PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : [Amavis] Spamassassin wird nicht verwendet



blabub
26.09.07, 07:52
Guten Morgen zusammen


Habe einen kleinen Mail-Server am Laufen und möchte diesen nun ein wenig gegen Spam vorbereiten.


System:
Debian Etch
Postfix als MTA
Amavis-new
Spamassassin


Problem:

Amavis bekommt die eMails zum Überprüfen aber macht nur einen Virecheck anstatt es auch auf Spam prüft.


/etc/postfix/main.cf


inet_interfaces = all
myhostname = smtpd.xxx.ch
mydestination = localhost
mynetworks = 127.0.0.0/8

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:8533
virtual_gid_maps = static:8533

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key



/etc/postfix/master.cf


#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks



Hier sollte zwar kein Fehler sein, aber vlt. hilft es weiter.


/etc/amavis/amavisd.conf


$mydomain = 'localhost';
@lookup_sql_dsn = ( [ 'DBI:mysql:provider', 'provider_admin', 'xxx' ] );
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_REJECT;
$final_spam_destiny = D_PASS
#$sa_tag_level_deflt = -1000;
#$sa_tag2_level_deflt = 5.0;
#$sa_kill_level_deflt = 10;
#$sa_spam_subject_tag = '***SPAM*** ';
@av_scanners = (
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
);
$sa_local_tests_only = 0;


/etc/spamassassin/local.cf


skip_rbl_checks 1
# By default SpamAssassin runs the Realtime Blackhole List checks.
# It's better to turn this option off.

use_bayes 1
# This turns Bayesean Learning on. 0 turns it off.

bayes_path /var/lib/amavis/.spamassassin
# Bayesean database location.
skip_rbl_checks 1
# By default SpamAssassin runs the Realtime Blackhole List checks.
# It's better to turn this option off.

use_bayes 1
# This turns Bayesean Learning on. 0 turns it off.

bayes_path /var/amavis/.spamassassin/bayes
# Bayesean database location.

use_razor2 1
# Tells SA that we want to use Razor version 2

use_dcc 0
# In case you want DCC.

use_pyzor 0
# Tells SA that we don't want to use Pyzor

dcc_add_header 1
# DCC header in case you want it.

dns_available yes
# If you are sure you have DNS access set it to "yes".

header LOCAL_RCVD Received =~ /\S+\.section6.net\s+\(.*\[.*\]\)/
score LOCAL_RCVD -50
# This checks "Received: from...." lines in the message header.
# Set .domain.com to your domain so outgoing mail will not be tagged as
# spam. Unless you are a spammer of course. In case you are I strongly urge
# you to use this option.

## Optional Score Increases
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 5.300
score BAYES_90 4.500
score BAYES_80 4.000
# For scores have a look at /usr/local/share/spamassassin/50_scores.cf
# file.
score HTML_FONT_INVISIBLE 3
score HTML_FONTCOLOR_UNKNOWN 2
score ORDER_NOW 1.5
score CLICK_BELOW 1
score LIMITED_TIME_ONLY 1
# This rule might be extreme but html only spams get through too easy.
# In other words, if you can't take the time to write something and are
# posting an image only, then you're 86'd!
score HTML_IMAGE_ONLY_02 2
score HTML_IMAGE_ONLY_04 2
score OFFERS_ETC 2
score HTML_LINK_CLICK_HERE 1
score LINES_OF_YELLING 1



mail.log


Sep 25 17:19:39 x_x_x amavis[26075]: starting. /usr/sbin/amavisd-new at x_x_x.ch amavisd-new-2.4.2 (20060627), Unicode aware, LANG=de_CH.UTF-8
Sep 25 17:19:39 x_x_x amavis[26075]: Perl version 5.008008
Sep 25 17:19:39 x_x_x amavis[26080]: Module Amavis::Conf 2.068
Sep 25 17:19:39 x_x_x amavis[26080]: Module Archive::Tar 1.30
Sep 25 17:19:39 x_x_x amavis[26080]: Module Archive::Zip 1.16
Sep 25 17:19:39 x_x_x amavis[26080]: Module BerkeleyDB 0.31
Sep 25 17:19:39 x_x_x amavis[26080]: Module Compress::Zlib 1.42
Sep 25 17:19:39 x_x_x amavis[26080]: Module Convert::TNEF 0.17
Sep 25 17:19:39 x_x_x amavis[26080]: Module Convert::UUlib 1.06
Sep 25 17:19:39 x_x_x amavis[26080]: Module Digest::MD5 2.36
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Entity 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Parser 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module MIME::Tools 5.420
Sep 25 17:19:39 x_x_x amavis[26080]: Module Mail::Header 1.74
Sep 25 17:19:39 x_x_x amavis[26080]: Module Mail::Internet 1.74
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::Cmd 2.26
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::SMTP 2.29
Sep 25 17:19:39 x_x_x amavis[26080]: Module Net::Server 0.94
Sep 25 17:19:39 x_x_x amavis[26080]: Module Time::HiRes 1.86
Sep 25 17:19:39 x_x_x amavis[26080]: Module Unix::Syslog 0.100
Sep 25 17:19:39 x_x_x amavis[26080]: Amavis::DB code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Amavis::Cache code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL base code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL::Log code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SQL::Quarantine NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Lookup::SQL code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Lookup::LDAP code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: AM.PDP-in proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SMTP-in proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Courier proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: SMTP-out proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Pipe-out proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: BSMTP-out proto code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Local-out proto code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: OS_Fingerprint code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-VIRUS code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-SPAM code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: ANTI-SPAM-SA code NOT loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Unpackers code loaded
Sep 25 17:19:39 x_x_x amavis[26080]: Found $file at /usr/bin/file
Sep 25 17:19:39 x_x_x amavis[26080]: No $dspam, not using it
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .mail
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .asc
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .uue
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .hqx
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .ync
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .Z at /bin/uncompress
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .gz
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .bz2 at /bin/bzip2 -d
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .lzo tried: lzop -d
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .cpio tried: pax
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .cpio at /bin/cpio
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .tar tried: pax
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .tar at /bin/cpio
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .deb at /usr/bin/ar
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .zip
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .rar tried: rar, unrar
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .arj tried: arj, unarj
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .arc tried: nomarch, arc
Sep 25 17:19:39 x_x_x amavis[26080]: Found decoder for .zoo at /usr/bin/zoo
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .lha tried: lha
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .doc tried: ripole
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .cab tried: cabextract
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .tnef
Sep 25 17:19:39 x_x_x amavis[26080]: Internal decoder for .tnef
Sep 25 17:19:39 x_x_x amavis[26080]: No decoder for .exe tried: rar, unrar; lha; arj, unarj
Sep 25 17:19:39 x_x_x amavis[26080]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
Sep 25 22:08:32 x_x_x amavis[26081]: (26081-02) Passed CLEAN, [201.26.58.214] [201.26.58.214] <saxnutrivivasof@nutriviva.de> -> <a_user_name@x_x_x,xx>$


