PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix und Amavisd-New stellen sich tot...



cpreisinger
02.10.06, 16:39
Hi zusammen,
bräuchte mal wieder fachmännische Hilfe!

Folgendes Problem:
Auf einem Server mit SuSe 10.1 ist Postfix installiert.
Jetzt habe ich noch Amavisd-New eingebunden, sowie SA und CLamAV.
Leider startet postfix jetzt nicht mehr richtig und geht nach kurzer Zeit zum "throttle" über.Auch auf den Ports 10025 und 10024 bekomme ich keine Lebenszeichen beim Versuch eines Telnets...

Hier die Auszüge:
Master.CF:


smtp inet n - n - 50 smtpd -o content_filter = amavis:[localhost]:10024
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
#
#
#

#### fuer AmavisD #####

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1


Die Main.cf nach Postconf -n:


alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
in_flow_delay = 0s
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = y.de
myhostname = x.y.de
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = +
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject _unauth_destination,reject_non_fqdn_sender,reject_ rbl_client relays.ordb.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client list.dsbl.org,reject_rbl_client opm.blitzed.org,reject_rbl_client sbl.spamhaus.org,reject_rhsbl_client blackhole.securitysage.com,reject_rhsbl_sender blackhole.securitysage.com
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps


Auszug der var/log/mail:


mail:/usr/local/bin # tail -f /var/log/mail
Oct 2 15:58:30 mail postfix/qmgr[9476]: E750D2BFD5: to=<root@x.y.de>, orig_to=<root>, relay=none, delay=17725, status=deferred (delivery temporarily suspended: transport is unavailable)
Oct 2 15:58:30 mail postfix/qmgr[9476]: warning: E750D2BFD5: flush service failure
Oct 2 15:58:30 mail postfix/qmgr[9476]: F0FE52C79A: from=<root@x.y.de>, size=773, nrcpt=1 (queue active)
Oct 2 15:58:30 mail postfix/qmgr[9476]: F0FE52C79A: to=<root@x.y.de>, orig_to=<root>, relay=none, delay=330929, status=deferred (delivery temporarily suspended: transport is unavailable)
Oct 2 15:58:30 mail postfix/qmgr[9476]: warning: F0FE52C79A: flush service failure
Oct 2 15:58:30 mail postfix/qmgr[9476]: F3DDC2C7F1: from=<root@x.y.de>, size=776, nrcpt=1 (queue active)
Oct 2 15:58:30 mail postfix/qmgr[9476]: F3DDC2C7F1: to=<root@x.y.de>, orig_to=<root>, relay=none, delay=53728, status=deferred (delivery temporarily suspended: transport is unavailable)
Oct 2 15:58:30 mail postfix/qmgr[9476]: warning: F3DDC2C7F1: flush service failure
Oct 2 15:59:26 mail postfix/qmgr[9476]: warning: connect to transport amavis: Operation not permitted
Oct 2 15:59:26 mail postfix/qmgr[9476]: warning: connect to transport smtp-amavis: Operation not permitted
Oct 2 16:00:08 mail postfix/smtpd[9557]: fatal: open lock file pid/inet.127.0.0.1:10025: cannot create file exclusively: Operation not permitted
Oct 2 16:00:09 mail postfix/master[9474]: warning: process /usr/lib/postfix/smtpd pid 9557 exit status 1
Oct 2 16:00:09 mail postfix/master[9474]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Oct 2 16:00:26 mail postfix/qmgr[9476]: warning: connect to transport amavis: Operation not permitted
Oct 2 16:00:26 mail postfix/qmgr[9476]: warning: connect to transport smtp-amavis: Operation not permitted
Oct 2 16:01:09 mail postfix/smtpd[9560]: fatal: open lock file pid/inet.127.0.0.1:10025: cannot create file exclusively: Operation not permitted


Ich hoffe Ihr könnt mir ein wenig weiter auf die Sprünge helfen...
Danke schon mal im Voraus!

