PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Postfix/Amavis/Spamassassin/ClamAv - irgendwie prüft er nich -_-



Neo van Matix
02.12.08, 08:34
Hallo...

ich habe mir ein SMTP-Relay aufgesetzt, Debian-Basis, hinter dem mein eigentlicher OX-Mailserver steht.

Das Relay nimmt die Mails meiner Domains entgegen und leitet sie an den OX weiter - das funktioniert auch gut.

Nur anscheinend funktioniert meine Spam-Abwehr bzw. der Virenscan mit ClamAV nicht - ich finde nirgends etwas in den Logs, das da heißt "scanned with clamav" oder ähnliches. Auch gehen manchmal Spammails durch, die offensichtlich Spam sind - aber haben im Header keinen X-SPAM-Tag, wie ich es eigentlich angegeben hatte ,dass er's auch bei nicht-spam-mails tun soll...

Ich poste mal ein paar Konfigfiles:

mail.log - ein paar Zeilen Maillog:

Dec 2 06:17:08 spam postfix/smtpd[21917]: warning: 239.199.239.213.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=239.199.239.213.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 06:17:08 spam postfix/smtpd[21917]: NOQUEUE: reject: RCPT from hpserver.de[213.239.199.239]: 550 5.1.1 <Jalusic@proggen.net>: Recipient address rejected: User unknown in local recipient table; from=<www-data@leo01.de> to=<Jalusic@proggen.net> proto=ESMTP helo=<mail.leo01.de>
Dec 2 06:17:08 spam postfix/smtpd[21917]: disconnect from hpserver.de[213.239.199.239]
Dec 2 06:20:28 spam postfix/anvil[21919]: statistics: max connection rate 1/60s for (smtp:213.239.199.239) at Dec 2 06:17:07
Dec 2 06:20:28 spam postfix/anvil[21919]: statistics: max connection count 1 for (smtp:213.239.199.239) at Dec 2 06:17:07
Dec 2 06:20:28 spam postfix/anvil[21919]: statistics: max cache size 1 at Dec 2 06:17:07
Dec 2 06:46:14 spam postfix/smtpd[22123]: connect from unknown[123.22.49.149]
Dec 2 06:46:18 spam postfix/smtpd[22123]: NOQUEUE: reject: RCPT from unknown[123.22.49.149]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<topherj@atomic.net> to=<dwproggenm@proggen.net> proto=ESMTP helo=<localhost>
Dec 2 06:46:18 spam postfix/smtpd[22123]: disconnect from unknown[123.22.49.149]
Dec 2 06:49:38 spam postfix/anvil[22125]: statistics: max connection rate 1/60s for (smtp:123.22.49.149) at Dec 2 06:46:14
Dec 2 06:49:38 spam postfix/anvil[22125]: statistics: max connection count 1 for (smtp:123.22.49.149) at Dec 2 06:46:14
Dec 2 06:49:38 spam postfix/anvil[22125]: statistics: max cache size 1 at Dec 2 06:46:14
Dec 2 06:54:16 spam postfix/smtpd[22159]: warning: 122.164.71.1: address not listed for hostname ABTS-TN-dynamic-001.71.164.122.airtelbroadband.in
Dec 2 06:54:16 spam postfix/smtpd[22159]: connect from unknown[122.164.71.1]
Dec 2 06:54:21 spam postfix/smtpd[22159]: warning: 1.71.164.122.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=1.71.164.122.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 06:54:21 spam postfix/smtpd[22159]: NOQUEUE: reject: RCPT from unknown[122.164.71.1]: 550 5.1.1 <dwproggenm@proggen.net>: Recipient address rejected: User unknown in local recipient table; from=<tohruw@walla.com> to=<dwproggenm@proggen.net> proto=ESMTP helo=<dsl-tn-dynamic-037.244.164.122.airtelbroadband.in>
