alles lief rund .....bist zu dem tag als ich auf die idee kam tls/ssl in mein system einzubauen.

http://www.linuxforen.de/forums/showthread.php?t=166035

-schlüssel und zertifikat erstellt
-postfix auf tls support eingestellt

smtpd_use_tls = yes
smtpd_cert_file = /etc/postfix/ssl/smtpd.cert
smtpd_key_file = /etc/postfix/ssl/smtpd.key
smtpd_enforce_tls = yes
smtpd_tls_loglevel = 4 // hab ich sonst auf 0
smtpd_auth_only = yes

-mailclient (kmail) use tls-plain
-eine mail geschrieben und versandt.....und gewartet....nix passiert!!!
-/var/log/mail
23:01:57 mail postfix/smtp[19576]: 37B4FE8B2: to=<steven@tld.de>, relay=mail.isp.de[ip-isp], delay=7, status=sent (250 Ok: queued as CE716BD62A)
-mail scheint auf dem ersten blick rausgegangen zu sein: von wegen.
komentier ich den amavis aus den konfig dateien vom postfix aus und starte neu dan wird wie mail wie immer versandt.

jetzt hab ich anhand der logs rausgefunden, das die verständigung zwischen client und postfix klappt. postfix gibt die mail brav an amavis. wenn die mail aus dem amavis zurück an den postfix gegeben wird scheitert es in einer mir unerklärlichen weise. den ich weis nicht ob amavis oder postfix das problem verursacht. so wie es scheint wird versucht eine neue tls sitzung zustarten, wenn die mail vom amavis zurück in den postfix geht. schau euch mal die logs an.

mailversandt mit amavis:


Jan 1 20:08:41 mail postfix/smtpd[15089]: connect from unknown[192.168.2.26]
Jan 1 20:08:41 mail postfix/smtpd[15089]: 4B63F9EEA: client=unknown[192.168.2.26], sasl_method=PLAIN, sasl_username=warnekes
Jan 1 20:08:41 mail postfix/cleanup[15092]: 4B63F9EEA: message-id=<200412302159.28150.steven@ewart.de>
Jan 1 20:08:41 mail postfix/qmgr[15086]: 4B63F9EEA: from=<steven@ewart.de>, size=508, nrcpt=1 (queue active)
Jan 1 20:08:41 mail postfix/smtpd[15089]: disconnect from unknown[192.168.2.26]
Jan 1 20:08:41 mail amavis[1900]: (01900-04) ESMTP::10024 /var/spool/amavis/amavis-20050101T190732-01900: <steven@ewart.de> -> <zini2001@web.de> Received:SIZE=508 from mail.ewart.netz ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01900-04 for <zini2001@web.de>; Sat, 1Jan 2005 20:08:41 +0100 (CET)
Jan 1 20:08:41 mail amavis[1900]: (01900-04) Checking: <steven@ewart.de> -> <zini2001@web.de>
Jan 1 20:08:41 mail amavis[1900]: (01900-04) FWD via SMTP: [127.0.0.1]:10025 <steven@ewart.de> -> <zini2001@web.de>
Jan 1 20:08:41 mail postfix/smtpd[15096]: connect from localhost[127.0.0.1]
Jan 1 20:08:42 mail postfix/smtpd[15096]: disconnect from localhost[127.0.0.1]
Jan 1 20:08:42 mail amavis[1900]: (01900-04) mail_via_smtp: 530 5.5.0 Rejected by MTA: 530 Must issue a STARTTLS command first, id=01900-04
Jan 1 20:08:42 mail amavis[1900]: (01900-04) Not-Delivered, <steven@ewart.de> -> <zini2001@web.de>, Message-ID: <200412302159.28150.steven@ewart.de>, Hits: -
Jan 1 20:08:42 mail amavis[1900]: (01900-04) TIMING [total 1173 ms] - SMTP EHLO: 4 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 6 (1%), SMTP DATA: 36(3%), body hash: 1 (0%), mime_decode: 28 (2%), get-file-type: 16 (1%), decompose_part: 2 (0%), parts: 0 (0%), fwd-connect: 62 (5%), fwd-rundown: 1007 (86%), unlink-1-files: 9 (1%), rundown: 1 (0%)
Jan 1 20:08:42 mail postfix/smtp[15094]: 4B63F9EEA: to=<zini2001@web.de>, relay=127.0.0.1[127.0.0.1], delay=1, status=bounced (host 127.0.0.1[127.0.0.1] said: 530 5.5.0 Rejected by MTA: 530 Must issue a STARTTLS command first, id=01900-04 (in reply to end of DATA command))
Jan 1 20:08:42 mail postfix/cleanup[15092]: D91E8E229: message-id=<20050101190842.D91E8E229@mail.ewart.netz>
Jan 1 20:08:42 mail postfix/qmgr[15086]: D91E8E229: from=<>, size=2365, nrcpt=1 (queue active)
Jan 1 20:08:42 mail postfix/qmgr[15086]: 4B63F9EEA: removed
Jan 1 20:08:48 mail postfix/smtp[15099]: D91E8E229: to=<steven@ewart.de>, relay=mail.isp.de[ip-adresse-isp], delay=6, status=sent (250 Ok: queued as 73498BD4EC)
Jan 1 20:08:48 mail postfix/qmgr[15086]: D91E8E229: removed