drcux
02.10.06, 16:50
riecht nach apparmor

cpreisinger
05.10.06, 15:26
hey danke, jetzt hab ich das blöde Ding gleich mal deaktiviert und es läuft besser als vorher...;) :D :ugly:

Trotzdem noch ein paar kleine Probleme ...
amavisd debug sagt:


Oct 5 13:14:46 mail.xxx.de /usr/local/sbin/amavisd[26868]: TROUBLE in pre_loop_hook: No TEMPBASE directory: /var/amavis /var/amavis/tmp at /usr/local/sbin/amavisd line 6885.
Suicide () TROUBLE in pre_loop_hook: No TEMPBASE directory: /var/amavis /var/amavis/tmp at /usr/local/sbin/amavisd line 6885.


UND

das maillog sagt:


Oct 5 15:17:51 mail postfix/qmgr[26959]: E14912C986: to=<root@mail.xxx.de>, orig_to=<root>, relay=none, delay=148487, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)
Oct 5 15:17:51 mail postfix/qmgr[26959]: F3DDC2C7F1: to=<root@mail.xxx.de>, orig_to=<root>, relay=none, delay=310489, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)
Oct 5 15:17:52 mail postfix/local[26993]: 617432C82B: to=<root@mail.xxx.de>, relay=local, delay=10, status=sent (delivered to mailbox)
Oct 5 15:17:52 mail postfix/qmgr[26959]: 617432C82B: removed
Oct 5 15:17:53 mail postfix/local[26988]: A65A12C834: to=<root@mail.xxx.de>, relay=local, delay=11, status=sent (delivered to mailbox)
Oct 5 15:17:53 mail postfix/qmgr[26959]: A65A12C834: removed
Oct 5 15:18:46 mail postfix/qmgr[26959]: warning: connect to transport smtp-amavis: Connection refused
Oct 5 15:19:46 mail postfix/qmgr[26959]: warning: connect to transport smtp-amavis: Connection refused
Oct 5 15:20:46 mail postfix/qmgr[26959]: warning: connect to transport smtp-amavis: Connection refused
Oct 5 15:21:06 mail postfix/scache[26986]: statistics: start interval Oct 5 15:17:39
Oct 5 15:21:06 mail postfix/scache[26986]: statistics: domain lookup hits=0 miss=6 success=0%
Oct 5 15:21:06 mail postfix/scache[26986]: statistics: address lookup hits=0 miss=6 success=0%
Oct 5 15:21:46 mail postfix/qmgr[26959]: warning: connect to transport smtp-amavis: Connection refused


Der Telnet auf Port 25 und 10025 (Postfix) funktioniert nun, aber der auf den AMAVIS 10024 noch nicht! Meldung: CONNECTION REFUSED.

Was kann das denn noch sein ?!?! HILFE !!!:(

michael.sprick
05.10.06, 15:47
In Deiner amavisd.conf gibt es die Direktive:



$TEMPBASE="/var/amavis/tmp";


Kontrollier` mal, ob dieses Verzeichnis existiert bzw. ob amavis dort Schreib/Leserechte hat.

cpreisinger
05.10.06, 17:16
ja das hab ich schon kotrolliert ... habe sogar aus verzweiflung schon 777 auf var /amavis gegeben, bringt auch nix...
Habe aber eben mal mit dem aufruf: "amavisd -u vscan debug" gestartet und folgenden Fehler bekommen...



Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: starting. /usr/local/sbin/amavisd at mail.fbp-systemhaus.de amavisd-new-2.4.2 (20060627), Unicode aware, LC_CTYPE=de_DE.UTF-8, LANG=POSIX
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: user=vscan, EUID: 480 (480); group=80, EGID: 80 80 (80 80); log_level=2
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Perl version 5.008008
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: INFO: no optional modules: Sys::Hostname::Long Mail::SPF::Query Net::CIDR::Lite Mail::SpamAssassin::Plugin::DomainKeys Mail::SpamAssassin::Plugin::HTTPSMismatch Mail::DomainKeys::Header Mail::DomainKeys::Message Mail::DomainKeys::Policy Mail::DomainKeys::Signature Mail::DomainKeys::Key Mail::DomainKeys::Key::Public Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::new_public_key auto::Crypt::OpenSSL::RSA::new_public_key auto::Crypt::OpenSSL::RSA::new_key_from_parameters auto::Crypt::OpenSSL::RSA::get_key_parameters auto::Crypt::OpenSSL::RSA::import_random_seed IP::Country::Fast
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: SpamControl: init_pre_chroot done
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: 2006/10/05-17:14:15 Amavis (type Net::Server::PreForkSimple) starting! pid(29855)
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: Group Not Defined. Defaulting to EGID '80 80'
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: User Not Defined. Defaulting to EUID '480'
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: Chrooting to /var/amavis
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: 2006/10/05-17:14:15 Couldn't chroot to "/var/amavis"\n at line 544 in file /usr/lib/perl5/site_perl/5.8.8/Net/Server.pm
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: 2006/10/05-17:14:15 Server closing!


Benutzer und Gruppe sind vscan wie in der amavisd.conf angegeben!
Hab mal das Net::Server Modul geprüft...
Im Yast steht 0.90, Perl sagt er habe 0.94 installiert!
Was bedeutet dann bitte die Meldung oben im Debug Output ???:mad:

Roger Wilco
05.10.06, 17:30
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: user=vscan, EUID: 480 (480); group=80, EGID: 80 80 (80 80); log_level=2
Oct 5 17:14:15 mail.xxx.de /usr/local/sbin/amavisd[29855]: Net::Server: 2006/10/05-17:14:15 Couldn't chroot to "/var/amavis"\n at line 544 in file /usr/lib/perl5/site_perl/5.8.8/Net/Server.pm
Der chroot-Systemaufruf ist dem Benutzer mit der UID 0 (root) oder der Capability CAP_SYS_CHROOT vorbehalten. Steht u. a. in chroot(2).

cpreisinger
05.10.06, 17:34
ok, das klingt logisch.
Aber ich habe den Amavisd-new genau nach Doku installiert.
Wie kann ich das Problem dann beheben?
Bzw. wie behebe ich das Problem das bereits oben steht ???



Oct 5 13:14:46 mail.xxx.de /usr/local/sbin/amavisd[26868]: TROUBLE in pre_loop_hook: No TEMPBASE directory: /var/amavis /var/amavis/tmp at /usr/local/sbin/amavisd line 6885.
Suicide () TROUBLE in pre_loop_hook: No TEMPBASE directory: /var/amavis /var/amavis/tmp at /usr/local/sbin/amavisd line 6885.


Denn dieses Problem habe ich auch leider immer noch... :(

Roger Wilco
05.10.06, 17:39
Existiert das Verzeichnis /var/amavis/tmp/ und hat der Benutzer, unter dem amavisd-new läuft Zugriff darauf? Hat der Benutzer Zugriff auf das Elternverzeichnis /var/amavis/?

Poste deine Amavisd-new Konfiguration (ohne Kommentare).

cpreisinger
06.10.06, 06:53
Hi Roger_wilco,

ich habe bereits die Berechtigungen auf die Verzeichnisse kontrolliert. Habe Sie (nochmal) mit chmod 755 /var/amavis -R gesetzt, und die Rechte sind da für Benutzer und Gruppe "vscan".

