[postfix-users] Relay von Local?
Hallo, seit gestern bekomm ich von postfix solche Mails (s.u.). Ich versteh's nicht ganz, die Mails sollten ja bereits hier abgewiesen werden: smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
das sind die weiteren smtpd Einstellungen: smtpd_pw_server_security_options = login,gssapi,cram-md5 data_directory = /var/lib/postfix smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks check_sender_access hash:/etc/postfix/whitelist reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org permit smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts check_sender_access regexp:/etc/postfix/tag_as_foreign.re
Das sind die Mails:
Content type: Spam Internal reference code for the message is 57201-02/ghorrefFg9hP
First upstream SMTP client IP address: [83.19.178.206] cys206.internetdsl.tpnet.pl According to a 'Received:' trace, the message apparently originated at: [61.8.92.97], Unknown [61.8.92.97]
Return-Path: bub8@jetxos.net From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net Message-ID: 0ed1e2164567685-18915-37-e3@infonet.com X-Mailer: Groupinculus Subject: Fraudulent banking activity! [HLF-ID;87n- August2012] Not quarantined.
The message WAS NOT relayed to: beth_92@hotmail.co.uk: 250 2.7.0 Ok, discarded, id=57201-02 - SPAM
SpamAssassin report: Spam detection software, running on the system "mcgregor.admilon.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see websensei@admilon.net for details.
Content preview: Untitled Document We have detected fraudulent activity on your Halifax Internet banking account on 24/08/2012. For your protection, you must verify this activity before you can continue using your account. [...]
Content analysis details: (15.6 points, 25.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1 0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS 2.4 TVD_PH_BODY_ACCOUNTS_PRE BODY: TVD_PH_BODY_ACCOUNTS_PRE 1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words 0.3 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4904] 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly 0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only 0.0 TO_NO_BRKTS_NORDNS_HTML TO_NO_BRKTS_NORDNS_HTML 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX 1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX Return-Path: bub8@jetxos.net Received: from [83.19.178.206] (cys206.internetdsl.tpnet.pl [83.19.178.206]) by mcgregor.admilon.net (Postfix) with ESMTPA id DA5C51D0A388 for beth_92@hotmail.co.uk; Sat, 25 Aug 2012 00:47:00 +0900 (JST) X-GB-From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net X-OriginalArrivalTime: Fri, 24 Aug 2012 15:46:48 GMT X-SEF-Processed: 5_0_0_116__9573_53_13_39_07_03 X-Mailer: Groupinculus Subject: Fraudulent banking activity! [HLF-ID;87n- August2012] To: beth_92@hotmail.co.uk X-GB-AV: none found (0 seconds) X-GB-AS-summary: 10,1,0,d41d8cd98f00b204,d41d8cd98f00b204,bub1@jetos.net,7834,3775,3425,3776,4070 X-GB-Rule: 40 X-TM-AS-Product-Ver: IMSS-faoggldegmhmu=7.1.0.4101-6.8.0.61.8.92.97-22055.450 From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-bgtr-279882394343150-TESTTESTNOW-LOCALHOSt.net X-GB-AS: unknown, (score 10, 0 seconds) X-MIMETrack: Itemize by SMTP Server on notes/Unitar(Release 8.5.2|Sat,Fri, 24 Aug 2012 15:46:48 GMT GMT) at X-TM-IMSS-Message-ID: trfmuovk0851-52e3@infonet.com 1241;: $21412:$;21412;4;2142949;::$219429:::424204021 Received: from Unknown [61.8.92.97] by srv02.wicerhla.co.uk - SurfControl E-mail Filter (5.0.1); Fri, 24 Aug 2012 15:46:48 GMT X-GB-To: beth_92@hotmail.co.uk X-imss-scan-details: No--0.158-5.0-18-1 Defensive: Filters MIME-Version: -2.1 Message-ID: 0ed1e2164567685-18915-37-e3@infonet.com X-TM-AS-Result: No--0.730-5.0-31-1 Content-Type: text/html Date: Fri, 24 Aug 2012 15:46:48 GMT X-GB-Received: From (beth_92@hotmail.co.uk-61.8.92.97) ---> ftp <--- X-Sender: Buuuucifer
Kann ich das irgendwie unterbinden?
Danke und noch ein schönes Wochenende Matthias
Im Auftrag von Matthias Schmidt
Hallo, seit gestern bekomm ich von postfix solche Mails (s.u.). Ich versteh's nicht ganz, die Mails sollten ja bereits hier abgewiesen
werden:
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination, permit
Zeig mal die logzeilen zu der Mail.
Und was soll das letzte permit ????
Damit nimmst du alles an von denen die nicht sasl_autenticated, nicht aus deinem Netzwerk kommen an.
Da müsste dann ein reject stehen wenn nur eigene User darüber schicken dürfen !!
Mit freundlichen Grüßen
Uwe Drießen -- Software & Computer Uwe Drießen Lembergstraße 33 67824 Feilbingert
Tel.: 06708660045
Hallo Uwe, Danke erstmal, der Einfachheit Top-poste ich das mal: smtpd_delay_reject ist gar nicht drin ...
