BiZNiZ
02.03.06, 06:15
Moin ...
... wir haben hier einen "Groupware-Server", bestehend aus einem SLES9 und Open-Xchange5. Darauf läuft postfix, cyrus, amavis + spamassassin.
... habe hier seit geraumer Zeit einige Probleme mit SPAM.
Nachdem ich nun diverse HowTo's und Bücher durch habe, finde ich dennoch meine Fehler nicht ... aber irgendwas ist faul ...
SpamAssassin ist auf dem System in der Version 2.64 vorhanden, und ich habe auch schon einige Male den Tipp bekommen, dass ich updaten müsste.
Dabei habe ich ein wenig "PiPi in den Augen", da es dabei bei einigen zu Problemem kam, dass gar keine Mails mehr ankamen ...
Außerdem lief der 2.64'er auf unserem "alten" SLOX 4.1 einwandfrei (Trefferquote bei etwa 98%, würde ich sagen ...).
Dort lief er allerdings mit procmail, und amavis war "nur" für das Scannen von Viren verantwortlich.
Ich also die Vermutung, dass amavis hier irgendwie quer schlägt.
Hier also nun das Phänomen:
Einige mails werden korrekt erkannt und in den Ordner SPAM verschoben.
Beispiel:
Return-Path: <hugh@yahoo.com>
Received: from ox5.vhs-heidekreis.de ([unix socket]) by ox5 (Cyrus v2.2.3) with LMTP; Fri, 24 Feb 2006 04:25:03 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1]) by ox5.vhs-heidekreis.de (Postfix) with ESMTP id AE91F1A32A for <rpatzke@ox5.vhs-heidekreis.de>; Fri, 24 Feb 2006 04:25:03 +0100 (CET)
Received: from ox5.vhs-heidekreis.de ([127.0.0.1]) by localhost (ox5 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26128-06 for <rpatzke@ox5.vhs-heidekreis.de>; Fri, 24 Feb 2006 04:24:56 +0100 (CET)
Received: by ox5.vhs-heidekreis.de (Postfix, from userid 65534) id A865C1A327; Fri, 24 Feb 2006 04:24:56 +0100 (CET)
Received: from localhost by ox5.vhs-heidekreis.de with SpamAssassin (2.64 2004-01-11); Fri, 24 Feb 2006 04:24:56 +0100
From: "Fried" <hugh@yahoo.com>
To: <rpatzke@vhs-heidekreis.de>
Subject: C1alis 10 Pills 20 mg $89.95
Date: Thu, 23 Feb 2006 21:24:31 +0100
Message-Id: <000001c62a4e$7b3c4180$0100007f@neska>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_43FE7C88.4B235A2A"
X-Virus-Scanned: by amavisd-new at vhs-heidekreis.de
X-Spam-Status: Yes, hits=5.9 tagged_above=-99.0 required=3.0 tests=AWL, DATE_IN_PAST_06_12, FORGED_YAHOO_RCVD, HTML_MESSAGE, MSGID_OUTLOOK_INVALID, UPPERCASE_25_50
X-Spam-Level: *****
X-Spam-Flag: YES
This is a multi-part message in MIME format.
------------=_43FE7C88.4B235A2A
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "ox5.vhs-heidekreis.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ms020507090000070002040500 Content-Type: text/plain;
charset="koi8-r" Content-Transfer-Encoding: quoted-printable
ms020507090000070002040500 Content-Type: text/html; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable [...]
Content analysis details: (13.9 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 HTML_50_60 BODY: Message is 50% to 60% HTML
1.1 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
1.4 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
4.2 MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
1.2 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
andere - die meisten - werden auch von SpamAssassin bearbeitet, aber nicht mit dem X-Spam-Flag versehen, und landen somit im Posteingang ...
Beispiel:
Return-Path: <richard@expomedica.biz>
Received: from ox5.vhs-heidekreis.de ([unix socket]) by ox5 (Cyrus v2.2.3) with LMTP; Tue, 28 Feb 2006 13:56:05 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1]) by ox5.vhs-heidekreis.de (Postfix) with ESMTP id 598D91971F for <rpatzke@ox5.vhs-heidekreis.de>; Tue, 28 Feb 2006 13:56:05 +0100 (CET)
Received: from ox5.vhs-heidekreis.de ([127.0.0.1]) by localhost (ox5 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09702-03 for <rpatzke@ox5.vhs-heidekreis.de>; Tue, 28 Feb 2006 13:55:58 +0100 (CET)
Received: by ox5.vhs-heidekreis.de (Postfix, from userid 65534) id 6B97F1971C; Tue, 28 Feb 2006 13:55:58 +0100 (CET)
Received: from localhost by ox5.vhs-heidekreis.de with SpamAssassin (2.64 2004-01-11); Tue, 28 Feb 2006 13:55:58 +0100
From: "Rogert" <richard@expomedica.biz>
To: <rpatzke@vhs-heidekreis.de>
Subject: Need medicine? All here!
