Archiv verlassen und diese Seite im Standarddesign anzeigen : [Amavis] Spamassassin wird nicht verwendet

26.09.07, 06:52
Guten Morgen zusammen

Habe einen kleinen Mail-Server am Laufen und möchte diesen nun ein wenig gegen Spam vorbereiten.

Debian Etch
Postfix als MTA


Amavis bekommt die eMails zum Überprüfen aber macht nur einen Virecheck anstatt es auch auf Spam prüft.


inet_interfaces = all
myhostname = smtpd.xxx.ch
mydestination = localhost
mynetworks =

content_filter = amavis:[]:10024
receive_override_options = no_address_mappings

virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:8533
virtual_gid_maps = static:8533

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key


# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# See the Postfix UUCP_README file for configuration details.
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# Other external delivery methods.
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#content_filter = amavis:[]:10024
#receive_override_options = no_address_mappings

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks

Hier sollte zwar kein Fehler sein, aber vlt. hilft es weiter.


$mydomain = 'localhost';
@lookup_sql_dsn = ( [ 'DBI:mysql:provider', 'provider_admin', 'xxx' ] );
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_REJECT;
$final_spam_destiny = D_PASS
#$sa_tag_level_deflt = -1000;
#$sa_tag2_level_deflt = 5.0;
#$sa_kill_level_deflt = 10;
#$sa_spam_subject_tag = '***SPAM*** ';
@av_scanners = (
# ### http://www.clamav.net/
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
$sa_local_tests_only = 0;


skip_rbl_checks 1
# By default SpamAssassin runs the Realtime Blackhole List checks.
# It's better to turn this option off.

use_bayes 1
# This turns Bayesean Learning on. 0 turns it off.

bayes_path /var/lib/amavis/.spamassassin
# Bayesean database location.
skip_rbl_checks 1
# By default SpamAssassin runs the Realtime Blackhole List checks.
# It's better to turn this option off.

use_bayes 1
# This turns Bayesean Learning on. 0 turns it off.

bayes_path /var/amavis/.spamassassin/bayes
# Bayesean database location.

use_razor2 1
# Tells SA that we want to use Razor version 2

use_dcc 0
# In case you want DCC.

use_pyzor 0
# Tells SA that we don't want to use Pyzor

dcc_add_header 1
# DCC header in case you want it.

dns_available yes
# If you are sure you have DNS access set it to "yes".

header LOCAL_RCVD Received =~ /\S+\.section6.net\s+\(.*\[.*\]\)/
score LOCAL_RCVD -50
# This checks "Received: from...." lines in the message header.
# Set .domain.com to your domain so outgoing mail will not be tagged as
# spam. Unless you are a spammer of course. In case you are I strongly urge
# you to use this option.

## Optional Score Increases
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 5.300
score BAYES_90 4.500
score BAYES_80 4.000
# For scores have a look at /usr/local/share/spamassassin/50_scores.cf
# file.
score ORDER_NOW 1.5
# This rule might be extreme but html only spams get through too easy.
# In other words, if you can't take the time to write something and are
# posting an image only, then you're 86'd!
score HTML_IMAGE_ONLY_02 2
score HTML_IMAGE_ONLY_04 2
score OFFERS_ETC 2


Sep 25 17:19:39 x_x_x amavis[26075]: starting. /usr/sbin/amavisd-new at x_x_x.ch amavisd-new-2.4.2 (20060627), Unicode aware, LANG=de_CH.UTF-8
Sep 25 17:19:39 x_x_x amavis[26075]: Perl version 5.008008
Sep 25 17:19:39 x_x_x amavis[26080]: Module Amavis::Conf 2.068
Sep 25 17:19:39 x_x_x amavis[26080]: Module Archive::Tar 1.30
Sep 25 17:19:39 x_x_x amavis[26080]: Module Archive::Zip 1.16
Sep 25 17:19:39 x_x_x amavis[26080]: Module BerkeleyDB 0.31
Sep 25 17:19:39 x_x_x amavis[26080]: Module Compress::Zlib 1.42
Sep 25 17:19:39 x_x_x amavis[26080]: Module Convert::TNEF 0.17
Sep 25 17:19:39 x_x_x amavis[26080]: Module Convert::UUlib 1.06
Sep 25 17:19:39 x_x_x amavis[26080]: Module Digest::MD5 2.36
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Entity 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Parser 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Tools 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module Mail::Header 1.74
Sep 25 17:19:39 x_x_x amavis[26080]: Module Mail::Internet 1.74
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::Cmd 2.26
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::SMTP 2.29
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::Server 0.94
Sep 25 17:19:39 x_x_x amavis[26080]: Module Time::HiRes 1.86
Sep 25 17:19:39 x_x_x amavis[26080]: Module Unix::Syslog 0.100
Sep 25 17:19:39 x_x_x amavis[26080]: Amavis::DB code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Amavis::Cache code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL base code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL::Log code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL::Quarantine NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Lookup::SQL code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Lookup::LDAP code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: AM.PDP-in proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SMTP-in proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Courier proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SMTP-out proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Pipe-out proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: BSMTP-out proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Local-out proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: OS_Fingerprint code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-VIRUS code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-SPAM code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-SPAM-SA code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Unpackers code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Found $file at /usr/bin/file
Sep 25 17:19:39 x_x_x amavis[26080]: No $dspam, not using it
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .mail
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .asc
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .uue
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .hqx
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .ync
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .Z at /bin/uncompress
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .gz
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .bz2 at /bin/bzip2 -d
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .lzo tried: lzop -d
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .cpio tried: pax
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .cpio at /bin/cpio
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .tar tried: pax
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .tar at /bin/cpio
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .deb at /usr/bin/ar
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .zip
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .rar tried: rar, unrar
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .arj tried: arj, unarj
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .arc tried: nomarch, arc
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .zoo at /usr/bin/zoo
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .lha tried: lha
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .doc tried: ripole
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .cab tried: cabextract
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .tnef
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .tnef
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .exe tried: rar, unrar; lha; arj, unarj
Sep 25 17:19:39 x_x_x amavis[26080]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
Sep 25 22:08:32 x_x_x amavis[26081]: (26081-02) Passed CLEAN, [] [] <saxnutrivivasof@nutriviva.de> -> <a_user_name@x_x_x,xx>$

