PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : "UNSOLICITED BULK EMAIL" - Benachrichtigung



Pinky
07.03.09, 12:36
Hallo,
ich habe hier einen Mailserver mit Postfix in Verbindung mit Amavis laufen. Seit ich vor die jeweiligen Programme via apt vor einigen Tagen geupdatet habe, erhalte ich unter einigen Mailkontos folgende Benachrichtigungen. Sie sind sehr lästig, und daher will ich sie nicht mehr erhalten.

Beispiel für info@example.com:


A message from <kyhexamplefop@example.de> to:
-> example@example.lan

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 15637-09/CSV6DBOESU06

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [127.0.0.1] localhost
According to a 'Received:' trace, the message originated at: [190.65.4.42],
[190.65.4.42] unknown [190.65.4.42]

Return-Path: <kyhexamplefop@example.de>
Message-ID: <20090306152055.BB98172D49@example.mailserver.com>
Subject: About our common friend Jack

Delivery of the email was stopped!



Reporting-MTA: dns; server-debian.example.lan
Received-From-MTA: smtp; server-debian.example.lan ([127.0.0.1])
Arrival-Date: Fri, 6 Mar 2009 16:22:36 +0100 (CET)

Original-Recipient: rfc822;example@example.lan
Final-Recipient: rfc822;example@example.lan
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=15637-09 - SPAM
Last-Attempt-Date: Fri, 6 Mar 2009 16:22:36 +0100 (CET)
Final-Log-ID: 15637-09/CSV6DBOESU06



Return-Path: <kyhexamplefop@example.de>
Received: from server-debian.example.lan (localhost [127.0.0.1])
by server-debian.example.lan (Postfix) with ESMTP id 2382EF7B6B
for <example@example.lan>; Fri, 6 Mar 2009 16:22:34 +0100 (CET)
X-Original-To: kyhexamplefop@example.de
Delivered-To: user@example.mailserver.com
Received: from mail.example.de [85.13.130.43]
by server-debian.example.lan with POP3 (fetchmail-6.3.9-rc2)
for <example@example.lan> (single-drop); Fri, 06 Mar 2009 16:22:35 +0100 (CET)
Received: from [190.65.4.42] (unknown [190.65.4.42])
by example.mailserver.com (Postfix) with ESMTP id BB98172D49
for <kyhexamplefop@example.de>; Fri, 6 Mar 2009 16:20:55 +0100 (CET)
From: kyhexamplefop@example.de
To: kyhexamplefop@example.de
Subject: About our common friend Jack
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Message-Id: <20090306152055.BB98172D49@example.mailserver.com>
Date: Fri, 6 Mar 2009 16:20:55 +0100 (CET)
X-KasLoop: v11174315


Der Weg den die Mails einschlagen ist folgender: Fetchmail->Postfix->Amavis(i.V.m. spamassassin, clamav)->Postfix->Dovecot

Postfix:master.cf


....
#Amavis
#
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
retry unix - - - - - error
....


Posfix: postconf -n


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
home_mailbox = .mails/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
message_size_limit = 10485760
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = example.lan
myhostname = server-debian.example.lan
mynetworks = 192.168.11.0/24
myorigin = /etc/mailname
parent_domain_matches_subdomains =
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost = [example.mailserver.de]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = reject_invalid_hostname
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_address
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/mail.cert
smtpd_tls_key_file = /etc/postfix/mail.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_mailbox_limit = 0



amavis: 15_content_filter_mode


use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return


amavis: 20_debian_defaults


$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes
$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA
$final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)

$virus_admin = undef; # due to D_DISCARD default

# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";

....



Ich wäre sehr dankbar über eine Lösungstrategie dieses Problems.
Danke
Michael

scribble
08.03.09, 11:25
Ich hatte vor einiger Zeit ein ähnliches Problem und konnte es mit einer Änderung in der Amavis-Konfiguration in der Datei 20_debian_defaults lösen. Dort stand (und steht bei Dir)

$final_spam_destiny = D_BOUNCE;Das bedeutet AFAIK soviel wie, "Schicke als Spam erkannte Mails an den (vermeintlichen) Absender zurück mit einer vorbereiteten Nachricht". Genau das wollte ich nicht, also habe ich D_BOUNCE auf D_DISCARD geändert, was auch bei $final_virus_destiny verwendet wird. Seither habe ich zumindest von diesen Benachrichtungsmails Ruhe. Allerdings beschränken sich meine Fähigkeiten im Bezug auf Mailserver auf "Mit Google suchen und ausprobieren, ob das Gefundene hilft", also ohne Garantie ;)

Bis dann,

scribble

Pinky
08.03.09, 11:57
Vielen Dank für deine Antwort Scribble.