Seltsame Mail - bin verwirrt

J. Fahrner jf at fahrner.name
Mi Nov 11 16:50:26 CET 2015


Hallo,

heute kam die folgende Mail, die mich total verwirrt. Wer hat die
geschickt, und auftrund von was wurde die produziert? Hat wohl irgendwas
mit DMARC zu tun.

Return-Path: <opendmarc at fahrner.name>
Delivered-To: joachim at familie-fahrner.de
Received: by s3.fahrner.name (Postfix, from userid 119)
	id D663B22256; Wed, 11 Nov 2015 09:53:45 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fahrner.name; s=mail;
	t=1447232025; bh=lyf/JNBkEGCHiFO9eeNVjwO/y2OMMHI9QbIZUCe5WeA=;
	h=From:To:Date:Subject;
	b=Az39vGJNLFTyo8R10iWh7A/grjWBBPxSjet7yTRnBHirEDkb3olaho/gySZARIYBX
	 lhRXqqJtfeUfsBxiQ3zgWQnGI7tgnQyKHDEbGP1Gwp+Fk46s182zPl+pSmRN3r8P4p
	 bP6QQhhCy8I5fnORWRiter9LDw08v8Ss6yqakyAQ=
From: postmaster at fahrner.name
To: postmaster at fahrner.name
Date: Wed, 11 Nov 2015 09:53:45 +0100 (CET)
Subject: FW: You have new fax, document 00271650
MIME-Version: 1.0
Content-Type: multipart/report;
	report-type=feedback-report;
	boundary="s3.fahrner.name:A9CF8221F9"
Message-Id: <20151111085345.D663B22256 at s3.fahrner.name>

--s3.fahrner.name:A9CF8221F9
Content-Type: text/plain

This is an authentication failure report for an email message received from IP
31.220.2.120 on Wed, 11 Nov 2015 09:53:45 +0100 (CET).

--s3.fahrner.name:A9CF8221F9
Content-Type: message/feedback-report

Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.3.0
Auth-Failure: dmarc
Authentication-Results: s3.fahrner.name; dmarc=fail header.from=interfax.net
Original-Envelope-Id: A9CF8221F9
Original-Mail-From: ceylanmarkt at shared2.swiftslots.com
Source-IP: 31.220.2.120
Reported-Domain: interfax.net

--s3.fahrner.name:A9CF8221F9
Content-Type: text/rfc822-headers

Received-SPF: None (no SPF record) identity=mailfrom; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-from=ceylanmarkt at shared2.swiftslots.com; receiver=jf at fahrner.name 
Received: from shared2.swiftslots.com (shared2.swiftslots.com [31.220.2.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by s3.fahrner.name (Postfix) with ESMTPS id A9CF8221F9
	for <jf at fahrner.name>; Wed, 11 Nov 2015 09:53:45 +0100 (CET)
Received: from ceylanmarkt by shared2.swiftslots.com with local (Exim 4.86)
	(envelope-from <ceylanmarkt at shared2.swiftslots.com>)
	id 1ZwR9s-0035b6-3o
	for jf at fahrner.name; Wed, 11 Nov 2015 09:53:36 +0100
To: jf at fahrner.name
Subject: You have new fax, document 00271650
X-PHP-Script: ceylanmarkt.com/post.php for 213.198.102.103
Date: Wed, 11 Nov 2015 08:53:35 +0000
From: "Interfax Online" <incoming at interfax.net>
Reply-To: "Interfax Online" <incoming at interfax.net>
Message-ID: <5a3426ff3dfd9c5baec2864a193446b9 at ceylanmarkt.com>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="b1_e25c1a8174ac865802063755053b13fe"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - shared2.swiftslots.com
X-AntiAbuse: Original Domain - fahrner.name
X-AntiAbuse: Originator/Caller UID/GID - [1059 1071] / [47 12]
X-AntiAbuse: Sender Address Domain - shared2.swiftslots.com
X-Get-Message-Sender-Via: shared2.swiftslots.com: authenticated_id: ceylanmarkt/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: shared2.swiftslots.com: ceylanmarkt

--s3.fahrner.name:A9CF8221F9--

------------------------------------------------------------------------------------------------------------------------------

Im Postfix Log steht zu der Uhrzeit folgendes:

Nov 11 09:53:38 s3 postfix/postscreen[5407]: CONNECT from [31.220.2.120]:55511 to [78.47.47.89]:25
Nov 11 09:53:44 s3 postfix/postscreen[5407]: PASS NEW [31.220.2.120]:55511
Nov 11 09:53:45 s3 postfix/smtpd[5411]: connect from shared2.swiftslots.com[31.220.2.120]
Nov 11 09:53:45 s3 postfix/smtpd[5411]: Anonymous TLS connection established from shared2.swiftslots.com[31.220.2.120]: TLSv1.2
 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Nov 11 09:53:45 s3 policyd-spf[5418]: None; identity=helo; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-from=c
eylanmarkt at shared2.swiftslots.com; receiver=jf at fahrner.name 
Nov 11 09:53:45 s3 policyd-spf[5418]: None; identity=mailfrom; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-fr
om=ceylanmarkt at shared2.swiftslots.com; receiver=jf at fahrner.name 
Nov 11 09:53:45 s3 postfix/smtpd[5411]: A9CF8221F9: client=shared2.swiftslots.com[31.220.2.120]
Nov 11 09:53:45 s3 postfix/cleanup[5420]: A9CF8221F9: message-id=<5a3426ff3dfd9c5baec2864a193446b9 at ceylanmarkt.com>
Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: shared2.swiftslots.com [31.220.2.120] not internal
Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: not authenticated
Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: no signature data
Nov 11 09:53:45 s3 opendmarc[3432]: A9CF8221F9: recvspf: None (no SPF record) identity=mailfrom; client-ip=31.220.2.120; helo=s
hared2.swiftslots.com; envelope-from=ceylanmarkt at shared2.swiftslots.com; receiver=jf at fahrner.name 
Nov 11 09:53:45 s3 opendmarc[3432]: A9CF8221F9: interfax.net fail
Nov 11 09:53:45 s3 postfix/pickup[5250]: D663B22256: uid=119 from=<opendmarc>
Nov 11 09:53:45 s3 postfix/cleanup[5424]: D663B22256: message-id=<20151111085345.D663B22256 at s3.fahrner.name>
Nov 11 09:53:45 s3 opendkim[3421]: D663B22256: DKIM-Signature header added (s=mail, d=fahrner.name)
Nov 11 09:53:45 s3 postfix/cleanup[5420]: A9CF8221F9: milter-reject: END-OF-MESSAGE from shared2.swiftslots.com[31.220.2.120]: 5.7.1 rejected by DMARC policy for interfax.net; from=<ceylanmarkt at shared2.swiftslots.com> to=<jf at fahrner.name> proto=ESMTP helo=<shared2.swiftslots.com>
Nov 11 09:53:45 s3 postfix/smtpd[5411]: disconnect from shared2.swiftslots.com[31.220.2.120]
Nov 11 09:53:45 s3 postfix/qmgr[4587]: D663B22256: from=<opendmarc at fahrner.name>, size=2868, nrcpt=1 (queue active)
Nov 11 09:53:45 s3 postfix/pipe[5425]: D663B22256: to=<joachim at familie-fahrner.de>, orig_to=<postmaster at fahrner.name>, relay=dovecot, delay=0.09, delays=0.06/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 11 09:53:45 s3 postfix/qmgr[4587]: D663B22256: removed

Was ist da passiert?

Gruss
Jochen




Mehr Informationen über die Mailingliste postfix-users