Guten Abend liebe Linuxer,

Ich bin nun seit 2 Tagen darüber meinen Debain Etch server wieder hochzuziehen. Wie immer Postfix und Cyrus Imap, aber diesesmal mit Viren und Spambekämpfung. Die Anti-Viren rpüfung funktioniert, soweit ich es überprüfen konnte. Aber die Spam-bekämpfung leider nicht. Ich dachte, ich habe meinen Spamassassin so konfiguriert, dass er in den Header Spam hinenschreibt, aber das macht er leider nicht. Und mir kommt es auch so vor, dass er Spam Mails komplett verschluckt....

/etc/spamassassin/local.cf:


#SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# How many hits before a message is considered spam.
required_score 5.0

# Change the subject of suspected spam
rewrite_header subject *****SPAM*****

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
bayes_auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - german
ok_languages de

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all



etc/postfix/master.cd



smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1




header einer mail:


Received: from bodenkammer.puttich.local ([unix socket])
by bodenkammer (Cyrus v2.2.13-Debian-2.2.13-10) with LMTPA;
Thu, 09 Aug 2007 20:38:57 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1])
by bodenkammer.puttich.local (Mail-Server by energY89) with ESMTP id C01921F73AB
for <paul@localhost.puttich.local>; Thu, 9 Aug 2007 20:38:57 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at bodenkammer.puttich.local
Received: from bodenkammer.puttich.local ([127.0.0.1])
by localhost (bodenkammer.puttich.local [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id G42s2mFniaJC for <paul@localhost.puttich.local>;
Thu, 9 Aug 2007 20:38:53 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by bodenkammer.puttich.local (Mail-Server by energY89) with ESMTP id 44A6D1F73AA
for <paul@localhost>; Thu, 9 Aug 2007 20:38:53 +0200 (CEST)
Received: from cccc.de [217.145.103.67]
by localhost with POP3 (fetchmail-6.3.6)
for <paul@localhost> (single-drop); Thu, 09 Aug 2007 20:38:53 +0200 (CEST)
Received: from wa-out-1112.google.com (209.85.146.176)
by cccc.de with MERCUR Mailserver (v5.00.19 MTAyLTI1NjYtNzE4Mw==)
for <paul@puttich.com>; Thu, 9 Aug 2007 20:39:35 +0200
Received: by wa-out-1112.google.com with SMTP id m33so645649wag
for <paul@puttich.com>; Thu, 09 Aug 2007 11:38:36 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
d=googlemail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
b=ofnHSjOJDZsvaFMk63vgoy79Lp2f2eOukS+MjyujKwJn6aaS 6wdZnYosVUfakwSjDKdiDWjjfJfwb6XqMVLs+521ModPte+o/omgQE7n58+x0+etwZCXXR/scOQdlAtCoHnMfva+OjkeFTKXwdfjv09p7fsSURa1rtf49933b/E=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=googlemail.com; s=beta;
h=received:message-id:date:from:to:subject:mime-version:content-type;
b=THbE7P5GSg+mvRJ2lBnOhoo9YQTLLS+pRub5WvFT66w9l9aC GBxnNT/x+Y7VkAvnUZ6KGfxTytd8zj5Mit/QEzsAjL9qodxFtfDldMOb3vu8X6e+gGXQanylzQl4JKYl4ZLVK ctj0/Q1bARrziBf18tMcvoyFQh+SntPx1bT90A=
Received: by 10.114.146.1 with SMTP id t1mr1685623wad.1186684716468;
Thu, 09 Aug 2007 11:38:36 -0700 (PDT)
Received: by 10.115.33.18 with HTTP; Thu, 9 Aug 2007 11:38:36 -0700 (PDT)
Message-ID: <9b6f3a600708091138n4849f7f2gd6fb0ff0e0232407@mail. gmail.com>
Date: Thu, 9 Aug 2007 20:38:36 +0200

mail.log:



Aug 9 20:53:59 bodenkammer fetchmail[8234]: fetchmail 6.3.6 Dämon wird gestartet
Aug 9 20:54:01 bodenkammer fetchmail[8234]: 1 Nachricht für paul bei cccc.de (2083 Bytes).
Aug 9 20:54:01 bodenkammer postfix/smtpd[8239]: connect from localhost[127.0.0.1]
Aug 9 20:54:01 bodenkammer postfix/smtpd[8239]: 3E8BF1F73AB: client=localhost[127.0.0.1]
Aug 9 20:54:01 bodenkammer postfix/cleanup[8241]: 3E8BF1F73AB: message-id=<9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com>
Aug 9 20:54:01 bodenkammer fetchmail[8234]: Nachricht paul@cccc.de:1 von 1 wird gelesen (2083 Bytes) gelöscht
Aug 9 20:54:01 bodenkammer postfix/qmgr[7668]: 3E8BF1F73AB: from=<paul.puttich@googlemail.com>, size=2444, nrcpt=1 (queue active)
Aug 9 20:54:01 bodenkammer postfix/smtpd[8239]: disconnect from localhost[127.0.0.1]
Aug 9 20:54:03 bodenkammer fetchmail[8234]: Do 09 Aug 2007 20:54:03 CEST: schlafe 300 Sekunden lang
Aug 9 20:54:05 bodenkammer postfix/smtpd[8254]: connect from localhost[127.0.0.1]
Aug 9 20:54:05 bodenkammer postfix/smtpd[8254]: C89431F73AE: client=localhost[127.0.0.1]
Aug 9 20:54:05 bodenkammer postfix/cleanup[8241]: C89431F73AE: message-id=<9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com>
Aug 9 20:54:05 bodenkammer postfix/qmgr[7668]: C89431F73AE: from=<paul.puttich@googlemail.com>, size=2963, nrcpt=1 (queue active)
Aug 9 20:54:05 bodenkammer postfix/smtpd[8254]: disconnect from localhost[127.0.0.1]
Aug 9 20:54:05 bodenkammer amavis[8046]: (08046-02) Passed CLEAN, LOCAL [127.0.0.1] [209.85.146.177] <paul.puttich@googlemail.com> -> <paul@localhost.puttich.local>,
Message-ID: <9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com>, mail_id: IgKVlXgn7wSy, Hits: 1.162, queued_as: C89431F73AE, 4585 ms
Aug 9 20:54:05 bodenkammer postfix/smtp[8242]: 3E8BF1F73AB: to=<paul@localhost.puttich.local>, orig_to=<paul@localhost>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7,
delays=0.06/0.03/0.01/4.6, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=08046-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C89431F73AE)
Aug 9 20:54:05 bodenkammer postfix/qmgr[7668]: 3E8BF1F73AB: removed
Aug 9 20:54:05 bodenkammer cyrus/master[8257]: about to exec /usr/lib/cyrus/bin/lmtpd
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: executed
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: accepted connection
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: lmtp connection preauth'd as postman
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: WARNING: sieve script /var/spool/sieve/p/paul/defaultbc doesn't exist: No such file or directory
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: duplicate_check: <9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com> user.paul 0
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: duplicate_check: <9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com> user.paul 0
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: mystore: starting txn 2147483657
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: mystore: committing txn 2147483657
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: duplicate_mark: <9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com> user.paul 1186685645 1345372
27
Aug 9 20:54:05 bodenkammer cyrus/lmtpunix[8257]: Delivered: <9b6f3a600708091153o22743f57xe749894d41c34825@mail. gmail.com> to mailbox: user.paul
Aug 9 20:54:05 bodenkammer postfix/lmtp[8256]: C89431F73AE: to=<paul@localhost.puttich.local>, relay=bodenkammer.puttich.local[/var/run/cyrus/socket/lmtp], delay=0.15
, delays=0.05/0.02/0.07/0.02, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Aug 9 20:54:05 bodenkammer postfix/qmgr[7668]: C89431F73AE: removed



Für einen Tipp, was mit meinen spamassassin nicht passen könnte, wäre ich sehr Dankbar.

MFG minni

Bei amavisd-new werden die spamfiltereinstellungen in der amavisd.conf vorgenommen.

Hier (http://www.oreilly.de/german/freebooks/spamvirger/) gibts ein OpenBook von Oreilly zum Thema

Danke für den Hinweis mit den Buch. Leider finde ich diese Config auf meinen System nicht, nur Beispielconfigs in /usr/share/doc/amavisd-new/examples/. Mir ist nun aufgefallen, dass er schon ein paar Mail aussortiert hat, nämlich nach /var/lib/amavis/virusmails.

Zum Schluss noch meine /etc/amavis/conf.d/20-debian_defaults:




$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_PASS; # D_REJECT when front-end MTA
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)

$virus_admin = "paul\@$mydomain"; # due to D_DISCARD default
$mailfrom_notify_admin = "paul\@$mydomain";
# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";

@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr/.*/ => 1], # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));


# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components

# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict

qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,

Vielleicht mag er das Leerzeichen nicht:
$sa_spam_subject_tag = '***SPAM*** ';

Wieso in der local.conf 5 Sterne und in der amavisd.conf 3 Sterne?

lg,
komaii

ps. nein ich hab kein Debian am laufen, nur SuSE.

also der name der config kann durchaus anders sein, du hast aber schon die richtige erwischt ;)

Die Spammails werden nicht verschluckt sondern in den Quarantineordner verschoben. Wie du schon erkannt hast is das /var/lib/amavis/virusmails.

Warum kein eintrag im Header vorgenommen wird könnte an dem Wert bei "$sa_tag_level_deflt = 2.0;" liegen. Die Mails bekommen den Eintrag erst ab einem score von 2.0 und alles was drunter ist bekommt keinen Spam Eintrag.
Versuch mal 0.1 oder 0.0 (könnte sein, dass 0 bzw. 0.0 die option deaktiviert... einfach mal testen). Haben denn die Mails im Quarantineordner nen Spameintrag im Header? (X-Spam-Status und X-Spam-Level)

Oder meintest du das header subject? Das wär dann $sa_tag2_level_deflt, da du aber bei dem $sa_kill_level_deflt den selben Wert hast wirst du nie E-Mails mit "***SPAM****" im Betreff zugestellt bekommen, weil diese gleich in den Quarantineordner verschoben werden.