Ich denk das hier ist das Problem: smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit
guck trotzdem mal drüber ... mich hat den halben Tag php genervt ...
btw, ich kann Dir das Mail leider nicht direkt schicken, da Dein MTA behauptet, dass meine IP dynamisch wär, was sie nicht ist, http://whatismyipaddress.com/ip/61.8.92.97 Den Pointer Record will mein Provider nicht ändern, daher hab ich iim dns spf records gesetzt.
hier ein Auszug aus dem Log (gefällt mir nicht was ich das sehe ...) Aug 25 03:29:44 mcgregor postfix/smtpd[67758]: connect from unknown[49.236.198.230] Aug 25 03:29:45 mcgregor postfix/smtpd[67758]: NOQUEUE: filter: RCPT from unknown[49.236.198.230]: bub3@jetxos.net: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=bub3@jetxos.net to=gemma_walker16@hotmail.co.uk proto=ESMTP helo=<[10.10.10.51]> Aug 25 03:29:45 mcgregor postfix/smtpd[67758]: 583281D1983E: client=unknown[49.236.198.230], sasl_method=CRAM-MD5, sasl_username=ftp Aug 25 03:29:45 mcgregor postfix/cleanup[67121]: 583281D1983E: message-id=0ed1e9374287791-18915-37-e3@infonet.com Aug 25 03:29:45 mcgregor postfix/qmgr[72002]: 583281D1983E: from=bub3@jetxos.net, size=3411, nrcpt=1 (queue active) Aug 25 03:29:45 mcgregor amavis[67556]: (67556-02) loaded policy bank "ORIGINATING" Aug 25 03:29:45 mcgregor amavis[67556]: (67556-02) process_request: fileno sock=12, STDIN=0, STDOUT=1 Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) ESMTP::10026 /var/amavis/tmp/amavis-20120825T032306-67556: bub3@jetxos.net -> gemma_walker16@hotmail.co.uk Received: from mcgregor.admilon.net ([127.0.0.1]) by localhost (mcgregor.admilon.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for gemma_walker16@hotmail.co.uk; Sat, 25 Aug 2012 03:29:45 +0900 (JST) Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) smtp connection cache, dt: 192.1, state: 0 Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) body hash: 5831d2ebd39f90ef8c9ccc132dceb960 Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) Checking: l7NCznAb3qnP ORIGINATING [49.236.198.230] bub3@jetxos.net -> gemma_walker16@hotmail.co.uk Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) 2822.From: Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-wfxw-043090745679611-TESTTESTNOW-LOCALHOSt.net, 2821.Mail_From: bub3@jetxos.net Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) p001 1 Content-Type: text/html, size: 1719 B, name: Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) Checking for banned types and filenames Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) INFO: unknown banned table name ALT-RULES, recip=gemma_walker16@hotmail.co.uk Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) collect banned table[0]: gemma_walker16@hotmail.co.uk, tables: Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) p.path gemma_walker16@hotmail.co.uk: "P=p001,L=1,M=text/html,T=html" Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120825T032306-67556/parts\n Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) ClamAV-clamd: Connecting to socket /var/amavis/clamd Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120825T032306-67556/parts\n to UNIX socket /var/amavis/clamd Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) run_av (ClamAV-clamd): CLEAN Aug 25 03:29:45 mcgregor amavis[67556]: (67556-03) run_av (ClamAV-clamd) result: clean Aug 25 03:29:45 mcgregor postfix/smtpd[67758]: disconnect from unknown[49.236.198.230] Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) spam_scan: score=9.189 autolearn=no tests=[BAYES_50=0.8,DKIM_ADSP_NXDOMAIN=0.9,FSL_HELO_NON_FQDN_1=0.001,HELO_NO_DOMAIN=0.001,HTML_IMAGE_ONLY_20=1.546,HTML_MESSAGE=0.3,MIME_HTML_ONLY=0.723,NO_DNS_FOR_FROM=0.001,RDNS_NONE=0.793,TO_EQ_FM_DIRECT_MX=0.001,TO_EQ_FM_HTML_DIRECT=1.728,TO_EQ_FM_HTML_ONLY=0.001,TO_NO_BRKTS_NORDNS_HTML=0.001,TVD_PH_BODY_ACCOUNTS_PRE=2.393] Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) do_notify_and_quar: ccat=Spammy (5,0) ("5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth= Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) dkim: not signing suspected spam (from inside), From: <Uk.HALIFAX.internet.msg-notify###!-!securespecial@AT-MY-wfxw-043090745679611-TESTTESTNOW-LOCALHOSt.[...] Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp session: setting up a new session Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp creating socket by IO::Socket::INET to [127.0.0.1]:10027 Aug 25 03:29:48 mcgregor postfix/smtpd[67765]: connect from localhost[127.0.0.1] Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to greeting: 220 mcgregor.admilon.net ESMTP Postfix Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp cmd> EHLO localhost Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to EHLO: 250 mcgregor.admilon.net\nPIPELINING\nSIZE 41943040\nVRFY\nETRN\nAUTH LOGIN CRAM-MD5 GSSAPI\nSTARTTLS\nENHANCEDSTATUSCODES\n8BITMIME\nDSN Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) AUTH not needed, user='', MTA offers 'LOGIN CRAM-MD5 GSSAPI' Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp cmd> MAIL FROM:bub3@jetxos.net BODY=7BIT Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp cmd> RCPT TO:gemma_walker16@hotmail.co.uk ORCPT=rfc822;gemma_walker16@hotmail.co.uk Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp cmd> DATA Aug 25 03:29:48 mcgregor postfix/smtpd[67765]: 79E001D19849: client=localhost[127.0.0.1] Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to MAIL (pip): 250 2.1.0 Ok Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to RCPT (pip) (gemma_walker16@hotmail.co.uk): 250 2.1.5 Ok Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF> Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp cmd> QUIT Aug 25 03:29:48 mcgregor postfix/cleanup[67121]: 79E001D19849: message-id=0ed1e9374287791-18915-37-e3@infonet.com Aug 25 03:29:48 mcgregor postfix/smtpd[67765]: disconnect from localhost[127.0.0.1] Aug 25 03:29:48 mcgregor postfix/qmgr[72002]: 79E001D19849: from=bub3@jetxos.net, size=3877, nrcpt=1 (queue active) Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) smtp resp to data-dot (gemma_walker16@hotmail.co.uk): 250 2.0.0 Ok: queued as 79E001D19849 Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) Amavis::Out::SMTP::Session close, disconnecting Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) FWD