mailversandt ohne amavis:


Jan 1 23:42:09 mail postfix/smtpd[20051]: connect from unknown[192.168.2.26]
Jan 1 23:42:10 mail postfix/smtpd[20051]: 4C0B9E8A8: client=unknown[192.168.2.26], sasl_method=PLAIN, sasl_username=warnekes
Jan 1 23:42:10 mail postfix/cleanup[20054]: 4C0B9E8A8: message-id=<200412310132.57336.steven@ewart.de>
Jan 1 23:42:10 mail postfix/qmgr[20040]: 4C0B9E8A8: from=<steven@ewart.de>, size=597, nrcpt=1 (queue active)
Jan 1 23:42:10 mail postfix/smtpd[20051]: disconnect from unknown[192.168.2.26]
Jan 1 23:42:16 mail postfix/smtp[20056]: verify error:num=19:self signed certificate in certificate chain
Jan 1 23:42:16 mail postfix/smtp[20056]: Peer certficate could not be verified
Jan 1 23:42:17 mail postfix/smtp[20056]: 4C0B9E8A8: to=<zini2001@web.de>, relay=mail.isp.de[ip-adresse-isp], delay=7, status=sent (250 Ok: queued as E72F5BD655)
Jan 1 23:42:17 mail postfix/qmgr[20040]: 4C0B9E8A8: removed

hier mein main.cf

mail:/etc/postfix # postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:public/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = ewart.netz
myhostname = mail.ewart.netz
mynetworks = 127.0.0.0/8, 192.168.2.0/24
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relayhost = mail.terralink.de
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_enforce_tls = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450


und meine master.cf

# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_recipient_restricions=permit_mynetwork,rejec t -o mynetworks=127.0.0.0/8
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#vscan unix - n n - 10 pipe
# user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}

würd mich freuen wenn jemand
1. verstanden hat was ich meine.....
2. ahnung oder lösungs ansätze hätte.

gruß zini
EDIT: das t von reject in der master.cf ist hier falschdargestellt...ist in der datei schon richtig

Wohin liefert dein Amavis die Mails denn zurück? Nach 127.0.0.1:25 oder 127.0.0.1:10025?

Desweiteren solltest du "smtpd_tls_auth_only = yes" für 127.0.0.1:10025 auf no stellen, also ändere die Zeile in der master.cf folgendermaßen ab:

127.0.0.1:10025 inet n - n - - smtpd -o content_filter=
-o smtpd_recipient_restricions=permit_mynetworks,reje ct
-o smtpd_tls_auth_only=no
-o mynetworks=127.0.0.0/8

Da fehlte übrigens auch ein 's' bei permit_networks.

Frohes Neues !!!!

ich hab die von dir gefundenen fehler mal beseitigt. immer diese kleinen flüchtigkeitsfehler....
aber leider gibt er immer noch die gleiche fehlermeldung aus.