Date: Tue, 28 Feb 2006 07:55:41 +0100
Message-Id: <000001c63c66$4777c480$0100007f@Finishing>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4404485E.2A2A35EB"
X-Virus-Scanned: by amavisd-new at vhs-heidekreis.de
X-Spam-Status: No, hits=0.8 tagged_above=-99.0 required=3.0 tests=BIZ_TLD, DATE_IN_PAST_06_12, HTML_MESSAGE, UPPERCASE_25_50
X-Spam-Level:
This is a multi-part message in MIME format.
------------=_4404485E.2A2A35EB
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "ox5.vhs-heidekreis.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ms050000050508080609080105 Content-Type: text/plain;
charset="koi8-r" Content-Transfer-Encoding: quoted-printable
ms050000050508080609080105 Content-Type: text/html; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable [...]
Content analysis details: (8.5 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 HTML_50_60 BODY: Message is 50% to 60% HTML
1.1 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
1.4 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Was bitte soll dass?
Da ich nun echt am Ende bin mit meinem mageren Latein, hier mal die Configs:
Spamassassin local.cf
# Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#
required_hits 3
# rewrite the Subject: line with ****SPAM**** .* if set to 1 (default=1)
rewrite_subject 0
# report briefly, recommended for report_header==1 (default=0)
use_terse_report 1
### added by admin ###
use_bayes 1
auto_learn 1
Amavisd-new amavisd.conf:
use strict;
$MYHOME = '/var/spool/amavis';
$mydomain = 'vhs-heidekreis.de';
$myhostname = 'ox5.vhs-heidekreis.de'; # fqdn of this host, default by uname(3)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
$log_level = 2; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
# Notify virus sender?
$warnvirussender = 1; # (defaults to false (undef))
# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax, check also README.policy-on-notifications
#
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "virusalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
$mailfrom_to_quarantine = ''; # override sender address with null return path
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar
#$virus_quarantine_to = undef; # no quarantine
# similar for spam
# (the default value is undef, meaning no quarantine)
#
$spam_quarantine_to = undef;
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
$keep_decoded_original_re = new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',
);
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp |hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sc t|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
# qr'^\.(zip|lha|tnef|cab)$'i, # banned file(1) types
qr'^\.exe$'i, # banned file(1) types
qr'^application/x-msdownload$'i, # banned MIME types
qr'^application/x-msdos-program$'i,
# qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
nobody@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
yahoo-dev-null@yahoo-inc.com
returns.groups.yahoo.com
));
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
# the options needed; the rest of us use cpio
# SpamAssassin settings
$sa_local_tests_only = 0; # (default: false)
$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 250*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
$sa_tag_level_deflt = -99.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$sa_spam_modifies_subj = 0; # may be a ref to a lookup table, default is true
@av_scanners = (
# ### http://www.clamav.net/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvcc',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
#$sa_debug = 1; # defaults to false
1; # insure a defined return
postfix master.cf:
smtp inet n - n - - smtpd -o content_filter=spamassassin
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
###### SPAMASSASIN #####
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,rej ect -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
Postfix main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
mail_spool_directory = /var/mail
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
mail_owner = postfix
#default_privs = nobody
myhostname = ox5.vhs-heidekreis.de
mydomain = vhs-heidekreis.de
myorigin = $myhostname
mydestination = $myhostname,localhost.$mydomain
inet_interfaces = all
local_recipient_maps =
