hilfe bei spamabwehr

thorstenschmidt · Apr 12, 2010

Hallo alle zusammen.
Mein Problem besteht darin, dass mein Postfix-Server als Spammailer missbraucht wird.
Ich finde aber auch nicht den Fehler, um ihn zu beseidigen. Kann mir von euch einer helfen.
Ich besitze eine feste IP, sowie ein MX eintrag. Also die Mail kommt direkt auf meinen Server.
Genau da ist auch ein Fehler es werden Mails auf meinem Server abgelegt, die auch direkt weiter versendet werden. Hier meine Main.cf

Code:

############################################################
# Start MySQL from postfixwiki.org
############################################################
#virtual_uid_maps = static:303
#virtual_gid_maps = static:303
#virtual_minimum_uid = 303
#virtual_mailbox_base = /srv/maildirs
#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_mailbox_limit = 0
#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#virtual_transport = virtual
## Additional for quota support
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
#virtual_overquota_bounce = yes
relay_domains = $mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql-relay.cf
############################################################
# End MySQL from postfixwiki.org
############################################################

inet_protocols = all
biff = no
mail_spool_directory = /var/mail
#sender_canonical_maps = hash:/etc/postfix/sender_canonical
#canonical_maps = hash:/etc/postfix/canonical
# virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
# transport_maps = hash:/etc/postfix/transport

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
# sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
# canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
alias_maps = $alias_database


masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
masquerade_domains = computer-st.de 
mydestination = $myhostname, localhost.$mydomain, $mydomain
defer_transports = 
disable_dns_lookups = no
mailbox_command = /usr/bin/procmail
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = cyrus
strict_8bitmime = no
disable_mime_output_conversion = no
strict_rfc821_envelopes = no
# alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0
myorigin = srv004.css
smtpd_banner = mail.csssrv.de ESMTP $mail_version ready;
content_filter = vscan:

mynetworks = 192.168.2.0/24, 192.168.10.0/24
myhostname = srv004.css

relayhost = [smtp.webpage.t-com.de] 
#relayhost = smtp.strato.de
inet_interfaces = all
smtpd_sender_restrictions = mysql:/etc/postfix/mysql-accress_sender.cf

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous, noplaintext
smtp_sasl_password_maps =  mysql:/etc/postfix/mysql-sasl_passwd.cf

smtpd_sasl_auth_enable = yes
#smtdp_sasl_password_maps =  mysql:/etc/postfix/mysql-smtpd_passwd.cf
smtpd_sasl_security_options = noanonymous , noplaintext
smtpd_sasl_tls_security_options = noanonymous, noplaintext


mime_header_checks = pcre:/etc/postfix/body_check
broken_sasl_auth_clients = yes
# smtpd_delay_reject = yes
smtpd_helo_required = yes
# disable_vrfy_command = yes
# strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
        reject_sender_login_mismatch   
        
smtpd_recipient_restrictions =
        check_sender_access mysql:/etc/postfix/mysql-accress_sender.cf, 
        permit_sasl_authenticated,
        permit_mynetworks,
        permit_inet_interfaces,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,        
        reject_unauth_destination,
		reject_rbl_client zen.spamhaus.org,
		reject_rbl_client bl.spamcop.net,
		reject_rbl_client list.dsbl.org,
		reject_rbl_client sbl-xbl.spamhaus.org,
		reject_rbl_client whois.rfc-ignorant.org,
		reject_rbl_client ix.dnsbl.manitu.org,
		reject_rbl_client multihop.dsbl.org,
		reject_rbl_client dnsbl.ahbl.org,
		reject_rbl_client rhsbl.ahbl.org,

CentY · Apr 13, 2010

Hast du eventuell Logdateien?

thorstenschmidt · Apr 13, 2010

/var/log/mail

Code:

Apr 13 07:24:26 srv004 postfix/master[5252]: daemon started -- version 2.6.1, configuration /etc/postfix
Apr 13 07:24:27 srv004 postfix/smtpd[5273]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:27 srv004 postfix/smtpd[5273]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:29 srv004 postfix/smtpd[5283]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:29 srv004 postfix/smtpd[5283]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:30 srv004 postfix/smtpd[5284]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:30 srv004 postfix/smtpd[5284]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:32 srv004 postfix/smtpd[5285]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:32 srv004 postfix/smtpd[5285]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:33 srv004 postfix/smtpd[5286]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:33 srv004 postfix/smtpd[5286]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:34 srv004 postfix/smtpd[5286]: 9F9CF201EE: client=srv002.css[192.168.2.1]
Apr 13 07:24:36 srv004 postfix/smtpd[5285]: D07C420221: client=srv002.css[192.168.2.1]
Apr 13 07:24:36 srv004 postfix/smtpd[5289]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:36 srv004 postfix/smtpd[5289]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:37 srv004 postfix/smtpd[5290]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:37 srv004 postfix/smtpd[5290]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:38 srv004 postfix/smtpd[5289]: 6CD3020227: client=srv002.css[192.168.2.1]
Apr 13 07:24:40 srv004 postfix/smtpd[5292]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:40 srv004 postfix/smtpd[5292]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:42 srv004 postfix/smtpd[5292]: 16C922024B: client=srv002.css[192.168.2.1]
Apr 13 07:24:42 srv004 postfix/cleanup[5287]: 9F9CF201EE: message-id=<>
Apr 13 07:24:42 srv004 postfix/qmgr[5266]: 9F9CF201EE: from=<oszthryuyqxsh@ms72.hinet.net>, size=2143, nrcpt=14 (queue active)
Apr 13 07:24:43 srv004 postfix/smtpd[5297]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:43 srv004 postfix/smtpd[5297]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:43 srv004 postfix/cleanup[5291]: 6CD3020227: message-id=<Patti$Goodwinelmjc@ms65.hinet.net>
Apr 13 07:24:43 srv004 postfix/qmgr[5266]: 6CD3020227: from=<wdeueciejje@ms54.hinet.net>, size=2625, nrcpt=9 (queue active)
Apr 13 07:24:44 srv004 postfix/smtpd[5286]: 17A9F2025A: client=srv002.css[192.168.2.1]
Apr 13 07:24:44 srv004 postfix/smtpd[5300]: warning: database /etc/aliases.db is older than source file /etc/aliases
Apr 13 07:24:44 srv004 postfix/smtpd[5300]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:44 srv004 postfix/master[5252]: warning: service "smtp" (25) has reached its process limit "10": new clients may experience noticeable delays
Apr 13 07:24:44 srv004 postfix/master[5252]: warning: to avoid this condition, increase the process count in master.cf or reduce the service time per client
Apr 13 07:24:44 srv004 postfix/master[5252]: warning: see [url]http://www.postfix.org/STRESS_README.html[/url] for examples of stress-adapting configuration settings
Apr 13 07:24:45 srv004 postfix/smtpd[5284]: 322122025D: client=srv002.css[192.168.2.1]
Apr 13 07:24:45 srv004 postfix/smtpd[5289]: 5D10120260: client=srv002.css[192.168.2.1]
Apr 13 07:24:45 srv004 postfix/smtpd[5297]: 7766220261: client=srv002.css[192.168.2.1]
Apr 13 07:24:45 srv004 postfix/cleanup[5293]: 16C922024B: message-id=<Loretta$Bacaannalin@ntou.edu.tw>
Apr 13 07:24:46 srv004 postfix/qmgr[5266]: 16C922024B: from=<vdedamz@ms1.hinet.net>, size=4713, nrcpt=8 (queue active)
Apr 13 07:24:46 srv004 postfix/cleanup[5288]: D07C420221: message-id=<Yesenia$Bouchera6877aa@gmail.com>
Apr 13 07:24:46 srv004 postfix/qmgr[5266]: D07C420221: from=<jzzgb@ms25.hinet.net>, size=3172, nrcpt=1 (queue active)
Apr 13 07:24:46 srv004 postfix/smtpd[5305]: connect from localhost[127.0.0.1]
Apr 13 07:24:46 srv004 postfix/smtpd[5305]: C35F020262: client=localhost[127.0.0.1]
Apr 13 07:24:46 srv004 postfix/cleanup[5293]: C35F020262: message-id=<>
Apr 13 07:24:46 srv004 postfix/qmgr[5266]: C35F020262: from=<oszthryuyqxsh@ms72.hinet.net>, size=2617, nrcpt=14 (queue active)
Apr 13 07:24:46 srv004 amavis[2686]: (02686-01) Passed SPAM, [192.168.2.1] [192.168.2.1] <oszthryuyqxsh@ms72.hinet.net> -> <palace@cm1.hinet.net>,<nofriendslikenofriends@gmail.com>,<vkmmcom@gmail.com>,<occhas@hotmail.com>,<rblankleder@hotmail.com>,<richardceara1@hotmail.com>,<autoking@ms1.hinet.net>,<mlao@ms23.hinet.net>,<sinul@ms27.hinet.net>,<synthesized@ms73.hinet.net>,<alphabetizing@ms9.hinet.net>,<a4747@msa.hinet.net>,<antony927@msa.hinet.net>,<wufangtze@yahoo.com.tw>, quarantine: spam-9aluJCH5GQR9.gz, mail_id: 9aluJCH5GQR9, Hits: 28.179, size: 2143, queued_as: C35F020262, 4416 ms
