Menu
▾
▴
Re: [Assp-test] UnknownLocalSender / SpoofedSender for non-local domain
|
From: Thomas E. <Tho...@th...> - 2018-01-30 10:13:20
|
>252 2.0.0 bla...@we... This is the wrong answer from your postfix. If assp sees this reply, it will cache 'web.de' as local domain for a while. Because, if bla...@we... is valid, web.de must be a local domain. Thomas Von: "Zrin Ziborski" <zri...@zi...> An: ass...@li... Datum: 30.01.2018 10:43 Betreff: Re: [Assp-test] UnknownLocalSender / SpoofedSender for non-local domain Did check that - there was no "web.de" anywhere to find. Is it safe to empty the ldaplistdb? Is it normal that some entries in it contain line breaks? Example: @ziborski.net|::|[2018-01-30,06:24:27] @ziborski.net |::|[2018-01-30,08:03:05] VRFY @ziborski.net> |::|[2018-01-30,06:24:27] I've checked all of those: https://assp.my.net:55555/edit?file=DB-ldaplistdb¬e=1 https://assp.my.net:55555/edit?file=DB-LDAPShowDB¬e=8 (I guess it's the very same content) ./database/ldaplist ./ldaplist ./mysql/dbbackup/ldaplist* Couldn't find "web.de" there. Several weeks ago I did have a route (transport setting in postfix) for outgoing e-mails to web.de through another server, but that shouldnt touch local domains (?) BTW, when manually testung VRFY on the internal port for ASSP->Postfix I get following: 220 mx1.safemail.at ESMTP Postfix EHLO localhost 250-mx1.safemail.at 250-PIPELINING 250-SIZE 31457280 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN VRFY postmaster 252 2.0.0 postmaster VRFY pos...@sa... 252 2.0.0 pos...@sa... VRFY pos...@go... 252 2.0.0 pos...@go... VRFY pos...@we... 252 2.0.0 pos...@we... VRFY blahblah 550 5.1.1 <blahblah>: Recipient address rejected: User unknown in local recipient table VRFY bla...@we... 252 2.0.0 bla...@we... QUIT 221 2.0.0 Bye Thank you, best regards, Zrin Am 30.01.2018 um 09:18 schrieb Thomas Eckardt: > check the content of 'ldaplistdb' and remove all nolocal domain entries. > > eg. > @web.de > > Thomas > > > > > Von: "Zrin Ziborski" <zri...@zi...> > An: "ASSP development mailing list" <ass...@li...> > Datum: 29.01.2018 16:24 > Betreff: [Assp-test] UnknownLocalSender / SpoofedSender for non-local > domain > ------------------------------------------------------------------------ > > > > ASSP version 2.5.5(17223) > > Helo all, > > I've noticed [UnknownLocalSender] and [SpoofedSender] in the log for an > external incoming e-mail that has non-local from address: > > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> info: found message size announcement: 9.62 kByte > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [UnknownLocalSender] > 212.227.15.4 <xx...@we...> [monitoring] (Invalid Local Sender > 'xx...@we...') > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [SpoofedSender] > 212.227.15.4 <xx...@we...> [scoring] (No Spoofing Allowed > 'xx...@we...' in 'mailfrom') > 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> Message-Score: added 37 (slValencePB) for No Spoofing > Allowed 'xx...@we...' in 'mailfrom', total score for this message is > now 37 > 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> to: rr...@de... info: remove IP-score from > 212.227.15.4 - this mail passed the SPF check > 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4 > <xx...@we...> to: rr...@de... Message-Score: added -5 > (spfpValencePB) for SPF pass, total score for this message is now 32 > > Settings: > > LocalAddresses_Flat: <empty> > localDomains: file:files/localdomains.txt <file://files/localdomains.txt > > DoVRFY: on > > files/localdomains.txt does NOT contain "web.de". > > LDAP is not used there. > > What can cause this behavior? > What can I do to debug that? > > Thank you in advance, > Zrin ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |
