[postfix-users] Probleme mit access control

JF via postfix-users postfix-users at de.postfix.org
Mi Mär 19 15:21:25 CET 2014 

Hallo,

ich bin hier gerade am verzweifeln. Bin mit meinem Server umgezogen von
einem Ubuntu Lucid mit Postfix 2.8.5-2 zu einem Server mit Debian 7 und
Postfix 2.9.6-2. Die Konfigfiles habe ich alle vom alten Server übernommen.

Nun klappt aber meine Spam-Abwehr nicht mehr. Spams die aufgrund einer
Blacklist abgewiesen werden müssten kommen einfach durch. Ich hab keinen
Plan was die Ursache sein könnte.

Zum Beispiel diese Mail hier:

Received: from 28-209-136-186.fibertel.com.ar (unknown [186.136.209.28])
	by s2.fahrner.name (Postfix) with ESMTP id 6FF6F3426C
	for <xperia at fahrner.name>; Wed, 19 Mar 2014 14:56:58 +0100 (CET)
Received: from [10.0.0.165] ([10.0.0.165:4538]
helo=28-209-136-186.fibertel.com.ar)
	by A346F6AE4 (envelope-from <xperia at fibertel.com.ar>)
	(ecelerity 3.5.1.37854 r(Momo-dev:3.5.1.0)) with ESMTP
	id F1/14-B5DD6-000E888B; Wed, 19 Mar 2014 10:57:03 -0300
Date: Wed, 19 Mar 2014 10:56:56 -0300
From: "StorePfizer Inc" <xperia at fibertel.com.ar>
Reply-To: xperia at fibertel.com.ar
To: xperia at fahrner.name
Message-ID:
<77D38B12CEF5ED108D597304F6EF49A-2E476A43E39B80766594592269DB44AA at 28-209-136-186.fibertel.com.ar>
Subject: Mr. xperia, Receive 60% OFF
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: WhatCounts
ENVID:
WC-6407144644931-8f90de4d1e5d9fc04adaff3759ac-dfd145db89253913e89d4ae6ab6d9dc1
List-Unsubscribe:
<http://email.fibertel.com.ar/u?id=8f90de4d1e5d9fc04adaff3759ac>
X-Unsubscribe-Web:
<http://email.fibertel.com.ar/u?id=8f90de4d1e5d9fc04adaff3759ac>

Im Postfix Log steht dazu:

