Emails von knuddels.de werden nicht entgegen genommen

[Mericon]

Hallo da sich vor 2 Tagen jemand der eine email bei mir hat gemeldet hat das emails vom Chat knuddels.de nicht ankommen habe ich versucht das problem zu lösen aber werde aus dem fehler in der mail.log und mail.warn nicht ganz schlau.

ich hoffe ihr könnt mir helfen.

(kann den eigenen hostnamen nicht ändern aber reverse eintrag is vorhanden)

eintrage aus der:
mail.warn

Jun 16 06:11:10 clients postfix/smtpd[2971]: warning: unknown[218.20.133.132]: SASL LOGIN authentication failed: authentication failure
Jun 16 06:26:09 clients postfix/local[18778]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled


einträge aus der:
mail.log

Jun 16 01:31:45 clients postfix/smtpd[27306]: connect from chat.knuddels.de[213.61.5.150]
Jun 16 01:31:45 clients postfix/smtpd[27306]: NOQUEUE: reject: RCPT from chat.knuddels.de[213.61.5.150]: 504 5.5.2 <Opteron2>: Helo command rejected: need fully-qualified hostname; from=<James@knuddels.de> to=<knutschbaerchen@dj-mericon.de> proto=ESMTP helo=<Opteron2>
Jun 16 01:31:45 clients postfix/smtpd[27306]: disconnect from chat.knuddels.de[213.61.5.150]


meine
main.cf


#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

mynetworks_style = host


mydomain = mail.dj-mericon.de
myorigin = $mydomain


smtpd_banner = $myhostname ESMTP ispCP 1.0 Priamos Managed 1.0.0 RC4 OMEGA
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/ispcp/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail

# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 204857600
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database

#
# ISPCP Autoresponder parameters;
#

ispcp-arpl_destination_recipient_limit = 1

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0

virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes

virtual_alias_maps = hash:/etc/postfix/ispcp/aliases

virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:8

#
# SASL paramters;
#

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
permit

smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining


#
# TLS parameters; activate, if avaible/used
#

#smtpd_tls_loglevel = 2
#smtpd_tls_cert_file = /etc/postfix/cert.pem
#smtpd_tls_key_file = /etc/postfix/privkey.pem
#smtpd_use_tls = yes
#smtpd_tls_auth_only = no
#smtpd_tls_received_header = yes


#
# AMaViS parameters; activate, if available/used
#

#content_filter = amavis:[127.0.0.1]:10024

#
# Quota support; activate, if available/used
#

#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce = yes


schonmal vielen dank

[Cube]

Quote:Helo command rejected: need fully-qualified hostname; from=<James@knuddels.de> to=<knutschbaerchen@dj-mericon.de> proto=ESMTP helo=<Opteron2>

Nehme mit dem Admin von knuddels.de Kontakt auf und weise in darauf hin, dass sein Mailserver sich nicht RFC-konform verhält und beim Helo keinen FQDN angibt. Bei seiner Konfiguration werden die Mails auch von anderen Servern nicht angenommen oder zumindest mit einem hohen Spam-Score versehen.

Du kannst zwar auch das "reject_non_fqdn_helo_hostname" aus der Postfix-main.cf löschen, doch erleichterst du damit auch Spamversendern die Arbeit.

[Mericon]

So erstmal vielen dank für die schnelle antwort.

Ich habe dem Administrator nun eine mail geschrieben aber gleichzeitig auch einmal probiert das "reject_non_fqdn_helo_hostname" rauszunehmen was aber keine wirkung zeigte

nunja mal sehn was der admin schreibt

[Cube]

Quote:was aber keine wirkung zeigte

Was heißt keine Wirkung? Sind seit dem weitere Mails abgelehnt worden? Wenn ja, Postfix neu gestartet?

[rbtux]

mach eine white list.

check_client_access hash:/etc/postfix/gurkensysteme.hash vor den anderen Restriktionen in smtpd_*_restrictions

gurkensysteme.hash:
213.61.5.150 OK

postmap /etc/postfix/gurkensysteme.hash

postfix reload


das müsste das Problem temporär lösen...

[Mericon]

Leider hat dein tip auch nicht geholfen

Code:

smtpd_helo_required = yes

smtpd_helo_restrictions      = check_client_access hash:/etc/postfix/gurkensysteme.hash
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_invalid_helo_hostname,
                            
smtpd_sender_restrictions    = check_client_access hash:/etc/postfix/gurkensysteme.hash
                               reject_non_fqdn_sender,
                               reject_unknown_sender_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated

smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/gurkensysteme.hash
                               reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
                               permit

smtpd_data_restrictions = check_client_access hash:/etc/postfix/gurkensysteme.hash
reject_multi_recipient_bounce,
reject_unauth_pipelining
[/code]

[rbtux]

also das komma gemacht?

mach mal postconf -n und poste die ausgabe. Auch wäre ein Logauszug praktisch....

[Mericon]

hier ist noch meine postconf -n

alias_database = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 204857600
mydestination = $myhostname, $mydomain
mydomain = mail.dj-mericon.de
mynetworks_style = host
myorigin = $mydomain
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP ispCP 1.0 Priamos Managed 1.0.0 RC4 OMEGA
smtpd_data_restrictions = check_client_access hash:/etc/postfix/white.hash, reject_multi_recipient_bounce, reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = check_client_access hash:/etc/postfix/white.hash, permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname,
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/white.hash, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_client_access hash:/etc/postfix/white.hash, reject_non_fqdn_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated
transport_maps = hash:/etc/postfix/ispcp/transport
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000


kann leider im moment nichts testen da mein domain anbieter die DNS einträge geschossen hat (nie wieder evanzo)

hoffe das es aber in ca 2 -4 stunden behoben sein wird

[Mericon]

hat keiner mehr eine idee ?

leider antwortet der Admin nicht auf meine mails.


update: hab mal etwas rum experementiert und folgendes rausgenommen:

Code:

smtpd_helo_required          = yes

smtpd_helo_restrictions      = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_invalid_helo_hostname,
                               reject_non_fqdn_helo_hostname

smtpd_sender_restrictions    = reject_non_fqdn_sender,
                               reject_unknown_sender_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
                               check_policy_service inet:127.0.0.1:12525,
                               check_policy_service inet:127.0.0.1:60000,
                               permit

smtpd_data_restrictions      = reject_multi_recipient_bounce,
                               reject_unauth_pipelining

null erfolg also wieder eingefügt. (es wurde nur testweise entfernt um danach weiter eingrenzen zu können also try & error prinzip)

[platzwart]

naja, wenn der sich nicht meldet, ist es sein prob. gib das doch so an deine kunden weiter, das der typ sich nicht an die konventionen hält und somit eine sicherheitslücke darstellt...