via SMTP: bub3@jetxos.net -> gemma_walker16@hotmail.co.uk,BODY=7BIT 250 2.0.0 Ok, id=67556-03, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok: queued as 79E001D19849 Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) DSN: sender is credible (orig), SA: 9.189, bub3@jetxos.net Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) Passed SPAMMY, ORIGINATING LOCAL [49.236.198.230] [61.8.92.97] bub3@jetxos.net -> gemma_walker16@hotmail.co.uk, Message-ID: 0ed1e9374287791-18915-37-e3@infonet.com, mail_id: l7NCznAb3qnP, Hits: 9.189, size: 3406, queued_as: 79E001D19849, 2810 ms Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) TIMING-SA total 2698 ms - parse: 9 (0.3%), extract_message_metadata: 56 (2.1%), get_uri_detail_list: 1.67 (0.1%), tests_pri_-1000: 18 (0.7%), tests_pri_-950: 1.34 (0.0%), tests_pri_-900: 1.44 (0.1%), tests_pri_-400: 178 (6.6%), check_bayes: 162 (6.0%), tests_pri_0: 2350 (87.1%), check_dkim_adsp: 308 (11.4%), check_spf: 0.59 (0.0%), check_razor2: 1795 (66.5%), check_pyzor: 0.28 (0.0%), tests_pri_500: 10 (0.4%), tests_pri_1000: 53 (2.0%), total_awl: 51 (1.9%), check_awl: 32 (1.2%), update_awl: 0.16 (0.0%), get_report: 1.68 (0.1%) Aug 25 03:29:48 mcgregor amavis[67556]: (67556-03) sending SMTP response: "250 2.0.0 Ok, id=67556-03, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok: queued as 79E001D19849" Aug 25 03:29:48 mcgregor postfix/smtp[66833]: 583281D1983E: to=gemma_walker16@hotmail.co.uk, relay=127.0.0.1[127.0.0.1]:10026, delay=3.3, delays=0.46/0/0/2.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=67556-03, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok: queued as 79E001D19849) Aug 25 03:29:48 mcgregor postfix/qmgr[72002]: 583281D1983E: removed
hier der master.cf:
queue_directory = /private/var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = _postfix unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unknown_local_recipient_reject_code = 550 mynetworks_style = host debug_peer_level = 5 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = _postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix/examples readme_directory = /usr/share/doc/postfix mydomain_fallback = localhost #message_size_limit = 10485760 message_size_limit = 41943040 myhostname = mcgregor.admilon.net content_filter = smtp-amavis:[127.0.0.1]:10024 mailbox_transport = dovecot mydomain = admilon.net mailbox_size_limit = 0 enable_server_options = yes inet_interfaces = all smtpd_sasl_auth_enable = yes smtpd_helo_required = yes smtpd_use_pw_server = yes #mit Greylisting #smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit #ohne Greylisting smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject smtpd_pw_server_security_options = login,gssapi,cram-md5 data_directory = /var/lib/postfix smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks check_sender_access hash:/etc/postfix/whitelist reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org permit # #reject_rbl_client bl.spamcop.net #reject_unknown_client # # reject_invalid_hostname smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit mydestination = $myhostname, localhost.$mydomain, localhost, mail.$mydomain, liste.$mydomain, $mydomain virtual_transport = virtual virtual_mailbox_domains = hash:/etc/postfix/virtual_domains_dummy virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual hash:/private/var/mailman/data/virtual-mailman mynetworks = 127.0.0.0/8,192.168.2.0/24,192.168.1.0/24 smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.cert.pem smtpd_tls_key_file = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.key.pem smtp_tls_note_starttls_offer = yes #smtp_tls_key_file = /etc/certificates/admilon.net.key #smtp_tls_cert_file = /etc/certificates/admilon.net.crt #smtpd_tls_ask_ccert = yes #smtpd_tls_req_ccert = nosmtpd_tls_loglevel = 0 smtpd_tls_loglevel = 0 smtpd_tls_CAfile = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.chain.pem tls_random_source = dev:/dev/urandom owner_request_special = no recipient_delimiter = + smtp_uce_controlls = 1 relayhost = smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname header_checks = pcre:/etc/postfix/custom_header_checks nested_header_checks = $header_checks smtp_connection_cache_time_limit = 2s lmtp_rcpt_timeout = 300s tls_export_cipherlist = ALL:+RC4:@STRENGTH smtp_sasl_auth_cache_name = check_for_od_forward = yes default_verp_delimiters = += showq_service_name = showq milter_macro_daemon_name = $myhostname command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ smtpd_tls_mandatory_exclude_ciphers = milter_connect_timeout = 30s local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback default_delivery_slot_loan = 3 smtp_destination_recipient_limit = $default_destination_recipient_limit default_transport = smtp lmtp_defer_if_no_mx_address_found = no lmtp_pix_workaround_maps = local_recipient_maps = proxy:unix:passwd.byname $alias_maps lmtp_tls_enforce_peername = yes lmtp_tls_fingerprint_digest = md5 flush_service_name = flush non_fqdn_reject_code = 504 smtpd_tls_req_ccert = no lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback ipc_idle = 5s smtp_discard_ehlo_keyword_address_maps = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps address_verify_map = lmtp_tls_key_file = $lmtp_tls_cert_file connection_cache_status_update_time = 600s always_bcc = smtpd_starttls_timeout = 300s berkeley_db_create_buffer_size = 16777216 forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ smtpd_client_port_logging = no myorigin = $myhostname smtp_tls_per_site = default_recipient_refill_delay = 5s lmtp_pix_workaround_delay_time = 10s lmtp_sasl_type = cyrus deliver_lock_delay = 1s lmtp_tls_loglevel = 0 local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_send_xforward_command = no smtp_tls_secure_cert_match = nexthop, dot-nexthop undisclosed_recipients_header = To: undisclosed-recipients:; dont_remove = 0 sender_canonical_maps = smtpd_policy_service_max_idle = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_null_access_lookup_key = <> bounce_size_limit = 50000 tls_random_exchange_name = ${data_directory}/prng_exch milter_connect_macros = j {daemon_name} v smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options virtual_initial_destination_concurrency = $initial_destination_concurrency smtp_sasl_mechanism_filter = alias_database = hash:/etc/aliases smtp_sasl_auth_soft_bounce = yes fallback_transport_maps = reject_code = 554 cleanup_service_name = cleanup lmtp_tls_session_cache_database = unverified_recipient_reject_code = 450 lmtp_lhlo_name = $myhostname qmgr_message_recipient_minimum = 10 smtpd_banner = $myhostname ESMTP $mail_name mail_release_date = 20080902 lmtp_mail_timeout = 300s lmtp_pix_workaround_threshold_time = 500s tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH transport_maps = smtp_bind_address6 = resolve_numeric_domain = no default_recipient_refill_limit = 100 tls_daemon_random_bytes = 32 smtp_rset_timeout = 20s smtpd_discard_ehlo_keywords = smtp_sasl_type = cyrus cyrus_sasl_config_path = qmqpd_timeout = 300s anvil_rate_time_unit = 60s smtpd_sasl_authenticated_header = no virtual_mailbox_base = virtual_uid_maps = tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH relay_domains = $mydestination relay_domains_reject_code = 554 address_verify_negative_cache = yes lmtp_nested_header_checks = tls_random_prng_update_period = 3600s smtp_pix_workaround_threshold_time = 500s relay_clientcerts = smtp_tls_dcert_file = smtpd_authorized_xforward_hosts = delay_notice_recipient = postmaster lmtp_tls_dkey_file = $lmtp_tls_dcert_file anvil_status_update_time = 600s virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_exclude_ciphers = local_initial_destination_concurrency = $initial_destination_concurrency smtp_connection_reuse_time_limit = 300s duplicate_filter_limit = 1000 queue_file_attribute_count_limit = 100 mail_spool_directory = /var/mail local_command_shell = proxy_interfaces = unknown_relay_recipient_reject_code = 550 address_verify_relay_transport = $relay_transport smtp_generic_maps = smtpd_policy_service_max_ttl = 1000s virtual_gid_maps = smtp_fallback_relay = $fallback_relay relay_destination_recipient_limit = $default_destination_recipient_limit local_header_rewrite_clients = permit_inet_interfaces lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options bounce_notice_recipient = postmaster default_destination_concurrency_negative_feedback = 1 authorized_mailq_users = static:anyone smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtp_helo_timeout = 300s smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} tls_random_bytes = 32 local_destination_recipient_limit = 1 mail_name = Postfix smtpd_discard_ehlo_keyword_address_maps = mailbox_delivery_lock = flock, dotlock sender_canonical_classes = envelope_sender, header_sender debug_peer_list = smtp_tls_mandatory_ciphers = medium strict_mailbox_ownership = yes lmtp_header_checks = unknown_hostname_reject_code = 450 message_strip_characters = smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_tls_CApath = process_id_directory = pid smtpd_client_connection_rate_limit = 0 smtpd_client_connection_count_limit = 50 address_verify_service_name = verify non_smtpd_milters = maximal_backoff_time = 4000s transport_retry_time = 60s qmgr_clog_warn_time = 300s lmtp_tls_verify_cert_match = hostname config_directory = /etc/postfix smtpd_recipient_overshoot_limit = 1000 milter_unknown_command_macros = hash_queue_depth = 1 address_verify_transport_maps = $transport_maps defer_service_name = defer smtpd_sasl_tls_security_options = $smtpd_sasl_security_options tls_random_reseed_period = 3600s luser_relay = prepend_delivered_header = command, file, forward qmqpd_error_delay = 1s smtpd_junk_command_limit = 100 line_length_limit = 2048 smtpd_sasl_path = smtpd resolve_null_domain = no smtpd_tls_ccert_verifydepth = 9 lmtp_body_checks = smtp_tls_exclude_ciphers = smtpd_tls_dkey_file = $smtpd_tls_dcert_file lmtp_randomize_addresses = yes virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit queue_minfree = 0 milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} lmtp_tls_security_level = forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward bounce_template_file = application_event_drain_time = 100s smtp_send_xforward_command = no virtual_minimum_uid = 100 lmtp_tls_cert_file = lmtp_sasl_path = smtp_use_tls = no smtpd_noop_commands = lmtp_host_lookup = dns canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient daemon_timeout = 18000s address_verify_default_transport = $default_transport lmtp_connection_cache_time_limit = 2s smtp_tls_enforce_peername = yes smtpd_soft_error_limit = 10 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} ipc_timeout = 3600s recipient_canonical_classes = envelope_recipient, header_recipient smtpd_sasl_type = cyrus masquerade_exceptions = proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name frozen_delivered_to = yes relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virus_db_last_update = 2009-07-09 14:07:59 +0900 lmtp_destination_recipient_limit = $default_destination_recipient_limit spam_domain_name = admilon.net smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtp_quit_timeout = 300s default_extra_recipient_limit = 1000 mime_header_checks = $header_checks smtp_sasl_tls_security_options = $smtp_sasl_security_options bounce_service_name = bounce ipc_ttl = 1000s address_verify_positive_refresh_time = 7d lmtp_tcp_port = 24 lmtp_initial_destination_concurrency = $initial_destination_concurrency pickup_service_name = pickup receive_override_options = smtp_tls_session_cache_database = virtual_alias_expansion_limit = 1000 default_delivery_slot_discount = 50 fast_flush_domains = $relay_domains relocated_maps = smtp_tls_fingerprint_digest = md5 relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtpd_delay_open_until_valid_rcpt = yes lmtp_sasl_security_options = noplaintext, noanonymous lmtp_destination_rate_delay = $default_destination_rate_delay import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C smtp_line_length_limit = 990 header_size_limit = 102400 lmtp_connection_cache_on_demand = yes smtp_sasl_path = fallback_transport = smtpd_history_flush_threshold = 100 backwards_bounce_logfile_compatibility = yes smtpd_tls_mandatory_ciphers = medium smtp_tls_CApath = qmgr_message_recipient_limit = 20000 connection_cache_service_name = scache relay_destination_concurrency_limit = $default_destination_concurrency_limit in_flow_delay = 1s milter_end_of_header_macros = i smtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_tls_per_site = smtpd_proxy_timeout = 100s lmtp_discard_lhlo_keywords = lmtp_tls_scert_verifydepth = 9 smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_sasl_password_maps = smtp_starttls_timeout = 300s tls_null_cipherlist = eNULL:!aNULL unverified_sender_reject_code = 450 lmtp_enforce_tls = no hopcount_limit = 50 smtpd_forbidden_commands = CONNECT GET POST message_reject_characters = lmtp_sasl_auth_cache_time = 90d maps_rbl_domains = unknown_address_reject_code = 450 lmtp_quote_rfc821_envelope = yes lmtp_tls_note_starttls_offer = no default_destination_concurrency_limit = 20 local_transport = local:$myhostname permit_mx_backup_networks = smtp_tls_policy_maps = lmtp_mime_header_checks = lmtp_line_length_limit = 990 lmtp_tls_mandatory_exclude_ciphers = smtp_nested_header_checks = lmtp_xforward_timeout = 300s send_cyrus_sasl_authzid = no smtp_xforward_timeout = 300s lmtp_mx_session_limit = 2 address_verify_negative_expire_time = 3d smtpd_client_message_rate_limit = 0 smtp_mx_session_limit = 2 header_address_token_limit = 10240 smtp_rcpt_timeout = 300s smtpd_tls_dcert_file = mime_nesting_limit = 100 lmtp_bind_address6 = relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback connection_cache_protocol_timeout = 5s error_service_name = error virtual_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_rset_timeout = 20s smtp_tls_session_cache_timeout = 3600s notify_classes = resource, software smtpd_timeout = 300s virtual_mailbox_maps = alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases sender_bcc_maps = execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ lmtp_tls_dcert_file = default_recipient_limit = 20000 virtual_mailbox_lock = fcntl, dotlock authorized_flush_users = static:anyone lmtp_connection_reuse_time_limit = 300s double_bounce_sender = double-bounce relay_recipient_maps = smtp_pix_workaround_maps = maximal_queue_lifetime = 5d smtpd_tls_always_issue_session_ids = yes smtp_defer_if_no_mx_address_found = no address_verify_sender = $double_bounce_sender lmtp_mx_address_limit = 5 smtpd_tls_CApath = stale_lock_time = 500s smtpd_tls_dh1024_param_file = trace_service_name = trace default_destination_concurrency_positive_feedback = 1 smtp_mx_address_limit = 5 default_privs = nobody deliver_lock_attempts = 20 lmtp_starttls_timeout = 300s parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps lmtp_cname_overrides_servername = no smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_data_xfer_timeout = 180s #war 0 smtpd_client_new_tls_session_rate_limit = 10 lmtp_sasl_auth_cache_name = lmtp_tls_secure_cert_match = nexthop smtp_tls_loglevel = 0 milter_end_of_data_macros = i smtpd_reject_unlisted_recipient = yes command_execution_directory = authorized_submit_users = static:anyone syslog_name = postfix smtpd_end_of_data_restrictions = lmtp_generic_maps = default_minimum_delivery_slots = 3 smtp_helo_name = $myhostname access_map_reject_code = 554 lmtp_sasl_mechanism_filter = lmtp_sasl_auth_soft_bounce = yes lmtp_sender_dependent_authentication = no address_verify_relayhost = $relayhost smtpd_tls_received_header = no smtp_mime_header_checks = lmtp_sasl_tls_security_options = $lmtp_sasl_security_options smtpd_tls_dh512_param_file = rewrite_service_name = rewrite mailbox_transport_maps = error_notice_recipient = postmaster milter_content_timeout = 300s smtpd_error_sleep_time = 1s destination_concurrency_feedback_debug = no fault_injection_code = 0 internal_mail_filter_classes = smtpd_peername_lookup = yes lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback propagate_unmatched_extensions = canonical, virtual smtp_mail_timeout = 300s smtpd_authorized_xclient_hosts = address_verify_positive_expire_time = 31d delay_logging_resolution_limit = 2 qmgr_fudge_factor = 100 lmtp_data_xfer_timeout = 180s max_use = 100 milter_data_macros = i maps_rbl_reject_code = 554 qmqpd_authorized_clients = allow_mail_to_commands = alias, forward relay_transport = relay bounce_queue_lifetime = 5d masquerade_domains = smtp_sender_dependent_authentication = no smtpd_sender_login_maps = lmtp_tls_CAfile = address_verify_poll_delay = 3s smtp_discard_ehlo_keywords = delay_warning_time = 0h smtp_connect_timeout = 30s smtp_tls_mandatory_exclude_ciphers = service_throttle_time = 60s milter_default_action = tempfail smtp_data_init_timeout = 120s detect_8bit_encoding_header = yes 2bounce_notice_recipient = postmaster default_delivery_slot_cost = 5 smtp_tls_verify_cert_match = hostname qmqpd_client_port_logging = no smtpd_tls_ask_ccert = no masquerade_classes = envelope_sender, header_sender, header_recipient qmgr_message_active_limit = 20000 address_verify_local_transport = $local_transport lmtp_tls_fingerprint_cert_match = connection_cache_ttl_limit = 2s smtpd_etrn_restrictions = virtual_destination_rate_delay = $default_destination_rate_delay export_environment = TZ MAIL_CONFIG LANG lmtp_tls_exclude_ciphers = virtual_alias_recursion_limit = 1000 stress = smtpd_hard_error_limit = 20 smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_connection_cache_on_demand = yes smtp_tls_key_file = $smtp_tls_cert_file trigger_timeout = 10s address_verify_poll_count = 3 fast_flush_refresh_time = 12h smtp_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_proxy_ehlo = $myhostname relay_destination_rate_delay = $default_destination_rate_delay lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_destination_concurrency_limit = $default_destination_concurrency_limit mail_version = 2.5.5 relay_initial_destination_concurrency = $initial_destination_concurrency remote_header_rewrite_domain = max_idle = 100s mailbox_command_maps = empty_address_relayhost_maps_lookup_key = <> default_destination_concurrency_failed_cohort_limit = 1 multi_recipient_bounce_reject_code = 550 smtpd_sasl_exceptions_networks = #should be no smtpd_tls_auth_only = no use_od_delivery_path = no verp_delimiter_filter = -=+ smtp_pix_workaround_delay_time = 10s smtp_data_done_timeout = 600s smtpd_restriction_classes = mailbox_command = lmtp_data_init_timeout = 120s recipient_bcc_maps = smtpd_tls_session_cache_database = virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback allow_mail_to_files = alias, forward address_verify_negative_refresh_time = 3h lmtp_tls_policy_maps = lmtp_lhlo_timeout = 300s lmtp_tls_session_cache_timeout = 3600s lmtp_tls_mandatory_ciphers = medium plaintext_reject_code = 450 initial_destination_concurrency = 5 lmtp_quit_timeout = 300s smtpd_client_recipient_rate_limit = 0 smtpd_proxy_filter = tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH default_database_type = hash smtp_destination_concurrency_limit = $default_destination_concurrency_limit address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps smtp_sasl_auth_cache_time = 90d fast_flush_purge_time = 7d local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback body_checks_size_limit = 51200 smtp_body_checks = smtp_header_checks = unknown_client_reject_code = 450 lmtp_discard_lhlo_keyword_address_maps = empty_address_recipient = MAILER-DAEMON lmtp_skip_5xx_greeting = yes smtp_destination_rate_delay = $default_destination_rate_delay berkeley_db_read_buffer_size = 131072 virtual_mailbox_limit = 51200000 invalid_hostname_reject_code = 501 smtpd_sasl_security_options = noanonymous address_verify_virtual_transport = $virtual_transport inet_protocols = ipv4 default_process_limit = 100 smtp_sasl_security_options = noplaintext, noanonymous smtp_host_lookup = dns fork_delay = 1s smtpd_reject_unlisted_sender = no defer_code = 450 lmtp_connect_timeout = 0s local_destination_rate_delay = $default_destination_rate_delay lmtp_data_done_timeout = 600s milter_protocol = 2 lmtp_connection_cache_destinations = smtp_tls_scert_verifydepth = 9 smtp_tls_CAfile = milter_command_timeout = 30s smtpd_tls_session_cache_timeout = 3600s smtpd_milters = syslog_facility = mail smtp_tls_fingerprint_cert_match = defer_transports = enable_original_recipient = yes fork_attempts = 5 use_getpwnam_ext = yes milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} default_destination_rate_delay = 0s milter_rcpt_macros = i {rcpt_addr} smtp_quote_rfc821_envelope = yes command_time_limit = 1000s default_destination_recipient_limit = 50 lmtp_use_tls = no smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtpd_policy_service_timeout = 100s queue_service_name = qmgr hash_queue_names = deferred,defer smtp_cname_overrides_servername = no smtpd_tls_fingerprint_digest = md5 lmtp_bind_address = milter_macro_v = $mail_name $mail_version smtpd_recipient_limit = 1000 mime_boundary_length_limit = 2048 smtp_connection_cache_destinations = smtpd_tls_wrappermode = no queue_run_delay = 300s minimal_backoff_time = 300s local_destination_concurrency_limit = 2 lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_recipient_limit = $default_destination_recipient_limit best_mx_transport = sender_dependent_relayhost_maps = rbl_reply_maps = smtpd_enforce_tls = no
so und nu zum Schluss postconf -n: 2bounce_notice_recipient = postmaster access_map_reject_code = 554 address_verify_default_transport = $default_transport address_verify_local_transport = $local_transport address_verify_map = address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 3h address_verify_poll_count = 3 address_verify_poll_delay = 3s address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d address_verify_relay_transport = $relay_transport address_verify_relayhost = $relayhost address_verify_sender = $double_bounce_sender address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps address_verify_service_name = verify address_verify_transport_maps = $transport_maps address_verify_virtual_transport = $virtual_transport alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases allow_mail_to_commands = alias, forward allow_mail_to_files = alias, forward always_bcc = anvil_rate_time_unit = 60s anvil_status_update_time = 600s application_event_drain_time = 100s authorized_flush_users = static:anyone authorized_mailq_users = static:anyone authorized_submit_users = static:anyone backwards_bounce_logfile_compatibility = yes berkeley_db_create_buffer_size = 16777216 berkeley_db_read_buffer_size = 131072 best_mx_transport = body_checks_size_limit = 51200 bounce_notice_recipient = postmaster bounce_queue_lifetime = 5d bounce_service_name = bounce bounce_size_limit = 50000 bounce_template_file = canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient check_for_od_forward = yes cleanup_service_name = cleanup command_directory = /usr/sbin command_execution_directory = command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ command_time_limit = 1000s config_directory = /etc/postfix connection_cache_protocol_timeout = 5s connection_cache_service_name = scache connection_cache_status_update_time = 600s connection_cache_ttl_limit = 2s content_filter = smtp-amavis:[127.0.0.1]:10024 cyrus_sasl_config_path = daemon_directory = /usr/libexec/postfix daemon_timeout = 18000s data_directory = /var/lib/postfix debug_peer_level = 5 debug_peer_list = default_database_type = hash default_delivery_slot_cost = 5 default_delivery_slot_discount = 50 default_delivery_slot_loan = 3 default_destination_concurrency_failed_cohort_limit = 1 default_destination_concurrency_limit = 20 default_destination_concurrency_negative_feedback = 1 default_destination_concurrency_positive_feedback = 1 default_destination_rate_delay = 0s default_destination_recipient_limit = 50 default_extra_recipient_limit = 1000 default_minimum_delivery_slots = 3 default_privs = nobody default_process_limit = 100 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} default_recipient_limit = 20000 default_recipient_refill_delay = 5s default_recipient_refill_limit = 100 default_transport = smtp default_verp_delimiters = += defer_code = 450 defer_service_name = defer defer_transports = delay_logging_resolution_limit = 2 delay_notice_recipient = postmaster delay_warning_time = 0h deliver_lock_attempts = 20 deliver_lock_delay = 1s destination_concurrency_feedback_debug = no detect_8bit_encoding_header = yes dont_remove = 0 double_bounce_sender = double-bounce duplicate_filter_limit = 1000 empty_address_recipient = MAILER-DAEMON empty_address_relayhost_maps_lookup_key = <> enable_original_recipient = yes enable_server_options = yes error_notice_recipient = postmaster error_service_name = error execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ export_environment = TZ MAIL_CONFIG LANG fallback_transport = fallback_transport_maps = fast_flush_domains = $relay_domains fast_flush_purge_time = 7d fast_flush_refresh_time = 12h fault_injection_code = 0 flush_service_name = flush