Hallo, seit gestern bekomm ich von postfix solche Mails (s.u.). Ich versteh's nicht ganz, die Mails sollten ja bereits hier abgewiesen werden: smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
das sind die weiteren smtpd Einstellungen: smtpd_pw_server_security_options = login,gssapi,cram-md5 data_directory = /var/lib/postfix smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks check_sender_access hash:/etc/postfix/whitelist reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org permit smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts check_sender_access regexp:/etc/postfix/tag_as_foreign.re
Das sind die Mails:
Content type: Spam Internal reference code for the message is 57201-02/ghorrefFg9hP
First upstream SMTP client IP address: [83.19.178.206] cys206.internetdsl.tpnet.pl According to a 'Received:' trace, the message apparently originated at: [61.8.92.97], Unknown [61.8.92.97]
Return-Path: bub8@jetxos.net From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net Message-ID: 0ed1e2164567685-18915-37-e3@infonet.com X-Mailer: Groupinculus Subject: Fraudulent banking activity! [HLF-ID;87n- August2012] Not quarantined.
The message WAS NOT relayed to: beth_92@hotmail.co.uk: 250 2.7.0 Ok, discarded, id=57201-02 - SPAM
SpamAssassin report: Spam detection software, running on the system "mcgregor.admilon.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see websensei@admilon.net for details.
Content preview: Untitled Document We have detected fraudulent activity on your Halifax Internet banking account on 24/08/2012. For your protection, you must verify this activity before you can continue using your account. [...]
Content analysis details: (15.6 points, 25.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1 0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS 2.4 TVD_PH_BODY_ACCOUNTS_PRE BODY: TVD_PH_BODY_ACCOUNTS_PRE 1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words 0.3 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4904] 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly 0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only 0.0 TO_NO_BRKTS_NORDNS_HTML TO_NO_BRKTS_NORDNS_HTML 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX 1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX Return-Path: bub8@jetxos.net Received: from [83.19.178.206] (cys206.internetdsl.tpnet.pl [83.19.178.206]) by mcgregor.admilon.net (Postfix) with ESMTPA id DA5C51D0A388 for beth_92@hotmail.co.uk; Sat, 25 Aug 2012 00:47:00 +0900 (JST) X-GB-From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net X-OriginalArrivalTime: Fri, 24 Aug 2012 15:46:48 GMT X-SEF-Processed: 5_0_0_116__9573_53_13_39_07_03 X-Mailer: Groupinculus Subject: Fraudulent banking activity! [HLF-ID;87n- August2012] To: beth_92@hotmail.co.uk X-GB-AV: none found (0 seconds) X-GB-AS-summary: 10,1,0,d41d8cd98f00b204,d41d8cd98f00b204,bub1@jetos.net,7834,3775,3425,3776,4070 X-GB-Rule: 40 X-TM-AS-Product-Ver: IMSS-faoggldegmhmu=7.1.0.4101-6.8.0.61.8.92.97-22055.450 From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net X-GB-AS: unknown, (score 10, 0 seconds) X-MIMETrack: Itemize by SMTP Server on notes/Unitar(Release 8.5.2|Sat,Fri, 24 Aug 2012 15:46:48 GMT GMT) at X-TM-IMSS-Message-ID: trfmuovk0851-52e3@infonet.com 1241;: $21412:$;21412;4;2142949;::$219429:::424204021 Received: from Unknown [61.8.92.97] by srv02.wicerhla.co.uk - SurfControl E-mail Filter (5.0.1); Fri, 24 Aug 2012 15:46:48 GMT X-GB-To: beth_92@hotmail.co.uk X-imss-scan-details: No--0.158-5.0-18-1 Defensive: Filters MIME-Version: -2.1 Message-ID: 0ed1e2164567685-18915-37-e3@infonet.com X-TM-AS-Result: No--0.730-5.0-31-1 Content-Type: text/html Date: Fri, 24 Aug 2012 15:46:48 GMT X-GB-Received: From (beth_92@hotmail.co.uk-61.8.92.97) ---> ftp <--- X-Sender: Buuuucifer
Kann ich das irgendwie unterbinden?
Danke und noch ein schönes Wochenende Matthias