unknown_local_recipient_reject_code = 450
mynetworks = 127.0.0.1
#relay_domains = $mydestination
relayhost = relay.t-dsl-business.de
recipient_delimiter = +
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024
#fallback_transport = lmtp:unix:/file/name
#luser_relay = **LUSER_RELAY**
smtpd_banner = $myhostname
transport_maps = ldap:ldaptrans
virtual_alias_maps = hash:/etc/postfix/virtual,ldap:ldapaliases
virtual_alias_domains = ldap:ldapvdom
alias_maps = hash:/etc/aliases,ldap:ldapsharedfolder
disable_dns_lookups = no
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
defer_transports =
message_size_limit = 5242880
mailbox_size_limit = 0
smtpd_recipient_restrictions = permit_mynetworks,permit_tls_clientcerts,permit_sa sl_authenticated,reject_unauth_destination
################ SASL config ##############
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
###########################################
################ TLS config ################
#smtp_use_tls = yes
#smtpd_use_tls = yes
#smtpd_tls_ask_ccert = yes
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_key_file = /etc/ssl/certs/skey.pem
#smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#tls_daemon_random_source = dev:/dev/urandom
#############################################
#ldap_restrictions_server_host = 127.0.0.1
#ldap_restrictions_server_port = 389
#ldap_restrictions_bind = no
#ldap_restrictions_timeout = 20
#ldap_restrictions_search_base = ou=peopleSYSTEM_LDAP_BASE,
#ldap_restrictions_query_filter = (|(mail=%s)(alias=%s))
#ldap_restrictions_result_attribute = lnetMailAccess
#ldap_restrictions_scope = sub
ldaptrans_server_host= 127.0.0.1
ldaptrans_server_port= 389
ldaptrans_bind= no
ldaptrans_timeout= 20
ldaptrans_search_base= ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,o u=OxObjects,dc=vhs-heidekreis,dc=de
ldaptrans_query_filter= (&(objectclass=OXMailTransportObject)(smtpDomain=%s) )
ldaptrans_result_attribute= smtpDomainTransportNexthop
ldaptrans_scope= one
ldapvdom_server_host= 127.0.0.1
ldapvdom_server_port= 389
ldapvdom_bind= no
ldapvdom_timeout= 20
ldapvdom_search_base= ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldapvdom_query_filter= (&(objectclass=OXVDomainObject)(domainName=%s)(MTALo caldomain=OK))
ldapvdom_result_attribute= domainName
ldapvdom_scope= sub
ldapaliases_server_host= 127.0.0.1
ldapaliases_server_port= 389
ldapaliases_bind= no
ldapaliases_timeout= 20
ldapaliases_search_base= dc=vhs-heidekreis,dc=de
ldapaliases_query_filter= (|(&(alias=%s)(objectclass=shadowAccount)(mailenabled= OK))(&(aliasName=%s)(objectclass=OXAlias))(&(mail=%s)(objectclass=shadowAccount)(mailenabled=O K)))
ldapaliases_result_attribute= uid,aliasRecipient
ldapaliases_scope= sub
ldapsharedfolder_server_host= 127.0.0.1
ldapsharedfolder_server_port= 389
ldapsharedfolder_bind= no
ldapsharedfolder_timeout= 20
ldapsharedfolder_search_base= ou=SharedFolder,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldapsharedfolder_query_filter= (&(objectclass=OXIMAPFolderObject)(|(fn=%u)(fn=%s)))
ldapsharedfolder_result_attribute= deliverToUID,mailDeliveryProgram
ldapsharedfolder_scope= sub
ldaplocdom_server_host= 127.0.0.1
ldaplocdom_server_port= 389
ldaplocdom_bind= no
ldaplocdom_timeout= 20
ldaplocdom_search_base= ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldaplocdom_query_filter= (&(objectclass=OXVDomainObject)(domainName=%s))
ldaplocdom_result_attribute= MTALocaldomain
ldaplocdom_scope= sub
ldapchecksender_server_host= 127.0.0.1
ldapchecksender_server_port= 389
ldapchecksender_bind= no
ldapchecksender_timeout= 20
ldapchecksender_search_base= ou=people,dc=vhs-heidekreis,dc=de
ldapchecksender_query_filter= (|(&(alias=%s)(objectclass=shadowAccount))(&(mail=%s)(objectclass=shadowAccount)))
ldapchecksender_result_attribute = lnetMailAccess
ldapchecksender_scope= sub
### added by admin
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Ich hoffe einfach, dass mir irgendjemand bei der Fehlersuche auf die Sprünge helfen kann ...
Danke im voraus ...
... wir haben hier einen "Groupware-Server", bestehend aus einem SLES9 und Open-Xchange5. Darauf läuft postfix, cyrus, amavis + spamassassin.
... habe hier seit geraumer Zeit einige Probleme mit SPAM.
Nachdem ich nun diverse HowTo's und Bücher durch habe, finde ich dennoch meine Fehler nicht ... aber irgendwas ist faul ...
