Re: Spampd proxy bypassed by some mails

Fri, 28 May 2010 02:41:25 -0700 

Am 28.05.2010 01:59, schrieb Jan-Kaspar Münnich:
> On 28.05.2010, at 24:12, mouss wrote:
> 
>> check your spampd: as there any cases where it would pass mail without
>> checking it Example: wrong whitelisting mechanism. a common error in
>> spamassassin is to use whitelist_from (which is easily abused by sender
>> forgery).
> 
> I'm sure it can't be a misconfiguration of spampd or Spamassassin, since 
> Postfix just doesn't relay these mails to spampd, so the error must be at 
> Posfix:
> 
> May 26 14:04:48 mail postfix/smtpd[18487]: connect from 
> 220-143-62-59.dynamic.hinet.net[220.143.62.59]
> May 26 14:04:49 mail postfix/smtpd[18487]: setting up TLS connection from 
> 220-143-62-59.dynamic.hinet.net[220.143.62.59]
> May 26 14:04:50 mail postfix/smtpd[18487]: Anonymous TLS connection 
> established from 220-143-62-59.dynamic.hinet.net[220.143.62.59]: TLSv1 with 
> cipher RC4-MD5 (128/128 bits)
> May 26 14:04:51 mail postfix/smtpd[18487]: CB46FD60008: 
> client=220-143-62-59.dynamic.hinet.net[220.143.62.59]
> May 26 14:04:53 mail postfix/cleanup[18188]: CB46FD60008: message-id=<>
> May 26 14:04:53 mail postfix/qmgr[18055]: CB46FD60008: 
> from=<canad...@yahoo.com>, size=717, nrcpt=1 (queue active)
> May 26 14:04:53 mail postfix/virtual[18464]: CB46FD60008: 
> to=<x...@xxxxxxx.xx>, orig_to=<xxxxxxxx...@xxxxxxx.xx>, relay=virtual, 
> delay=2.1, delays=2.1/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
> May 26 14:04:53 mail postfix/qmgr[18055]: CB46FD60008: removed
> May 26 14:04:54 mail postfix/smtpd[18487]: lost connection after RSET from 
> 220-143-62-59.dynamic.hinet.net[220.143.62.59]
> May 26 14:04:54 mail postfix/smtpd[18487]: disconnect from 
> 220-143-62-59.dynamic.hinet.net[220.143.62.59]
> 
>> didn't check all your samples, but as for hinet, if you "have no hope
>> from them", then firewall them:
> 
> Sure, I could block them with Postfix, a RBL would be enough. But I wonder 
> why they are not relayed properly (It really happens only at exactly these 
> messages [http://pastebin.com/4arTzeRu], less than at 1 of 100.000). After 
> several hours of research there are only two possibilities: Either I made a 
> weird mistake and have overseen something or there is a bug somewhere.
> 
> Jan-Kaspar

you should reject all .dynamic.hinet.net by access table
you will never miss mail
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Reply via email to