Für einen Anhaltspunkt wäre ich sehr dankbar.

Gruss und Danke

blabub :)

minni
26.09.07, 09:00
Wie sieht denn deine /etc/amavis/conf.d/15-content_filter_mode aus?

balduin222
26.09.07, 09:15
Wie sieht denn deine /etc/amavis/conf.d/15-content_filter_mode aus?
Genau, da sollte sowas hier drin stehen:

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

blabub
26.09.07, 09:36
Hallo,



use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_spam_checks_maps = (
# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return


Hab die Kommentare mal herausgenommen, mal schauen ob es nun geht.
Laut Log steht nun aber ANTI-Spam sei geladen.

Vielen Dank


Noch kurz eine zweite Frage, seit ich ein wenig umgestellt habe krieg ich von mir selber eMails aber auf die falsche Domain:



qmgr[26171]: DACFD18075: from=<root@smtpd.x_x_x.ch>, size=895, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: connect from localhost[127.0.0.1]
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: 12D7C17F87: client=localhost[127.0.0.1]
Sep 26 06:25:30 x_x_x postfix/cleanup[9510]: 12D7C17F87: message-id=<20070926042529.DACFD18075@smtpd.x_x_x.ch>
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 12D7C17F87: from=<root@smtpd.x_x_x.ch>, size=1289, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/smtpd[9526]: disconnect from localhost[127.0.0.1]
Sep 26 06:25:30 x_x_x amavis[26081]: (26081-07) Passed CLEAN, <root@smtpd.x_x_x.ch> -> <root@smtpd.x_x_x.ch>, Message-ID: <20070926042529.DACFD1807$
Sep 26 06:25:30 x_x_x postfix/smtp[9518]: DACFD18075: to=<root@smtpd.x_x_x.ch>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.3, delays=0.$
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: DACFD18075: removed
Sep 26 06:25:30 x_x_x postfix/smtp[9538]: 12D7C17F87: to=<root@smtpd.x_x_x.ch>, relay=none, delay=0.08, delays=0.07/0.01/0/0, dsn=5.4.6, status=bounce$
Sep 26 06:25:30 x_x_x postfix/cleanup[9510]: 2C07918075: message-id=<20070926042530.2C07918075@smtpd.x_x_x.ch>
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 2C07918075: from=<>, size=3103, nrcpt=1 (queue active)
Sep 26 06:25:30 x_x_x postfix/bounce[9539]: 12D7C17F87: sender non-delivery notification: 2C07918075
Sep 26 06:25:30 x_x_x postfix/qmgr[26171]: 12D7C17F87: removed




Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 7409F1805F: from=<amavis@smtpd.x_x_x.ch>, size=1184, nrcpt=1 (queue active)
Sep 26 03:18:02 x_x_x postfix/smtpd[26777]: disconnect from localhost[127.0.0.1]
Sep 26 03:18:02 x_x_x amavis[26082]: (26082-05) Passed CLEAN, <amavis@smtpd.x_x_x.ch> -> <amavis@smtpd.x_x_x.ch>, Message-ID: <20070926011802.50F2E$
Sep 26 03:18:02 x_x_x postfix/smtp[26775]: 50F2E18073: to=<amavis@smtpd.x_x_x.ch>, orig_to=<amavis>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.25, del$
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 50F2E18073: removed
Sep 26 03:18:02 x_x_x postfix/smtp[26778]: 7409F1805F: to=<amavis@smtpd.x_x_x.ch>, relay=none, delay=0.07, delays=0.05/0.02/0/0, dsn=5.4.6, status=bou$
Sep 26 03:18:02 x_x_x postfix/cleanup[26773]: 88C6C18074: message-id=<20070926011802.88C6C18074@smtpd.x_x_x.ch>
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 88C6C18074: from=<>, size=3008, nrcpt=1 (queue active)
Sep 26 03:18:02 x_x_x postfix/bounce[26780]: 7409F1805F: sender non-delivery notification: 88C6C18074
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 7409F1805F: removed
Sep 26 03:18:02 x_x_x postfix/smtp[26778]: 88C6C18074: to=<amavis@smtpd.x_x_x.ch>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounce$
Sep 26 03:18:02 x_x_x postfix/qmgr[26171]: 88C6C18074: removed


das smtpd. vorne dran verwirrt mich, konnte in den Configs nichts finden, woher bedient sich amavis dieser mail-Adresse? Bzw. woher kommen diese eMails?