SpamAssassin ist auf dem System in der Version 2.64 vorhanden, und ich habe auch schon einige Male den Tipp bekommen, dass ich updaten müsste.
Dabei habe ich ein wenig "PiPi in den Augen", da es dabei bei einigen zu Problemem kam, dass gar keine Mails mehr ankamen ...
Außerdem lief der 2.64'er auf unserem "alten" SLOX 4.1 einwandfrei (Trefferquote bei etwa 98%, würde ich sagen ...).
Dort lief er allerdings mit procmail, und amavis war "nur" für das Scannen von Viren verantwortlich.
Ich also die Vermutung, dass amavis hier irgendwie quer schlägt.
Hier also nun das Phänomen:
Einige mails werden korrekt erkannt und in den Ordner SPAM verschoben.
Beispiel:
Return-Path: <hugh@yahoo.com>
Received: from ox5.vhs-heidekreis.de ([unix socket]) by ox5 (Cyrus v2.2.3) with LMTP; Fri, 24 Feb 2006 04:25:03 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1]) by ox5.vhs-heidekreis.de (Postfix) with ESMTP id AE91F1A32A for <rpatzke@ox5.vhs-heidekreis.de>; Fri, 24 Feb 2006 04:25:03 +0100 (CET)
Received: from ox5.vhs-heidekreis.de ([127.0.0.1]) by localhost (ox5 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26128-06 for <rpatzke@ox5.vhs-heidekreis.de>; Fri, 24 Feb 2006 04:24:56 +0100 (CET)
Received: by ox5.vhs-heidekreis.de (Postfix, from userid 65534) id A865C1A327; Fri, 24 Feb 2006 04:24:56 +0100 (CET)
Received: from localhost by ox5.vhs-heidekreis.de with SpamAssassin (2.64 2004-01-11); Fri, 24 Feb 2006 04:24:56 +0100
From: "Fried" <hugh@yahoo.com>
To: <rpatzke@vhs-heidekreis.de>
Subject: C1alis 10 Pills 20 mg $89.95
Date: Thu, 23 Feb 2006 21:24:31 +0100
Message-Id: <000001c62a4e$7b3c4180$0100007f@neska>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_43FE7C88.4B235A2A"
X-Virus-Scanned: by amavisd-new at vhs-heidekreis.de
X-Spam-Status: Yes, hits=5.9 tagged_above=-99.0 required=3.0 tests=AWL, DATE_IN_PAST_06_12, FORGED_YAHOO_RCVD, HTML_MESSAGE, MSGID_OUTLOOK_INVALID, UPPERCASE_25_50
X-Spam-Level: *****
X-Spam-Flag: YES
This is a multi-part message in MIME format.
------------=_43FE7C88.4B235A2A
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "ox5.vhs-heidekreis.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ms020507090000070002040500 Content-Type: text/plain;
charset="koi8-r" Content-Transfer-Encoding: quoted-printable
ms020507090000070002040500 Content-Type: text/html; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable [...]
Content analysis details: (13.9 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 HTML_50_60 BODY: Message is 50% to 60% HTML
1.1 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
1.4 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
4.2 MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
1.2 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
andere - die meisten - werden auch von SpamAssassin bearbeitet, aber nicht mit dem X-Spam-Flag versehen, und landen somit im Posteingang ...
Beispiel:
Return-Path: <richard@expomedica.biz>
Received: from ox5.vhs-heidekreis.de ([unix socket]) by ox5 (Cyrus v2.2.3) with LMTP; Tue, 28 Feb 2006 13:56:05 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1]) by ox5.vhs-heidekreis.de (Postfix) with ESMTP id 598D91971F for <rpatzke@ox5.vhs-heidekreis.de>; Tue, 28 Feb 2006 13:56:05 +0100 (CET)
Received: from ox5.vhs-heidekreis.de ([127.0.0.1]) by localhost (ox5 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09702-03 for <rpatzke@ox5.vhs-heidekreis.de>; Tue, 28 Feb 2006 13:55:58 +0100 (CET)
Received: by ox5.vhs-heidekreis.de (Postfix, from userid 65534) id 6B97F1971C; Tue, 28 Feb 2006 13:55:58 +0100 (CET)
Received: from localhost by ox5.vhs-heidekreis.de with SpamAssassin (2.64 2004-01-11); Tue, 28 Feb 2006 13:55:58 +0100
From: "Rogert" <richard@expomedica.biz>
To: <rpatzke@vhs-heidekreis.de>
Subject: Need medicine? All here!
