Hello IP alapján szűrés postfixben hol működik hol nem

Fórumok

A probléma a fenti. Van egy építgetett listám a notorius spamelőkről akiknek az IP tartománya feketelistára kerül.
Ez a lista a /etc/postfix/helo_a_access.cidr fájlban lakik. (a /etc/postfix/helo_access hashelt domain nevek)

A tapasztalat az, hogy időnként mégis átvesz innen leveleket a postfix. Én nem látok benne hibát, de hátha ti észreveszitek.

Ime a releváns fájlok:

Postfix main.cf releváns sor:
   smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, check_helo_a_access cidr:/etc/postfix/helo_a_access.cidr, reject_invalid_hostname

A helo_a_access.cidr releváns sora:
  69.94.136.0/24     REJECT Spam from your IP range 69.94.136.0/24

Amikor jól működik:
  Dec  1 05:02:20 spamfilter3 postfix/smtpd[32666]: connect from prepare.kwyali.com[69.94.136.238]
  Dec  1 05:02:20 spamfilter3 postfix/smtpd[32394]: NOQUEUE: reject: RCPT from prepare.kwyali.com[69.94.136.238]: 554 5.7.1 <prepare.kgnths.com>: Helo command rejected: Spam from your IP range 69.94.136.0/24; from=<baloghmznwrwtmarietta@kgnths.com> to=<victim1@ceg.hu> proto=ESMTP helo=<prepare.kgnths.com>
  Dec  1 05:02:20 spamfilter3 postfix/smtpd[32394]: disconnect from prepare.kwyali.com[69.94.136.238] ehlo=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=3/5

Amikor nem működik jól:
  Dec  2 09:37:04 spamfilter3 postfix/smtpd[13885]: connect from develop.kwyali.com[69.94.136.247]
  Dec  2 09:37:05 spamfilter3 postfix/smtpd[13885]: 41C63101427: client=develop.kwyali.com[69.94.136.247]
  Dec  2 09:37:05 spamfilter3 postfix/cleanup[22006]: 41C63101427: hold: header Received: from develop.anketd.com (develop.kwyali.com [69.94.136.247])??by spamfilter3.ceg.hu (Postfix) with ESMTP id 41C63101427??for <victim@ceg.hu>; Mon,  2 Dec 2019 09:37:05 +0100 (CET) from develop.kwyali.com[69.94.136.247]; from=<bettinaznjdwqc@anketd.com> to=<victim@ceg.hu> proto=ESMTP helo=<develop.anketd.com>
  Dec  2 09:37:05 spamfilter3 postfix/cleanup[22006]: 41C63101427: message-id=<fowneakdfyrujjgvqaayxwgzxugasunmxau@gp.anketd.com>
  Dec  2 09:37:05 spamfilter3 postfix/smtpd[13885]: disconnect from develop.kwyali.com[69.94.136.247] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
  Dec  2 09:37:07 spamfilter3 MailScanner[4401]: New Batch: Scanning 1 messages, 4800 bytes
  Dec  2 09:37:07 spamfilter3 MailScanner[4401]: Virus and Content Scanning: Starting
  Dec  2 09:37:07 spamfilter3 MailScanner[4401]: <A> tag found in message 41C63101427.A9AEE from bettinaznjdwqc@anketd.com
  Dec  2 09:37:07 spamfilter3 MailScanner[4401]: HTML Img tag found in message 41C63101427.A9AEE from bettinaznjdwqc@anketd.com
  Dec  2 09:37:07 spamfilter3 MailScanner[4401]: Spam Checks: Starting
  Dec  2 09:37:08 spamfilter3 MailScanner[4401]: Message 41C63101427.A9AEE from 69.94.136.247 (bettinaznjdwqc@anketd.com) to ceg.hu is spam, SpamAssassin (not cached, pont=7.119, szukseges 4, BAYES_50 0.80, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FROM_FMBLA_NEWDOM28 0.80, FROM_LOCAL_NOVOWEL 0.50, HK_RANDOM_ENVFROM 0.00, HK_RANDOM_FROM 1.00, HTML_IMAGE_ONLY_16 1.09, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_2 0.00, SPF_HELO_NONE 0.00, SPF_SOFTFAIL 0.67, T_REMOTE_IMAGE 0.01, URIBL_ABUSE_SURBL 1.25)
  Dec  2 09:37:08 spamfilter3 MailScanner[4401]: Spam Checks: Found 1 spam messages
  Dec  2 09:37:08 spamfilter3 MailScanner[4401]: Spam Actions: message 41C63101427.A9AEE actions are store
  Dec  2 09:37:08 spamfilter3 MailScanner[4401]: Deleted 1 messages from processing-database
  Dec  2 09:37:08 spamfilter3 MailScanner[4401]: MailWatch: Logging message 41C63101427.A9AEE to SQL

Hozzászólások

subscribe

Blog | @hron84

valahol egy üzemeltetőmaci most mérgesen toppant a lábával 

via @snq-

Szerkesztve: 2019. 12. 02., h - 19:20

Szia!

Jó kérdés, az én konfigom így néz ki, és nincs ilyen probléma:

 

/etc/postfix/main.cf
smtpd_sender_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_sender_login_mismatch,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unknown_reverse_client_hostname,
    reject_unauth_destination,
    check_sender_access pcre:/etc/postfix/sender_access,
    check_client_access cidr:/etc/postfix/client_access

smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_reject_unlisted_recipient = yes
smtp_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access

/etc/postfix/sender_access
    192.168.0.0/24 REJECT 550
    
/etc/postfix/client_access
    /^.*\.icu$/ REJECT 550
    
/etc/postfix/esmtp_access
    192.168.0.0/24 auth, rcpt, mail

 

Ha a /etc/postfix/X_access fájlokat módósítod, akkor nem kell újraindítani a postfix-et, változásokat alkamazza egyből, ahogy elmented a fájlt.

root ~ host prepare.kgnths.com

prepare.kgnths.com has address 69.94.136.238

 

root ~ # host develop.anketd.com

develop.anketd.com has address 80.249.161.172

Debian Linux rulez... :D
RIP Ian Murdock

Aha! A kis ravasz a develop.kwyali.com [69.94.136.247] de hellozni már a develop.anketd.com címet kezdi.

Dec  2 09:37:05 spamfilter3 postfix/cleanup[22006]: 41C63101427: hold: header Received: from develop.anketd.com (develop.kwyali.com [69.94.136.247])??by spamfilter3.ceg.hu (Postfix) with ESMTP id 41C63101427??for <victim@ceg.hu>; Mon,  2 Dec 2019 09:37:05 +0100 (CET) from develop.kwyali.com[69.94.136.247]; from=<bettinaznjdwqc@anketd.com> to=<victim@ceg.hu> proto=ESMTP helo=<develop.anketd.com>

Ezek szerint kellene még egy check_client_access is a master.cf-be.