Jan 4 11:09:03 mail postfix/smtpd[6498]: disconnect from localhost[127.0.0.1]
Jan 4 11:09:03 mail amavis[1846]: (01846-01) mail_via_smtp: 530 5.5.0 Rejected by MTA: 530 Must issue a STARTTLS command first, id=01846-01
Jan 4 11:09:03 mail amavis[1846]: (01846-01) Not-Delivered, <steven@ewart.de> -> <zini2001@web.de>, Message-ID: <41D7E24A.7090705@ewart.de>, Hits: -
Jan 4 11:09:03 mail amavis[1846]: (01846-01) TIMING [total 1217 ms] - SMTP EHLO: 8 (1%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 1 (0%), create email.txt: 2 (0%), SMTP pre-DATA-flush: 15 (1%), SMTP DATA: 29 (2%), body hash: 2 (0%), mkdir parts: 3 (0%), mime_decode: 44 (4%), get-file-type: 17 (1%), decompose_part: 4 (0%), parts: 0 (0%), fwd-connect: 70 (6%), fwd-rundown: 1008 (83%), unlink-1-files: 12 (1%), rundown: 1 (0%)
Jan 4 11:09:04 mail postfix/smtp[6495]: 5921B9E34: to=<zini2001@web.de>, relay=127.0.0.1[127.0.0.1], delay=2, status=bounced (host 127.0.0.1[127.0.0.1] said: 530 5.5.0 Rejected by MTA: 530 Must issue a STARTTLS command first, id=01846-01 (in reply to end of DATA command))
Jan 4 11:09:04 mail postfix/cleanup[6494]: 35153CF78: message-id=<20050104100904.35153CF78@mail.ewart.netz>
Jan 4 11:09:04 mail postfix/qmgr[2218]: 35153CF78: from=<>, size=2492, nrcpt=1 (queue active)
Jan 4 11:09:04 mail postfix/qmgr[2218]: 5921B9E34: removed
Jan 4 11:09:10 mail postfix/smtp[6501]: 35153CF78: to=<steven@ewart.de>, relay=mail.isp.de[ip-adresse-isp], delay=6, status=sent (250 Ok: queued as 00EC1BD6BB)
Jan 4 11:09:10 mail postfix/qmgr[2218]: 35153CF78: removed


ich nutzt hier zum ersten mal amavis-new. und die config datei hat mich richtig erschreckt!!! bin mir nicht mehr sicher nach welcher anleitung ich da vorgegangen bin. vieleicht magst du ja mal einen blick draufwerfen, ob hier nicht auch einen groben schnitzer drin versteckt ist.



use strict;

$MYHOME = '/var/spool/amavis';
$mydomain = 'ewart.netz';
$myhostname = 'mail.ewart.netz'; # fqdn of this host, default by uname(3)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?

#$helpers_home = $MYHOME; # (defaults to $MYHOME)

#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)

#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")

$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'

# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications

#$forward_method = undef; # no explicit forwarding, sendmail does it by itself
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';

#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;

$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)

$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# @local_domains_acl = qw(); # default is empty, no recipient treated as local
# @local_domains_acl = qw( .example.com );
# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
# @local_domains_acl = ( ".$mydomain", '.example.com', 'sub.example.net' );

#read_hash(\%local_domains, '/var/amavis/local_domains');


# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
#$relayhost_is_client = 1; # (defaults to false)

#$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true)

$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
# (usual setting is $MYHOME/amavisd.sock)

#$gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0; # Bob "Funny" Dude@example.com



# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
#
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )

# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127/8 10.1.0.1 10.1.0.2); # adjust the list as appropriate
#$inet_socket_bind = undef; # bind to all IP interfaces if undef


# true (e.g. 1) => syslog; false (e.g. 0) => logging to file
$DO_SYSLOG = 1; # (defaults to false)
#$SYSLOG_LEVEL = 'user.info'; # (facility.priority, default 'mail.info')

# Log file (if not using syslog)
#$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)

$log_level = 0; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';


#$hdr_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
# $notify_spam_admin_templ = read_text('/var/amavis/notify_spam_admin.txt');

$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested

#$warnvirussender = 1; # (defaults to false (undef))
#$warnspamsender = 1; # (defaults to false (undef))
#$warnbannedsender = 1; # (defaults to false (undef))
#$warnbadhsender = 1; # (defaults to false (undef))

$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))

#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)

$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);


$virus_admin = "virusalert\@$mydomain";
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => 'virusalert@example.com'};
# $virus_admin = 'virus-admin@example.com';