Date: Tue, 28 Feb 2006 07:55:41 +0100
Message-Id: <000001c63c66$4777c480$0100007f@Finishing>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4404485E.2A2A35EB"
X-Virus-Scanned: by amavisd-new at vhs-heidekreis.de
X-Spam-Status: No, hits=0.8 tagged_above=-99.0 required=3.0 tests=BIZ_TLD, DATE_IN_PAST_06_12, HTML_MESSAGE, UPPERCASE_25_50
X-Spam-Level:
This is a multi-part message in MIME format.
------------=_4404485E.2A2A35EB
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "ox5.vhs-heidekreis.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ms050000050508080609080105 Content-Type: text/plain;
charset="koi8-r" Content-Transfer-Encoding: quoted-printable
ms050000050508080609080105 Content-Type: text/html; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable [...]
Content analysis details: (8.5 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 HTML_50_60 BODY: Message is 50% to 60% HTML
1.1 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
1.4 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Was bitte soll dass?
Da ich nun echt am Ende bin mit meinem mageren Latein, hier mal die Configs:
Spamassassin local.cf
# Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#
required_hits 3
# rewrite the Subject: line with ****SPAM**** .* if set to 1 (default=1)
rewrite_subject 0
# report briefly, recommended for report_header==1 (default=0)
use_terse_report 1
### added by admin ###
use_bayes 1
auto_learn 1
Amavisd-new amavisd.conf:
use strict;
$MYHOME = '/var/spool/amavis';
$mydomain = 'vhs-heidekreis.de';
$myhostname = 'ox5.vhs-heidekreis.de'; # fqdn of this host, default by uname(3)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
$log_level = 2; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
# Notify virus sender?
$warnvirussender = 1; # (defaults to false (undef))
# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax, check also README.policy-on-notifications
#
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "virusalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
$mailfrom_to_quarantine = ''; # override sender address with null return path
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar
#$virus_quarantine_to = undef; # no quarantine
# similar for spam
# (the default value is undef, meaning no quarantine)
#
$spam_quarantine_to = undef;
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
$keep_decoded_original_re = new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',
);
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp |hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sc t|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
# qr'^\.(zip|lha|tnef|cab)$'i, # banned file(1) types
qr'^\.exe$'i, # banned file(1) types
qr'^application/x-msdownload$'i, # banned MIME types
qr'^application/x-msdos-program$'i,
# qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|mo ney2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsno ring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers )@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
nobody@cert.org
owner-alert@iss.net
slashdot@slashdot.org
bugtraq@securityfocus.com
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
security-alerts@linuxsecurity.com
amavis-user-admin@lists.sourceforge.net
notification-return@lists.sophos.com
mailman-announce-admin@python.org
owner-postfix-users@postfix.org
owner-postfix-announce@postfix.org
owner-sendmail-announce@Lists.Sendmail.ORG
owner-technews@postel.ACM.ORG
lvs-users-admin@LinuxVirtualServer.org
ietf-123-owner@loki.ietf.org
cvs-commits-list-admin@gnome.org
rt-users-admin@lists.fsck.com
clp-request@comp.nus.edu.sg
surveys-errors@lists.nua.ie
emailNews@genomeweb.com
owner-textbreakingnews@CNNIMAIL12.CNN.COM
yahoo-dev-null@yahoo-inc.com
returns.groups.yahoo.com
));
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
# the options needed; the rest of us use cpio
# SpamAssassin settings
$sa_local_tests_only = 0; # (default: false)
$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 250*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
$sa_tag_level_deflt = -99.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$sa_spam_modifies_subj = 0; # may be a ref to a lookup table, default is true
@av_scanners = (
# ### http://www.clamav.net/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvcc',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
#$sa_debug = 1; # defaults to false
1; # insure a defined return
postfix master.cf:
smtp inet n - n - - smtpd -o content_filter=spamassassin
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
