RBL/PBL checking although in MYNETS
Robert Dahlem
Robert.Dahlem at gmx.net
Thu Aug 6 09:40:51 CEST 2015
Hi,
this morning a mail has been blocked that came from an internal address
because of RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL and others. The mail is
from one domain local to my Postfix to another domain local to my postfix.
IP address of the SMTP sender is in @mynetworks in amavisd.conf as well
as in trusted_networks in spamassassin/local.cf.
This is the Amavis log:
===================================================================================
loaded policy bank "MYNETS"
ESMTP::10024
/var/spool/amavis/tmp/amavis-20150806T025226-29363-HQpQ9khh:
<some.guy at local.domain> -> <receiving.guy at remote.domain> SIZE=2874
BODY=7BIT Received: from mx2.local.domain ([127.0.0.1]) by
amavisd.local.domain (mx2.local.domain [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for <receiving.guy at remote.domain>; Thu, 6 Aug 2015
08:32:11 +0200 (CEST)
Checking: 6EBXfVXE3k9f MYNETS [192.168.7.21] <some.guy at local.domain> ->
<receiving.guy at remote.domain>
p001 1 Content-Type: text/plain, size: 1227 B, name:
header_edits_for_quar: <some.guy at local.domain> ->
<receiving.guy at remote.domain>, Yes, score=7.815 tag=-999 tag2=6.2
kill=6.9 tests=[RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_PBL=3.558,
RCVD_IN_SORBS_DUL=0.001, RCVD_IN_SORBS_WEB=0.614, RCVD_IN_XBL=0.724,
RDNS_NONE=1.274] autolearn=no
SEND from <> ->
<spam-quarantaene at local.domain>,ENVID=AM.6EBXfVXE3k9f.20150806T063211Z at mx2.local.domain
BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok:
queued as 63E3FCC5D6
Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL
[192.168.7.21]:46212 [192.168.7.21] <some.guy at local.domain> ->
<receiving.guy at remote.domain>, quarantine:
spam-quarantaene at local.domain, Queue-ID: 699BECC5D5, Message-ID:
<DD94455446D87742975DFEDCD74E4044534A5EDF at MSEX1.FISDEV.local>, mail_id:
6EBXfVXE3k9f, Hits: 7.815, size: 2874, 461 ms
===================================================================================
The Received headers look like this:
===================================================================================
Received: from mx2.local.domain ([127.0.0.1]) by amavisd.local.domain
(mx2.local.domain [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP id 6EBXfVXE3k9f for <receiving.guy at remote.domain>;
Thu, 6 Aug 2015 08:32:11 +0200 (CEST)
Received: from mail.local.domain (fis-d-exchange [192.168.7.21])
(using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not
present a certificate) by mx2.local.domain (Postfix) with ESMTPS id
699BECC5D5 for <receiving.guy at remote.domain>;
Thu, 6 Aug 2015 08:32:10 +0200 (CEST)
Received: from MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33]) by
MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33%11]) with mapi id
14.03.0248.002; Thu, 6 Aug 2015 08:32:08 +0200
===================================================================================
What I don't understand: shouldn't Amavis skip RBL/PBL checks when the
SMTP sender is in @mynetworks? Could it be that amavis is confused by
the IPv6 address in the headers? Or do I need to add something to my
policy_banks?
Current setup is:
===================================================================================
@mynetworks = qw(
127.0.0.1/32
# others
192.168.7.21/32
# others
);
$policy_bank{'MYNETS'} = {
originating => 1,
os_fingerprint_method => undef,
};
$policy_bank{'ORIGINATING'} = {
originating => 1,
allow_disclaimers => 1,
virus_admin_maps => ["$MY_alerts"],
spam_admin_maps => ["$MY_alerts"],
warnbadhsender => 1,
forward_method => 'smtp:[127.0.0.1]:10027',
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1],
terminate_dsn_on_notify_success => 0,
};
===================================================================================
Versions are:
postfix-2.9.4
amavisd-new-2.7.0
spamassassin-3.3.1
Regards,
Robert
More information about the amavis-users
mailing list