RBL/PBL checking although in MYNETS

Robert Dahlem Robert.Dahlem at gmx.net
Thu Aug 6 09:40:51 CEST 2015


Hi,

this morning a mail has been blocked that came from an internal address
because of RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL and others. The mail is
from one domain local to my Postfix to another domain local to my postfix.

IP address of the SMTP sender is in @mynetworks in amavisd.conf as well
as in trusted_networks in spamassassin/local.cf.

This is the Amavis log:

===================================================================================
loaded policy bank "MYNETS"

ESMTP::10024
/var/spool/amavis/tmp/amavis-20150806T025226-29363-HQpQ9khh:
<some.guy at local.domain> -> <receiving.guy at remote.domain> SIZE=2874
BODY=7BIT Received: from mx2.local.domain ([127.0.0.1]) by
amavisd.local.domain (mx2.local.domain [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for <receiving.guy at remote.domain>; Thu,  6 Aug 2015
08:32:11 +0200 (CEST)

Checking: 6EBXfVXE3k9f MYNETS [192.168.7.21] <some.guy at local.domain> ->
<receiving.guy at remote.domain>

p001 1 Content-Type: text/plain, size: 1227 B, name:

header_edits_for_quar: <some.guy at local.domain> ->
<receiving.guy at remote.domain>, Yes, score=7.815 tag=-999 tag2=6.2
kill=6.9 tests=[RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_PBL=3.558,
RCVD_IN_SORBS_DUL=0.001, RCVD_IN_SORBS_WEB=0.614, RCVD_IN_XBL=0.724,
RDNS_NONE=1.274] autolearn=no

SEND from <> ->
<spam-quarantaene at local.domain>,ENVID=AM.6EBXfVXE3k9f.20150806T063211Z at mx2.local.domain
BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok:
queued as 63E3FCC5D6

Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL
[192.168.7.21]:46212 [192.168.7.21] <some.guy at local.domain> ->
<receiving.guy at remote.domain>, quarantine:
spam-quarantaene at local.domain, Queue-ID: 699BECC5D5, Message-ID:
<DD94455446D87742975DFEDCD74E4044534A5EDF at MSEX1.FISDEV.local>, mail_id:
6EBXfVXE3k9f, Hits: 7.815, size: 2874, 461 ms
===================================================================================

The Received headers look like this:
===================================================================================
Received: from mx2.local.domain ([127.0.0.1])	by amavisd.local.domain
 (mx2.local.domain [127.0.0.1]) (amavisd-new, port 10024)	with
 ESMTP id 6EBXfVXE3k9f for <receiving.guy at remote.domain>;
 Thu,  6 Aug 2015 08:32:11  +0200 (CEST)
Received: from mail.local.domain (fis-d-exchange [192.168.7.21])
 (using TLSv1 with cipher AES128-SHA (128/128 bits))	(Client did not
 present a certificate)	by mx2.local.domain (Postfix) with ESMTPS id
 699BECC5D5	for <receiving.guy at remote.domain>;
 Thu,  6 Aug 2015 08:32:10 +0200 (CEST)
Received: from MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33]) by
 MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33%11]) with mapi id
 14.03.0248.002; Thu, 6 Aug 2015 08:32:08 +0200
===================================================================================

What I don't understand: shouldn't Amavis skip RBL/PBL checks when the
SMTP sender is in @mynetworks? Could it be that amavis is confused by
the IPv6 address in the headers? Or do I need to add something to my
policy_banks?

Current setup is:
===================================================================================
@mynetworks = qw(
        127.0.0.1/32
	# others
        192.168.7.21/32
	# others
);

$policy_bank{'MYNETS'} = {
  originating => 1,
  os_fingerprint_method => undef,
};

$policy_bank{'ORIGINATING'} = {
  originating => 1,
  allow_disclaimers => 1,
  virus_admin_maps => ["$MY_alerts"],
  spam_admin_maps  => ["$MY_alerts"],
  warnbadhsender   => 1,
  forward_method => 'smtp:[127.0.0.1]:10027',
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],
  terminate_dsn_on_notify_success => 0,
};
===================================================================================

Versions are:
	postfix-2.9.4
	amavisd-new-2.7.0
	spamassassin-3.3.1

Regards,
        Robert


More information about the amavis-users mailing list