postfix / postscreen Problem

Günther J. Niederwimmer gjn at gjn.priv.at
So Nov 19 13:34:12 CET 2017 

Hallo Liste,

Ich komme da anscheinend nicht weiter, ich habe einen Fehler in meiner 
Konfiguration der anscheinend nicht zu finden ist ?
Ich benutze postfix 3.2.3 
mit Centos 7.4

irgendwie ist das für mich nicht logisch ?

laut log ist die Mail ja schon abgeleht (jedefalls für mich), kommt aber 
trotzdem durch
Das ist ein auszug aus dem Log mehr steht nicht drin trotz dem Hinweis auf das 
Log ?

die domain ist meine Hauptdomain, den User gibt es nicht ??

Nov 19 12:59:27 mx01 postfix/postscreen[27782]: CONNECT from [198.2.186.15]:
26200 to [89.26.108.7]:25
Nov 19 12:59:27 mx01 postfix/dnsblog[27786]: addr 198.2.186.15 listed by domain 
list.dnswl.org as 127.0.15.0
Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain 
hostkarma.junkemailfilter.com as 127.0.0.3
Nov 19 12:59:27 mx01 postfix/dnsblog[27784]: addr 198.2.186.15 listed by domain 
hostkarma.junkemailfilter.com as 127.0.1.1
Nov 19 12:59:29 mx01 postfix/dnsblog[27794]: addr 198.2.186.15 listed by domain 
wl.mailspike.net as 127.0.0.18
Nov 19 12:59:32 mx01 postfix/postscreen[27782]: PASS OLD [198.2.186.15]:26200
Nov 19 12:59:32 mx01 postfix/smtpd[27801]: connect from 
mail186-15.suw21.mandrillapp.com[198.2.186.15]
Nov 19 12:59:32 mx01 postfix/smtpd[27801]: Anonymous TLS connection established 
from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Nov 19 12:59:33 mx01 postfix/smtpd[27801]: NOQUEUE: reject: RCPT from 
mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <ggjn at 4gjn.com>: 
Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said: 
451 4.3.0 <ggjn at 4gjn.com> Internal error occurred. Refer to server log for 
more information. (in reply to RCPT TO command); from=<bounce-
md_30850198.5a102b70.v1-1d0c1d0322214796898a5b483cceef02 at mandrillapp.com> 
to=<ggjn at 4gjn.com> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
Nov 19 12:59:33 mx01 postfix/smtpd[27801]: disconnect from 
mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1 
rcpt=0/1 quit=1 commands=5/6
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection rate 
1/60s for (smtpd:198.2.186.15) at Nov 19 12:59:32
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max connection count 1 
for (smtpd:198.2.186.15) at Nov 19 12:59:32
Nov 19 13:02:53 mx01 postfix/anvil[27803]: statistics: max cache size 1 at Nov 
19 12:59:32
Nov 19 13:14:33 mx01 postfix/postscreen[28606]: CONNECT from [198.2.186.15]:
38242 to [89.26.108.7]:25
Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain 
hostkarma.junkemailfilter.com as 127.0.0.3
Nov 19 13:14:33 mx01 postfix/dnsblog[28608]: addr 198.2.186.15 listed by domain 
hostkarma.junkemailfilter.com as 127.0.1.1
Nov 19 13:14:33 mx01 postfix/dnsblog[28609]: addr 198.2.186.15 listed by domain 
list.dnswl.org as 127.0.15.0
Nov 19 13:14:34 mx01 postfix/dnsblog[28617]: addr 198.2.186.15 listed by domain 
wl.mailspike.net as 127.0.0.18
Nov 19 13:14:38 mx01 postfix/postscreen[28606]: PASS OLD [198.2.186.15]:38242
Nov 19 13:14:38 mx01 postfix/smtpd[28624]: connect from 
mail186-15.suw21.mandrillapp.com[198.2.186.15]
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: Anonymous TLS connection established 
from mail186-15.suw21.mandrillapp.com[198.2.186.15]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: NOQUEUE: reject: RCPT from 
mail186-15.suw21.mandrillapp.com[198.2.186.15]: 450 4.1.1 <ggjn at 4gjn.com>: 
Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said: 
451 4.3.0 <ggjn at 4gjn.com> Internal error occurred. Refer to server log for 
more information. (in reply to RCPT TO command); from=<bounce-
md_30850198.5a102b70.v1-1d0c1d0322214796898a5b483cceef02 at mandrillapp.com> 
to=<ggjn at 4gjn.com> proto=ESMTP helo=<mail186-15.suw21.mandrillapp.com>
Nov 19 13:14:39 mx01 postfix/smtpd[28624]: disconnect from 
mail186-15.suw21.mandrillapp.com[198.2.186.15] ehlo=2 starttls=1 mail=1 
rcpt=0/1 quit=1 commands=5/6
Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection rate 
1/60s for (smtpd:198.2.186.15) at Nov 19 13:14:38
Nov 19 13:17:59 mx01 postfix/anvil[28626]: statistics: max connection count 1 
for (smtpd:198.2.186.15) at Nov 19 13:14:38

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = btree
html_directory = no
inet_interfaces = all
lmtp_dns_support_level = dnssec
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20480000
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr}
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
myhostname = mx01.4gjn.com
mynetworks = 89.26.108.0/28, 127.0.0.0/8, 192.168.100.0/24, [2001:470:1f0b:
371::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/
postscreen_access.cidr
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3 
b.barracudacentral.org*2 bad.psky.me*2 psbl.surriel.com bl.blocklist.de 
bl.spamcop.net spam.spamrats.com bl.spameatingmonkey.net dnsbl.cobion.com 
ix.dnsbl.manitu.net hostkarma.junkemailfilter.com dnsbl.inps.de 
list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2 
list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].
[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.
[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
postscreen_whitelist_interfaces = static:all
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.2.3/README_FILES
recipient_delimiter = +
relay_domains = btree:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix3-3.2.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_sasl_security_options = noplaintext, noanonymous
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, 
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = dane
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, reject_unverified_recipient, reject_invalid_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous,
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access btree:/etc/postfix/
check_sender_access
smtpd_tls_CAfile = /etc/pki/tls/cert.pem
smtpd_tls_CApath = /etc/pki/tls
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_1024.pem
smtpd_tls_eecdh_grade = ultra
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, MD5, PSK, aECDH, EDH-
DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-SHA. 
CAMELLIA256-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, MD5, PSK, aECDH, 
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA, CAMELLIA128-
SHA. CAMELLIA256-SHA
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_bytes = 128
transport_maps = btree:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = btree:/etc/postfix/virtual_alias

für jede Hilfe dankbar,

-- 
mit freundlichen Grüssen / best regards,

  Günther J. Niederwimmer

Mehr Informationen über die Mailingliste Postfixbuch-users