I have the follosing restrictions in main.cf:
smtpd_client_restrictions = permit_mynetworks,
reject_unknown_reverse_client_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_invalid_hostname, check_policy_service
unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining,
reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/access, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_invalid_hostname
and I recently received an e-mail I thought should have been rejected.
The header is below (x headers and DKIM removed):
Return-Path: <g...@hz.gov.cn>
Received: from localhost (localhost [127.0.0.1])
by server.howitts.co.uk (Cyrus
v2.4.17-Fedora-RPM-2.4.17-8.v7.1) with LMTPA;
Sun, 24 Mar 2019 10:09:39 +0000
Received: from localhost (localhost [127.0.0.1])
by howitts.co.uk (Postfix) with ESMTP id 16BB7401361E
for <usern...@howitts.co.uk>; Sun, 24 Mar 2019 10:09:39 +0000 (GMT)
Authentication-Results: server.howitts.co.uk (amavisd-new);
dkim=pass (2048-bit key) header.d=howitts.co.uk
Received: from howitts.co.uk ([127.0.0.1])
by localhost (server.howitts.co.uk [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id 2mbKEOm3NT5q for <usern...@howitts.co.uk>;
Sun, 24 Mar 2019 10:09:35 +0000 (GMT)
Received: from localhost (localhost [127.0.0.1])
by howitts.co.uk (Postfix) with ESMTP id E1436403B6E4
for <usern...@howitts.co.uk>; Sun, 24 Mar 2019 10:09:34 +0000 (GMT)
Received: from hz.cn (unknown [220.191.208.116])
by howitts.co.uk (Postfix) with ESMTP id 6614E401361E
for <usern...@howitts.co.uk>; Sun, 24 Mar 2019 10:09:30 +0000 (GMT)
Received: from [92-245-104-63.mega.kg] (unknown [92.245.104.63])
by app2 (Coremail) with SMTP id wROGCgAXH_P5Updcy7ZsAw--.3795S5;
Sun, 24 Mar 2019 17:51:01 +0800 (CST)
From: <usern...@howitts.co.uk>
Organization: Jkhkuhcoqn
Subject: [SPAM] username
User-Agent: SquirrelMail/1.4.8-21.el5.centos
List-Unsubscribe:
<https://oylnc.us3.list-manage.com/unsubscribe?u=umdm5qcwce820ce70m9rutyr6&id=ly5letal4f&e=ll9g3ot0od&c=pyfmiaa2ye>,
<mailto:unsubscribe-mc.rw1s4zl6qkbln4706b...@mailin.hz.gov.cn?subject=unsubscribe>
Message-ID: <um6q1ali-l34m-1ngs-7v36-9xquw37ned8b>
X-Sender-Info: <g...@hz.gov.cn>
Date: Sun, 24 Mar 2019 10:51:03 +0100
To: usern...@howitts.co.uk
Content-Type: multipart/related;
boundary="--_com.android.email_77040368709730"
MIME-Version: 1.0
Sender: g...@hz.gov.cn
I would have expected this to have been dropped by the
reject_unknown_reverse_client_hostname filter as 220.191.208.116 does
not have a PTR record. The logs for this transaction (amavis and
opendkim removed to cut the output) are:
Mar 24 10:09:30 server postfix/smtpd[8102]: warning: hostname
mail.hz.cn does not resolve to address 220.191.208.116
Mar 24 10:09:30 server postfix/smtpd[8102]: connect from
unknown[220.191.208.116]
Mar 24 10:09:31 server postgrey[800]: action=pass, reason=triplet
found, delay=724, client_name=unknown,
client_address=220.191.208.116, sender=g...@hz.gov.cn,
recipient=usern...@howitts.co.uk
Mar 24 10:09:31 server postfix/smtpd[8102]: 6614E401361E:
client=unknown[220.191.208.116]
Mar 24 10:09:32 server postfix/cleanup[8108]: 6614E401361E:
message-id=<um6q1ali-l34m-1ngs-7v36-9xquw37ned8b>
Mar 24 10:09:34 server postfix/qmgr[4531]: 6614E401361E:
from=<g...@hz.gov.cn>, size=242365, nrcpt=1 (queue active)
Mar 24 10:09:34 server postfix/smtpd[8127]: connect from
localhost[127.0.0.1]
Mar 24 10:09:34 server postfix/smtpd[8127]: E1436403B6E4:
client=localhost[127.0.0.1]
Mar 24 10:09:34 server postfix/cleanup[8108]: E1436403B6E4:
message-id=<um6q1ali-l34m-1ngs-7v36-9xquw37ned8b>
Mar 24 10:09:35 server postfix/qmgr[4531]: E1436403B6E4:
from=<g...@hz.gov.cn>, size=242537, nrcpt=1 (queue active)
Mar 24 10:09:35 server postfix/smtpd[8127]: disconnect from
localhost[127.0.0.1]
Mar 24 10:09:35 server postfix/pipe[8124]: 6614E401361E:
to=<usern...@howitts.co.uk>, relay=mailprefilter, delay=4.2,
delays=3.9/0.01/0/0.28, dsn=2.0.0, status=sent (delivered via
mailprefilter service)
Mar 24 10:09:35 server postfix/qmgr[4531]: 6614E401361E: removed
Mar 24 10:09:35 server postfix/smtpd[8102]: disconnect from
unknown[220.191.208.116]
Mar 24 10:09:39 server postfix/smtpd[8146]: connect from
localhost[127.0.0.1]
Mar 24 10:09:39 server postfix/smtpd[8146]: 16BB7401361E:
client=localhost[127.0.0.1]
Mar 24 10:09:39 server postfix/cleanup[8108]: 16BB7401361E:
message-id=<um6q1ali-l34m-1ngs-7v36-9xquw37ned8b>
Mar 24 10:09:39 server postfix/qmgr[4531]: 16BB7401361E:
from=<g...@hz.gov.cn>, size=244229, nrcpt=1 (queue active)
Mar 24 10:09:39 server postfix/smtpd[8146]: disconnect from
localhost[127.0.0.1]
Mar 24 10:09:39 server postfix/smtp[8129]: E1436403B6E4:
to=<usern...@howitts.co.uk>, relay=127.0.0.1[127.0.0.1]:10024,
delay=4.4, delays=0.23/0.01/0/4.2, dsn=2.0.0, status=sent (250 2.0.0
from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 16BB7401361E)
Mar 24 10:09:39 server postfix/qmgr[4531]: E1436403B6E4: removed
Mar 24 10:09:39 server lmtp[8153]: Delivered:
<um6q1ali-l34m-1ngs-7v36-9xquw37ned8b> to mailbox: user.username
Mar 24 10:09:39 server lmtp[8153]: USAGE username user: 0.002008
sys: 0.005020
Mar 24 10:09:39 server postfix/pipe[8150]: 16BB7401361E:
to=<usern...@howitts.co.uk>, relay=mailpostfilter, delay=0.44,
delays=0.23/0.01/0/0.21, dsn=2.0.0, status=sent (delivered via
mailpostfilter service)
Mar 24 10:09:39 server postfix/qmgr[4531]: 16BB7401361E: removed
Have I misunderstood something or is something else at play?
Thanks,
Nick
