PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Exim + SpamAssassin



DanielWydler
04.09.08, 14:09
Hi Jungs,
ich habe hier Gentoo mit Exim am Laufen. :-)
Nun habe ich auch SpamAssassin installiert und die Standardkonfiguration am Laufen. Laut /var/log/messages scannt er auch die MAils und zeigt dem Spamscore an.

In der Config habe ich den Spamscore auf 2.0 runtergesetzt, damit ich sehen kann ob Spammails im Subject ***SPAM*** deklariert wird - leider ist das nicht der Fall.

Mein 2. Anliegen wärem, dass Spammails in einen anderen Ordner verschoben wird. Sprich ich möchte, dass eben in jedem Postfach ein SPAM-Ordner gibt.

Abgerufen werden die Mails per IMAP - grundsätzlich.

Meine Konfiguration:


# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
################################################## #########################

# Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****
rewrite_header subject SPAM


# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0


# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.


# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 2.0


# Use Bayesian classifier (default: 1)
#
use_bayes 1


# Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1


# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status

Hat für mich jemand einen Ansatz bzw. die Lösung für die Probleme. Ich habe bereits einige Anleitungen gelesen aber komme einfach nicht weiter.


Gruss,
Dani

$emperf!
04.09.08, 14:39
Wenn du im Header der Mail nachschaust ist demzufolge nichts getagt?

Wahrscheinlich solltest du ihm noch genauer sagen wie er die Mail markieren muss.

Gleich unter "rewrite_header subject SPAM"

add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Score _SCORE_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_


$emperf!

DanielWydler
04.09.08, 15:02
Hi,
hmm...also das Log sieht so aus:


Sep 4 14:56:07 azumi spamd[14074]: spamd: connection from localhost [127.0.0.1] at port 56958
Sep 4 14:56:07 azumi spamd[14074]: spamd: setuid to exim succeeded
Sep 4 14:56:07 azumi spamd[14074]: spamd: checking message <b2f601c90d54$e3400f50$7001a8c0@KCC> for exim:1009
Sep 4 14:56:09 azumi imapd: LOGOUT, user=dani@home.administrator.de, ip=[213.9.111.204], headers=0, body=0, time=42
Sep 4 14:56:22 azumi spamd[14074]: spamd: identified spam (3.8/2.0) for exim:1009 in 14.7 seconds, 1318 bytes.
Sep 4 14:56:22 azumi spamd[14074]: spamd: result: Y 3 - FS_REPLICA,INVALID_MSGID scantime=14.7,size=1318,user=exim,uid=1009,require d_score=2.0,rhost=localhost,raddr=127.0.0.1,rport= 56958,mid=<b2f601c90d54$e3400f50$7001a8c0@KCC>,autolearn=no
Sep 4 14:56:22 azumi spamd[14061]: prefork: child states: II

Das Subject wird aber nicht um "SPAM" ergänzt. Muss ich vllt. noch was in der exim.conf anpassen bzw .hinzufügen? Bisher ist dort einfach nur folgender Eintrag drin:


spamd_address = 127.0.0.1 783



Gruss,
Dani

DanielWydler
04.09.08, 15:19
Hier noch der Mailheader:


Return-path: <xxx@domain.de>
Envelope-to: dani@home.domain.de
Received: from dns02.domain.de ([82.149.225.20] helo=mail.domain.org)
by azumi.domain.de with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <xxx@domain.de>)
id 1KbEZV-0003kM-K7
for dani@home.domain.de; Thu, 04 Sep 2008 15:08:35 +0200
Received: from [213.9.111.204] (helo=[192.168.0.8])
by mail.domain.org with esmtpa (Exim 4.69 #1 (Debian))
id 1KbEZT-0006nt-GQ
for <dani@home.domain.de>; Thu, 04 Sep 2008 15:08:24 +0200
Resent-To: dani@home.domain.de
From: "Carmen Irving" <dwtciprom@tcipro.com>
To: xxx@domain.de
Resent-From: xxx Hans <xxx@domain.de>
Subject: From Carmen Irving
X-Priority: 3 (Normal)
Message-Id: <618163210.33655189537411@tcipro.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-31--439150036
Resent-Date: Thu, 4 Sep 2008 15:08:22 +0200
Reply-To: dwtciprom@tcipro.com
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Wed, 3 Sep 2008 11:37:56 +0530
X-Mailer: Apple Mail (2.928.1)
X-Spam_score: 0.0
X-Spam_score_int: 0
X-Spam_bar: /
X-Spam_report: Spam detection software, running on the system "azumi.domain.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the domain of that system for details.
Content preview: The Pe ipl n yq is Patch Pen lxn is Patch will help you expand,
lengthen and en gv lar rai ge your pen opv is and experience several major
changes in your se ypq x life ! l The Pe ipl n yq is Patch Pen lxn is Patch
will help you expand, lengthen and en gv lar rai ge your pen opv is and experience
several major changes in your se ypq x life ! l [...]
Content analysis details: (0.0 points, 2.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HS_INDEX_PARAM URI: Link contains a common tracker pattern.
0.0 HTML_MESSAGE BODY: HTML included in message

