On 23/02/11 10:28, Chatelin Mickael wrote: > Hi, > > Some fake users mail addresses are created in mysql database. These mail > addresses use our domain name, but they don't exist in our ldap directory. > > /Debian squeeze > DSPAM 3.9.1 RC1/ > > Here some logs and conf files: > / > fake_u...@cire.fr <mailto:fake_u...@cire.fr> is our example. > > mail.info > > Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 4E7813406C7: > from=<we...@att.net> <mailto:we...@att.net>, size=46089, nrcpt=1 (queue > active) > Feb 22 08:43:43 srv08savsmtp01 postfix/lmtp[20464]: 5D865340918: > to=<//fake_user//@cire.fr>, relay=127.0.0.1[127.0.0.1]:25000, delay=7.1, > delays=6.3/0.01/0.04/0.71, dsn=2.6.0, status=sent (250 2.6.0 > <//fake_user//@cire.fr> Message accepted for delivery) > Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 5D865340918: removed > Feb 22 08:43:43 srv08savsmtp01 postfix/smtp[20403]: 4E7813406C7: > to=<fake_u...@cire.fr> <mailto:fake_u...@cire.fr>, > relay=10.0.0.232[10.0.0.232]:25, delay=0.22, delays=0.14/0/0.01/0.08, > dsn=5.1.1, status=bounced (host 10.0.0.232[10.0.0.232] said: 550 5.1.1 > <//fake_user//@cire.fr>... User Unknown (in reply to RCPT TO command)) > Feb 22 08:43:43 srv08savsmtp01 postfix/cleanup[20398]: 7BD64340918: > message-id=<20110222074343.7bd64340...@smtp.cire.fr> > <mailto:20110222074343.7bd64340...@smtp.cire.fr> > Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 7BD64340918: > from=<>, size=47919, nrcpt=1 (queue active) > Feb 22 08:43:43 srv08savsmtp01 postfix/bounce[20466]: 4E7813406C7: > sender non-delivery notification: 7BD64340918 > Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 4E7813406C7: removed > Feb 22 08:43:43 srv08savsmtp01 postfix/smtp[20403]: 7BD64340918: > to=<we...@att.net> <mailto:we...@att.net>, > relay=10.0.0.232[10.0.0.232]:25, delay=0.06, delays=0.01/0/0.01/0.04, > dsn=5.7.1, status=bounced (host 10.0.0.232[10.0.0.232] said: 550 5.7.1 > <we...@att.net> <mailto:we...@att.net>... Relaying denied. IP name > lookup failed [10.0.4.232] (in reply to RCPT TO command)) > Feb 22 08:43:43 srv08savsmtp01 postfix/qmgr[13671]: 7BD64340918: removed/ > > dspam.debug > > /16399: [02/22/2011 08:43:42] External Lookup: found 0 LDAP entries > 16399: [02/22/2011 08:43:42] External Lookup: Backend search failure: no > entries found. > 16399: [02/22/2011 08:43:42] DSPAM Instance Startup > 16399: [02/22/2011 08:43:42] input args: dspam --deliver=innocent -d %u > 16399: [02/22/2011 08:43:42] pass-thru args: -d %u > 16399: [02/22/2011 08:43:42] processing user fake_u...@cire.fr > <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] uid = 103, euid = 103, gid = 105, egid = 105 > 16399: [02/22/2011 08:43:42] loading preferences for user > fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] Loading preferences for uid 154 > 16399: [02/22/2011 08:43:42] Loading preferences for uid 0 > 16399: [02/22/2011 08:43:42] Loading preferences for uid 0 > 16399: [02/22/2011 08:43:42] loaded default preferences externally > 16399: [02/22/2011 08:43:42] using > /var/spool/dspam/opt-in/cire.fr/fake_user.dspam as path > 16399: [02/22/2011 08:43:42] using > /var/spool/dspam/opt-out/cire.fr/fake_user.nodspam as path > 16399: [02/22/2011 08:43:42] adding user to merged group dspam_group > 16399: [02/22/2011 08:43:42] sedation level set to: 0 > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: dspam_group > 16399: [02/22/2011 08:43:42] Connecting to 127.0.0.1:3310 for virus check > 16399: [02/22/2011 08:43:42] Connecting to 127.0.0.1:1499 for virus > stream transmission > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: dspam_group > 16399: [02/22/2011 08:43:42] DSPAM Instance Shutdown. Exit Code: 0 > 16399: [02/22/2011 08:43:42] checking trusted user list for dspam(103) > 16399: [02/22/2011 08:43:42] Loading 1 BNR patterns > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: dspam_group > 16399: [02/22/2011 08:43:42] Whitelist threshold: 10 > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*Tue+22 (3frq, > 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue+22 (3frq, > 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue+22 (3frq, > 0s, 5i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*cire.fr>+Tue > (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*cire.fr>+Tue > (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*cire.fr>+Tue > (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*Tue (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Tue (3frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*21+Feb (1frq, 0s, 13i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*21+Feb (1frq, 0s, 13i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*12 (1frq, 0s, 7i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*12 (1frq, 0s, 7i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*12 (1frq, 0s, 7i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*12 (1frq, 0s, 7i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*Mon (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*Mon (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*0000 (4frq, > 0s, 3i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*0000 (4frq, > 0s, 3i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*0800 (1frq, 0s, 3i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*0800 (1frq, 0s, 3i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*invoked+by > (1frq, 0s, 6i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*invoked+by > (1frq, 0s, 6i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] > DKIM-Signature*a=rsa+sha256 (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] > DKIM-Signature*a=rsa+sha256 (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] > X-PMX-Spam*Probability=88% (1frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] > X-PMX-Spam*Probability=88% (1frq, 0s, 5i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] > DKIM-Signature*c=relaxed/relaxed (1frq, 0s, 19i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] > DKIM-Signature*c=relaxed/relaxed (1frq, 0s, 19i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Date*Mon+21 (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Date*Mon+21 (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [graham] [0.010000] Received*invoked (1frq, > 0s, 7i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*invoked (1frq, > 0s, 7i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] DKIM-Signature*Version > (1frq, 0s, 3i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*uid (1frq, 0s, 6i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] DKIM-Signature*sha256 > (1frq, 0s, 11i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*22+Feb (7frq, > 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*22+Feb (7frq, > 0s, 5i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] > DomainKey-Signature*a=rsa (1frq, 0s, 14i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] Received*Mon+21 (1frq, > 0s, 14i) > 16399: [02/22/2011 08:43:42] [burton] [0.010000] > DomainKey-Signature*c=nofws (1frq, 0s, 6i) > 16399: [02/22/2011 08:43:42] Graham-Bayesian Probability: 0.000000 > Samples: 15 > 16399: [02/22/2011 08:43:42] Burton-Bayesian Probability: 0.000000 > Samples: 27 > 16399: [02/22/2011 08:43:42] no factors specified; using default > 16399: [02/22/2011 08:43:42] Result Confidence: 0.99 > 16399: [02/22/2011 08:43:42] _mysql_drv_getpwnam: successful returning > struct for name: fake_u...@cire.fr <mailto:fake_u...@cire.fr> > 16399: [02/22/2011 08:43:43] Control: [10 10] [10 11] Delta: [0 1] > 16399: [02/22/2011 08:43:43] total processing time: 0.43014s > 16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name > fake_u...@cire.fr <mailto:fake_u...@cire.fr>. > 16399: [02/22/2011 08:43:43] saving signature as 4d63692f163991827145673 > 16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name > fake_u...@cire.fr <mailto:fake_u...@cire.fr>. > 16399: [02/22/2011 08:43:43] libdspam returned probability of 0.000000 > 16399: [02/22/2011 08:43:43] message result: NOT SPAM > 16399: [02/22/2011 08:43:43] _mysql_drv_getpwnam returning cached name > fake_u...@cire.fr <mailto:fake_u...@cire.fr>. > 16399: [02/22/2011 08:43:43] delivering message > 16399: [02/22/2011 08:43:43] Establishing connection to 127.0.0.1:25001 > 16399: [02/22/2011 08:43:43] Connection established > 16399: [02/22/2011 08:43:43] DSPAM Instance Shutdown. Exit Code: 0 > 16399: [02/22/2011 08:43:43] checking trusted user list for dspam(103) > 16399: [02/22/2011 08:45:11] connection id 8 from 127.0.0.1. > 16399: [02/22/2011 08:45:11] checking trusted user list for dspam(103) > 16399: [02/22/2011 08:45:11] No QuarantineAgent option found. Using > standard quarantine. > 16399: [02/22/2011 08:45:11] using database handle id 2 > 16399: [02/22/2011 08:45:11] handle locked/ > > > main.cf / > > /######### On indique le nom de dommaine ########### > > mydomain = cire.fr > myhostname = smtp.cire.fr > mydestination = $myhostname, localh...