Mailblehnung wg. MX Auflösung - wie debuggen?

Lars Täuber taeuber at bbaw.de
Mi Jan 27 15:31:28 CET 2016 

Hallo zusammen!

Auf unseren MX hosts werden Mails abgelehnt. Allerdings kann ich die Meldung der Ablehnung nicht nachvollziehen:

Jan 25 19:44:20 mx2 postfix/smtpd[13298]: connect from mail-wm0-f46.google.com[74.125.82.46]
Jan 25 19:44:20 mx2 postfix/smtpd[13298]: NOQUEUE: reject: RCPT from mail-wm0-f46.google.com[74.125.82.46]: 554 5.7.1 <... at ku.edu.tr>: Sender address rejected: Bogus NS/MX in RFC 1918 private network; from=<... at ku.edu.tr> to=<...> proto=ESMTP helo=<mail-wm0-f46.google.com>
Jan 25 19:44:20 mx2 postfix/smtpd[13298]: disconnect from mail-wm0-f46.google.com[74.125.82.46]


Die Fehlermeldung deutet auf folgende Tests hin:
/etc/postfix/main.cf:
smtpd_sender_restrictions       =
    [...]
    check_sender_mx_access      cidr:/etc/postfix/bogon_networks.cidr
    check_sender_ns_access      cidr:/etc/postfix/bogon_networks.cidr


/etc/postfix/bogon_networks.cidr:
# Quellen: http://www.iana.org/assignments/ipv4-address-space/
# Quellen: http://www.iana.org/assignments/ipv6-address-space/
#
# IPv4
#
0.0.0.0/8       REJECT Bogus NS/MX in broadcast network
10.0.0.0/8      REJECT Bogus NS/MX in RFC 1918 private network
100.64.0.0/10	REJECT BOGUS NS/MX in RFC 6598 private network
127.0.0.0/8     REJECT Bogus NS/MX in loopback network
169.254.0.0/16  REJECT Bogus NS/MX in link lokal network
172.16.0.0/12   REJECT Bogus NS/MX in RFC 1918 private network
192.0.2.0/24    REJECT Bogus NS/MX in TEST-NET network
192.168.0.0/16  REJECT Bogus NS/MX in RFC 1918 private network
198.18.0.0/15   REJECT Bogus NS/MX in RFC 2544 benchmark network
224.0.0.0/4     REJECT Bogus NS/MX in class D multicast network
240.0.0.0/5     REJECT Bogus NS/MX in class E reserved network
248.0.0.0/5     REJECT Bogus NS/MX in reserved network



Die MX hosts für die Absenderadresse lauten:
# host ku.edu.tr
ku.edu.tr has address 88.255.96.208
ku.edu.tr mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
ku.edu.tr mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
ku.edu.tr mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
ku.edu.tr mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
ku.edu.tr mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
ku.edu.tr mail is handled by 10 ASPMX.L.GOOGLE.COM.
ku.edu.tr mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.


Alle samt haben keine Adressen aus dem reservierten privaten IPv4 Adressraum. Allerdings liefern auch alle eine IPv6 Adresse zurück.
ASPMX2.GOOGLEMAIL.COM has address 74.125.68.27
ASPMX2.GOOGLEMAIL.COM has IPv6 address 2404:6800:4003:c02::1a
ASPMX3.GOOGLEMAIL.COM has address 64.233.189.27
ASPMX3.GOOGLEMAIL.COM has IPv6 address 2404:6800:4008:c07::1a
ASPMX4.GOOGLEMAIL.COM has address 173.194.72.27
ASPMX4.GOOGLEMAIL.COM has IPv6 address 2404:6800:4008:c01::1b
ASPMX5.GOOGLEMAIL.COM has address 74.125.25.27
ASPMX5.GOOGLEMAIL.COM has IPv6 address 2607:f8b0:400e:c03::1a

     ASPMX.L.GOOGLE.COM has address 173.194.65.27
     ASPMX.L.GOOGLE.COM has IPv6 address 2a00:1450:4013:c00::1a
ALT1.ASPMX.L.GOOGLE.COM has address 74.125.68.27
ALT1.ASPMX.L.GOOGLE.COM has IPv6 address 2404:6800:4003:c02::1a
ALT2.ASPMX.L.GOOGLE.COM has address 64.233.189.27
ALT2.ASPMX.L.GOOGLE.COM has IPv6 address 2404:6800:4008:c07::1a


Wie kann ich das weiter debuggen? Hat jemand eine Ahnung, was ich hier falsch konfiguriert haben könnte?

# postconf mail_version
mail_version = 2.11.0



Vielen Dank und Grüße
Lars

-- 
                            Informationstechnologie
Berlin-Brandenburgische Akademie der Wissenschaften
Jägerstraße 22-23                      10117 Berlin
Tel.: +49 30 20370-352           http://www.bbaw.de

Mehr Informationen über die Mailingliste postfix-users