[IMGate] 4tuple and helo again

Mon, 26 Jan 2004 15:06:27 -0800 

Last time I determined my OK list was causing the 4tuple to be skipped.
Therefore I made the following changes to see what it would do:

/etc/postfix/main.cf
smtpd_helo_restrictions =
        warn_if_reject check_helo_access
pcre:/etc/postfix/helo_world.pcre,
        permit


/etc/postfix/helo_world.pcre
# The "4tuple" file which causes an extended log of every message that
# is permitted.
/.*/ 554 4tuple_logging


Now because the rest of my restrictions are in
smtpd_recipient_restrictions, this should cause EVERYTHING to be logged
with the 4tuple_logging warning.

This morning I got another UCE to the postmaster addy from an unknown
client.

Received: from 216.117.206.24 (unknown [206.74.84.73])
 by imgate01.cybertime.net (Postfix IMGate01 Hub) with SMTP id 04021D7140
 for <[EMAIL PROTECTED]>; Mon, 26 Jan 2004 09:33:59 -0800 (PST)

imgate01# grep -i 04021D7140 /var/log/maillog
Jan 26 09:34:00 imgate01 postfix/smtpd[94912]: 04021D7140:
client=unknown[206.74.84.73]
Jan 26 09:34:01 imgate01 postfix/cleanup[94989]: 04021D7140:
message-id=<[EMAIL PROTECTED]>
Jan 26 09:34:01 imgate01 postfix/qmgr[80814]: 04021D7140:
from=<[EMAIL PROTECTED]>, size=3924, nrcpt=1 (queue active)
Jan 26 09:34:02 imgate01 postfix/smtp[94799]: 04021D7140:
to=<[EMAIL PROTECTED]>, relay=209.203.82.26[209.203.82.26],
delay=3, status=sent (250 Message queued)
Jan 26 09:34:02 imgate01 postfix/qmgr[80814]: 04021D7140: removed

imgate01# grep -i [EMAIL PROTECTED] /var/log/maillog
Jan 26 09:34:01 imgate01 postfix/qmgr[80814]: 04021D7140:
from=<[EMAIL PROTECTED]>, size=3924, nrcpt=1 (queue active)

So I grepped for 4tup and got tons.  It is working, but I can't seem to
get anything when it is to the postmaster.

And still....

Jan 26 14:06:17 imgate01 postfix/smtpd[95668]: NOQUEUE: reject: RCPT from
CM64-mapu2-146-79.cm.vtr.net[200.86.146.79]: 554 <216.117.206.24>: Helo
command rejected: RFC 1893 Err. 5.1.8 Hostname invalid;
from=<[EMAIL PROTECTED]> to=< some non-postmaster @cybertime.net>
proto=SMTP helo=<216.117.206.24>

So something is odd.

I am going to try adding a warning based off if it is to the postmaster
and see what that does.

--Eric

Reply via email to