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<palace@cm1.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<nofriendslikenofriends@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<vkmmcom@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<occhas@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<rblankleder@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<richardceara1@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<autoking@ms1.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<mlao@ms23.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<sinul@ms27.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<synthesized@ms73.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<alphabetizing@ms9.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<a4747@msa.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<antony927@msa.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:46 srv004 postfix/smtp[5294]: 9F9CF201EE: to=<wufangtze@yahoo.com.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=8.4/0.03/0.02/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C35F020262)
Apr 13 07:24:47 srv004 postfix/qmgr[5266]: 9F9CF201EE: removed
Apr 13 07:24:47 srv004 postfix/smtp[5294]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.35]: no mechanism available
Apr 13 07:24:47 srv004 postfix/smtp[5294]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.99]: no mechanism available
Apr 13 07:24:47 srv004 postfix/smtpd[5292]: 4767A201EE: client=srv002.css[192.168.2.1]
Apr 13 07:24:47 srv004 postfix/smtpd[5300]: 49FF820264: client=srv002.css[192.168.2.1]
Apr 13 07:24:47 srv004 postfix/smtp[5294]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.98]: no mechanism available
Apr 13 07:24:47 srv004 postfix/smtp[5294]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<palace@cm1.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<nofriendslikenofriends@gmail.com>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<vkmmcom@gmail.com>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<occhas@hotmail.com>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<rblankleder@hotmail.com>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<richardceara1@hotmail.com>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<autoking@ms1.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<mlao@ms23.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<sinul@ms27.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:47 srv004 postfix/smtp[5294]: C35F020262: to=<synthesized@ms73.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:48 srv004 postfix/smtp[5294]: C35F020262: to=<alphabetizing@ms9.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:48 srv004 postfix/smtp[5294]: C35F020262: to=<a4747@msa.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:48 srv004 postfix/smtp[5294]: C35F020262: to=<antony927@msa.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:48 srv004 postfix/smtp[5294]: C35F020262: to=<wufangtze@yahoo.com.tw>, relay=smtp.webpage.t-com.de[194.25.134.34]:25, delay=0.65, delays=0.14/0.11/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available)
Apr 13 07:24:49 srv004 postfix/cleanup[5293]: 49FF820264: message-id=<Adam$Lawrencea6877aa@gmail.com>
Apr 13 07:24:49 srv004 postfix/qmgr[5266]: 49FF820264: from=<aqqnooqowf@ms16.hinet.net>, size=1407, nrcpt=1 (queue active)
Apr 13 07:24:49 srv004 postfix/cleanup[5291]: 322122025D: message-id=<Terence$Mcconnellgchin7768@yahoo.com.tw>
Apr 13 07:24:50 srv004 postfix/qmgr[5266]: 322122025D: from=<vrjro@ms18.hinet.net>, size=3245, nrcpt=7 (queue active)
Apr 13 07:24:50 srv004 postfix/smtpd[5300]: disconnect from srv002.css[192.168.2.1]
Apr 13 07:24:50 srv004 postfix/smtpd[5300]: connect from srv002.css[192.168.2.1]
Apr 13 07:24:50 srv004 postfix/cleanup[5287]: 17A9F2025A: message-id=<>
Apr 13 07:24:50 srv004 postfix/smtpd[5305]: E49A620266: client=localhost[127.0.0.1]
Apr 13 07:24:50 srv004 postfix/qmgr[5266]: 17A9F2025A: from=<natvc@ms72.hinet.net>, size=2106, nrcpt=12 (queue active)
Apr 13 07:24:51 srv004 postfix/cleanup[5293]: E49A620266: message-id=<Loretta$Bacaannalin@ntou.edu.tw>
Apr 13 07:24:51 srv004 postfix/qmgr[5266]: E49A620266: from=<vdedamz@ms1.hinet.net>, size=5190, nrcpt=8 (queue active)
Apr 13 07:24:51 srv004 amavis[2686]: (02686-02) Passed SPAM, [192.168.2.1] [156.188.178.250] <vdedamz@ms1.hinet.net> -> <joycelovenovel@hotmail.com>,<rebeccapyli@hotmail.com>,<jody0830@ms34.hinet.net>,<annalin@ntou.edu.tw>,<n923010004@student.nsysu.edu.tw>,<iris@tpedu.tcg.gov.tw>,<ro821222@yahoo.com.tw>,<zeroexe0083@yahoo.com.tw>, quarantine: spam-TKS-AhJdPx+b.gz, Message-ID: <Loretta$Bacaannalin@ntou.edu.tw>, mail_id: TKS-AhJdPx+b, Hits: 35.511, size: 4712, queued_as: E49A620266, 4078 ms