Soweit mir möglich, hier die amavisd.conf ohne Kommentare:



use strict;
$max_servers = 5;
$max_requests = 20;
$child_timeout = 5*60;
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
$mydomain = 'x.de'; # a convenient default for other settings
$MYHOME = "/var/amavis";
$TEMPBASE = $MYHOME;
$ENV{TMPDIR} = $TEMPBASE;
$QUARANTINEDIR = '/var/virusmails';
$quarantine_subdir_levels = 1;
$daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME/var";
$lock_file = "$MYHOME/amavisd.lock";
$pid_file = "$MYHOME/amavisd.pid";
@local_domains_maps = ( [".$mydomain"] );
@local_domains_acl = ( ".mydomain" );
$log_level = 2;
$LOGFILE = '/var/log/amavis.log';
$log_recip_templ = undef;
$DO_SYSLOG = 1;
$syslog_facility = 'mail';
$syslog_priority = 'debug';
$enable_db = 1;
$enable_global_cache = 1;
$inet_socket_port = 10024;
$inet_socket_bind = '127.0.0.1';
$unix_socketname = "$MYHOME/amavisd.sock";
$relayhost_is_client= 0;
$interface_policy{'SOCK'}='AM.PDP-SOCK';
$policy_bank{'AM.PDP-SOCK'} = { protocol=>'AM.PDP' };
$sa_tag_level_deflt = 3.0;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 20.0;
$sa_dsn_cutoff_level = 20;
$sa_timeout = 30;
$sa_spam_modifies_subj = 1;
$sa_mail_body_size_limit = 256*1024;
$sa_local_tests_only = 0;
$sa_auto_whitelist = 1;
$virus_admin = "virusalert\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = '';
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$recipient_delimiter = '+';
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file';
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024;
$MAX_EXPANSION_QUOTA = 300*1024*1024;
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1;
$defang_banned = 1;
$myhostname = 'mail.xxx.de';
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = $forward_method;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$sql_select_white_black_list = undef;
$remove_existing_x_scanned_headers = 0;
$remove_existing_spam_headers = 1;
$replace_existing_extension = 1;
$localpart_is_case_sensitive = 0;
$warnvirusrecip = 1;
$warnbannedrecip = 0;
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$',
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
qr'^application/x-msdownload$'i,
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'^(application/x-msmetafile|image/x-wmf)$'i,
qr'^\.wmf$',
[ qr'^\.(Z|gz|bz2)$' => 0 ],
[ qr'^\.(rpm|cpio|tar)$' => 0 ],
[ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i,
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf |exe|fxp|grp|hlp|hta|
inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc |msi|msp|mst|
ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
wmf|wsc|wsf|wsh)$'ix,
qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, .
qr'^\.(exe-ms)$',
qr'^\.(exe|lha|tnef|cab|dll)$',
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|mar ket\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specia loffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|ye sitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_uncompress, 'gzip -d'],
['gz', \&do_gunzip],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_tar],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc, ['nomarch','arc'] ],
['zoo', \&do_zoo, ['zoo','unzoo'] ],
['lha', \&do_lha, 'lha'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext, 'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
@av_scanners = (
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.centralcommand.com/
['CentralCommand Vexira (new) vascan',
['vascan','/usr/lib/Vexira/vascan'],
"-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
"--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",
[0,3], [1,2,5],
qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ],
### http://www.hbedv.com/
['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --mime --archive {}', [0], [3,8],
qr/(?:infection|Infected|Suspected): (.+)/ ],
['CAI InoculateIT', 'inocucmd', # retired product
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
);
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/ - backs up F-Prot Daemon
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)|\s+contains\s+(.+)$/ ],
### http://www.trendmicro.com/ - backs up Trophie
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
['drweb - DrWeb Antivirus',
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
'-path={} -al -go -ot -cn -upn -ok-',
[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
);
1; # insure a defined return


Hoffe Ihr könnt was erkennen...
Viele Grüße und danke schonmal :o

cpreisinger
06.10.06, 22:43
ok, Problem hat sich jetzt von fast selbst erledigt...



$daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R

umgewandelt in


$daemon_chroot_dir = undef;

und schon rennt der Hase wie er soll...
Also taugen die Kommentare dahinter ab und an doch was :D

Trotzdem danke an alle für die Hilfestellungen! :cool: ;)