fork_attempts = 5 fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes hash_queue_depth = 1 hash_queue_names = deferred,defer header_address_token_limit = 10240 header_checks = pcre:/etc/postfix/custom_header_checks header_size_limit = 102400 hopcount_limit = 50 html_directory = no import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C in_flow_delay = 1s inet_interfaces = all inet_protocols = ipv4 initial_destination_concurrency = 5 internal_mail_filter_classes = invalid_hostname_reject_code = 501 ipc_idle = 5s ipc_timeout = 3600s ipc_ttl = 1000s line_length_limit = 2048 lmtp_bind_address = lmtp_bind_address6 = lmtp_body_checks = lmtp_cname_overrides_servername = no lmtp_connect_timeout = 0s lmtp_connection_cache_destinations = lmtp_connection_cache_on_demand = yes lmtp_connection_cache_time_limit = 2s lmtp_connection_reuse_time_limit = 300s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_defer_if_no_mx_address_found = no lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_destination_rate_delay = $default_destination_rate_delay lmtp_destination_recipient_limit = $default_destination_recipient_limit lmtp_discard_lhlo_keyword_address_maps = lmtp_discard_lhlo_keywords = lmtp_enforce_tls = no lmtp_generic_maps = lmtp_header_checks = lmtp_host_lookup = dns lmtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_lhlo_name = $myhostname lmtp_lhlo_timeout = 300s lmtp_line_length_limit = 990 lmtp_mail_timeout = 300s lmtp_mime_header_checks = lmtp_mx_address_limit = 5 lmtp_mx_session_limit = 2 lmtp_nested_header_checks = lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_quit_timeout = 300s lmtp_quote_rfc821_envelope = yes lmtp_randomize_addresses = yes lmtp_rcpt_timeout = 300s lmtp_rset_timeout = 20s lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus lmtp_send_xforward_command = no lmtp_sender_dependent_authentication = no lmtp_skip_5xx_greeting = yes lmtp_starttls_timeout = 300s lmtp_tcp_port = 24 lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_cert_file = lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = SSLv3, TLSv1 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_verify_cert_match = hostname lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit local_destination_concurrency_limit = 2 local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback local_destination_rate_delay = $default_destination_rate_delay local_destination_recipient_limit = 1 local_header_rewrite_clients = permit_inet_interfaces local_initial_destination_concurrency = $initial_destination_concurrency local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_transport = local:$myhostname luser_relay = mail_name = Postfix mail_owner = _postfix mail_release_date = 20080902 mail_spool_directory = /var/mail mail_version = 2.5.5 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = flock, dotlock mailbox_size_limit = 0 mailbox_transport = dovecot mailbox_transport_maps = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = maps_rbl_reject_code = 554 masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = max_idle = 100s max_use = 100 maximal_backoff_time = 4000s maximal_queue_lifetime = 5d message_reject_characters = message_size_limit = 41943040 message_strip_characters = milter_command_timeout = 30s milter_connect_macros = j {daemon_name} v milter_connect_timeout = 30s milter_content_timeout = 300s milter_data_macros = i milter_default_action = tempfail milter_end_of_data_macros = i milter_end_of_header_macros = i milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} milter_protocol = 2 milter_rcpt_macros = i {rcpt_addr} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_recipient_bounce_reject_code = 550 mydestination = $myhostname, localhost.$mydomain, localhost, mail.$mydomain, liste.$mydomain, $mydomain mydomain = admilon.net mydomain_fallback = localhost myhostname = mcgregor.admilon.net mynetworks = 127.0.0.0/8,192.168.2.0/24,192.168.1.0/24 mynetworks_style = host myorigin = $myhostname nested_header_checks = $header_checks newaliases_path = /usr/bin/newaliases non_fqdn_reject_code = 504 non_smtpd_milters = notify_classes = resource, software owner_request_special = no parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = pickup_service_name = pickup plaintext_reject_code = 450 prepend_delivered_header = command, file, forward process_id_directory = pid propagate_unmatched_extensions = canonical, virtual proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name qmgr_clog_warn_time = 300s qmgr_fudge_factor = 100 qmgr_message_active_limit = 20000 qmgr_message_recipient_limit = 20000 qmgr_message_recipient_minimum = 10 qmqpd_authorized_clients = qmqpd_client_port_logging = no qmqpd_error_delay = 1s qmqpd_timeout = 300s queue_directory = /private/var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr rbl_reply_maps = readme_directory = /usr/share/doc/postfix receive_override_options = recipient_bcc_maps = recipient_canonical_classes = envelope_recipient, header_recipient recipient_delimiter = + reject_code = 554 relay_clientcerts = relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit relay_destination_concurrency_limit = $default_destination_concurrency_limit relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback relay_destination_rate_delay = $default_destination_rate_delay relay_destination_recipient_limit = $default_destination_recipient_limit relay_domains = $mydestination relay_domains_reject_code = 554 relay_initial_destination_concurrency = $initial_destination_concurrency relay_recipient_maps = relay_transport = relay relayhost = relocated_maps = remote_header_rewrite_domain = resolve_null_domain = no resolve_numeric_domain = no rewrite_service_name = rewrite sample_directory = /usr/share/doc/postfix/examples send_cyrus_sasl_authzid = no sender_bcc_maps = sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = sender_dependent_relayhost_maps = sendmail_path = /usr/sbin/sendmail service_throttle_time = 60s setgid_group = _postdrop showq_service_name = showq smtp_bind_address6 = smtp_body_checks = smtp_cname_overrides_servername = no smtp_connect_timeout = 30s smtp_connection_cache_destinations = smtp_connection_cache_on_demand = yes smtp_connection_cache_time_limit = 2s smtp_connection_reuse_time_limit = 