PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : amavisd-new einbinden in exim *GRRRR*



zippelmann
21.01.04, 21:52
Moin,
ich weiß echt nich was exim für sorgen hat, aber wenn ich amavis in exim nach dem howto (http://ente.limmat.ch/linux/exim_v3_-_amavisd-new.html) einbinde....
[CODE]


Hat von Euch einer ne Idee ? hab meinen Kumpel google befragt, aber der konnte mir auch nich wirklich helfen.

MrIch
22.01.04, 20:36
nutzt denn niemand exim?

himbeere
22.01.04, 21:24
Nicht das ich mich jetzt besonders gut an Exim 3 errinnern könnte, aber wie es aussieht, liegt das eher an amavis. Was sagt denn das amavis.log? Ohne Amavis läuft Exim?

Thomas

zippelmann
22.01.04, 23:02
Hm... an amavis ? Du meinst die Einbindung in exim is korrekt ?

Wenn ich die Zeilen für amavis auskommentiere funzt der mailserver perfekt.

Ein logfile wurde leider noch nicht angelegt.

Vielleicht hilft meine amavis.conf weiter:
use strict;

#Sections:
# Section I - Essential daemon and MTA settings
# Section II - MTA specific
# Section III - Logging
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI - Resource limits
# Section VII - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging

#
# Section I - Essential daemon and MTA settings
#
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'meinedomain.org'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
$notify_method = $forward_method;
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$relayhost_is_client = 0; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
$unix_socketname = undef; # disable listening on a unix socket
#$gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0; # Bob "Funny" Dude@example.com
$inet_socket_port = 10024; # accept SMTP on this local TCP port
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )

#
# Section III - Logging
#
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
#
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
#
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested

$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper'i,
qr'swen|gibe|mimail'i,
);

$virus_admin = "virusalert\@$mydomain";
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
# (default is undef)
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
#$bypass_decode_parts = 1; # (defaults to false)
$keep_decoded_original_re = new_RE(
qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp |hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sc t|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1) types
# qr'^application/x-msdownload$'i, # banned MIME types
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
);
#
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
#
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
cert-advisory-owner@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
razor-users-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
zope-announce-admin@zope.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
owner-announce@mnogosearch.org
owner-hackers@ntp.org
owner-bugs@ntp.org
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
spamassassin-talk-admin@lists.sourceforge.net
yahoo-dev-null@yahoo-inc.com
));
#
# Section VI - Resource limits
#
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
#
# Section VII - External programs, virus scanners
#
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
@av_scanners = (
### http://clamav.elektrapro.com/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamd.ctl'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'],
'-* -P -B -Y -O- {}', [0,3,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
'{}', [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-I0 -Y -* /var/amavis"
# adjusting /var/amavis above to match your $TEMPBASE.
# NOTE: cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
### http://www.hbedv.com/ or http://www.centralcommand.com/
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: remove the -z if you only have a demo version
### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
### http://drweb.imshop.de/
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ni -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/infection: (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2], # any use for options: -a -c ?
qr/--[ \t]*(.+)/ ],
### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ \.]*: 0(?!\d)/,
qr/Number of files infected[ \.]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
### http://www.nai.com/
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --summary --noboot {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/,
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
],
# NOTE with RH9: force the dynamic linker to look at /lib/libc.so.6 before
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
### http://www.virusbuster.hu/en/
['VirusBuster', ['vbuster', 'vbengcl'],
# VirusBuster Ltd. does not support the daemon version for the workstation
# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
# binaries, some parameters AND return codes (from 3 to 1) changed.
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],
### http://www.cyber.com/
['CyberSoft VFind', 'vfind',
'--vexit {}', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
],
### http://www.ikarus-software.com/
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/ ],
### http://www.bitdefender.com/
['BitDefender', 'bdc',
'--all --arc {}', qr/^Infected files *:0(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)\033/ ],
);
@av_scanners_backup = (
### http://clamav.elektrapro.com/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
### http://www.trendmicro.com/
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
);
#
# Section VIII - Debugging
#
# If sender matches ACL, turn debugging fully up, just for this one message
#@debug_sender_acl = ( "test-sender\@$mydomain" );
#@debug_sender_acl = qw( debug@example.com );
# May be useful along with @debug_sender_acl:
# Prevent all decoded originals being deleted (replaced by decoded part)
#$keep_decoded_original_re = new_RE( qr/.*/ );
# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
#$sa_debug = 1; # defaults to false
#-------------
1; # insure a defined return

himbeere
23.01.04, 09:24
# Section III - Logging
#
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)


Stell mal DO_SYSLOG auf Null, dann wird nach /var/log/amavis.log geloggt. Ich gehe mal davon aus, das der User unter dem amavis läuft dieses File auch schreiben darf.

