amavisd.conf oder Mailserver nicht optimal gesichert?

3 May 2006

      Kürzlich erreichte mich u.a Mail vom lokalen Mailserver. Warum "Relay access 
denied" kommt, ist mir klar, Das hängt mit meiner restrikten 
Postfix-Konfiguration zusammen, aber ich verstehe nicht, wodurch da überhaupt 
vom System versucht werden konnte, ein Mail zu versenden. Vielleicht liegt es 
an /etc/amavisd.conf 

Postfix SMTP server: errors from localhost[127.0.0.1]
 Von: Mail Delivery System 
 An: Postmaster 

Transcript of session follows.

 Out: 220 gw.local.site ESMTP Postfix
 In:  EHLO localhost
 Out: 250-gw.local.site
 Out: 250-PIPELINING
 Out: 250-SIZE 40000000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250 8BITMIME
 In:  MAIL FROM:<>
 Out: 250 Ok
 In:  RCPT TO:
 Out: 554 : Relay access denied
 In:  QUIT
 Out: 221 Bye

grep -r "jhw@news.com" /var/

/var/log/mail:May  2 18:40:27 gw postfix/qmgr[7649]: 94A68E0028A: 
from=, size=36724, nrcpt=1 (queue active)

/var/log/mail:May  2 18:40:56 gw postfix/smtpd[24141]: NOQUEUE: reject: RCPT 
from localhost[127.0.0.1]: 554 : Relay access denied; from=<> 
to= proto=ESMTP helo=<localhost>

/var/log/mail:May  2 18:40:56 gw amavis[23330]: (23330-02) SEND via SMTP: 
<> -> , 554 5.6.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

/var/log/mail:May  2 18:40:56 gw amavis[23330]: (23330-02) NOTICE: UNABLE TO 
SEND DSN to : 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

/var/log/mail:May  2 18:40:56 gw amavis[23330]: (23330-02) Blocked BANNED 
(multipart/mixed | application/x-msdos-program,.exe,Rechnung.exe), 
[200.21.212.31]  -> , quarantine: 
banned-ciBRaJRCssko, Message-ID: <4720648090.20060502102446@news.com>, 
mail_id: ciBRaJRCssko, Hits: -, 14814 ms

/var/log/mail.info:May  2 18:40:27 gw postfix/qmgr[7649]: 94A68E0028A: 
from=, size=36724, nrcpt=1 (queue active)

/var/log/mail.info:May  2 18:40:56 gw postfix/smtpd[24141]: NOQUEUE: reject: 
RCPT from localhost[127.0.0.1]: 554 : Relay access denied; 
from=<> to= proto=ESMTP helo=<localhost>

/var/log/mail.warn:May  2 18:40:56 gw amavis[23330]: (23330-02) SEND via SMTP: 
<> -> , 554 5.6.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

/var/log/mail.warn:May  2 18:40:56 gw amavis[23330]: (23330-02) NOTICE: UNABLE 
TO SEND DSN to : 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

/var/log/warn:May  2 18:40:56 gw amavis[23330]: (23330-02) SEND via SMTP: 
<> -> , 554 5.6.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

/var/log/warn:May  2 18:40:56 gw amavis[23330]: (23330-02) NOTICE: UNABLE TO 
SEND DSN to : 554 5.1.0 Failed, id=23330-02, from 
MTA([127.0.0.1]:10025): 554 : Relay access denied

cat /var/spool/amavis/virusmails/banned-ciBRaJRCssko
Return-Path: <>
Delivered-To: banned-quarantine
X-Envelope-From: 
X-Envelope-To: 
X-Quarantine-Id: <ciBRaJRCssko>
Received: from localhost (localhost [127.0.0.1])
        by gw.local.site (Postfix) with ESMTP id 94A68E0028A
        for ; Tue,  2 May 2006 18:40:27 +0200 (CEST)
X-chktrc: -trima-ta13-
Received: from pop3.tripple.at [195.58.165.168]
        by localhost with POP3 (fetchmail-6.2.5.2 polling pop3.tripple.at 
account *)
        for ab@localhost (single-drop); Tue, 02 May 2006 18:40:27 +0200 (CEST)
Received: from ta31.tripple.net ([195.58.165.133]) by ta13.tripple.net with 
Microsoft SMTPSVC(5.0.2195.2966); Tue, 2 May 2006 18:15:57 +0200
thread-index: AcZuA7C9XBD+eL85RZiJ6GkAMH3uLg==
X-VirusBlockAttach: dangerous extention found, code
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
Received: from -1209545984 ([200.21.212.31]) by ta31.tripple.net with 
Microsoft SMTPSVC(6.0.3790.0); Tue, 2 May 2006 18:15:29 +0200
Received: from news.com (-1213654488 [-1209768208]) by melodymail.com 
(Qmailv1) with ESMTP id DA8FEF870B for <*@*>; Tue, 02 May 2006 10:24:46 -0400
Date: Tue, 02 May 2006 10:24:46 -0400
From: "Frau Alexandra Heitmann" 
X-Mailer: The Bat! (v2.00.2) Personal
X-Priority: 3
Message-ID: <4720648090.20060502102446@news.com>
To: * <*@*>
Subject: Rechnung R.-Nr.20616863
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----------2030C7F8946D81D"
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
X-OriginalArrivalTime: 02 May 2006 16:15:36.0944 (UTC) 
FILETIME=[A5A1CF00:01C66E03]
X-Amavis-Alert: BANNED, message contains part:
 multipart/mixed | application/x-msdos-program,.exe,Rechnung.exe
This is a multi-part message in MIME format.

/etc/amavisd.conf
use strict;
$max_servers = 2;            # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$mydomain = 'local.site';   # a convenient default for other settings
$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
@local_domains_maps = ( [".$mydomain"] );
$log_level = 0;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024;   # listen on this local TCP port(s) (see 
$protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # when using sendmail milter
$sa_tag_level_deflt  = -20.0;  # add spam info headers if at, or above that 
level
$sa_tag2_level_deflt = 4.3;
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is 
larger
$sa_local_tests_only = 0;    # only tests which do not require internet 
access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if 
undef
@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name
$myhostname = 'gw.local.site';
$final_spam_destiny = D_PASS;
@viruses_that_fake_sender_maps = (new_RE(
  [qr/^/ => 1],  # true for everything else
));
@keep_decoded_original_maps = (new_RE(
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains 
undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
  qr'^\.(exe-ms)$',                       # banned file(1) types
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
  '.' => [  # the _first_ matching sender determines the score boost
   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),
   { # a hash-type lookup table (associative array)
usw.

Al

Al Bogner

Sandy Drobic

Al Bogner

Sandy Drobic

Al Bogner

Sandy Drobic

Al Bogner

Sandy Drobic

Al Bogner

Marco Maske

Al Bogner

tags

participants (3)