Hi guys,
finally i got it - i have to read the earlier post of pdwalker exactly
- he gave the hint to solve my problem.
After readings his post detailed than the last time, i search the /var/log/maillog and got this - all mails from outside are whitelisted and came from localhost: (and a lot of spammails !)
Code: Select all
Nov 12 05:18:26 MW24MailGate MailScanner[19421]: Message 16134100395.AF804 from 127.0.0.1 (anne-marie.w@servicios-limpieza.com) is whitelisted
Nov 12 07:50:23 MW24MailGate MailScanner[18992]: Message 16149100395.A9AC2 from 127.0.0.1 (hagan.g@ssemenov.com.ua) is whitelisted
Nov 12 09:48:28 MW24MailGate MailScanner[19408]: Message 5F16E100395.A546A from 127.0.0.1 (hannelore.a@bihaberimvar.com) is whitelisted
Nov 12 10:00:27 MW24MailGate MailScanner[32506]: Message 5E0A5100395.A4A05 from 127.0.0.1 (norbertf@pontis.media.hu) is whitelisted
Nov 12 11:20:26 MW24MailGate MailScanner[32506]: Message EEFE6100395.AF265 from 127.0.0.1 (vreni.m@moreshin.com.ua) is whitelisted
Nov 12 12:16:28 MW24MailGate MailScanner[32506]: Message 38609100395.ABC57 from 127.0.0.1 (betlinde.b@puer.hk) is whitelisted
Nov 12 12:48:29 MW24MailGate MailScanner[8214]: Message DB3D1100395.AF257 from 127.0.0.1 (admin@juju.co.ke) is whitelisted
Nov 12 13:02:30 MW24MailGate MailScanner[19421]: Message C3B99100395.A7A95 from 127.0.0.1 (return-a221-48670-48711-ced9760b=117015768=8@mail.bio-gurus.de) is whitelisted
Nov 12 13:22:27 MW24MailGate MailScanner[8071]: Message CD6AA100395.AE31A from 127.0.0.1 (hgrewal@renegade83.com) is whitelisted
Nov 12 14:18:24 MW24MailGate MailScanner[5046]: Message 0E7C3100395.A7BD9 from 127.0.0.1 (frank.oehmke@oehmke-familie.de) is whitelisted
Nov 12 14:30:25 MW24MailGate MailScanner[8071]: Message 07D63100395.A51D8 from 127.0.0.1 (frank.oehmke@oehmke-familie.de) is whitelisted
Nov 12 14:42:28 MW24MailGate MailScanner[5046]: Message 34E4E100395.ACB42 from 127.0.0.1 (verena.k@benisonbabies.com) is whitelisted
Nov 12 17:34:24 MW24MailGate MailScanner[63342]: Message 2B668100395.AC357 from 127.0.0.1 (radulf.w@1253redmountainranchroad.com) is whitelisted
Nov 12 18:02:23 MW24MailGate MailScanner[8071]: Message A3B44100395.AC9B1 from 127.0.0.1 (dieter.h@teszt.mme.hu) is whitelisted
Nov 12 18:56:24 MW24MailGate MailScanner[19066]: Message 12FB2100395.AFF9C from 127.0.0.1 (wilda.a@fiorenzatoimpianti.it) is whitelisted
Nov 12 20:18:24 MW24MailGate MailScanner[5355]: Message F18A7100395.A8361 from 127.0.0.1 (velten.m@chinaninecontinent.com) is whitelisted
Nov 12 21:56:24 MW24MailGate MailScanner[33480]: Message A09DE100395.A9BDC from 127.0.0.1 (karl.a@design4india.in) is whitelisted
Nov 12 22:16:25 MW24MailGate MailScanner[64297]: Message 6D1AF100395.A65CA from 127.0.0.1 (info@send-mail05.trade) is whitelisted
Nov 12 23:16:26 MW24MailGate MailScanner[58141]: Message 93BB3100395.AC56E from 127.0.0.1 (ottoline.t@repairitshop.nl) is whitelisted
Nov 13 00:34:26 MW24MailGate MailScanner[16651]: Message 46D42100395.AED76 from 127.0.0.1 (zelda.a@lajm.tv) is whitelisted
Nov 13 02:16:27 MW24MailGate MailScanner[21492]: Message BBE0B100395.A8E41 from 127.0.0.1 (wilbert.f@accionistasbyc.es) is whitelisted
Nov 13 04:20:26 MW24MailGate MailScanner[62824]: Message 21110100397.AEE3A from 127.0.0.1 (zakaz@uwc.kz) is whitelisted
Nov 13 04:20:31 MW24MailGate MailScanner[62824]: Message B0AD4100395.A29CC from 127.0.0.1 (joe.ho@shin-communications.com) is whitelisted
Nov 13 05:50:25 MW24MailGate MailScanner[62824]: Message 662BD100395.A50BE from 127.0.0.1 (hadwigis.r@gerardvinarmusic.com.au) is whitelisted
Nov 13 06:52:25 MW24MailGate MailScanner[23747]: Message A2F44100395.A5E0A from 127.0.0.1 (support@hausmannwynen.de) is whitelisted
Nov 13 07:32:24 MW24MailGate MailScanner[23747]: Message 2A05F100395.ABA70 from 127.0.0.1 (gunda.e@ebook4full.com) is whitelisted
Nov 13 08:02:26 MW24MailGate MailScanner[62811]: Message 4AD47100395.AA8B5 from 127.0.0.1 (bounce+30767@bounce.crsend.com) is whitelisted
Nov 13 08:17:40 MW24MailGate MailScanner[62469]: Message 8916A100395.A498B from 127.0.0.1 (frank.oehmke@web.de) is whitelisted
Nov 13 08:19:57 MW24MailGate MailScanner[54585]: Message 84652100395.A4696 from 127.0.0.1 (frank.oehmke@web.de) is whitelisted
I was wondering
what causes this - yesterday i experimented with the whitelist with no success. Today i was thinking about the way i receive my mails: not through MX Record of your domain but via fetchmail - which causes that all mails are accepted via localhost (127.0.0.1) and whitelisted.
