Hallo allerseits,
ich hätte noch eine ergänzende Frage zum Thema Postfix check_sender_domain_access. Es tauchen gelegentlich SPAM Mail auf, die anscheinend 2 Absenderadressen haben und es so durch den SPAMfilter schaffen.
Im Mail Header sieht das so aus:
From: <Diowild@bgm-web.de>, Walter <kontakt@bt-egger.de>
Die Domain bgm-web.de existiert, steht aber in der Liste check_sender_domain_access. Wie lässt sich so etwas fieses automatisch als SPAM erkennen?
Der ganze Header:
Received: from SRVXCH01.BGM-Web.de (192.168.20.13) by SRVXCH01.BGM-Web.de
(192.168.20.13) with Microsoft SMTP Server (TLS) id 15.0.1156.6 via Mailbox
Transport; Wed, 6 Jun 2018 10:16:08 +0200
Received: from SRVXCH01.BGM-Web.de (192.168.20.13) by SRVXCH01.BGM-Web.de
(192.168.20.13) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Wed, 6 Jun
2018 10:16:08 +0200
Received: from srvucs01.bgm-web.de (192.168.20.60) by SRVXCH01.BGM-Web.de
(192.168.20.13) with Microsoft SMTP Server (TLS) id 15.0.1156.6 via Frontend
Transport; Wed, 6 Jun 2018 10:16:08 +0200
Received: from localhost (localhost [127.0.0.1])
by srvucs01.bgm-web.de (Postfix) with ESMTP id 471A83C82E4
for <D.Mauz@acd-service.net>; Wed, 6 Jun 2018 10:16:08 +0200 (CEST)
X-Virus-Scanned: by amavisd-new-2.10.1 (20141025) (Debian) at bgm-web.de
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-1000 required=5
tests=[RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Received: from srvucs01.bgm-web.de ([127.0.0.1])
by localhost (srvucs01.bgm-web.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7PH64m4-76kj for <D.Mauz@acd-service.net>;
Wed, 6 Jun 2018 10:16:07 +0200 (CEST)
Received: from mail.webgo24-server2.de (mail.webgo24-server2.de [46.4.152.219])
by srvucs01.bgm-web.de (Postfix) with ESMTPS id F091E3C1C4B
for <d.m@acd-service.net>; Wed, 6 Jun 2018 10:16:05 +0200 (CEST)
Received: from 10.0.0.24 (unknown [103.241.234.109])
by mail.webgo24-server2.de (Postfix) with ESMTPSA id 13C632326A64
for <d.m@acd-service.net>; Wed, 6 Jun 2018 10:15:31 +0200 (CEST)
Date: Wed, 6 Jun 2018 13:45:35 +0530
From: <Diowild@bgm-web.de>, Walter <kontakt@bt-egger.de>
To: <d.m@acd-service.net>
Message-ID: <16672466425.20186681535@acd-service.net>
Subject: Ihre Rechnung 90124179
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0038_B77BEE3A.A1BC10FD"
Return-Path: kontakt@bt-egger.de
Received-SPF: Fail (SRVXCH01.BGM-Web.de: domain of invalid address does not
designate 192.168.20.60 as permitted sender) receiver=SRVXCH01.BGM-Web.de;
client-ip=192.168.20.60; helo=srvucs01.bgm-web.de;
X-MS-Exchange-Organization-Network-Message-Id: b17d36c4-85f7-4b33-6610-08d5cb85c18a
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:192.168.20.60
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SRVXCH01.BGM-Web.de
X-MS-Exchange-Organization-AuthAs: Anonymous
UCS fungiert hier als Relayserver der die Mails an einen Exchangeserver sendet.
Beim Empfänger in Outlook sieht es so aus, als würde diese Mail von einem Kollegen kommen. Es ist nicht zu erkennen, dass der Absender eigentlich kontakt@bt-egger.de ist.
Gruß,
Dirk