Thomas

zippelmann
23.01.04, 10:49
hab n paar testmails geschrieben: der Inhalt war immer test ...

Hier das logfile dazu:
[CODE]
Jan 23 10:16:16 SERVER amavisd-new[24146]: starting. amavisd-new at SERVER amavisd-new-20030616-p5, Unicode aware
Jan 23 10:16:17 SERVER amavisd-new[24146]: Perl version 5.008002
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Amavis::Conf 1.15
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Archive::Tar 1.03
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Archive::Zip 1.05
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Compress::Zlib 1.16
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Convert::TNEF 0.17
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Convert::UUlib 1.0
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module MIME::Entity 5.404
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module MIME::Parser 5.406
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module MIME::Tools 5.411
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Mail::Header 1.59
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Mail::Internet 1.59
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Mail::SpamAssassin 2.61
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Net::Cmd 2.24
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Net::DNS 0.42
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Net::SMTP 2.26
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Net::Server 0.85
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Time::HiRes 1.52
Jan 23 10:16:17 SERVER amavisd-new[24146]: Module Unix::Syslog 0.100
Jan 23 10:16:17 SERVER amavisd-new[24147]: Found $file at /usr/bin/file
Jan 23 10:16:17 SERVER amavisd-new[24147]: No $arc, not using it
Jan 23 10:16:17 SERVER amavisd-new[24147]: Found $gzip at /bin/gzip
Jan 23 10:16:17 SERVER amavisd-new[24147]: Found $bzip2 at /usr/bin/bzip2
Jan 23 10:16:17 SERVER amavisd-new[24147]: No $lzop, not using it
Jan 23 10:16:17 SERVER amavisd-new[24147]: No $lha, not using it
Jan 23 10:16:17 SERVER amavisd-new[24147]: No $unarj, not using it
Jan 23 10:16:17 SERVER amavisd-new[24147]: Found $uncompress at /bin/uncompress

MrIch
23.01.04, 11:23
Punkt 1) ClamAV Daemon läuft nicht richtig
Punkt 2) deine Mail wird wohl als spam erkannt!

zippelmann
23.01.04, 14:15
zu 1: ich benutze den clav.. nich, hab also mal alle außer dem antivir auskommentiert, nun kommt die meldung nicht mehr.

zu 2: ich hab nur "test" in die mail geschrieben, das sollte doch eigentlich durchgehen.

Ich bin davon ausgegangen das ich in amavis spamassassin deaktiviert hab, ist das etwa nicht der fall ?

Jasper
23.01.04, 14:38
Original geschrieben von zippelmann

zu 2: ich hab nur "test" in die mail geschrieben, das sollte doch eigentlich durchgehen.

Ich bin davon ausgegangen das ich in amavis spamassassin deaktiviert hab, ist das etwa nicht der fall ?

sieht nicht so aus (aus deiner config):

$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)


amavis (egal ob amavis, amavisd oder amavis-ng) halte ich für keine besonders gute software. die konfiguration is alles andere als geradlinig und die performance begeistert mich nicht gerade.
wenn du bereits exim verwendest (gratulation, halte ich für den derzeit besten MTA), solltest du definitiv exiscan einsetzen. das ist ein interface das durchdacht ist, dessen konfiguration sich nahtlos in exim integriert, das performant ist und die bereiche spamfilter, virusfilter, extensionfilter und demnächst mimefilter vollständig abdeckt.

für exim gibt es derzeit nichts besseres. amavis würde ich nur verwenden, wenn ich gar keine andere wahl hätte.


-j