$emperf!
04.09.08, 20:10
Ohne jetzt alles peinlichst genau analysiert zu haben, fällt mir auf, dass du subject klein geschrieben hast bei "rewrite_header subject SPAM"

Mal ändern und dann weiter schauen!

$emperf!

Roger Wilco
04.09.08, 21:08
Wenn du SpamAssassin via Exiscan nutzt (was du tust), wird SpamAssassin selbst niemals das Subject oder generell irgendeinen Teil der E-Mail umschreiben. Du kannst dann aber in Exim in deinen ACL selbst die entsprechenden Variablen auswerten und die E-Mail gemäß deiner Wünsche (Subject umschreiben, Header hinzufügen, umleiten, löschen, usw.) bearbeiten.

-> http://exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECID206

DanielWydler
05.09.08, 01:37
@$emperf!
Daran liegt es auch nicht.

@Roger Wilco
Hmmm...ich habe gerade meine Config "vexim-acl-check-content.conf" um folgende Zeilen erweitert:


warn spam = vmail
add_header = Subject: *SPAM* $h_Subject:

Leider steht im Betreff (Outlook 2003) immer noch kein SPAM davor. Der Header sieht so aus:


Return-path: <hans@domain.de>
Envelope-to: dani@home.domain.de
Received: from dns02.domain.de ([82.149.225.20] helo=mail.domain.org)
by azumi.domain.de with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <hans@domain.de>)
id 1KbOGw-0005bw-C6
for dani@home.domain.de; Fri, 05 Sep 2008 01:30:21 +0200
Received: from [213.9.111.204] (helo=[192.168.0.8])
by mail.domain.org with esmtpa (Exim 4.69 #1 (Debian))
id 1KbNnI-00041v-TF
for <dani@home.domain.de>; Fri, 05 Sep 2008 00:59:17 +0200
Resent-To: dani@home.domain.de
Message-Id: <01c90e72$ebce3470$6ed219d9@dwtakeoffm>
From: "Doug Lovett" <dwtakeoffm@takeoff.de>
To: <hans@domain.de>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Resent-Date: Fri, 5 Sep 2008 01:29:52 +0200
Resent-From: hans Frank <hans@domain.de>
Subject: Worldwide delivery instantly to your home
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Thu, 4 Sep 2008 09:45:10 +0600
X-Mailer: Apple Mail (2.928.1)
Spam_score: 2.8
X-Spam_score_int: 28
X-Spam_bar: ++
X-Spam_report: Spam detection software, running on the system "azumi.domain.de", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Girls don't like you? We have a solution ! U can restore your
health just right now . Simple way to enhance your sexual life . Fast-acting
sexual boost pills http://villageforest.com Perfect service, instant delivery,
friendly support [...]
Content analysis details: (2.8 points, 2.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.8 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
Subject: *SPAM* Worldwide delivery instantly to your home
X-Spam-Flag: YES

Was mache ich falsch???

DanielWydler
05.09.08, 13:35
So gelöst.. ;-) Ich habe folgende Zeilen in verschiedenen Configs ergänzt.

vexim-acl-check-content.conf


# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
#(user "spam"), no matter if over threshold or not.

warn message = X-Spam-Score: $spam_score
spam = vmail:true
warn message = X-Spam-Report: $spam_report
spam = vmail:true
warn message = X-Spam-Bar: $spam_bar
spam = vmail:true

#tag the message as spam as per user settings..
warn message = X-New-Subject: ***SPAM($spam_score)*** $h_subject
spam = vmail
condition = ${if >{$spam_score_int}{${lookup mysql\
{select users.sa_tag *10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = '1' \
and users.domain_id=domains.domain_id \
and users.sa_tag > 0 }{$value}fail}} {yes}{no}}


system_filter


# Exim Filter
if "${if def:header_X-New-Subject: {there}}" is there
then
headers remove Subject
headers add "Subject: $h_X-New-Subject:"
headers remove X-New-Subject
endif




################################################## ####################
# MAIN CONFIGURATION SETTINGS #
################################################## ####################

system_filter = /etc/exim4/system_filter
system_filter_user = Debian-exim

Fertig und funktioniert....


Gruss,
Dani