Mailblehnung wg. MX Auflösung - wie debuggen?
Ralf Hildebrandt
r at sys4.de
Mi Jan 27 15:48:14 CET 2016
* Lars Täuber <taeuber at bbaw.de>:
> Hallo zusammen!
>
> Auf unseren MX hosts werden Mails abgelehnt. Allerdings kann ich die Meldung der Ablehnung nicht nachvollziehen:
>
> Jan 25 19:44:20 mx2 postfix/smtpd[13298]: connect from mail-wm0-f46.google.com[74.125.82.46]
> Jan 25 19:44:20 mx2 postfix/smtpd[13298]: NOQUEUE: reject: RCPT from mail-wm0-f46.google.com[74.125.82.46]: 554 5.7.1 <... at ku.edu.tr>: Sender address rejected: Bogus NS/MX in RFC 1918 private network; from=<... at ku.edu.tr> to=<...> proto=ESMTP helo=<mail-wm0-f46.google.com>
> Jan 25 19:44:20 mx2 postfix/smtpd[13298]: disconnect from mail-wm0-f46.google.com[74.125.82.46]
>
>
> Die Fehlermeldung deutet auf folgende Tests hin:
> /etc/postfix/main.cf:
> smtpd_sender_restrictions =
> [...]
> check_sender_mx_access cidr:/etc/postfix/bogon_networks.cidr
> check_sender_ns_access cidr:/etc/postfix/bogon_networks.cidr
>
>
> /etc/postfix/bogon_networks.cidr:
> # Quellen: http://www.iana.org/assignments/ipv4-address-space/
> # Quellen: http://www.iana.org/assignments/ipv6-address-space/
> #
> # IPv4
> #
> 0.0.0.0/8 REJECT Bogus NS/MX in broadcast network
> 10.0.0.0/8 REJECT Bogus NS/MX in RFC 1918 private network
> 100.64.0.0/10 REJECT BOGUS NS/MX in RFC 6598 private network
> 127.0.0.0/8 REJECT Bogus NS/MX in loopback network
> 169.254.0.0/16 REJECT Bogus NS/MX in link lokal network
> 172.16.0.0/12 REJECT Bogus NS/MX in RFC 1918 private network
> 192.0.2.0/24 REJECT Bogus NS/MX in TEST-NET network
> 192.168.0.0/16 REJECT Bogus NS/MX in RFC 1918 private network
> 198.18.0.0/15 REJECT Bogus NS/MX in RFC 2544 benchmark network
> 224.0.0.0/4 REJECT Bogus NS/MX in class D multicast network
> 240.0.0.0/5 REJECT Bogus NS/MX in class E reserved network
> 248.0.0.0/5 REJECT Bogus NS/MX in reserved network
>
>
>
> Die MX hosts für die Absenderadresse lauten:
> # host ku.edu.tr
> ku.edu.tr has address 88.255.96.208
> ku.edu.tr mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
> ku.edu.tr mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
> ku.edu.tr mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
> ku.edu.tr mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
> ku.edu.tr mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
> ku.edu.tr mail is handled by 10 ASPMX.L.GOOGLE.COM.
> ku.edu.tr mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
Und die NS?
ku.edu.tr name server ns02.ku.edu.tr.
ku.edu.tr name server ns01.ku.edu.tr.
ku.edu.tr name server ns03.ku.edu.tr.
...
ns03.ku.edu.tr has address 172.20.18.196
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Mehr Informationen über die Mailingliste postfix-users