Postfix = Spam

Lord_Icon · Feb 26, 2008

Hi,

da mich in letzer Zeit immer mehr an Spams erreichen, habe ich folgende Einträge in der Main.cf eingetragen. ( + postfix restart)

Code:

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_invalid_hostname,
     permit

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Nun ist es natürlich schwer, es nachzuprüfen, ob diese Configuration "Früchte" tragen.
Spams kommen bisher weiter an. Das Postfix alle findet, erwarte ich auch nicht. Aber 75-90% wären schon sehr erfreulich.

Die Frage ist nun, wie ein solcher geblockter Eintrag der aus den oben eingetragenen Anti-Spam Listen stammen, aussieht.

Ich habe folgenden Eintrag gefunden, der anscheind nicht zugestellt worden ist (Relay access denied).
Sieht so eine erfolgreiche "Abwehr" aus ?

Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: resolve_clnt: `' -> `rc@domain.de' -> transp=`smtp' host=`domain.de' rcpt=`rc@domain.de' flags= class=default
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: ctable_locate: install entry key rc@domain.de
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: extract_addr: in: <rc@domain.de>, result: rc@domain.de
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: >>> START Client host RESTRICTIONS <<<
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_sasl_authenticated
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_sasl_authenticated status=0
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: >>> END Client host RESTRICTIONS <<<
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: >>> START Sender address RESTRICTIONS <<<
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=hash:/etc/postfix/access
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: check_mail_access: akstcthelandsitemnsdgs@thelandsite.com
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: ctable_locate: move existing entry key akstcthelandsitemnsdgs@thelandsite.com
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: check_access: akstcthelandsitemnsdgs@thelandsite.com
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: check_domain_access: thelandsite.com
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: check_access: akstcthelandsitemnsdgs@
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=check_sender_access status=0
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: >>> END Sender address RESTRICTIONS <<<
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: >>> START Recipient address RESTRICTIONS <<<
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_sasl_authenticated
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_sasl_authenticated status=0
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_mynetworks
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: permit_mynetworks: unknown 117.7.79.226
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_hostname: unknown ~? 127.0.0.1/32
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_hostaddr: 117.7.79.226 ~? 127.0.0.1/32
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_hostname: unknown ~? 89.144.9.17/32
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_hostaddr: 117.7.79.226 ~? 89.144.9.17/32
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_list_match: unknown: no match
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: match_list_match: 117.7.79.226: no match
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=permit_mynetworks status=0
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=reject_unauth_destination
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: reject_unauth_destination: rc@domain.de
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: permit_auth_destination: rc@domain.de
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: ctable_locate: move existing entry key rc@domain.de
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: NOQUEUE: reject: RCPT from unknown[117.7.79.226]: 554 5.7.1 <rc@domain.de>: Relay access denied; from=<akstcthelandsitemnsdgs@thelandsite.com> to=<rc@domain.de> proto=ESMTP helo=<[117.7.79.226]>
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: generic_checks: name=reject_unauth_destination status=2
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: > unknown[117.7.79.226]: 554 5.7.1 <rc@domain.de>: Relay access denied
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: < unknown[117.7.79.226]: DATA
Feb 26 02:40:42 Hauptsystem postfix/smtpd[11779]: > unknown[117.7.79.226]: 554 5.5.1 Error: no valid recipients
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: < unknown[117.7.79.226]: QUIT
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: > unknown[117.7.79.226]: 221 2.0.0 Bye
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_hostname: unknown ~? 127.0.0.1/32
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_hostaddr: 117.7.79.226 ~? 127.0.0.1/32
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_hostname: unknown ~? 89.144.9.17/32
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_hostaddr: 117.7.79.226 ~? 89.144.9.17/32
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_list_match: unknown: no match
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: match_list_match: 117.7.79.226: no match
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: send attr request = disconnect
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: send attr ident = smtp:117.7.79.226
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: private/anvil: wanted attribute: status
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: input attribute name: status
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: input attribute value: 0
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: private/anvil: wanted attribute: (list terminator)
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: input attribute name: (end)
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: disconnect from unknown[117.7.79.226]
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: master_notify: status 1
Feb 26 02:40:43 Hauptsystem postfix/smtpd[11779]: connection closed

Huschi · Feb 26, 2008

Lord_Icon said:
Das Postfix alle findet, erwarte ich auch nicht. Aber 75-90% wären schon sehr erfreulich.

Dann nimm doch Postgrey (==Greylisting) dazu.

reject_unauth_destination: rc@domain.de

Diese Regel steht gar nicht in Deiner restriction. Sollte aber weil wichtig.

huschi.

Postfix = Spam

Lord_Icon

Member

Huschi

Moderator

We value your privacy