Mar 19 14:56:57 s2 postfix/smtpd[15780]: warning: hostname
28-209-136-186.fibertel.com.ar does not resolve to address
186.136.209.28: Name or service not known
Mar 19 14:56:57 s2 postfix/smtpd[15780]: connect from
unknown[186.136.209.28]
Mar 19 14:56:58 s2 postfix/smtpd[15780]: 6FF6F3426C:
client=unknown[186.136.209.28]
Mar 19 14:56:58 s2 postfix/cleanup[15785]: 6FF6F3426C:
message-id=<77D38B12CEF5ED108D597304F6EF49A-2E476A43E39B80766594592269DB44AA at 28-209-136-186.fibertel.com.ar>
Mar 19 14:56:58 s2 postfix/qmgr[14673]: 6FF6F3426C:
from=<xperia at fibertel.com.ar>, size=2269, nrcpt=1 (queue active)
Mar 19 14:56:58 s2 spamd[7299]: spamd: connection from localhost
[127.0.0.1] at port 41281
Mar 19 14:56:58 s2 spamd[7299]: spamd: setuid to debian-spamd succeeded
Mar 19 14:56:59 s2 postfix/smtpd[15780]: disconnect from
unknown[186.136.209.28]
Mar 19 14:56:59 s2 spamd[7299]: spamd: processing message
<77D38B12CEF5ED108D597304F6EF49A-2E476A43E39B80766594592269DB44AA at 28-209-136-186.fibertel.com.ar>
for debian-spamd:112
Mar 19 14:57:00 s2 spamd[7299]: spamd: identified spam (27.7/5.0) for
debian-spamd:112 in 1.6 seconds, 2224 bytes.
Mar 19 14:57:00 s2 spamd[7299]: spamd: result: Y 27 -
FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_PSBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,TO_NO_BRKTS_NORDNS_HTML,TVD_RCVD_IP,T_RCVD_IN_SEMBLACK,T_SURBL_MULTI1,T_SURBL_MULTI2,URIBL_AB_SURBL,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
scantime=1.6,size=2224,user=debian-spamd,uid=112,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=41281,mid=<77D38B12CEF5ED108D597304F6EF49A-2E476A43E39B80766594592269DB44AA at 28-209-136-186.fibertel.com.ar>,autolearn=spam
Mar 19 14:57:00 s2 postfix/pickup[14674]: 5ACCA3468B: uid=112
from=<xperia at fibertel.com.ar>
Mar 19 14:57:00 s2 postfix/cleanup[15785]: 5ACCA3468B:
message-id=<77D38B12CEF5ED108D597304F6EF49A-2E476A43E39B80766594592269DB44AA at 28-209-136-186.fibertel.com.ar>
Mar 19 14:57:00 s2 postfix/pipe[15786]: 6FF6F3426C:
to=<jf at fahrner.name>, orig_to=<xperia at fahrner.name>, relay=spamassassin,
delay=2, delays=0.39/0.01/0/1.6, dsn=2.0.0, status=sent (delivered via
spamassassin service)
Mar 19 14:57:00 s2 postfix/qmgr[14673]: 6FF6F3426C: removed
Mar 19 14:57:00 s2 postfix/qmgr[14673]: 5ACCA3468B:
from=<xperia at fibertel.com.ar>, size=6763, nrcpt=1 (queue active)
Mar 19 14:57:00 s2 spamd[7298]: prefork: child states: II
Mar 19 14:57:00 s2 postfix/pipe[15790]: 5ACCA3468B:
to=<jf at fahrner.name>, relay=dovecot, delay=0.13,
delays=0.01/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot
service)
Mar 19 14:57:00 s2 postfix/qmgr[14673]: 5ACCA3468B: removed

Die IP 186.136.209.28 ist in b.barracudacentral.org und psbl.surriel.com
gelistet.

Meine Restrictions sehen so aus:

smtpd_client_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    permit_dnswl_client list.dnswl.org
    check_client_access hash:/etc/postfix/whitelist
    reject_unknown_client_hostname
    reject_rbl_client zen.spamhaus.org
    reject_rbl_client psbl.surriel.com
    reject_rbl_client b.barracudacentral.org
    reject_rbl_client dnsbl.sorbs.net

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    reject_rhsbl_helo dbl.spamhaus.org
    reject_unauth_pipelining

smtpd_sender_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_non_fqdn_sender
    reject_unknown_sender_domain
    reject_sender_login_mismatch
    reject_unauth_pipelining
    reject_rhsbl_sender dbl.spamhaus.org
    check_sender_mx_access cidr:/etc/postfix/bogus_mx

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_non_fqdn_recipient
    reject_unknown_recipient_domain
    reject_unauth_pipelining
    permit_dnswl_client list.dnswl.org
    check_client_access hash:/etc/postfix/whitelist
    check_policy_service inet:127.0.0.1:10023

smtpd_data_restrictions =
    reject_unauth_pipelining
    reject_multi_recipient_bounce



Auch das Greylisting hat nicht stattgefunden! In den Whitelists ist die
IP natürlich nicht drin. Was ist da bloss los???

Gruss
Jochen

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 4956 bytes
Beschreibung: S/MIME Cryptographic Signature
URL         : <http://de.postfix.org/pipermail/postfix-users/attachments/20140319/dbf3ef13/attachment.bin>

Mehr Informationen über die Mailingliste postfix-users