Für einen Anhaltspunkt wäre ich sehr dankbar.

Gruss und Danke

blabub :)

26.09.07, 08:00
Wie sieht denn deine /etc/amavis/conf.d/15-content_filter_mode aus?

26.09.07, 08:15
Wie sieht denn deine /etc/amavis/conf.d/15-content_filter_mode aus?
Genau, da sollte sowas hier drin stehen:

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

26.09.07, 08:36

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

# Default antivirus checking mode
# Uncomment the two lines below to enable it back

#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

# Default SPAM checking mode
# Uncomment the two lines below to enable it back

#@bypass_spam_checks_maps = (
# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return

Hab die Kommentare mal herausgenommen, mal schauen ob es nun geht.
Laut Log steht nun aber ANTI-Spam sei geladen.

Vielen Dank

Noch kurz eine zweite Frage, seit ich ein wenig umgestellt habe krieg ich von mir selber eMails aber auf die falsche Domain:

qmgr[26171]: DACFD18075: from=<root@smtpd.x_x_x.ch>, size=895, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: connect from localhost[]
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: 12D7C17F87: client=localhost[]
Sep 26 06:25:30 x_x_x postfix/cleanup[9510]: 12D7C17F87: message-id=<20070926042529.DACFD18075@smtpd.x_x_x.ch>
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 12D7C17F87: from=<root@smtpd.x_x_x.ch>, size=1289, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: disconnect from localhost[]
Sep 26 06:25:30 x_x_x amavis[26081]: (26081-07) Passed CLEAN, <root@smtpd.x_x_x.ch> -> <root@smtpd.x_x_x.ch>, Message-ID: <20070926042529.DACFD1807$
Sep 26 06:25:30 x_x_x postfix/smtp[9518]: DACFD18075: to=<root@smtpd.x_x_x.ch>, orig_to=<root>, relay=[]:10024, delay=0.3, delays=0.$
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: DACFD18075: removed
Sep 26 06:25:30 x_x_x postfix/smtp[9538]: 12D7C17F87: to=<root@smtpd.x_x_x.ch>, relay=none, delay=0.08, delays=0.07/0.01/0/0, dsn=5.4.6, status=bounce$
Sep 26 06:25:30 x_x_x postfix/cleanup[9510]: 2C07918075: message-id=<20070926042530.2C07918075@smtpd.x_x_x.ch>
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 2C07918075: from=<>, size=3103, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/bounce[9539]: 12D7C17F87: sender non-delivery notification: 2C07918075
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 12D7C17F87: removed

Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 7409F1805F: from=<amavis@smtpd.x_x_x.ch>, size=1184, nrcpt=1 (queue active)
Sep 26 03:18:02 x_x_x postfix/smtpd[26777]: disconnect from localhost[]
Sep 26 03:18:02 x_x_x amavis[26082]: (26082-05) Passed CLEAN, <amavis@smtpd.x_x_x.ch> -> <amavis@smtpd.x_x_x.ch>, Message-ID: <20070926011802.50F2E$
Sep 26 03:18:02 x_x_x postfix/smtp[26775]: 50F2E18073: to=<amavis@smtpd.x_x_x.ch>, orig_to=<amavis>, relay=[]:10024, delay=0.25, del$
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 50F2E18073: removed
Sep 26 03:18:02 x_x_x postfix/smtp[26778]: 7409F1805F: to=<amavis@smtpd.x_x_x.ch>, relay=none, delay=0.07, delays=0.05/0.02/0/0, dsn=5.4.6, status=bou$
Sep 26 03:18:02 x_x_x postfix/cleanup[26773]: 88C6C18074: message-id=<20070926011802.88C6C18074@smtpd.x_x_x.ch>
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 88C6C18074: from=<>, size=3008, nrcpt=1 (queue active)
Sep 26 03:18:02 x_x_x postfix/bounce[26780]: 7409F1805F: sender non-delivery notification: 88C6C18074
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 7409F1805F: removed
Sep 26 03:18:02 x_x_x postfix/smtp[26778]: 88C6C18074: to=<amavis@smtpd.x_x_x.ch>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounce$
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 88C6C18074: removed

das smtpd. vorne dran verwirrt mich, konnte in den Configs nichts finden, woher bedient sich amavis dieser mail-Adresse? Bzw. woher kommen diese eMails?