# equivalent to $virus_admin, but for spam admin notifications:
$spam_admin = "spamalert\@$mydomain";
# $spam_admin = undef; # do not send spam admin notifications (default)
# $spam_admin = {'not.example.com' => '', '.' => 'spamalert@example.com'};

#advanced example, using a hash lookup table:
#$virus_admin = {
# 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',
# '.sub1.example.com' => 'virusalert@sub1.example.com',
# '.sub2.example.com' => '', # don't send admin notifications
# 'a.sub3.example.com' => 'abuse@sub3.example.com',
# '.sub3.example.com' => 'virusalert@sub3.example.com',
# '.example.com' => 'noc@example.com', # catchall for our virus senders
# '.' => 'virusalert@hq.example.com', # catchall for the rest
#};

$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";

# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
# (defaults to: "amavisd-new <postmaster\@$myhostname>")
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# (defaults to: $mailfrom_notify_admin)
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
# (defaults to: $mailfrom_notify_spamadmin)

# whom quarantined messages appear to be sent from (envelope sender);
# keeps original sender if undef, or set it explicitly, default is undef
$mailfrom_to_quarantine = ''; # override sender address with null return path


# Location to put infected mail into: (applies to 'local:' quarantine method)
# empty for not quarantining, may be a file (mailbox),
# or a directory (no trailing slash)
# (the default value is undef, meaning no quarantine)
#
$QUARANTINEDIR = '/var/spool/amavis/virusmails';

#$virus_quarantine_method = "local:virus-%i-%n"; # default
#$spam_quarantine_method = "local:spam-%b-%i-%n"; # default
#
#use the new 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";


$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar
#$virus_quarantine_to = undef; # no quarantine
#
#$virus_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^user@example\.com$'i => 'infected@'],
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'],
# [qr/.*/ => 'virus-quarantine'] );

$spam_quarantine_to = undef;
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );

# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";

$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)

#$bypass_decode_parts = 1; # (defaults to false)

$keep_decoded_original_re = new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',
);



$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp |hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sc t|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
# qr'^\.(zip|lha|tnef|cab)$'i, # banned file(1) types
qr'^\.exe$'i, # banned file(1) types
qr'^application/x-msdownload$'i, # banned MIME types
qr'^application/x-msdos-program$'i,
# qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
);

# @bypass_spam_checks_acl = qw( . );

# @bypass_header_checks_acl = qw( user@example.com );
# @bad_header_lovers_acl = qw( user@example.com );


# See README.lookups for further detail, and examples below.

# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
# $virus_lovers{lc('postmaster@example.com')} = 1;
# $virus_lovers{lc('abuse@example.com')} = 1;
# $virus_lovers{lc('some.user@')} = 1; # this recipient, regardless of domain
# $virus_lovers{lc('boss@example.com')} = 0; # never, even if domain matches
# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
#or:
# @virus_lovers_acl = qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org );
#
# $bypass_virus_checks{lc('some.user2@butnot.example .com')} = 1;
# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );

# @virus_lovers_acl = qw( postmaster@example.com );
# $virus_lovers_re = new_RE( qr'^(helpdesk|postmaster)@example\.com$'i );

# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
# $spam_lovers{lc('postmaster@example.com')} = 1;
# $spam_lovers{lc('abuse@example.com')} = 1;
# @spam_lovers_acl = qw( !.example.com );
# $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306' , 'user1', 'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
#
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
# 'DBI:Pg:host=host1;dbname=mail'

$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting

# $addr_extension_virus = 'virus'; # (default is undef, same as empty)
# $addr_extension_spam = 'spam'; # (default is undef, same as empty)
# $addr_extension_banned = 'banned'; # (default is undef, same as empty)

$recipient_delimiter = '+'; # (default is '+')

# true: replace extension; false: append extension
# $replace_existing_extension = 1; # (default is false)

# Affects matching of localpart of e-mail addresses (left of '@')
# in lookups: true = case sensitive, false = case insensitive
$localpart_is_case_sensitive = 0; # (default is false)


# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re

# SOME EXAMPLES:
#
#ACL:
# @whitelist_sender_acl = qw( .example.com );
#
# @whitelist_sender_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# NOTE: This is not a reliable way of turning off spam checks for
# locally-originating mail, as sender address can easily be faked.
# To reliably avoid spam-scanning outgoing mail,
# use @bypass_spam_checks_acl .

