Hilfe mit Postfix

[Serow]

Hi,

ich habe gerade einen Mailserver aufesetzt. Beim senden einer Mail kamen folgende Zeilen im Log:

Jan  5 16:51:44 zoom postfix/smtpd[5968]: connect from dslb-178-007-138-148.pools.arcor-ip.net[178.7.138.148]
Jan  5 16:51:58 zoom postfix/smtpd[5968]: 88311132468: client=dslb-178-007-138-148.pools.arcor-ip.net[178.7.138.148], sasl_method=PLAIN, sasl_username=mathias
Jan  5 16:51:58 zoom postfix/cleanup[5973]: 88311132468: message-id=<20110105155146.GA16019@mini.mathias-ewald.invalid>
Jan  5 16:51:58 zoom postfix/qmgr[5349]: 88311132468: from=<mathias@mathias-ewald.de>, size=3063, nrcpt=1 (queue active)
Jan  5 16:51:59 zoom postfix/smtpd[5968]: disconnect from dslb-178-007-138-148.pools.arcor-ip.net[178.7.138.148]
Jan  5 16:52:04 zoom postfix/smtpd[5968]: connect from mailhost.fernuni-hagen.de[132.176.114.94]
Jan  5 16:52:04 zoom postfix/smtpd[5968]: disconnect from mailhost.fernuni-hagen.de[132.176.114.94]
Jan  5 16:52:04 zoom postfix/smtp[5974]: 88311132468: to=<************@FernUni-Hagen.de>, relay=mailhost.FernUni-Hagen.de[132.176.114.94]:25, delay=5.7, delays=0.45/0.01/5.1/0.09, dsn=5.0.0, status=bounced (host mailhost.FernUni-Hagen.de[132.176.114.94] said: 550-Callback setup failed while verifying <mathias@mathias-ewald.de> 550-Called:   88.198.108.19 550-Sent:     MAIL FROM:<> 550-Response: 530 5.7.0 Must issue a STARTTLS command first 550-The initial connection, or a HELO or MAIL FROM:<> command was 550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards 550-RFC requirements, and stops you from receiving standard bounce 550-messages. This host does not accept mail from domains whose servers 550-refuse bounces. 550 Sender verify failed (in reply to RCPT TO command))
Jan  5 16:52:04 zoom postfix/cleanup[5973]: 2C81B13247C: message-id=<20110105155204.2C81B13247C@zoom.mathias-ewald.de>
Jan  5 16:52:04 zoom postfix/qmgr[5349]: 2C81B13247C: from=<>, size=6068, nrcpt=1 (queue active)
Jan  5 16:52:04 zoom postfix/bounce[5975]: 88311132468: sender non-delivery notification: 2C81B13247C
Jan  5 16:52:04 zoom postfix/qmgr[5349]: 88311132468: removed
Jan  5 16:52:04 zoom postfix/local[5977]: 2C81B13247C: to=<mathias@mathias-ewald.de>, relay=local, delay=0.06, delays=0.03/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)

Folgende Bounce Mail kam dann direkt an:

This is the mail system at host zoom.mathias-ewald.de.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<************@FernUni-Hagen.de>: host
    mailhost.FernUni-Hagen.de[132.176.114.94] said: 550-Callback setup failed
    while verifying <mathias@mathias-ewald.de> 550-Called:   88.198.108.19
    550-Sent:     MAIL FROM:<> 550-Response: 530 5.7.0 Must issue a STARTTLS
    command first 550-The initial connection, or a HELO or MAIL FROM:<> command
    was 550-rejected. Refusing MAIL FROM:<> does not help fight spam,
    disregards 550-RFC requirements, and stops you from receiving standard
    bounce 550-messages. This host does not accept mail from domains whose
    servers 550-refuse bounces. 550 Sender verify failed (in reply to RCPT TO
    command)

[-- Attachment #2: Delivery report --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.9K --]

Reporting-MTA: dns; zoom.mathias-ewald.de
X-Postfix-Queue-ID: 88311132468
X-Postfix-Sender: rfc822; mathias@mathias-ewald.de
Arrival-Date: Wed,  5 Jan 2011 16:51:58 +0100 (CET)

Final-Recipient: rfc822; **********@FernUni-Hagen.de
Original-Recipient: rfc822;**********@FernUni-Hagen.de
Action: failed
Status: 5.0.0
Remote-MTA: dns; mailhost.FernUni-Hagen.de
Diagnostic-Code: smtp; 550-Callback setup failed while verifying
    <mathias@mathias-ewald.de> 550-Called:   88.198.108.19 550-Sent:     MAIL
    FROM:<> 550-Response: 530 5.7.0 Must issue a STARTTLS command first 550-The
    initial connection, or a HELO or MAIL FROM:<> command was 550-rejected.
    Refusing MAIL FROM:<> does not help fight spam, disregards 550-RFC
    requirements, and stops you from receiving standard bounce 550-messages.
    This host does not accept mail from domains whose servers 550-refuse
    bounces. 550 Sender verify failed

Was ist da passiert?

