Hallo,
heute kam die folgende Mail, die mich total verwirrt. Wer hat die geschickt, und auftrund von was wurde die produziert? Hat wohl irgendwas mit DMARC zu tun.
Return-Path: opendmarc@fahrner.name Delivered-To: joachim@familie-fahrner.de Received: by s3.fahrner.name (Postfix, from userid 119) id D663B22256; Wed, 11 Nov 2015 09:53:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fahrner.name; s=mail; t=1447232025; bh=lyf/JNBkEGCHiFO9eeNVjwO/y2OMMHI9QbIZUCe5WeA=; h=From:To:Date:Subject; b=Az39vGJNLFTyo8R10iWh7A/grjWBBPxSjet7yTRnBHirEDkb3olaho/gySZARIYBX lhRXqqJtfeUfsBxiQ3zgWQnGI7tgnQyKHDEbGP1Gwp+Fk46s182zPl+pSmRN3r8P4p bP6QQhhCy8I5fnORWRiter9LDw08v8Ss6yqakyAQ= From: postmaster@fahrner.name To: postmaster@fahrner.name Date: Wed, 11 Nov 2015 09:53:45 +0100 (CET) Subject: FW: You have new fax, document 00271650 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="s3.fahrner.name:A9CF8221F9" Message-Id: 20151111085345.D663B22256@s3.fahrner.name
--s3.fahrner.name:A9CF8221F9 Content-Type: text/plain
This is an authentication failure report for an email message received from IP 31.220.2.120 on Wed, 11 Nov 2015 09:53:45 +0100 (CET).
--s3.fahrner.name:A9CF8221F9 Content-Type: message/feedback-report
Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.0 Auth-Failure: dmarc Authentication-Results: s3.fahrner.name; dmarc=fail header.from=interfax.net Original-Envelope-Id: A9CF8221F9 Original-Mail-From: ceylanmarkt@shared2.swiftslots.com Source-IP: 31.220.2.120 Reported-Domain: interfax.net
--s3.fahrner.name:A9CF8221F9 Content-Type: text/rfc822-headers
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-from=ceylanmarkt@shared2.swiftslots.com; receiver=jf@fahrner.name Received: from shared2.swiftslots.com (shared2.swiftslots.com [31.220.2.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by s3.fahrner.name (Postfix) with ESMTPS id A9CF8221F9 for jf@fahrner.name; Wed, 11 Nov 2015 09:53:45 +0100 (CET) Received: from ceylanmarkt by shared2.swiftslots.com with local (Exim 4.86) (envelope-from ceylanmarkt@shared2.swiftslots.com) id 1ZwR9s-0035b6-3o for jf@fahrner.name; Wed, 11 Nov 2015 09:53:36 +0100 To: jf@fahrner.name Subject: You have new fax, document 00271650 X-PHP-Script: ceylanmarkt.com/post.php for 213.198.102.103 Date: Wed, 11 Nov 2015 08:53:35 +0000 From: "Interfax Online" incoming@interfax.net Reply-To: "Interfax Online" incoming@interfax.net Message-ID: 5a3426ff3dfd9c5baec2864a193446b9@ceylanmarkt.com X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_e25c1a8174ac865802063755053b13fe" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - shared2.swiftslots.com X-AntiAbuse: Original Domain - fahrner.name X-AntiAbuse: Originator/Caller UID/GID - [1059 1071] / [47 12] X-AntiAbuse: Sender Address Domain - shared2.swiftslots.com X-Get-Message-Sender-Via: shared2.swiftslots.com: authenticated_id: ceylanmarkt/only user confirmed/virtual account not confirmed X-Authenticated-Sender: shared2.swiftslots.com: ceylanmarkt
--s3.fahrner.name:A9CF8221F9--
------------------------------------------------------------------------------------------------------------------------------
Im Postfix Log steht zu der Uhrzeit folgendes:
Nov 11 09:53:38 s3 postfix/postscreen[5407]: CONNECT from [31.220.2.120]:55511 to [78.47.47.89]:25 Nov 11 09:53:44 s3 postfix/postscreen[5407]: PASS NEW [31.220.2.120]:55511 Nov 11 09:53:45 s3 postfix/smtpd[5411]: connect from shared2.swiftslots.com[31.220.2.120] Nov 11 09:53:45 s3 postfix/smtpd[5411]: Anonymous TLS connection established from shared2.swiftslots.com[31.220.2.120]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Nov 11 09:53:45 s3 policyd-spf[5418]: None; identity=helo; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-from=c eylanmarkt@shared2.swiftslots.com; receiver=jf@fahrner.name Nov 11 09:53:45 s3 policyd-spf[5418]: None; identity=mailfrom; client-ip=31.220.2.120; helo=shared2.swiftslots.com; envelope-fr om=ceylanmarkt@shared2.swiftslots.com; receiver=jf@fahrner.name Nov 11 09:53:45 s3 postfix/smtpd[5411]: A9CF8221F9: client=shared2.swiftslots.com[31.220.2.120] Nov 11 09:53:45 s3 postfix/cleanup[5420]: A9CF8221F9: message-id=5a3426ff3dfd9c5baec2864a193446b9@ceylanmarkt.com Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: shared2.swiftslots.com [31.220.2.120] not internal Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: not authenticated Nov 11 09:53:45 s3 opendkim[3421]: A9CF8221F9: no signature data Nov 11 09:53:45 s3 opendmarc[3432]: A9CF8221F9: recvspf: None (no SPF record) identity=mailfrom; client-ip=31.220.2.120; helo=s hared2.swiftslots.com; envelope-from=ceylanmarkt@shared2.swiftslots.com; receiver=jf@fahrner.name Nov 11 09:53:45 s3 opendmarc[3432]: A9CF8221F9: interfax.net fail Nov 11 09:53:45 s3 postfix/pickup[5250]: D663B22256: uid=119 from=<opendmarc> Nov 11 09:53:45 s3 postfix/cleanup[5424]: D663B22256: message-id=20151111085345.D663B22256@s3.fahrner.name Nov 11 09:53:45 s3 opendkim[3421]: D663B22256: DKIM-Signature header added (s=mail, d=fahrner.name) Nov 11 09:53:45 s3 postfix/cleanup[5420]: A9CF8221F9: milter-reject: END-OF-MESSAGE from shared2.swiftslots.com[31.220.2.120]: 5.7.1 rejected by DMARC policy for interfax.net; from=ceylanmarkt@shared2.swiftslots.com to=jf@fahrner.name proto=ESMTP helo=<shared2.swiftslots.com> Nov 11 09:53:45 s3 postfix/smtpd[5411]: disconnect from shared2.swiftslots.com[31.220.2.120] Nov 11 09:53:45 s3 postfix/qmgr[4587]: D663B22256: from=opendmarc@fahrner.name, size=2868, nrcpt=1 (queue active) Nov 11 09:53:45 s3 postfix/pipe[5425]: D663B22256: to=joachim@familie-fahrner.de, orig_to=postmaster@fahrner.name, relay=dovecot, delay=0.09, delays=0.06/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 11 09:53:45 s3 postfix/qmgr[4587]: D663B22256: removed
Was ist da passiert?
Gruss Jochen