#RE:
# $whitelist_sender_re = new_RE(
# qr'^postmaster@.*\bexample\.com$'i,
# qr'^owner-[^@]*@'i, qr'-request@'i,
# qr'\.example\.com$'i );
#
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);


# a hash lookup table can be read from a file,
# one address per line, comments and empty lines are permitted:
#
#read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');

# ... or set directly:

# $whitelist_sender{''} = 1; # don't spam-check MTA bounces

map { $whitelist_sender{lc($_)}=1 } (qw(
nobody@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
yahoo-dev-null@yahoo-inc.com
returns.groups.yahoo.com
));


#$per_recip_blacklist_sender_lookup_tables = {
# 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@' i),
# 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )],
#};
#$per_recip_whitelist_sender_lookup_tables = {
# 'user@my.example.com' => [qw( friend@example.org .other.example.org )],
# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )],
# '.my2.example.com' => read_hash('/var/amavis/my2-wl.dat'),
# 'abuse@' => { 'postmaster@'=>1,
# 'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 },
#};
# $smtpd_recipient_limit = 1000; # (default is 1000)

$MAXLEVELS = 14; # (default is undef, no limit)

$MAXFILES = 1500; # (default is undef, no limit)

$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability

$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
# the options needed; the rest of us use cpio

$sa_local_tests_only = 1; # (default: false)
#$sa_auto_whitelist = 1; # turn on AWL (default: false)

$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations

# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 20.0; # $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension

$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;

# tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level

$sa_spam_subject_tag = '*****SPAM***** '; # (defaults to undef, disabled)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)

#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true

# Example: modify Subject for all local recipients except user@example.com
#$sa_spam_modifies_subj = [qw( !user@example.com . )];

@av_scanners = (

# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],

# ### http://www.clamav.net/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/
# ['AVG Anti-Virus',
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
# qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],

# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
# \&ask_daemon,
# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:102 02',
# '127.0.0.1:10203','127.0.0.1:10204'] ],
# qr/(?i)<summary[^>]*>clean<\/summary>/,
# qr/(?i)<summary[^>]*>infected<\/summary>/,
# qr/(?i)<name>(.+)<\/name>/ ],

['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
'/opt/kav/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
qr/(?:INFECTED|SUSPICION) (.+)/,
],

['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

### The kavdaemon and AVPDaemonClient have been removed from Kasperky
### products and replaced by aveserver and aveclient
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
# adjusting /var/amavis above to match your $TEMPBASE.
# The '-f=/var/amavis' is needed if not running it as root, so it
# can find, read, and write its pid file, etc., see 'man kavdaemon'.
# defUnix.prf: there must be an entry "*/var/amavis" (or whatever
# directory $TEMPBASE specifies) in the 'Names=' section.
# cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

### http://www.hbedv.com/ or http://www.centralcommand.com/
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: if you only have a demo version, remove -z and add 214, as in:
# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,

### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],

### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/^Files Infected:\s+0$/, qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],

### http://www.symantec.com/
['Symantec AntiVirus Scan Engine',
'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
[0], qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],
# NOTE: check options and patterns to see which entry better applies

### http://www.sald.com/, http://drweb.imshop.de/
['drweb - DrWeb Antivirus',
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
'-path={} -al -go -ot -cn -upn -ok-',
[0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
# [pack('N',1). # DRWEBD_SCAN_CMD
# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
# pack('N', # path length
# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/part-xxxxx")).
# '{}/*'. # path
# pack('N',0). # content size
# pack('N',0),
# '/var/drweb/run/drwebd.sock'], # or '127.0.0.1:3000'
# qr/\A\x00(\x10|\x11)\x00\x00/s, # IS_CLEAN, EVAL_KEY
# qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s, # KNOWN_V, UNKNOWN_V, V._MODIF
# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
# ],
# # NOTE: If you are using amavis-milter, change length to:
# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/part-xxxxx").

### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --mime --archive {}', [0], [3,8],
qr/(?:infection|Infected|Suspected): (.+)/ ],

['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],

['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],

['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],

### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],

### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],

### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ .]*: 0(?!\d)/,
qr/Number of files infected[ .]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],

# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
# # NOTE: the command line switches changed with scan engine 8.5 !
# # (btw, assigning stdin to /dev/null causes RAV to fail)

### http://www.nai.com/
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --mime --summary --noboot - {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/,
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
# sub {delete $ENV{LD_PRELOAD}},
],
# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
# and then clear it when finished to avoid confusing anything else.
# NOTE2: to treat encrypted files as viruses replace the [13] with:
# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

### http://www.virusbuster.hu/en/
['VirusBuster', ['vbuster', 'vbengcl'],
# VirusBuster Ltd. does not support the daemon version for the workstation
# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
# binaries, some parameters AND return codes (from 3 to 1) changed.
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],

# ### http://www.virusbuster.hu/en/
# ['VirusBuster (Client + Daemon)', 'vbengd',
# # HINT: for an infected file it returns always 3,
# # although the man-page tells a different story
# '-f -log scandir {}', [0], [3],
# qr/Virus found = (.*);/ ],

### http://www.cyber.com/
['CyberSoft VFind', 'vfind',
'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
],

### http://www.ikarus-software.com/
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/ ],

### http://www.bitdefender.com/
['BitDefender', 'bdc',
'--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)$/ ],

);

# If no virus scanners from the @av_scanners list produce 'clean' nor
# 'infected' status (e.g. they all fail to run or the list is empty),
# then _all_ scanners from the @av_scanners_backup list are tried.
# When there are both daemonized and command-line scanners available,
# it is customary to place slower command-line scanners in the
# @av_scanners_backup list. The default choice is somewhat arbitrary,
# move entries from one list to another as desired.

@av_scanners_backup = (

### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

### http://www.f-prot.com/
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],

### http://www.trendmicro.com/
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

# Commented out because the name 'sweep' clashes with the Debian package of
# the same name. Make sure the correct sweep is found in the path when enabling
#
# ### http://www.sophos.com/
# ['Sophos Anti Virus (sweep)', 'sweep',
# '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
# [0,2], qr/Virus .*? found/,
# qr/^>>> Virus(?:(?: fragment)? '?(.+?)'? found)/,
# ],
# # other options to consider: -mime -oe -idedir=/usr/local/sav

# always succeeds (uncomment to consider mail clean if all other scanners fail)
# ['always-clean', sub {0}],

);


#
# Section VIII - Debugging
#

# The most useful debugging tool is to run amavisd-new non-detached
# from a terminal window: # amavisd debug

# Some more refined approaches:

# If sender matches ACL, turn log level fully up, just for this one message,
# and preserve temporary directory
#@debug_sender_acl = ( "test-sender\@$mydomain" );
#@debug_sender_acl = qw( debug@example.com );

# May be useful along with @debug_sender_acl:
# Prevent all decoded originals being deleted (replaced by decoded part)
#$keep_decoded_original_re = new_RE( qr/.*/ );

# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
#$sa_debug = 1; # defaults to false


#-------------
1; # insure a defined return


so wie ich das verstehe nimmt amavis die mails an 10024 an und fwd dia an port 10025 alles am localhost....oder hab ich da was übersehen??

gruß zini

Hast du den Eintrag in der master.cf auch entsprechend abgeändert? Das Problem ist immer noch, dass Postfix eine TLS-verschlüsselte Verbindung erwartet, wenn Amavis die Mails zurückliefert. Füge der Zeile 127.0.0.1:10025 mal noch den Parameter -v hinzu (einfach hinter "smtpd" schreiben). Dadurch wird der Daemon etwas gesprächiger und du findest hoffentlich was in den Logfiles.

hab die zeile
-o smtpd_tls_auth_only=no
rausgenommen und durch
-o smtpd_enforce_tls=no erstetzt.
jetzt gehts. was mich sowieso wundert ist, das ich in den logs keinen hinweis finde das postfix überhaupt tls benutzt?! sonst kam immer der hinweis plain+tls oder so.
EDIT: es wird tls benutzt!!!hab ich wohl im log überlesen, aber im mail header stehts dann noch mal drin.

also die mails werden jetzt wieder verschickt. nur trau ich dem ganzen noch nicht so richtig über den weg. werd jetzt mal den parametet -v ausprobieren.

danke erstmal!!
EDIT: tja.wenn es das gewesen ist noch mal einen schönen dank für die hilfe in deine richtung!!und nochmal ein frohes neues 2005.