@cire.fr > <mailto:localh...@cire.fr>, localh...@cire-pcb.com > <mailto:localh...@cire-pcb.com> > myorigin = $mydomain > relayhost = 10.0.0.232 > > # TLS parameters > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key > smtpd_use_tls=yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > > ######## On rend le helo obligatoire, on change le message de bienvenue ### > > smtpd_helo_requied = yes > smtpd_helo_restrictions = reject_non_fqdn_hostname > smtpd_banner = Bienvenue sur le serveur de courrier du groupe CIRE > > append_dot_mydomain = no > delay_warning_time = 4h > readme_directory = no > > local_domains_maps=([".$mydomain", '.cire-pcb.com']) > > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > > #tail des mails max de 5 MO fonction biff désactivé procmail désactivée > pour la livraison des mails > #courier imap et pop utilisé le format Maildir pas de quota sur les bals > > message_size_limit = 0 > mailbox_size_limit = 0 > recipient_delimiter = + > biff = no > > > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > reject_unknown_recipient_domain, > reject_unverified_recipient > > ######## on definie le reseau local et on ecoute toutes les interfaces ##### > > mynetworks = 127.0.0.0/8, 10.0.0.0/8 > inet_interfaces = all > > transport_maps = hash:/etc/postfix/transports > > content_filter = smtp-dspam:[127.0.0.1]:25000 > > > /extlookup.conf / > > ExtLookup on # Turns on/off > external lookup > ExtLookupMode strict # available > modes are 'verify', 'map' and 'strict'. > # 'strict' > enforces both verify and map > ExtLookupDriver ldap # Currently only > ldap and program are supported. > # There are > plans to support both MySQL and Postgres. > ExtLookupServer directory.cire.fr # Can > either be a database hostname or the full path to > # an executable > lookup program and its arguments. > ExtLookupPort 389 # Desired port > when connecting to the lookup database. > ExtLookupDB "ou=users,dc=cire.fr,dc=local" # Can either be > an LDAP search base or a database name (TODO). > ExtLookupQuery "(&(objectClass=*)(|(mail=%u)(mailAlias=%u)))" > # Can either be an LDAP search filter or an SQL query (TODO) > ExtLookupLDAPAttribute "uid" # Attribute to > be used when ExtLookupDriver is 'ldap' > # and > ExtLookupMode 'map' or 'strict' > ExtLookupLDAPScope base # Can be set to > 'base', 'sub' or 'one'. Only used when ExtLookupDriver is 'ldap'. > ExtLookupLDAPVersion 3 # Sets the LDAP > protocol version (1, 2 or 3) > #ExtLookupLogin "cn=admin,dc=domain,dc=com" # Login to be > used when connecting to any direct database backend. > #ExtLookupPassword itsasecret # Password to > use with ExtLookupLogin. > #ExtLookupCrypto tls # Sets the use > of TLS on backend communication (only compatible with LDAPv3) > > > Any help would be appreciated >
Hi Mickael, You have 2 problems: 1) Your MX accepts mail for non-existant addresses, and sends bounces back to the sender when you later decide that you cannot deliver the message. You are generating backscatter. Please see Postfix resources on this subject, it seems to me that your smtpd_recipient_restrictions=reject_unverified_recipient setting is not effective. 2) All mail (both to existing and non-existing recipients) is passed to DSPAM. Because you have DSPAM set to optOut (which means that users are opted-in until they set preference OptOut On or something like that) it automatically creates a new entry in the dspam_virtual_uids Mysql table for each recipient. You surely need to fix 1), if you only accept messages for known recipients, DSPAM will never receive input for non-existant recipients. A fix for 2) is a nice-to-have if you also use this server as a relay for outgoing mail. I did this by setting DSPAM to OptIn, and running "dspam_admin add pref OptIn on" for each recipient that I want DSPAM to work for. It depends on your setup if that is a viable solution for you (labor intensive if you need to add addresses often). -- Tom
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