Grüße
serow

 

[bitmuncher]

Die Sender-Verifikation beim empfangenden Mailserver ist fehlgeschlagen. Dies geschieht im Normalfall wenn der Reverse-Lookup nicht funktioniert, d.h. nicht auf die Domain der Sender-Email-Adresse verweist, oder wenn die Sender-Email-Adresse nicht valide ist.

 

[Serow]

Hi,

der Reverse Lookup funktioniert tatsächlich nicht:

mathias@mini:~$ nslookup mathias-ewald.de
Server:         10.0.0.1
Address:        10.0.0.1#53

Non-authoritative answer:
Name:   mathias-ewald.de
Address: 88.198.108.19

mathias@mini:~$ nslookup 88.198.108.19
Server:         10.0.0.1
Address:        10.0.0.1#53

Non-authoritative answer:
19.108.198.88.in-addr.arpa      name = static.88-198-108-19.clients.your-server.de.

Authoritative answers can be found from:
108.198.88.in-addr.arpa nameserver = ns3.second-ns.de.
108.198.88.in-addr.arpa nameserver = ns1.your-server.de.
108.198.88.in-addr.arpa nameserver = ns.second-ns.com.
ns.second-ns.com        internet address = 213.239.204.242

mathias@mini:~$

Eigentlich habe ich den Eintrag bei Hetzner (mein vServer Provider) gesetzt. Wie lange kann es dauern, bis sich sowas rumspricht?

Grüße
serow

 

[bitmuncher]

Im Durchschnitt dauert sowas 4-24h, je nach Update-Intervall des DNS-Servers, der die Auflösung macht.

 

[Serow]

Hi,

okay danke. Mal sehen was morgen ist ^^ Da der Thread "Hilfe mit Postfix" heisst und ich noch ein Problem habe, stell ich die Frage gleich hier:

Jan  5 19:32:11 zoom postfix/smtpd[8353]: connect from mm-notify-out-21101.amazon.com[194.154.193.200]
Jan  5 19:32:11 zoom postfix/smtpd[8353]: lost connection after EHLO from mm-notify-out-21101.amazon.com[194.154.193.200]
Jan  5 19:32:11 zoom postfix/smtpd[8353]: disconnect from mm-notify-out-21101.amazon.com[194.154.193.200]
Jan  5 19:33:32 zoom postfix/smtpd[8353]: connect from 118-167-3-198.dynamic.hinet.net[118.167.3.198]
Jan  5 19:33:33 zoom postfix/smtpd[8353]: lost connection after HELO from 118-167-3-198.dynamic.hinet.net[118.167.3.198]
Jan  5 19:33:33 zoom postfix/smtpd[8353]: disconnect from 118-167-3-198.dynamic.hinet.net[118.167.3.198]

Dieses "lost connection after EHLO|HELO" klingt für meine nicht-postfix-Ohren ziemlich mieß. Was ist hier das Problem? Gibt es überhaupt eins? Vllt poste ich mal meine main.cf dazu:

mathias@zoom:~$ cat /etc/postfix/main.cf | grep -v ^\s*$ | grep -v ^#
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
home_mailbox = mails/
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_enforce_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_hostname
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = no
myhostname = zoom.mathias-ewald.de
mydomain = mathias-ewald.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mathias-ewald.de, localhost.mathias-ewald.de, localhost
mailbox_size_limit = 0
message_size_limit = 0
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
recipient_delimiter = +
inet_interfaces = all
mathias@zoom:~$

ciao
serow

 

[bitmuncher]

Das Lost-Connection wird dir in den Logs vieler Mailserver immer wieder begegnen. Ursache ist meist, dass irgendwelche Bots testen ob es sich um ein Open-Relay handelt, das sie nutzen können und die nach dem EHLO scheitern oder Spamfilter-Systeme, die prüfen, ob dort ein echter Mailserver zur Verfügung steht, sie also bereit sind von diesem Emails zu akzeptieren.