AW: AW: Microsoft ESMTP MAIL Service

Joachim Fahrner jf at fahrner.name
Mo Jul 24 18:48:52 CEST 2017 

Am 2017-07-24 17:19, schrieb Walter H.:

> was soll das bringen, wenn damit eine Mailzustellung - eigentlich
> sinnlos - verzögert wird?
> die andere Seite, muss ja nicht sofort annehmen, und damit schaukelt
> sich etwas auf, was nicht wirklich Sinn macht;

Mit dem gleichen Argument müsstest du auch postscreen und postgrey 
ablehnen.

Hier eine aktuelles Beispiel wo es geholfen hätte (momentan hab ich es 
nur als warn_if_reject konfiguriert, deshalb kam die Phishing-Mail 
durch:

Jul 23 22:56:15 server postfix/postscreen[29838]: CONNECT from 
[85.13.129.212]:49554 to [172.31.1.100]:25
Jul 23 22:56:15 server postfix/dnsblog[29840]: addr 85.13.129.212 listed 
by domain list.dnswl.org as 127.0.5.1
Jul 23 22:56:21 server postfix/postscreen[29838]: PASS NEW 
[85.13.129.212]:49554
Jul 23 22:56:22 server postfix/smtpd[29843]: connect from 
dd3332.kasserver.com[85.13.129.212]
Jul 23 22:56:22 server postfix/smtpd[29843]: Anonymous TLS connection 
established from dd3332.kasserver.com[85.13.129.212]: TLSv1.2 with 
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 23 22:56:23 server postfix/cleanup[29850]: 1BEFC1016DC: 
message-id=<20170723205623.1BEFC1016DC at server.fahrner.name>
Jul 23 22:56:23 server postfix/qmgr[5188]: 1BEFC1016DC: 
from=<double-bounce at fahrner.name>, size=277, nrcpt=1 (queue active)
Jul 23 22:56:23 server postfix/verify[29848]: cache 
proxy:btree:/var/lib/postfix/verified_senders full cleanup: retained=475 
dropped=2 entries
Jul 23 22:56:23 server postfix/smtp[29851]: Trusted TLS connection 
established to w00c4958.kasserver.com[85.13.129.212]:25: TLSv1.2 with 
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 23 22:56:23 server postfix/smtp[29851]: 1BEFC1016DC: 
to=<sparkasse at autolederfarbe.de>, 
relay=w00c4958.kasserver.com[85.13.129.212]:25, delay=0.66, 
delays=0.01/0.04/0.55/0.06, dsn=5.1.1, status=undeliverable (host 
w00c4958.kasserver.com[85.13.129.212] said: 550 5.1.1 
<sparkasse at autolederfarbe.de>: Recipient address rejected: User unknown 
in virtual alias table (in reply to RCPT TO command))
Jul 23 22:56:23 server postfix/qmgr[5188]: 1BEFC1016DC: removed
Jul 23 22:56:26 server postfix/smtpd[29843]: NOQUEUE: reject_warning: 
RCPT from dd3332.kasserver.com[85.13.129.212]: 550 5.1.7 
<sparkasse at autolederfarbe.de>: Sender address rejected: undeliverable 
address: host w00c4958.kasserver.com[85.13.129.212] said: 550 5.1.1 
<sparkasse at autolederfarbe.de>: Recipient address rejected: User unknown 
in virtual alias table (in reply to RCPT TO command); 
from=<sparkasse at autolederfarbe.de> to=<jf at fahrner.name> proto=ESMTP 
helo=<dd3332.kasserver.com>
Jul 23 22:56:27 server policyd-weight[5974]: weighted check:  
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 CL_IP_EQ_FROM_MX=-3.1; 
<client=dd3332.kasserver.com[85.13.129.212]> <helo=dd3332.kasserver.com> 
<from=sparkasse at autolederfarbe.de> <to=jf at fahrner.name>; rate: -6.1
Jul 23 22:56:27 server policyd-weight[5974]: decided action=PREPEND 
X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 
CL_IP_EQ_FROM_MX=-3.1; rate: -6.1; 
<client=dd3332.kasserver.com[85.13.129.212]> <helo=dd3332.kasserver.com> 
<from=sparkasse at autolederfarbe.de> <to=jf at fahrner.name>; delay: 1s
Jul 23 22:56:27 server postfix/smtpd[29843]: 7B8991016DC: 
client=dd3332.kasserver.com[85.13.129.212]
Jul 23 22:56:27 server postfix/cleanup[29850]: 7B8991016DC: 
message-id=<20170723205615.2C7AC5C41420 at dd3332.kasserver.com>
Jul 23 22:56:27 server opendkim[4343]: 7B8991016DC: dd3332.kasserver.com 
[85.13.129.212] not internal
Jul 23 22:56:27 server opendkim[4343]: 7B8991016DC: not authenticated
Jul 23 22:56:27 server opendkim[4343]: 7B8991016DC: no signature data
Jul 23 22:56:27 server opendmarc[4353]: 7B8991016DC: autolederfarbe.de 
none
Jul 23 22:56:27 server spamd[3671]: spamd: got connection over 
/var/run/spamd.sock
Jul 23 22:56:27 server spamd[3671]: spamd: processing message 
<20170723205615.2C7AC5C41420 at dd3332.kasserver.com> for jf:116
Jul 23 22:56:28 server spamd[3671]: spamd: clean message (0.0/5.0) for 
jf:116 in 0.8 seconds, 7169 bytes.
Jul 23 22:56:28 server spamd[3671]: spamd: result: . 0 - 
HTML_MESSAGE,UNPARSEABLE_RELAY 
scantime=0.8,size=7169,user=jf,uid=116,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<20170723205615.2C7AC5C41420 at dd3332.kasserver.com>,autolearn=ham 
autolearn_force=no

Alles hat bei dieser Mail versagt: postscreen, dmarc, dkim, 
policyd-weight, spamassassin. Das einzige was geholfen hätte: 
sender_verify.

Mehr Informationen über die Mailingliste postfix-users