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<joycelovenovel@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<rebeccapyli@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<jody0830@ms34.hinet.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<annalin@ntou.edu.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<n923010004@student.nsysu.edu.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<iris@tpedu.tcg.gov.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<ro821222@yahoo.com.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/smtp[5303]: 16C922024B: to=<zeroexe0083@yahoo.com.tw>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.5, delays=4.4/0.03/0.92/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02686-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E49A620266)
Apr 13 07:24:51 srv004 postfix/qmgr[5266]: 16C922024B: removed
Apr 13 07:24:51 srv004 postfix/smtp[5303]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:51 srv004 postfix/smtp[5303]: E49A620266: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.34]: no mechanism available
Apr 13 07:24:51 srv004 postfix/smtp[5303]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:51 srv004 postfix/smtp[5303]: E49A620266: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.99]: no mechanism available
Apr 13 07:24:51 srv004 postfix/smtp[5303]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:51 srv004 postfix/smtp[5303]: E49A620266: SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.35]: no mechanism available
Apr 13 07:24:51 srv004 postfix/smtp[5303]: warning: SASL authentication failure: No worthy mechs found
Apr 13 07:24:51 srv004 postfix/smtp[5303]: E49A620266: to=<joycelovenovel@hotmail.com>, relay=smtp.webpage.t-com.de[194.25.134.98]:25, delay=0.63, delays=0.13/0.1/0.41/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.98]: no mechanism available)
Apr 13 07:24:51 srv004 postfix/smtpd[5284]: BB95120269: client=srv002.css[192.168.2.1]
Apr 13 07:24:52 srv004 postfix/smtp[5303]: E49A620266: to=<rebeccapyli@hotmail.com>, relay=smtp.webpage.t-com.de[194.25.134.98]:25, delay=0.63, delays=0.13/0.1/0.41/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.98]: no mechanism available)
Apr 13 07:24:52 srv004 postfix/smtp[5303]: E49A620266: to=<jody0830@ms34.hinet.net>, relay=smtp.webpage.t-com.de[194.25.134.98]:25, delay=0.63, delays=0.13/0.1/0.41/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.98]: no mechanism available)
Apr 13 07:24:52 srv004 postfix/smtp[5303]: E49A620266: to=<annalin@ntou.edu.tw>, relay=smtp.webpage.t-com.de[194.25.134.98]:25, delay=0.63, delays=0.13/0.1/0.41/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.webpage.t-com.de[194.25.134.98]: no mechanism available)
Apr 13 07:24:52 srv004 postfix/smtpd[5319]: connect from localhost[127.0.0.1]
Apr 13 07:24:52 srv004 postfix/master[5252]: terminating on signal 15
Apr 13 07:24:52 srv004 amavis[2687]: (02687-01) Negative SMTP resp. to DATA: 
Apr 13 07:24:52 srv004 amavis[2687]: (02687-01) (!)FWD via SMTP: <wdeueciejje@ms54.hinet.net> -> <f661203@ms13.hinet.net>,<qggvoctykeo@ms2.hinet.net>,<n2033608@ms24.hinet.net>,<choice@ms34.hinet.net>,<tdsrt23627@ms42.hinet.net>,<pockylai@ms46.hinet.net>,<elmjc@ms65.hinet.net>,<circumscribe@ms7.hinet.net>,<iminghng@ms7.hinet.net>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-rundown-1 (Negative SMTP response to RSET:  at (eval 97) line 1118, <GEN7> line 186.): id=02687-01
Apr 13 07:24:52 srv004 amavis[2687]: (02687-01) Blocked MTA-BLOCKED, [192.168.2.1] [128.4.96.112] <wdeueciejje@ms54.hinet.net> -> <f661203@ms13.hinet.net>,<qggvoctykeo@ms2.hinet.net>,<n2033608@ms24.hinet.net>,<choice@ms34.hinet.net>,<tdsrt23627@ms42.hinet.net>,<pockylai@ms46.hinet.net>,<elmjc@ms65.hinet.net>,<circumscribe@ms7.hinet.net>,<iminghng@ms7.hinet.net>, quarantine: spam-StGFKd2QZ9Fi.gz, Message-ID: <Patti$Goodwinelmjc@ms65.hinet.net>, mail_id: StGFKd2QZ9Fi, Hits: 35.784, size: 2625, 8501 ms
Apr 13 07:24:52 srv004 amavis[2687]: (02687-01) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 96) line 974, <GEN6> line 86.
Apr 13 07:24:52 srv004 amavis[2687]: (02687-01) (!)Requesting process rundown after fatal error
Apr 13 07:24:54 srv004 amavis[2686]: (02686-03) Negative SMTP resp. to DATA: 
Apr 13 07:24:54 srv004 amavis[2686]: (02686-03) (!!)TROUBLE in check_mail: forwarding FAILED: Error writing to socket: Broken pipe at (eval 97) line 186, <GEN7> line 618.
Apr 13 07:24:54 srv004 amavis[2686]: (02686-03) (!)PRESERVING EVIDENCE in /var/spool/amavis/tmp/amavis-20100413T072442-02686
Apr 13 07:24:54 srv004 amavis[2686]: (02686-03) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 96) line 974, <GEN24> line 80.
Apr 13 07:24:54 srv004 amavis[2686]: (02686-03) (!)Requesting process rundown after fatal error