Now i changed my origin ./fetchmailrc
Code: Select all
poll <PROVIDER> proto pop3 user user@domain.de password <PASSWORD> is user@domain.de ssl
(which connects the EFA Server via localhost !) into
Code: Select all
poll <PROVIDER> proto pop3 user user@domain.de password <PASSWORD> is user@domain.de ssl smtphost <NAMEOFTHEEFAPROJECTSERVER.domain.de>/25
Voila:
Code: Select all
Nov 14 13:23:02 MW24MailGate postfix/smtpd[50641]: connect from MW24MailGate.w2k.local[193.168.0.202]
Nov 14 13:23:02 MW24MailGate sqlgrey: grey: new: 193.168.0(193.168.0.202), user@gmx.de -> user@elektro-musswessels.de
Nov 14 13:23:02 MW24MailGate postfix/smtpd[50641]: NOQUEUE: reject: RCPT from MW24MailGate.w2k.local[193.168.0.202]: 451 4.7.1 <user@elektro-musswessels.de>: Recipient address rejected: Greylisted for 5 minutes; from=<user@gmx.de> to=<user@elektro-musswessels.de> proto=ESMTP helo=<MW24MailGate.w2k.local>
Nov 14 13:23:02 MW24MailGate postfix/smtpd[50641]: disconnect from MW24MailGate.w2k.local[193.168.0.202] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
Nov 14 13:24:02 MW24MailGate postfix/smtpd[50641]: connect from MW24MailGate.w2k.local[193.168.0.202]
Nov 14 13:24:02 MW24MailGate sqlgrey: grey: early reconnect: 193.168.0(193.168.0.202), user@gmx.de -> user@elektro-musswessels.de
.
-
-
Nov 14 13:30:02 MW24MailGate postfix/smtpd[52068]: connect from MW24MailGate.w2k.local[193.168.0.202]
Nov 14 13:30:02 MW24MailGate sqlgrey: grey: reconnect ok: 193.168.0(193.168.0.202), user@gmx.de -> user@elektro-musswessels.de (00:07:00)
Nov 14 13:30:02 MW24MailGate sqlgrey: grey: from awl: 193.168.0, user@gmx.de added
Nov 14 13:30:02 MW24MailGate postfix/smtpd[52068]: 8DBF61003A1: client=MW24MailGate.w2k.local[193.168.0.202]
Nov 14 13:30:02 MW24MailGate postfix/cleanup[52074]: 8DBF61003A1: hold: header Received: from MW24MailGate.w2k.local (MW24MailGate.w2k.local [193.168.0.202])??by MW24MailGate.w2k.local (Postfix) with ESMTP id 8DBF61003A1??for <wodzinski@elektro-musswessels.de>; Tue, 14 Nov 2017 from MW24MailGate.w2k.local[193.168.0.202]; from=<user@gmx.de> to=<user@elektro-musswessels.de> proto=ESMTP helo=<MW24MailGate.w2k.local>
Nov 14 13:30:02 MW24MailGate postfix/cleanup[52074]: 8DBF61003A1: message-id=<trinity-213b3e34-c0dd-47d9-8cb7-80026b8a9157-1510662120322@msvc-mesg-gmx018>
Nov 14 13:30:02 MW24MailGate postfix/smtpd[52068]: disconnect from MW24MailGate.w2k.local[193.168.0.202] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 14 13:30:03 MW24MailGate MailScanner[37932]: New Batch: Scanning 1 messages, 200514 bytes
Nov 14 13:30:03 MW24MailGate MailScanner[37932]: Virus and Content Scanning: Starting
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: Spam Checks: Starting
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Whitelist refresh time reached
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Starting up MailWatch SQL Whitelist
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Read 1 whitelist entries
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Blacklist refresh time reached
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Starting up MailWatch SQL Blacklist
Nov 14 13:30:25 MW24MailGate MailScanner[37932]: MailWatch: Read 0 blacklist entries
Nov 14 13:30:33 MW24MailGate MailScanner[37932]: Requeue: 8DBF61003A1.A72F2 to 777861003A2
Nov 14 13:30:33 MW24MailGate MailScanner[37932]: Uninfected: Delivered 1 messages
Nov 14 13:30:33 MW24MailGate postfix/qmgr[2575]: 777861003A2: from=<user@gmx.de>, size=199759, nrcpt=1 (queue active)
Nov 14 13:30:33 MW24MailGate MailScanner[37932]: Deleted 1 messages from processing-database
Nov 14 13:30:33 MW24MailGate MailScanner[37932]: MailWatch: Logging message 8DBF61003A1.A72F2 to SQL
Nov 14 13:30:33 MW24MailGate postfix/smtp[52371]: 777861003A2: to=<user@elektro-musswessels.de>, relay=193.168.0.250[193.168.0.250]:25, delay=31, delays=31/0.01/0/0.22, dsn=2.0.0, status=sent (250 Message accepted for delivery)
Nov 14 13:30:33 MW24MailGate postfix/qmgr[2575]: 777861003A2: removed
Now i have to look to reduce the greylisting delay - i think 5 minutes are too long.
Thx !
Frank