ich betreibe seit gut einem Jahr einen kleinen vServer mit Postfix als MTA, konfiguriert nach dem "Postfix richtig Konfigurieren"-HowTo aus diesem Forum. Damit bin ich auch nun rund ein Jahr lang recht gut gefahren, bis auf letzten Monat, seit dem bekomme ich an den Postmaster Mails, das meine Mails nicht akzeptiert werden da mein Host bei SORBS gelistet ist.
Das sagt mir SORBS:
Code: Select all
Database of vulnerable/hacked servers
Address and Port: <server ip>
Record Created: Sat Feb 14 16:47:08 2009 GMT
Record Updated: Sat Feb 14 16:47:08 2009 GMT
Additional Information: Spam Sending Trojan or Proxy attempted to send mail from/to from=<<benutzer>@<mein-reverse-dns>> to=<loaddcheapp@paticipating.domain> helo=<<mein-reverse-dns>>
Currently active and flagged to be published in DNS
If you wish to request a delisting please do so through the Support System.
Hier meine /etc/postfix/main.cf
Code: Select all
# The Mailserver will announce itself with this string .
smtpd_banner = $myhostname ESMTP $mail_name
# Deactivates user%domain -> user@domain rewriting.
allow_percent_hack = no
# Deactivates the notice for local users.
biff = no
# Needs to be yes, if outlook needs to connect.
broken_sasl_auth_clients = no
# Prevents some harvest attacks.
disable_vrfy_command = yes
# Use maildir instead of mbox, in the users dir.
home_mailbox = mail/
# 100 MB Quota for each mailbox.
mailbox_size_limit = 102400000
# 20 MB Quota for each message.
message_size_limit = 20480000
# Prevent root to be a victim of address masquerading.
masquerade_exceptions = root
# Domains of this machine. (We use virtual domains for mail I/O,
# so we only list the localhost and reverse dns entry here)
mydestination = localhost, <mein-reverse-dns>
# Same as the reverse-dns domain. Otherwise it's common that
# outgoing mails will be tagged as spam or rejected.
mydomain = <mein-reverse-dns>
# Additional domains for this machine.
virtual_alias_domains = <ein paar andere domains>
# Source of the address/user map for the virtual domains.
virtual_alias_maps = hash:/etc/postfix/virtual
# See $mydomain
myhostname = <mein-reverse-dns>
# We only trust this machine by default.
mynetworks_style = host
# The domain name that locally-posted mail appears to come from,
# and that locally posted mail is delivered to. (don't add the
# virtual domains here!)
myorigin = $mydomain
# Enable or disable recipient validation, built-in content filtering, or
# address mapping.
#receive_override_options = no_address_mappings
# Optional SMTP server access restrictions in the context of a client
# SMTP connection requests. Filters from first to last.
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
# reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname
# Optional access restrictions that the Postfix SMTP server applies in
# the context of the SMTP DATA command. Filters from first to last.
smtpd_data_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining
# Wait until the RCPT TO command before evaluating...
smtpd_delay_reject = yes
# HELO is required!
smtpd_helo_required = yes
# Optional restrictions that the Postfix SMTP server applies in the
# context of the SMTP HELO command. Filters from first to last.
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
# reject_unknown_helo_hostname
# The access restrictions that the Postfix SMTP server applies in the
# context of the RCPT TO command. Filters from first to last.
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
# permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_mx_access cidr:/etc/postfix/mx_access,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre
### check_policy_service inet:127.0.0.1:12525
# Enable SASL authentication in the Postfix SMTP server.
smtpd_sasl_auth_enable = yes
# Use Dovecot's SASL interface.
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# SASL Path
#smtpd_sasl_path = private/auth-client
# The name of the Postfix SMTP server's local SASL authentication realm.
#smtpd_sasl_local_domain =
#smtpd_sasl_type = dovecot
# SASL Auth settings
smtpd_sasl_security_options = noanonymous
# Optional restrictions that the Postfix SMTP server applies in the
# context of the MAIL FROM command. Filters from first to last.
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
# When TLS encryption is optional in the Postfix SMTP server, do not
# announce or accept SASL authentication over unencrypted connections.
smtpd_tls_auth_only = yes
# Do we use TLS?
#smtp_use_tls = yes
smtpd_use_tls = yes
# Announce that we use TLS on a connect?
smtp_tls_note_starttls_offer = yes
# Cert files.
#smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
smtpd_tls_key_file = /etc/ssl/private/mail.key
# Further TLS setup.
#smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Disable brocken SSLv2
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
# Alias entrys
alias_maps = hash:/etc/aliases
Es wäre prima wenn mir da jemand auf die Sprünge helfen könnte :)
