[Postfixbuch-users] Hilfe bin eine Spam Schleuder geworden

Sandy Drobic postfixbuch-users at drobic.de
Mi Nov 30 13:53:47 CET 2011 

On 30.11.2011 13:03, Günther J. Niederwimmer wrote:
> Hallo,
> 
> könnt Ihr mir bei meinem Problem helfen Ich bin anscheinend ein offenes Relay 
> seit neuestem (hinet.net, yahoo.com.tw)?

Wie kommst du darauf?

> Was mir aufgefallen ist die RBL Anfragen werden nicht mehr ausgeführt (?) und 
> eine Fehlermeldung wegen SSL ist vorhanden ?
> 
> Ein Auszug daraus ?
> // 
> ov 30 09:42:40 smtp postfix/smtpd[25788]: connect from 189-38-240-240.static-
> corp.ajato.com.br[189.38.240.240]
> Nov 30 09:42:40 smtp postfix/smtpd[25758]: warning: TLS library problem: 
> 25758:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
> number:s3_pkt.c:284:
> Nov 30 09:42:40 smtp postfix/smtpd[25758]: lost connection after STARTTLS from 
> 75-139-246-166.static.ftwo.tx.charter.com[75.139.246.166]
> Nov 30 09:42:40 smtp postfix/smtpd[25758]: disconnect from 
> 75-139-246-166.static.ftwo.tx.charter.com[75.139.246.166]
> Nov 30 09:42:40 smtp postfix/smtpd[25762]: warning: TLS library problem: 
> 25762:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
> number:s3_pkt.c:284:
> Nov 30 09:42:40 smtp postfix/smtpd[25762]: lost connection after STARTTLS from 
> unknown[168.187.87.132]
> Nov 30 09:42:40 smtp postfix/smtpd[25762]: disconnect from 
> unknown[168.187.87.132]
> Nov 30 09:42:41 smtp postfix/smtpd[25788]: warning: TLS library problem: 
> 25788:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
> number:s3_pkt.c:284:
> Nov 30 09:42:41 smtp postfix/smtpd[25788]: lost connection after STARTTLS from 
> 189-38-240-240.static-corp.ajato.com.br[189.38.240.240]
> Nov 30 09:42:41 smtp postfix/smtpd[25788]: disconnect from 
> 189-38-240-240.static-corp.ajato.com.br[189.38.240.240]
> Nov 30 09:42:41 smtp postfix/smtpd[25758]: warning: 122.174.3.78: hostname 
> ABTS-TN-dynamic-078.3.174.122.airtelbroadband.in verification failed: Name or 
> service not known
> Nov 30 09:42:41 smtp postfix/smtpd[25758]: connect from unknown[122.174.3.78]
> //

Du hast ein Problem mit der SSL-Konfiguration, aber hier sehe ich keine
angenommenen Mails irgendeiner Art.

> auch die posstconf -n hänge ich an, hoffentlich fällt Euch auf, was da nicht 
> mehr funktioniert ?
> 
> //
> alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldapalias_maps_folder.cf, 
> ldap:/etc/postfix/ldapalias_maps.cf
> biff = no
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> defer_transports = 
> delay_warning_time = 1h
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> home_mailbox = 
> html_directory = /usr/share/doc/packages/postfix-doc/html
> inet_interfaces = all
> inet_protocols = all
> mail_owner = postfix
> mail_spool_directory = 
> mailbox_command = 
> mailbox_size_limit = 0
> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains = ldap:/etc/postfix/ldapmasquerade_domains.cf
> masquerade_exceptions = root
> message_size_limit = 102400000
> message_strip_characters = \0
> mydestination = $myhostname, localhost.$mydomain, .$mydomain, 
> ldap:/etc/postfix/ldapmydestination.cf
> myhostname = smtp.xxxxxxx.xxx
> mynetworks = 127.0.0.0/8, 192.xxx.xxx.0/24, 89.xxx.xxx.0/28, [::1]/128, 
> [fe80::%eth0]/64, [fe80::%eth1]/64
> mynetworks_style = subnet
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
> relayhost = 
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix-doc/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_enforce_tls = no
> smtp_sasl_auth_enable = no
> smtp_sasl_security_options = noanonymous
> smtp_tls_enforce_peername = yes
> smtp_tls_per_site = ldap:/etc/postfix/ldapsmtp_tls_per_site.cf
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = reject_rbl_client bl.spamcop.net, 
> reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client zen.spamhaus.org, 
> ldap:/etc/postfix/ldapaccess.cf
> smtpd_helo_required = yes
> smtpd_helo_restrictions = 
> smtpd_recipient_restrictions = permit_sasl_authenticated, 
> permit_auth_destination, permit_mynetworks, reject_unauth_destination, reject
> smtpd_sasl_auth_enable = yes
> smtpd_sender_restrictions = ldap:/etc/postfix/ldapaccess.cf
> smtpd_tls_CApath = /etc/ssl/certs
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/ssl/servercerts/servercert.pem
> smtpd_tls_key_file = /etc/ssl/servercerts/serverkey.pem
> smtpd_use_tls = yes
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> transport_maps = ldap:/etc/postfix/ldaptransport_maps.cf
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = ldap:/etc/postfix/ldapvirtual_alias_domains.cf
> virtual_alias_maps = ldap:/etc/postfix/ldapuser_recipient_maps.cf, 
> ldap:/etc/postfix/ldapvalias_maps_both.cf, 
> ldap:/etc/postfix/ldapvalias_maps_member.cf, 
> ldap:/etc/postfix/ldapvalias_maps_folder.cf, 
> ldap:/etc/postfix/ldapvalias_maps_forward.cf
> //

Deine smtpd_*_restrictions machen wenig Sinn.

smtpd_client_restrictions =
	reject_rbl_client bl.spamcop.net,
	reject_rbl_client ix.dnsbl.manitu.net,
	reject_rbl_client zen.spamhaus.org,
	[check_client_access] ldap:/etc/postfix/ldapaccess.cf

Hier ist die ldapaccess.cf implizit eine Client-Überprüfung.

smtpd_recipient_restrictions =
	permit_sasl_authenticated,
	permit_auth_destination,
	permit_mynetworks,
	reject_unauth_destination,
	reject

Das letzte reject wird ohnehin nie ausgeführt.

Besser:
smtpd_recipient_restrictions =
	permit_sasl_authenticated,
	permit_mynetworks,
	reject_unauth_destination,

smtpd_sender_restrictions =
	[check_sender_access] ldap:/etc/postfix/ldapaccess.cf

Hier ist die gleiche ldapaccess.cf plötzlich eine Absender-Überprüfung, also
in Form einer Emailadresse. Eine dieser Abfragen ist definitiv sinnfrei.

Packe das ganze in smtpd_recipient_restrictions, dann behälst du auch besser
den Überblick:


smtpd_recipient_restrictions =
	permit_sasl_authenticated,
	permit_mynetworks,
	reject_unauth_destination,
	reject_rbl_client bl.spamcop.net,
	reject_rbl_client ix.dnsbl.manitu.net,
	reject_rbl_client zen.spamhaus.org,

Die ldapaccess.cf habe ich außen vor gelassen, da ich nicht einordnen kann,
was sie macht oder zumindest machen soll. Tipp:

Sprechende Namen für Checks setzen:
	ldap:/etc/postfix/sender_internal_only.cf
	ldap:/etc/postfix/sender_blacklist.cf
	ldap:/etc/postfix/sender_whitelist.cf
	ldap:/etc/postfix/clients_for_greylisting.cf

Da das Log nichts über dein Problem aussagt, kann ich die dort nicht weiterhelfen.

Sandy

Mehr Informationen über die Mailingliste Postfixbuch-users