[Postfixbuch-users] Fehler bei AMaViS und Backup MX...

Klaus Tachtler klaus at tachtler.net
Do Sep 24 08:44:07 CEST 2009 


Hallo Liste,

ich habe folgende Fehlermeldung in meinem Maillog gefunden:

> Sep 20 04:28:48 nss amavis[5313]: (05313-02) Open relay? Nonlocal recips
> but not originating: webmaster at omni128.de

Diese Fehlermeldung erhalte ich immer dann, wenn ich e-Mail's annehme  
für die ich (tachtler.net) der BACKUP MX bin! - Ich bin der BACKUP MX  
für z.B. omni128.de

Kann mir jemand helfen? - Nachstehend meine Konfigurationen, DANKE!

Meine amavisd.conf sieht wie folgt aus: (relevanter Auszug, denke ich):

...
@mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/28 );

$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
                # option(s) -p overrides $inet_socket_port and $unix_socketname

$inet_socket_port = 10024;   # listen on this local TCP port(s)
# $inet_socket_port = [10024,10026];  # listen on multiple TCP ports

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
   originating => 1,  # is true in MYNETS by default, but let's make  
it explicit
   # Tachtler
   allow_disclaimers => 1,  # enables disclaimer insertion if available
   os_fingerprint_method => undef,  # don't query p0f for internal clients
};

# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
   originating => 1,  # declare that mail was submitted by our smtp client
   allow_disclaimers => 1,  # enables disclaimer insertion if available
   # notify administrator of locally originating malware
   # Tachtler
   # default: virus_admin_maps => ["virusalert\@$mydomain"],
   virus_admin_maps => ["mailfilter\@$mydomain"],
   # Tachtler
   # default: spam_admin_maps  => ["virusalert\@$mydomain"],
   spam_admin_maps  => ["mailfilter\@$mydomain"],
   warnbadhsender   => 1,
   # forward to a smtpd service providing DKIM signing service
   forward_method => 'smtp:[127.0.0.1]:10027',
   # force MTA conversion to 7-bit (e.g. before DKIM signing)
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
   bypass_banned_checks_maps => [1],  # allow sending any file names and types
   terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};
...

----------------------------------------------------------------------

# dig omni128.de MX

; <<>> DiG 9.3.4-P1 <<>> omni128.de MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3817
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5

;; QUESTION SECTION:
;omni128.de.                    IN      MX

;; ANSWER SECTION:
omni128.de.             4505    IN      MX      20 mx1.tachtler.net.
omni128.de.             4505    IN      MX      10 mx1.nausch.org.

;; AUTHORITY SECTION:
omni128.de.             121474  IN      NS      ns1.m-online.net.
omni128.de.             121474  IN      NS      ns2.m-online.net.

;; ADDITIONAL SECTION:
mx1.nausch.org.         2302    IN      A       88.217.187.21
mx1.tachtler.net.       86400   IN      A       88.217.171.167
ns1.m-online.net.       121474  IN      A       212.18.0.8
ns1.m-online.net.       121474  IN      AAAA    2001:a60:0:11::53
ns2.m-online.net.       121474  IN      A       212.18.3.8

;; Query time: 2 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Sep 24 08:33:21 2009
;; MSG SIZE  rcvd: 227

----------------------------------------------------------------------

# postconf -n
address_verify_map = btree:/var/spool/postfix/data/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = pcre:/etc/postfix/body_checks
bounce_queue_lifetime = 1d
bounce_template_file = /etc/postfix/bounce.de-DE.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
lmtp_generic_maps = btree:/etc/postfix/lmtp_generic_maps
mail_owner = postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = tachtler.net
maximal_queue_lifetime = 1d
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain, localhost,  
$mydomain, $myorigin
myhostname = mx1.tachtler.net
mynetworks = 127.0.0.0/8, 192.168.0.0/24
myorigin = nss.tachtler.net
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = debug_peer_list,      
fast_flush_domains,     mynetworks,     permit_mx_backup_networks,      
  qmqpd_authorized_clients,   relay_domains
permit_mx_backup_networks = 88.217.187.21/32
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps
relay_domains =
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = btree:/etc/postfix/smtp_generic_maps
smtp_tls_loglevel = 1
smtp_use_tls = yes
smtpd_client_connection_count_limit = 20
smtpd_client_recipient_rate_limit = 20
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access  
btree:/etc/postfix/check_recipient_access_rfc,    check_client_access  
cidr:/etc/postfix/check_client_access,   check_helo_access  
btree:/etc/postfix/check_helo_access, check_sender_access  
btree:/etc/postfix/check_sender_access,     check_recipient_access  
btree:/etc/postfix/check_recipient_access,    reject_non_fqdn_sender,  
reject_non_fqdn_recipient,      reject_unknown_sender_domain,    
reject_unknown_recipient_domain,     permit_sasl_authenticated,       
permit_mynetworks,      reject_rbl_client zen.spamhaus.org,      
reject_rbl_client ix.dnsbl.manitu.net,  reject_rbl_client  
bl.spamcop.net,    reject_rbl_client dnsbl.njabl.org,       
reject_rhsbl_client multi.uribl.com,    reject_rhsbl_client  
blackhole.securitysage.com, check_client_access  
btree:/etc/postfix/check_client_access_policyd_weight,    
check_policy_service inet:127.0.0.1:12525,      check_policy_service  
unix:postgrey/socket,   reject_unverified_recipient,     
permit_mx_backup,       reject_unauth_destination,      permit
smtpd_tls_CAfile = /etc/pki/postfix/certs/CAcert.pem
smtpd_tls_cert_file = /etc/pki/postfix/certs/cert.pem
smtpd_tls_key_file = /etc/pki/postfix/private/key.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
transport_maps = btree:/etc/postfix/transport_maps
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 577
unverified_sender_reject_code = 577
virtual_alias_domains = btree:/etc/postfix/virtual_alias_domains
virtual_alias_maps = btree:/etc/postfix/virtual_alias_maps

Grüße
Klaus.






--

----------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net                        
----------------------------------------

Mehr Informationen über die Mailingliste Postfixbuch-users