Hi, this morning I found a spam mail in my inbox, which normally should have been triggered by my spam milter. As I checked the headers, I found out that the milter service did not add any headers.
I checked the logs for the QID and found out that the milter was not even
requested. Further I saw that not even one milter was requested:
Mar 30 00:02:20 mx postfix/postscreen[20916]: PASS NEW
[2a02:4a8:ac24:126::105:130]:53402
Mar 30 00:02:20 mx postfix/smtpd[20918]: connect from
ipv6.antirelay.smtp.cz[2a02:4a8:ac24:126::105:130]:53402
Mar 30 00:02:22 mx postfix/smtpd[20918]: Anonymous TLS connection established
from ipv6.antirelay.smtp.cz[2a02:4a8:ac24:126::
105:130]:53402: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Mar 30 00:02:22 mx postfix/smtpd[20918]: 3vthZQ6rwlzGp4v:
client=ipv6.antirelay.smtp.cz[2a02:4a8:ac24:126::105:130]:53402
Mar 30 00:02:22 mx postfix/incoming/cleanup[20926]: 3vthZQ6rwlzGp4v:
message-id=<zru8bfm-qig3mz...@clementmedia.com>
Mar 30 00:02:23 mx postfix/qmgr[4629]: 3vthZQ6rwlzGp4v:
from=<l...@clementmedia.com>, size=57769, nrcpt=1 (queue active)
Mar 30 00:02:23 mx postfix/smtpd[20918]: disconnect from
ipv6.antirelay.smtp.cz[2a02:4a8:ac24:126::105:130]:53402 ehlo=2 starttls=1
mail=1 rcpt=1 data=1 quit=1 commands=7
Mar 30 00:02:23 mx postfix/lmtp[20920]: 3vthZQ6rwlzGp4v:
to=<de10...@srvint.net>, orig_to=<christ...@roessner-net.com>,
relay=::1[::1]:24, delay=0.32, delays=0.19/0.01/0.01/0.11, dsn=2.0.0,
status=sent (250 2.0.0 <de10...@srvint.net> GTYCBe8u3FjsUQAAm3ipfw Saved)
Mar 30 00:02:23 mx postfix/qmgr[4629]: 3vthZQ6rwlzGp4v: removed
There exists only one exception for turning off milters which is shown here:
smtpd_milter_maps:
---------------------------------------------------------------
# relay.roessner-net.de
134.255.226.249 DISABLE
[2a05:bec0:28:1:134:255:226:249] DISABLE
---------------------------------------------------------------
Unfortunately I do not know how to reproduce this issue. I do not understand
why none of the milters where requested.
There does not exist any special treatment for milters (say exceptions,
whatever) for milters except the server "relay" as shown above.
Here is a part of the main.cf that handles the milters:
main.cf:
---------------------------------------------------------------
vrfydmn_opposite = {
inet:[::1]:30074,
connect_timeout=5s,
default_action=accept
}
spammilter = {
inet:[::1]:30076,
connect_timeout=5s,
default_action=accept
}
milter_connect_macros =
j,
v,
{client_ptr},
{daemon_name},
{daemon_addr},
{daemon_port}
milter_mail_macros =
i,
{auth_type},
{auth_authen},
{auth_author},
{mail_addr},
{mail_host},
{mail_mailer},
{client_name}
incoming_smtpd_milters =
${vrfydmn_opposite},
${spammilter}
---------------------------------------------------------------
master.cf:
---------------------------------------------------------------
smtpd pass - - y - - smtpd
-o smtpd_milters=${incoming_smtpd_milters}
-o cleanup_service_name=cleanup2
---------------------------------------------------------------
As you see in the logs, there are no connect messages from both milters.
The setup is unchanged since months. The only thing that I could guess is:
- this spam is around midnight. At the same time (1-2mins difference), other
connections from "relay.roessner-net.de" and "mail.roessner-net.de" came in and
worked as expected. Daily logroate stuff. "relay" would switch off milters...
- Last "foreign" mail (not one of my own servers) sent a mail with working
milters at 23:45:22 and after 00:08:39
So the problem occurred when my relay server was active _and_ a remote MTA
connected.
But: If the timestamps are correct in syslog, I did not have simultaneous mails
at midnight. Just one-by-one. But several.
Any suggestions, if I miss something? Could this be a problem with
smtpd_milters_maps that some switching did not work as expected? I have no idea
:)
Btw: Postfix 3.2.0
Kind regards
Christian
--
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
smime.p7s
Description: S/MIME cryptographic signature
