PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : amavis-new, spamassassin und X_HEADER_* auf postfix



chris_h
06.10.08, 09:32
Hi all,

ich stehe momentan bei folgender Situation an (Deb 4.0 alle Patches):
habe postfix mit amavis-new und spamassassin am Laufen. Soweit funktioniert alles wie gewünscht.

Wenn ich eine Mail an den Postfix-Rechner (postfix.meinedomain.de) sende, werden die gewünschten X_HEADER_* eingefügt, wie u.a. Spam-level ($sa_tag_level_deflt = undef).
Wird die Mail an einen internen Mailserver relayed (meinedomain.de) werden die Infos jedoch nicht eingefügt. Wie kann ich das ändern?

In der Doku (/usr/share/doc/amavisd-new/examples) u. bei google habe ich nichts diesbezüglich gefunden (oder die richtigen Suchworte gehabt).

Danke für Hinweise,
Chris

Roger Wilco
06.10.08, 20:17
Wie hast du amavisd-new eingebunden? Wie sieht deine Konfiguration aus?

chris_h
14.10.08, 08:41
Der Bereich in master.cf von postfix:


# AV scan filter (used by content_filter)
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20

# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_delay_reject=no
-o smtp_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks


In /etc/amavis/conf.d:


@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

In der 50-user


use strict;

#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

# Defaulteinstellungen:
# $final_virus_destiny = D_DISCARD;
# $final_banned_destiny = D_BOUNCE;
# $final_spam_destiny = D_BOUNCE;
# $final_bad_header_destiny = D_PASS;

# Wie behandeln wir viren/spam/banned/bad-headers?
$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_PASS; # D_REJECT when front-end MTA
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)

# An wen gehen Benachrichtigungen
$spam_admin = ""; # postmaster\@$mydomain";
$banned_admin = ""; # postmaster\@$mydomain";
$bad_header_admin = ""; # postmaster\@$mydomain";
$newvirus_admin = ""; # postmaster\@$mydomain";
$virus_admin = ""; # postmaster\@$mydomain";

# @newvirus_admin_maps = (\$newvirus_admin);
# @virus_admin_maps = (
# {'not.example.com' => '',
# '.' => 'virusalert@example.com'},
# $virus_admin,
# );
# @spam_admin_maps = (\%spam_admin, \$spam_admin);
# @banned_admin_maps = (\$banned_admin, \%virus_admin, \$virus_admin);
# @bad_header_admin_maps= (\$bad_header_admin);

# Einfügen in Subject, wenn über spa_tag2_levell
$sa_spam_subject_tag = '[***SPAM***] ';

$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
$X_HEADER_LINE = "VirusScan at $mydomain";

# Wichtig: für X_-HEADERs
# -> postconf myhostname, cat /etc/mailname
$mydomain = 'my.domain';
#@local_domains_maps = ( [".$mydomain" ,'TODO:.zweite_domain', '.dritte_domain.com' ] );
#@local_domains_maps = ( [qw (.$mydomain .zweite_domain .dritte_domain.com ) ] );
## Hier muss aber sichergestellt sein, dass nur eigehende Mails
## über amavis laufen
##@local_domains_acl ( '.' );


# For monitoring / testing purposes let the administrator receive a copy
# of certain delivery status notifications that are mailed back to senders:
#
#%dsn_bcc_by_ccat = (
# CC_BANNED, undef,
# CC_SPAM, undef,
# CC_BADH, undef,
# CC_CATCHALL, 'postmaster\@$mydomain',
#);


# von Deb. default ($MYHOME/virusmails, MYHOME: /var/lib/amavis )
$QUARANTINEDIR = "$MYHOME";

# Eigene Verzeichnisse für Viren und Spam
# Todo !! Manuell erstellen !!
# su - amavis; cd /var/lib/amavis; mkdir clean virus spam banned badh
#$clean_quarantine_method = 'local:clean/clean-%m';
$virus_quarantine_method = 'local:virus/virus-%m';
$spam_quarantine_method = 'local:spam/spam-%m';
$banned_files_quarantine_method = 'local:banned/banned-%m';
$bad_header_quarantine_method = 'local:badh/badh-%m';

$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar
#$virus_quarantine_to = undef; # no quarantine

# similar for banned names and bad headers and spam (set to undef to disable)
#$banned_quarantine_to = 'banned-quarantine'; # local quarantine
$banned_quarantine_to = 'spam@my.domain';
#$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
#$bad_header_quarantine_to = 'spam@my.domain';
$bad_header_quarantine_to = undef;
$spam_quarantine_to = 'spam-quarantine'; # local quarantine
#$spam_quarantine_to = 'spam@my.domain';

# Wenn Spam auch an mich weitergeleitet werden soll:
#@bypass_spam_checks_maps = ( [qw( chris@mail.my.domain spam@my.domain )] );
#@spam_lovers_maps = (
# ['chris@mail.my.domain', 'spam@my.domain'],
#);

# SPAMASSASSIN
# Werden nur Tests ausgefuerht, die kein Internet benötigen?
$sa_local_tests_only = 0;
# Untersuche nur Mails mit SA kleiner als sa_mail_body_size_limit
# (less than 1% of spam is > 64k), default: undef
$sa_mail_body_size_limit = 200*1024;
$sa_tag_level_deflt = undef; #2.0; # add spam info headers if at, or above that level;
# undef is interpreted as lower than any spam level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level to
# passed mail, adding address extensions;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine
$sa_dsn_cutoff_level = undef; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
#$sa_quarantine_cutoff_level = undef; # dflt: undef, which disables this feature
$sa_quarantine_cutoff_level = 12;


# BANNED Files
$banned_filename_re = new_RE(
qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
# block certain double extensions anywhere in the base name
# qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
# # qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
# qr'^application/x-msdownload$'i, # block these MIME types
# qr'^application/x-msdos-program$'i,
# qr'^application/hta$'i,
# # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME
# # qr'^\.wmf$', # Windows Metafile file(1) type
# # qr'^message/partial$'i, # rfc2046 MIME type
# # qr'^message/external-body$'i, # rfc2046 MIME type
# # (btw, note that allowing 'message/external-body' is probably no worse
# # than allowing mail with HTML and/or allowing a user to browse the web)
# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
# # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
# # qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf |exe|fxp|grp|hlp|hta|
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc |msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
# qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({ # a by-recipient hash lookup table
# # per-recipient personal tables (NOTE: positive: black, negative: white)
# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com' => [{'.ebay.com' => -3.0}],
# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,
# '.cleargreen.com' => -5.0}],
# site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|mar ket\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specia loffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|ye sitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),

# read_hash("/var/amavis/sender_scores_sitewide"),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,

# Liste cp
'cpanel2.puntohost.cl' => 3.0,

},
], # end of site-wide tables
});


# PERFORMANCE
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)

# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)

# Abwehr gegen Mail-Bombs
# allow MAX_EXPANSION_FACTOR times initial mail size,
# but not more than MAX_EXPANSION_QUOTA,
# but not less than MIN_EXPANSION_FACTOR times initial mail size,
# but never less than MIN_EXPANSION_QUOTA
#
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)

# Stop nach dem ersten Virenfund
$first_infected_stops_scan = 1;


#------------ Do not modify anything below this line -------------
1; # insure a defined return