Huschi · Apr 13, 2010

Die Fehlermeldung mit der aliases.db wirst Du ja wohl selber beheben können. Die ist auch nicht entscheidend.
Dein Home-Server scheint auch keine Emails nach Aussen abzugeben, da der SMTP-Auth nicht richtig für den Relayhost konfiguriert ist.

Soweit ich es aus den Logfiles sehe, kommt die Connection die an so viele To's (Oder CC oder BCC) verteilt vom srv002 mit der IP 192.168.2.1. Diese ist in mynetworks mit 192.168.2.0/24 zum Relay berechtigt. Du musst also auf srv002 nachsehen, was dort läuft. Evtl. ein Webspace mit einem unsicheren PHP-Script, oder gar ein MTA oder MDA?

huschi.

thorstenschmidt · Apr 13, 2010

Provider – feste ip-adresse & MX-eintrag
Fritzbox (192.168.2.1) – PORT 25 FORWAR (192.168.2.14)
Postfix-Cyrus (192.168.2.14)

Und seid kurzer Zeit ist der Aufbau
Provider – feste ip-adresse & MX-eintrag
Fritzbox (192.168.22.1) – PORT 25 FORWART (192.168.22.2)
Ubuntu (SQUID-PROXY…..) (eth1 192.168.22.2 eth0 192.168.2.1) srv002 – Port 25 Forwart zu (192.168.2.14)
Postfix-Cyrus (192.168.2.14)

CentY · Apr 13, 2010

Kannst du endlich mal Code Tags verwenden?

