PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix - Amavisd-new - Spamassassin Einstellungsprobleme



Unixdepp
22.05.05, 12:08
Bei mir läuft seit einigen Tagen Postfix - Amavisd-new - Spamassassin. Dabei erreichen kommen Spam-Mails durch, die eigentlich gescannt und als Spam erkannt wurden:

mail-log:

May 22 10:46:39 mydomain postfix/smtpd[1590]: connect from pcp03282869pcs.uprtnw01.nj.comcast.net[68.44.138.223]
May 22 10:46:39 mydomain postfix/smtpd[1590]: 466315EC08B: client=pcp03282869pcs.uprtnw01.nj.comcast.net[68.44.138.223]
May 22 10:46:39 mydomain postfix/cleanup[1599]: 466315EC08B: message-id=<blTDk1.squirrel@212.43.237.126>
May 22 10:46:39 mydomain postfix/qmgr[1533]: 466315EC08B: from=<info@yourwebdepot.com>, size=4386, nrcpt=1 (queue active)
May 22 10:46:40 mydomain postfix/smtpd[1590]: disconnect from pcp03282869pcs.uprtnw01.nj.comcast.net[68.44.138.223]
May 22 10:46:42 mydomain postfix/smtpd[1603]: connect from localhost[127.0.0.1]
May 22 10:46:42 mydomain postfix/smtpd[1603]: 7EBAF5EC31E: client=localhost[127.0.0.1]
May 22 10:46:42 mydomain postfix/cleanup[1599]: 7EBAF5EC31E: message-id=<blTDk1.squirrel@212.43.237.126>
May 22 10:46:42 mydomain postfix/smtpd[1603]: disconnect from localhost[127.0.0.1]
May 22 10:46:42 mydomain postfix/qmgr[1533]: 7EBAF5EC31E: from=<info@yourwebdepot.com>, size=4836, nrcpt=1 (queue active)
May 22 10:46:42 mydomain postfix/local[1604]: 7EBAF5EC31E: to=<name@servername.provider.de>, relay=local, delay=0, status=sent (delivered to maildir)
May 22 10:46:42 mydomain postfix/qmgr[1533]: 7EBAF5EC31E: removed
May 22 10:46:42 mydomain postfix/smtp[1600]: 466315EC08B: to=<name@servername.provider.de>, orig_to=<name@mydomain.de>, relay=127.0.0.1[127.0.0.1], delay=3, status=sent (250 2.6.0 Ok, id=00963-03, from MTA: 250 Ok: queued as 7EBAF5EC31E)
May 22 10:46:42 mydomain postfix/qmgr[1533]: 466315EC08B: removed


messages:

May 22 10:46:42 mydomain amavis[963]: (00963-03) Passed SPAM, [212.43.237.126] <info@yourwebdepot.com> -> <name@servername.provider.de>, quarantine: spam-b414e65fa69f2264fd001a49a59f29c8-20050522-104639-00963-03, Message-ID: <blTDk1.squirrel@212.43.237.126>, Hits: 17.164

Dennoch kommt diese Mail durch und hat keine Spam-Markierung(?!?) - der Header enthält nur die Info:

X-Virus-Scanned: by amavisd-new at mydomain

aber keinen Hinweis auf Spamassassin o.ä.(?)

Roger Wilco
22.05.05, 14:30
Wie sieht deine Policy bzgl. Spam in der amavisd-new Konfiguration aus? D_PASS, D_BOUNCE, D_REJECT?

Unixdepp
22.05.05, 14:57
Wie sieht deine Policy bzgl. Spam in der amavisd-new Konfiguration aus? D_PASS, D_BOUNCE, D_REJECT?

$final_spam_destiny = D_PASS;

Ziel: Mail sollte durchkommen, aber markiert sein.

Roger Wilco
22.05.05, 15:06
Und $sa_tag*_level stimmt auch?
Poste mal deine amavisd.conf ohne Kommentare.

PS: Dazu eignet sich der CODE-Tag. Du musst nicht händisch einen anderen Font auswählen. ;)

Unixdepp
23.05.05, 13:51
Inzwischen habe ich herausgefunden, daß SPAM erkannt und im Quarantäne-Verzeichnis (mit Spam-Info im Header) abgelegt wird, gleichzeitig aber ohne diese Info im Header ausgeliefert wird:

amavisd.conf


use strict;

#@bypass_virus_checks_maps = qw ( . ); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_maps = qw ( . ); # uncomment to DISABLE anti-spam code


$max_servers = 2; # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$mydomain = 'xyz.de';

$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = '/var/amavis/virusmails';

$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root?
$pid_file = "$MYHOME/var/amavisd.pid";
$lock_file = "$MYHOME/var/amavisd.lock";

@local_domains_maps = ( [".$mydomain"] );

$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'user.info';

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter

$sa_tag_level_deflt = -10; # -9999.9; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0;
$sa_kill_level_deflt = 10.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, cf option is 'use_auto_whitelist')

$virus_admin = "virusalert\@$mydomain"; # notifications recip.

$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "virusalert\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use recent versions
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio'];
$dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)

$sa_spam_subject_tag = '[SPAM] ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name

# $final_virus_destiny = D_DISCARD;
# $final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;

[...]

Ich habe jetzt mal testweise die Zeile

$final_spam_destiny = D_PASS;

auskommentiert und jetzt kommt (bisher jedenfalls) kein Spam mehr durch (nur noch in Quarantäne). Ist das die Lösung(?!)