###### SPAMASSASIN #####
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,rej ect -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
Postfix main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
mail_spool_directory = /var/mail
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
mail_owner = postfix
#default_privs = nobody
myhostname = ox5.vhs-heidekreis.de
mydomain = vhs-heidekreis.de
myorigin = $myhostname
mydestination = $myhostname,localhost.$mydomain
inet_interfaces = all
local_recipient_maps =
unknown_local_recipient_reject_code = 450
mynetworks = 127.0.0.1
#relay_domains = $mydestination
relayhost = relay.t-dsl-business.de
recipient_delimiter = +
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024
#fallback_transport = lmtp:unix:/file/name
#luser_relay = **LUSER_RELAY**
smtpd_banner = $myhostname
transport_maps = ldap:ldaptrans
virtual_alias_maps = hash:/etc/postfix/virtual,ldap:ldapaliases
virtual_alias_domains = ldap:ldapvdom
alias_maps = hash:/etc/aliases,ldap:ldapsharedfolder
disable_dns_lookups = no
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
defer_transports =
message_size_limit = 5242880
mailbox_size_limit = 0
smtpd_recipient_restrictions = permit_mynetworks,permit_tls_clientcerts,permit_sa sl_authenticated,reject_unauth_destination
################ SASL config ##############
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
###########################################
################ TLS config ################
#smtp_use_tls = yes
#smtpd_use_tls = yes
#smtpd_tls_ask_ccert = yes
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_key_file = /etc/ssl/certs/skey.pem
#smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#tls_daemon_random_source = dev:/dev/urandom
#############################################
#ldap_restrictions_server_host = 127.0.0.1
#ldap_restrictions_server_port = 389
#ldap_restrictions_bind = no
#ldap_restrictions_timeout = 20
#ldap_restrictions_search_base = ou=peopleSYSTEM_LDAP_BASE,
#ldap_restrictions_query_filter = (|(mail=%s)(alias=%s))
#ldap_restrictions_result_attribute = lnetMailAccess
#ldap_restrictions_scope = sub
ldaptrans_server_host= 127.0.0.1
ldaptrans_server_port= 389
ldaptrans_bind= no
ldaptrans_timeout= 20
ldaptrans_search_base= ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,o u=OxObjects,dc=vhs-heidekreis,dc=de
ldaptrans_query_filter= (&(objectclass=OXMailTransportObject)(smtpDomain=%s) )
ldaptrans_result_attribute= smtpDomainTransportNexthop
ldaptrans_scope= one
ldapvdom_server_host= 127.0.0.1
ldapvdom_server_port= 389
ldapvdom_bind= no
ldapvdom_timeout= 20
ldapvdom_search_base= ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldapvdom_query_filter= (&(objectclass=OXVDomainObject)(domainName=%s)(MTALo caldomain=OK))
ldapvdom_result_attribute= domainName
ldapvdom_scope= sub
ldapaliases_server_host= 127.0.0.1
ldapaliases_server_port= 389
ldapaliases_bind= no
ldapaliases_timeout= 20
ldapaliases_search_base= dc=vhs-heidekreis,dc=de
ldapaliases_query_filter= (|(&(alias=%s)(objectclass=shadowAccount)(mailenabled= OK))(&(aliasName=%s)(objectclass=OXAlias))(&(mail=%s)(objectclass=shadowAccount)(mailenabled=O K)))
ldapaliases_result_attribute= uid,aliasRecipient
ldapaliases_scope= sub
ldapsharedfolder_server_host= 127.0.0.1
ldapsharedfolder_server_port= 389
ldapsharedfolder_bind= no
ldapsharedfolder_timeout= 20
ldapsharedfolder_search_base= ou=SharedFolder,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldapsharedfolder_query_filter= (&(objectclass=OXIMAPFolderObject)(|(fn=%u)(fn=%s)))
ldapsharedfolder_result_attribute= deliverToUID,mailDeliveryProgram
ldapsharedfolder_scope= sub
ldaplocdom_server_host= 127.0.0.1
ldaplocdom_server_port= 389
ldaplocdom_bind= no
ldaplocdom_timeout= 20
ldaplocdom_search_base= ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=vhs-heidekreis,dc=de
ldaplocdom_query_filter= (&(objectclass=OXVDomainObject)(domainName=%s))
ldaplocdom_result_attribute= MTALocaldomain
ldaplocdom_scope= sub
ldapchecksender_server_host= 127.0.0.1
ldapchecksender_server_port= 389
ldapchecksender_bind= no
ldapchecksender_timeout= 20
ldapchecksender_search_base= ou=people,dc=vhs-heidekreis,dc=de
ldapchecksender_query_filter= (|(&(alias=%s)(objectclass=shadowAccount))(&(mail=%s)(objectclass=shadowAccount)))
ldapchecksender_result_attribute = lnetMailAccess
ldapchecksender_scope= sub
### added by admin
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Ich hoffe einfach, dass mir irgendjemand bei der Fehlersuche auf die Sprünge helfen kann ...
Danke im voraus ...