300s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_defer_if_no_mx_address_found = no smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_destination_concurrency_limit = $default_destination_concurrency_limit smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtp_destination_rate_delay = $default_destination_rate_delay smtp_destination_recipient_limit = $default_destination_recipient_limit smtp_discard_ehlo_keyword_address_maps = smtp_discard_ehlo_keywords = smtp_fallback_relay = $fallback_relay smtp_generic_maps = smtp_header_checks = smtp_helo_name = $myhostname smtp_helo_timeout = 300s smtp_host_lookup = dns smtp_initial_destination_concurrency = $initial_destination_concurrency smtp_line_length_limit = 990 smtp_mail_timeout = 300s smtp_mime_header_checks = smtp_mx_address_limit = 5 smtp_mx_session_limit = 2 smtp_nested_header_checks = smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_quit_timeout = 300s smtp_quote_rfc821_envelope = yes smtp_rcpt_timeout = 300s smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus smtp_send_xforward_command = no smtp_sender_dependent_authentication = no smtp_starttls_timeout = 300s smtp_tls_CAfile = smtp_tls_CApath = smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_enforce_peername = yes smtp_tls_exclude_ciphers = smtp_tls_fingerprint_cert_match = smtp_tls_fingerprint_digest = md5 smtp_tls_key_file = $smtp_tls_cert_file smtp_tls_loglevel = 0 smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = smtp_tls_mandatory_protocols = SSLv3, TLSv1 smtp_tls_note_starttls_offer = yes smtp_tls_per_site = smtp_tls_policy_maps = smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_tls_verify_cert_match = hostname smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 0 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 0 smtpd_client_new_tls_session_rate_limit = 10 smtpd_client_port_logging = no smtpd_client_recipient_rate_limit = 0 smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks check_sender_access hash:/etc/postfix/whitelist reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_rbl_client cbl.abuseat.org reject_rbl_clientzen.spamhaus.org permit smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit smtpd_delay_open_until_valid_rcpt = yes smtpd_discard_ehlo_keyword_address_maps = smtpd_discard_ehlo_keywords = smtpd_end_of_data_restrictions = smtpd_enforce_tls = no smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtpd_forbidden_commands = CONNECT GET POST smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = 100 smtpd_milters = smtpd_noop_commands = smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s smtpd_policy_service_timeout = 100s smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_timeout = 100s smtpd_pw_server_security_options = login,gssapi,cram-md5 smtpd_recipient_limit = 1000 smtpd_recipient_overshoot_limit = 1000 smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = no smtpd_restriction_classes = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = cyrus smtpd_sender_login_maps = smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_soft_error_limit = 10 smtpd_starttls_timeout = 300s smtpd_timeout = 300s smtpd_tls_CAfile = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.chain.pem smtpd_tls_CApath = smtpd_tls_always_issue_session_ids = yes smtpd_tls_ask_ccert = no smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.cert.pem smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = smtpd_tls_dh512_param_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_exclude_ciphers = smtpd_tls_fingerprint_digest = md5 smtpd_tls_key_file = /etc/certificates/mcgregor.admilon.net.476EFD153EAF1C131C9885854A44E5635D465588.key.pem smtpd_tls_loglevel = 0 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_exclude_ciphers = smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_received_header = no smtpd_tls_req_ccert = no smtpd_tls_security_level = may smtpd_tls_session_cache_database = smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_use_pw_server = yes stale_lock_time = 500s stress = strict_mailbox_ownership = yes syslog_facility = mail syslog_name = postfix tls_daemon_random_bytes = 32 tls_export_cipherlist = ALL:+RC4:@STRENGTH tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom trace_service_name = trace transport_maps = transport_retry_time = 60s trigger_timeout = 10s undisclosed_recipients_header = To: undisclosed-recipients:; unknown_address_reject_code = 450 unknown_client_reject_code = 450 unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_reject_code = 450 unverified_sender_reject_code = 450 use_getpwnam_ext = yes use_od_delivery_path = no verp_delimiter_filter = -=+ virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_expansion_limit = 1000 virtual_alias_maps = hash:/etc/postfix/virtual hash:/private/var/mailman/data/virtual-mailman virtual_alias_recursion_limit = 1000 virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_concurrency_limit = $default_destination_concurrency_limit virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virtual_destination_rate_delay = $default_destination_rate_delay virtual_destination_recipient_limit = $default_destination_recipient_limit virtual_gid_maps = virtual_initial_destination_concurrency = $initial_destination_concurrency virtual_mailbox_base = virtual_mailbox_domains = hash:/etc/postfix/virtual_domains_dummy virtual_mailbox_limit = 51200000 virtual_mailbox_lock = fcntl, dotlock virtual_mailbox_maps = virtual_minimum_uid = 100 virtual_transport = virtual virtual_uid_maps =
Dank und Gruss Matthias
Am 25.08.2012 um 15:29 schrieb Uwe Drießen:
Im Auftrag von Matthias Schmidt
Hallo, seit gestern bekomm ich von postfix solche Mails (s.u.). Ich versteh's nicht ganz, die Mails sollten ja bereits hier abgewiesen
werden:
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination, permit
Zeig mal die logzeilen zu der Mail.
Und was soll das letzte permit ????
Damit nimmst du alles an von denen die nicht sasl_autenticated, nicht aus deinem Netzwerk kommen an.
Da müsste dann ein reject stehen wenn nur eigene User darüber schicken dürfen !!
da schiess ich mich ins Bein, denn dann kommen keine Mails mehr an ... Irgendwo ist da ein Loch ... das Zauberkraut muss also ein anderes sein ;-) Gruss Matthias
participants (2)
-
Matthias Schmidt -
Uwe Drießen