PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Spamassassin (required_hits erhöhen)



mullfreak
20.10.05, 15:18
Hallo,
ich will auf einer Debian/Postfix/Amavis/Spamassassin Konfiguration die Punkte für die Spamfilterung erhöhen. Z. Zt. läuft die Konfig mit 5 Punkten. Diese will ich auf 10 anheben.
Ich hab bereits geändert:
/etc/spamassassin/local.cf
required_hits 10
/etc/amavis/amavisd.conf
$sa_tag2_level_deflt = 10.0;

Da wir die Viren- und Spammails in ein extra Postfach zugestellt bekommen, sehe ich ja im Bericht die Punkteanzahl. Diese ist immer noch bei 5 Punkten. Warum werden die Änderungen nicht vollzogen.
Hab ich in der falschen Konfiguration rumgestellt?
Natürlich wurden die Dienste alle neu gestartet. Muss ich den Server neu starten?

Grüsse
Mullfreak

Fly
20.10.05, 15:37
Hallo,
ich will auf einer Debian/Postfix/Amavis/Spamassassin Konfiguration die Punkte für die Spamfilterung erhöhen. Z. Zt. läuft die Konfig mit 5 Punkten. Diese will ich auf 10 anheben.
Ich hab bereits geändert:
/etc/spamassassin/local.cf
required_hits 10
/etc/amavis/amavisd.conf
$sa_tag2_level_deflt = 10.0;

Da wir die Viren- und Spammails in ein extra Postfach zugestellt bekommen, sehe ich ja im Bericht die Punkteanzahl. Diese ist immer noch bei 5 Punkten. Warum werden die Änderungen nicht vollzogen.
Hab ich in der falschen Konfiguration rumgestellt?

In der local.cf brauchst nix verändern wenn SA mit amavisd aufgerufen wird. Poste die amavisd.conf ohne kommentare...



Natürlich wurden die Dienste alle neu gestartet. Muss ich den Server neu starten?

Grüsse
Mullfreak

Wozu den Server neu starten, wenn du eh alle Dienste neu gestartet hast? ;)

mullfreak
20.10.05, 16:48
Hi fly,

die Konfiguration schicke ich Dir rüber. Dauert nur ein bisschen. Wird heute Abend sein, denke ich.

Es wäre super, wenn Du mir hier helfen könntest.

Grüsse
Mullfreak

mullfreak
20.10.05, 21:02
So, hier die Konfig:



use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'knuerr.com'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
$pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
${recipient}';
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=8*60; # abort child if it does not complete each task in n sec
@local_domains_acl = qw( .domain.com domain.com );
$relayhost_is_client = 0; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
$unix_socketname = undef; # disable listening on a unix socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_level = 0; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED
(%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse'i ,
[qr'^(EICAR\.COM|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
# [qr/.*/ => 1], # true by default?
);
$virus_admin = "spam_virus\@$mydomain"; # due to D_DISCARD default
$spam_admin = "spam_virus\@$mydomain";
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (ZWMAR01) at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
$keep_decoded_original_re = new_RE(
qr'^MAIL$', # retain full original message for virus checking
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
);
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)@'i,
qr'^(drugs|bumsen|drogen)@'i,

qr'^(porn|porno|sex|crime|alcohol|fixen|blasen|pen is)@'i,
qr'^(adultos|adultsight|adultsite|adultsonly|adult web|blowjob|bondage|centerfold|cumshot|cyberlust|c ybercore)@'i,
qr'^(hardcore|incest|masturbat|obscene|pedophil|pe dofil|playmate|pornstar|sexdream|showgirl|softcore |striptease)@'i,
qr'^(porn|porno|sex|crime|alcohol|fixen|blasen|pen is)\d*@'i,
qr'^(adultos|adultsight|adultsite|adultsonly|adult web|blowjob|bondage|centerfold|cumshot|cyberlust|c ybercore)\d*@'i,
qr'^(hardcore|incest|masturbat|obscene|pedophil|pe dofil|playmate|pornstar|sexdream|showgirl|softcore |striptease)\d*@'i,

);
map { $whitelist_sender{lc($_)}=1 } (qw(
cert-advisory-owner@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
razor-users-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
zope-announce-admin@zope.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
owner-announce@mnogosearch.org
owner-hackers@ntp.org
owner-bugs@ntp.org
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
spamassassin-talk-admin@lists.sourceforge.net
yahoo-dev-null@yahoo-inc.com
hp@padu.de
root@domain.com

root@domain.com
wwwrun@domain.com
domain.Info@domain.com
domain.Info@domain.com
MAILER-DAEMON@domain.com
MAILER-DAEMON@domain.com
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability

$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_timeout = 300; # default is 120 seconds
$sa_auto_whitelist = 1; # defaults to undef
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA is mail is larger
$sa_tag_level_deflt = 0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 10.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disables)
@av_scanners = (
['KasperskyLab AVP - aveclient', ['/opt/kav/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*', [0,3,6,8], [2,4],
qr/LINFECTED (.+)/,
],

['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
@av_scanners_backup = (

### http://clamav.elektrapro.com/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

### http://www.f-prot.com/
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

);


Ich hoffe Du findest hier die notwendigen Einstellungen.

Grüsse
Mullfreak

Fly
24.10.05, 10:29
So, hier die Konfig:



use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'knuerr.com'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
$pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
${recipient}';
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=8*60; # abort child if it does not complete each task in n sec
@local_domains_acl = qw( .domain.com domain.com );
$relayhost_is_client = 0; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
$unix_socketname = undef; # disable listening on a unix socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_level = 0; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED
(%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse'i ,
[qr'^(EICAR\.COM|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
# [qr/.*/ => 1], # true by default?
);
$virus_admin = "spam_virus\@$mydomain"; # due to D_DISCARD default
$spam_admin = "spam_virus\@$mydomain";
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (ZWMAR01) at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
$keep_decoded_original_re = new_RE(
qr'^MAIL$', # retain full original message for virus checking
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
);
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)@'i,
qr'^(drugs|bumsen|drogen)@'i,

qr'^(porn|porno|sex|crime|alcohol|fixen|blasen|pen is)@'i,
qr'^(adultos|adultsight|adultsite|adultsonly|adult web|blowjob|bondage|centerfold|cumshot|cyberlust|c ybercore)@'i,
qr'^(hardcore|incest|masturbat|obscene|pedophil|pe dofil|playmate|pornstar|sexdream|showgirl|softcore |striptease)@'i,
qr'^(porn|porno|sex|crime|alcohol|fixen|blasen|pen is)\d*@'i,
qr'^(adultos|adultsight|adultsite|adultsonly|adult web|blowjob|bondage|centerfold|cumshot|cyberlust|c ybercore)\d*@'i,
qr'^(hardcore|incest|masturbat|obscene|pedophil|pe dofil|playmate|pornstar|sexdream|showgirl|softcore |striptease)\d*@'i,

);
map { $whitelist_sender{lc($_)}=1 } (qw(
cert-advisory-owner@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
razor-users-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
zope-announce-admin@zope.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
owner-announce@mnogosearch.org
owner-hackers@ntp.org
owner-bugs@ntp.org
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
spamassassin-talk-admin@lists.sourceforge.net
yahoo-dev-null@yahoo-inc.com
hp@padu.de
root@domain.com

root@domain.com
wwwrun@domain.com
domain.Info@domain.com
domain.Info@domain.com
MAILER-DAEMON@domain.com
MAILER-DAEMON@domain.com
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability

$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_timeout = 300; # default is 120 seconds
$sa_auto_whitelist = 1; # defaults to undef
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA is mail is larger
$sa_tag_level_deflt = 0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 10.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disables)
@av_scanners = (
['KasperskyLab AVP - aveclient', ['/opt/kav/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*', [0,3,6,8], [2,4],
qr/LINFECTED (.+)/,
],

['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
@av_scanners_backup = (

### http://clamav.elektrapro.com/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

### http://www.f-prot.com/
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

);


Ich hoffe Du findest hier die notwendigen Einstellungen.

Grüsse
Mullfreak


Bekommst du mit folgender Wert den Spam-score ins Header geschrieben?


$sa_tag_level_deflt = 0; # add spam info headers if at, or above that level


Würde auf -888 setzen...

mullfreak
24.10.05, 10:48
Hallo fly,

wie komme ich an den Header ran. Die Mails wandern ja nur durch das Relay über den Spamfinder an die Clients.
Wenn ich die Spammails ansehen die ausgefiltert werden, dann kann ich dort keinen Wert feststellen im Header.
Was bedeutet der Wert -888?

Grüsse
Mullfreak

Fly
24.10.05, 11:17
Hallo fly,

wie komme ich an den Header ran. Die Mails wandern ja nur durch das Relay über den Spamfinder an die Clients.
Wenn ich die Spammails ansehen die ausgefiltert werden, dann kann ich dort keinen Wert feststellen im Header.
Was bedeutet der Wert -888?

Grüsse
Mullfreak

mit header-checks oder body_checks kommst du an den Header ran oder was meinst du genau? Der Wert -<hohezahl> zwingt den amavisd, bei jeden Mail eine SpamScore ins Header einzutragen... was 0 bewirkt kann ich nicht sagen...

wird amavisd von der richtigen Konfiguration gestartet? Welche version von amavisd verwendest du?
mach mal ein:


grep -r '$sa_tag2_level_deflt = ***' /etc

mullfreak
24.10.05, 11:55
Hi,
beim Befehl:

grep -r '$sa_tag2_level_deflt = ***' /etc
kriege ich nur wieder die Zeilenangabe in 1 zu 1 aus der amavisd.conf die den sa_tag2_level_deflt beschreibt.

Mit header_checks hab ich keinen Erfolg. Hier hab ich ja nur die zwei Dateien in /etc/postfix in der die erlaubten oder nicht erlaubten Köpfe stehen.

Grüsse
Mullfreak