Menu
▾
▴
Re: [Assp-test] UnknownLocalSender / SpoofedSender for non-local domain
|
From: Zrin Z. <zri...@zi...> - 2018-01-30 09:42:38
|
Did check that - there was no "web.de" anywhere to find. Is it safe to empty the ldaplistdb? Is it normal that some entries in it contain line breaks? Example: @ziborski.net|::|[2018-01-30,06:24:27] @ziborski.net |::|[2018-01-30,08:03:05] VRFY @ziborski.net> |::|[2018-01-30,06:24:27] I've checked all of those: https://assp.my.net:55555/edit?file=DB-ldaplistdb¬e=1 https://assp.my.net:55555/edit?file=DB-LDAPShowDB¬e=8 (I guess it's the very same content) ./database/ldaplist ./ldaplist ./mysql/dbbackup/ldaplist* Couldn't find "web.de" there. Several weeks ago I did have a route (transport setting in postfix) for outgoing e-mails to web.de through another server, but that shouldnt touch local domains (?) BTW, when manually testung VRFY on the internal port for ASSP->Postfix I get following: 220 mx1.safemail.at ESMTP Postfix EHLO localhost 250-mx1.safemail.at 250-PIPELINING 250-SIZE 31457280 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN VRFY postmaster 252 2.0.0 postmaster VRFY pos...@sa... 252 2.0.0 pos...@sa... VRFY pos...@go... 252 2.0.0 pos...@go... VRFY pos...@we... 252 2.0.0 pos...@we... VRFY blahblah 550 5.1.1 <blahblah>: Recipient address rejected: User unknown in local recipient table VRFY bla...@we... 252 2.0.0 bla...@we... QUIT 221 2.0.0 Bye Thank you, best regards, Zrin Am 30.01.2018 um 09:18 schrieb Thomas Eckardt: > check the content of 'ldaplistdb' and remove all nolocal domain entries. > > eg. > @web.de > > Thomas > > > > > Von: "Zrin Ziborski" <zri...@zi...> > An: "ASSP development mailing list" <ass...@li...> > Datum: 29.01.2018 16:24 > Betreff: [Assp-test] UnknownLocalSender / SpoofedSender for non-local > domain > ------------------------------------------------------------------------ > > > > ASSP version 2.5.5(17223) > > Helo all, > > I've noticed [UnknownLocalSender] and [SpoofedSender] in the log for an > external incoming e-mail that has non-local from address: > > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> info: found message size announcement: 9.62 kByte > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [UnknownLocalSender] > 212.227.15.4 <xx...@we...> [monitoring] (Invalid Local Sender > 'xx...@we...') > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [SpoofedSender] > 212.227.15.4 <xx...@we...> [scoring] (No Spoofing Allowed > 'xx...@we...' in 'mailfrom') > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> Message-Score: added 37 (slValencePB) for No Spoofing > Allowed 'xx...@we...' in 'mailfrom', total score for this message is > now 37 > 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> to: rr...@de... info: remove IP-score from > 212.227.15.4 - this mail passed the SPF check > 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> to: rr...@de... Message-Score: added -5 > (spfpValencePB) for SPF pass, total score for this message is now 32 > > Settings: > > LocalAddresses_Flat: <empty> > localDomains: file:files/localdomains.txt <file://files/localdomains.txt> > DoVRFY: on > > files/localdomains.txt does NOT contain "web.de". > > LDAP is not used there. > > What can cause this behavior? > What can I do to debug that? > > Thank you in advance, > Zrin |