Wenn dein Forwarding so funktioniert und du deine internen IPs generell alles verschicken lässt ist der Spamversand kein wunder

Denn die Spammer sind ja authorisiert.

thorstenschmidt · Apr 13, 2010

was heist code tags ??
ich habe jetzt in der fritzbox routing eintag 192.168.2.0 255.255.255.0 192.168.22.2
eingetragen.
nun ist auch wieder schluß mit denn spam.
kanst du mir eine besser einstellung auflisten ??
wie bekomme ich das hin, das jeder im netz senden kann, aber dennoch spam gefiltert werden.

Huschi · Apr 13, 2010

thorstenschmidt said:
Fritzbox (192.168.22.1) – PORT 25 FORWART (192.168.22.2)

Ich kann nur rate das dies dann der srv004 ist.
Es kommt eine SMTP-Verbindung rein, die Fritzbox leitet es weiter auf den Linux-Server. Der Linux-Server sieht aber nur die Fritzbox und denk "die ist in meinem Netzwerk und darf das".
Ergo: Du hast ein offenes Relay (gehabt).

Nimm die Fritzbox aus mynetworks von Postfix raus und alles wird gut.

thorstenschmidt said:
was heist code tags ??

Fahre langsam mit der Maus oben über die Buttons vom Editor und er zeigt Dir an was sie bedeuten.

Und PS: Bitte auch auf Groß-/Kleinschreibung achten. Wir wollen doch leserlich bleiben.

huschi.

thorstenschmidt · Apr 13, 2010

Wenn der PORT FORWART über die FritzBox -> zum POSTFIX (SRV004) geht,
dan läuft auch alles. Ich wollte aber einen Linux Rechner zwischen der FritzBox und dem Netzwerk haben, wegen der Sicherheit von aussen. Daher habe ich eine Ubuntu eingerichtet. Der über den eth0 mit dem Lokalen Netzwerk und eth1 mit der FritzBox (Internet). Der sollte dann die Verbindung Filtern.
Da ist auch das Problem, der gibt seine IP-Adresse an den Postfix weiter, und der erkennt das als ein Internet Netzwerk. Aber wenn ich die 192.168.2.0/24 raus nehme, bekomme ich keine Mails zum server.

CentY · Apr 13, 2010

Man kann auch einzelne Ips angeben oder bestimmte sperren

Du musst keine ganzen Netze angeben.

Huschi · Apr 13, 2010

Du versuchst also mit dem srv002 eine DMZ zu bauen. Aber leitest alle SMTP-Verbindungen direkt durch?
In dem Fall sollte doch dieser besser als Mailserver dienen.

Mag sein dass ich es nicht ganz Verstehe weil ich mit anderem Knowhow dran geh. Aber insgesamt sagt es mir, dass Du Deine Netzwerk-Topologie nochmal überdenken solltest.

huschi.

thorstenschmidt · Apr 13, 2010

Meine meinung war die ganze zeit, das die FritzBox als Sicherheit reicht.
Das Netzwerk bestand aus
Internet - FritzBox - Lan
mein Server diente als WEB, FTP, Mail und File-Server.
Nun wollte ich haber mein Netzwerk vor ankrieffe von aussen siocher machen.
Daher habe ich einen Linux Rechner installiert, der mir die Port-Forwart macht,
OPENVPN bereitstellt, und denn rest filtert.
Die Sache mit dem DMZ ist schon leutet mir auch jetzt ein.
Kanst du mir bei der Absicherung meines Postfix helfen. Bin nicht so ganz fit in dem bereich.

Huschi · Apr 13, 2010

thorstenschmidt said:
Nun wollte ich haber mein Netzwerk vor ankrieffe von aussen siocher machen.

Da beginnt doch die erste Überlegung:
Welche Angriffe und was ist "Aussen"?
Gab es denn erfolgreiche Angriffe auf das Netzwerk?

und denn rest filtert.

