx_access cidr:/etc/postfix/maps/bogus_mx,   check_sender_access
hash:/etc/postfix/maps/access,   check_policy_service inet:127.0.0.1:12525
check_policy_service inet:127.0.0.1:60000,   check_recipient_access
hash:/etc/postfix/roleaccount,   reject_rbl_client zen.spamhaus.org,   reject_rhsbl_sender
dsn.rfc-ignorant.org,
smtpd_reject_unlisted_sender = yes
smtpd_restriction_classes = beinhart
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = vhcs.net
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_login_maps = hash:/etc/postfix/vhcs2/aliases,
smtpd_timeout = 150s
strict_rfc821_envelopes = yes
syslog_facility = local4
transport_maps = hash:/etc/postfix/vhcs2/transport
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_limit = 30000000
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes
virtual_minimum_uid = 107
virtual_transport = virtual
virtual_uid_maps = static:107






Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 / 660045   Fax: 06708 / 661397

Mehr Informationen über die Mailingliste Postfixbuch-users