Und hier die Zweite:
Was soll gefiltert werden?

huschi.

thorstenschmidt · Apr 13, 2010

Angriff gab es, auf meinen WEB, FTP und Mail-Server.
Aber kein durch dringen. Nun aber um jegliches Risiko aus dem Weg zu gehen,
würde ich meine Netzwerk-Struktur neu aufbauen.
Wie sicher ist denn die FritzBox ?? Meiner Kenntnis ist Sie eine der Sicheresten Router.
Wenn ich das richtig verstanden ist der SRV02 sowas wie ein DMZ,
das würde bedeuten, dass ich den SRV04 (Postfix..) in das (192.168.22.0/24) hängen muss.
Da stellt sich nun bei mir die Frage, würde das Sicher genug sein??
Danach müsste mein WEB und FTP-Server auch in das LAN von SRV04.
Da reicht aber Ubuntu nicht mehr, da auf dem keine Firewall installiert ist.

Huschi · Apr 13, 2010

thorstenschmidt said:
Angriff gab es, auf meinen WEB, FTP und Mail-Server.

Und Du meinst es wird sicherer, wenn Du einfach noch einen NAT-Router dazwischen hängst?

Wie schon gesagt: erst überdenken und überlegen. Dann handeln.
Und für Ersteres brauchst Du erstmal ein bisschen theoretisches Futter. Das findest Du bei Google mit den entsprechenden Stichwörtern.

Aber letztendlich hatte ich es oben bereits geschrieben: Dein Web-/Mail-/FTP-Server gehört in die DMZ und sollte abgelöst vom restlichen Netzwerk stehen.

huschi.

Thunderbyte · Apr 13, 2010

Vielleicht verstehe ich einfach diese total verquere Konfiguration nicht, aber was spricht denn dagegen, KEINE DMZ zu verwenden, sondern per NAT nur die Ports auf den Server durchzulassen, die auch wirklich kommunizieren sollen? Also eben nur die Web, FTP und Mail Ports? Und den Mailserver sollte man sowieso auf Empfangs- UND SENDESEITE mit Authentifizierung konfigurieren und sich nicht auf komische IP Regeln verlassen, die entweder Quatsch sind (weil sie alles durchlassen), oder die man fälschen kann.

Der Router sollte doch per se als "Firewall" ausreichen. Besser als der aktuelle Schmarrn ist das allemal. VPN macht sinnvollerweise auch der Router.

thorstenschmidt · Apr 14, 2010

ja ok.
Aber meine eigendliche Frage war, ob jemand mir bei meine konfig helfen kann.
Der Postfix läuft soweit ganz gut, nun wollte ich aber kleine Verbesserungen machen, bzw. infos bekommen.

CentY · Apr 14, 2010

Was willst du denn verbessern?

Huschi · Apr 14, 2010

CentY, er will doch keine Nachfragen haben!
Er will doch nur seinen Postfix in einer kruden Netzwerk-Umgebung verbessern.
Nachfragen regen ja zum Denken an und am Ende kommt er noch auf die Idee, dass die Ursprungsüberlegung Fehler haben könnte. Aber genau das möchte er nicht.
Also stell bitte keine Fragen mehr!

(Wer Ironie findet, nachmacht oder verfälscht kann oder darf sie gegen mich verwenden.)

huschi.

thorstenschmidt · Apr 14, 2010

meine main.cf

Code:

############################################################
# Start MySQL from postfixwiki.org
############################################################
#virtual_uid_maps = static:303
#virtual_gid_maps = static:303
#virtual_minimum_uid = 303
#virtual_mailbox_base = /srv/maildirs
#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_mailbox_limit = 0
#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#virtual_transport = virtual
## Additional for quota support
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
#virtual_overquota_bounce = yes
relay_domains = $mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql-relay.cf
############################################################
# End MySQL from postfixwiki.org
############################################################

inet_protocols = all
biff = no
mail_spool_directory = /var/mail
#sender_canonical_maps = hash:/etc/postfix/sender_canonical
#canonical_maps = hash:/etc/postfix/canonical
# virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
# transport_maps = hash:/etc/postfix/transport

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
# sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
# canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
alias_maps = $alias_database


masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
masquerade_domains = computer-st.de 
mydestination = $myhostname, localhost.$mydomain, $mydomain
defer_transports = 
disable_dns_lookups = no
mailbox_command = /usr/bin/procmail
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = cyrus
strict_8bitmime = no
disable_mime_output_conversion = no
strict_rfc821_envelopes = no
# alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0
myorigin = srv004.css
smtpd_banner = mail.csssrv.de ESMTP $mail_version ready;
content_filter = vscan:

# mynetworks = 192.168.10.0/24
myhostname = srv004.css

relayhost = [smtp.webpage.t-com.de] 
#relayhost = smtp.strato.de
inet_interfaces = all
mime_header_checks = pcre:/etc/postfix/body_check
broken_sasl_auth_clients = yes

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous, noplaintext
smtp_sasl_password_maps =  mysql:/etc/postfix/mysql-sasl_passwd.cf
smtp_helo_required = yes


#smtdp_sasl_password_maps =  mysql:/etc/postfix/mysql-smtpd_passwd.cf
smtpd_sasl_security_options = noanonymous , noplaintext
smtpd_sasl_tls_security_options = noanonymous, noplaintext
smtpd_helo_required = yes
# smtpd_delay_reject = yes
# disable_vrfy_command = yes
# strict_rfc821_envelopes = yes

smtpd_sender_restrictions = mysql:/etc/postfix/mysql-accress_sender.cf

smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
        reject_sender_login_mismatch   
        
smtpd_recipient_restrictions =
        check_sender_access mysql:/etc/postfix/mysql-accress_sender.cf, 
        permit_sasl_authenticated,
        #permit_mynetworks,
        permit_inet_interfaces,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,        
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,
		    reject_rbl_client bl.spamcop.net,
		    reject_rbl_client list.dsbl.org,
		    reject_rbl_client sbl-xbl.spamhaus.org,
		    reject_rbl_client whois.rfc-ignorant.org,
		    reject_rbl_client ix.dnsbl.manitu.org,
		    reject_rbl_client multihop.dsbl.org,
		    reject_rbl_client dnsbl.ahbl.org,
		    reject_rbl_client rhsbl.ahbl.org,

meine procmailrc

Code:

# Procmail 
DROPPRIVS=yes
:0fw
| /usr/bin/spamc
:0
* ^X-Spam-Status: Yes
/tmp/spam
LOGFILE="/var/log/procmail" 
VERBOSE=off 

DELIVERMAIL="/usr/lib/cyrus/deliver" 
DAEMON=postmaster@computer-st.de
SENDMAIL="/usr/sbin/sendmail -i -f \ 
  MAILER-DAEMON\@postmaster@computer-st.de -t $SENDER" 

# Mailbox-Zustellung 
INBOX="$DELIVERMAIL -f $SENDER -a $USER $USER" 

# Grundsaetzlich pruefen! 
CHECK = 1 

# Check 
:0 
* $CHECK ?? 1 
{ 
    :0fw 
    * < 110000 
    | /usr/bin/spamc -u filter 

    # Wann soll die Mail noch durch den Virenscanner? 
    :0 
    * ^X-Spam-Status: No .*$ 
    { 
        :0fw 
        * > 8000 
        | /usr/bin/clamassassin 
    } 
} 

# Viren bitte ab in die Tonne 
:0w 
* ^X-Virus-Status: Yes 
/dev/null 

:0 e 
{ 
    EXITCODE=$? 
    :0 w 
    * EXITCODE ?? [75] 
    { 
        REC=`formail -zx"To:"` 
        EXITCODE=0 
        :0 
        * ^X-Loop: postmaster@computer-st.de 
        /dev/null 
        :0 
        | formail -rk -I"Subject: Mail delivery \ 
         failed for user: $USER (MailAdr: $REC)" \ 
         -A"FROM: $DAEMON" -A"Precedence: junk" \ 
         -A"X-Loop: postmaster@computer-st.de" | $SENDMAIL 
    } 
} 

# an INBOX zustellen 
:0w 
| $INBOX 

HOST

wie kann das machen, das sich der Spamfilter aktualisiert, und was kann ich euere Meinung besser machen ??
und in der log steht die meldung mit der access.db, aber die access.db läuft über eine mysql-server

hilfe bei spamabwehr

New Member

Registered User

New Member

Moderator

New Member

Registered User

New Member

Moderator

New Member

Registered User

Moderator

New Member

Moderator

New Member

Moderator

Moderator

New Member

Registered User

Moderator

New Member

We value your privacy