Dec 2 06:54:21 spam postfix/smtpd[22159]: disconnect from unknown[122.164.71.1]
Dec 2 06:56:05 spam postfix/smtpd[22171]: connect from unknown[122.173.185.165]
Dec 2 06:56:06 spam postfix/smtpd[22171]: NOQUEUE: reject: RCPT from unknown[122.173.185.165]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<siobahnl@chocofan.com> to=<gruppecn@proggen.net> proto=ESMTP helo=<localhost>
Dec 2 06:56:06 spam postfix/smtpd[22171]: disconnect from unknown[122.173.185.165]
Dec 2 06:59:26 spam postfix/anvil[22161]: statistics: max connection rate 1/60s for (smtp:122.164.71.1) at Dec 2 06:54:16
Dec 2 06:59:26 spam postfix/anvil[22161]: statistics: max connection count 1 for (smtp:122.164.71.1) at Dec 2 06:54:16
Dec 2 06:59:26 spam postfix/anvil[22161]: statistics: max cache size 1 at Dec 2 06:54:16
Dec 2 07:28:41 spam postfix/smtpd[22308]: connect from unknown[118.176.98.120]
Dec 2 07:28:42 spam postfix/smtpd[22308]: NOQUEUE: reject: RCPT from unknown[118.176.98.120]: 504 5.5.2 <NCBXCOK>: Helo command rejected: need fully-qualified hostname; from=<impermissiblewu@wcllp.com> to=<dwproggenm@proggen.net> proto=ESMTP helo=<NCBXCOK>
Dec 2 07:28:42 spam postfix/smtpd[22308]: lost connection after DATA from unknown[118.176.98.120]
Dec 2 07:28:42 spam postfix/smtpd[22308]: disconnect from unknown[118.176.98.120]
Dec 2 07:29:02 spam postfix/smtpd[22308]: connect from unknown[124.115.77.105]
Dec 2 07:29:04 spam postfix/smtpd[22308]: NOQUEUE: reject: RCPT from unknown[124.115.77.105]: 504 5.5.2 <lenovo-2ac94c87>: Helo command rejected: need fully-qualified hostname; from=<mprogers@simla.colostate.edu> to=<mproggeno@proggen.net> proto=SMTP helo=<lenovo-2ac94c87>
Dec 2 07:29:04 spam postfix/smtpd[22308]: disconnect from unknown[124.115.77.105]
Dec 2 07:32:25 spam postfix/anvil[22310]: statistics: max connection rate 1/60s for (smtp:118.176.98.120) at Dec 2 07:28:41
Dec 2 07:32:25 spam postfix/anvil[22310]: statistics: max connection count 1 for (smtp:118.176.98.120) at Dec 2 07:28:41
Dec 2 07:32:25 spam postfix/anvil[22310]: statistics: max cache size 2 at Dec 2 07:29:02
Dec 2 07:41:06 spam postfix/smtpd[22362]: connect from unknown[59.53.110.69]
Dec 2 07:41:07 spam postfix/smtpd[22362]: NOQUEUE: reject: RCPT from unknown[59.53.110.69]: 504 5.5.2 <EYANFETC>: Helo command rejected: need fully-qualified hostname; from=<klausu882@stechglobal.com> to=<dwproggenm@proggen.net> proto=ESMTP helo=<EYANFETC>
Dec 2 07:41:07 spam postfix/smtpd[22362]: lost connection after DATA from unknown[59.53.110.69]
Dec 2 07:41:07 spam postfix/smtpd[22362]: disconnect from unknown[59.53.110.69]
Dec 2 07:42:53 spam postfix/smtpd[22372]: connect from unknown[211.174.14.222]
Dec 2 07:42:55 spam postfix/smtpd[22372]: NOQUEUE: reject: RCPT from unknown[211.174.14.222]: 554 5.7.1 Service unavailable; Client host [211.174.14.222] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?211.174.14.222; from=<erik@proggen.net> to=<erik@proggen.net> proto=SMTP helo=<amia.org.ar>
Dec 2 07:42:55 spam postfix/smtpd[22372]: lost connection after RCPT from unknown[211.174.14.222]
Dec 2 07:42:55 spam postfix/smtpd[22372]: disconnect from unknown[211.174.14.222]
Dec 2 07:43:21 spam postfix/smtpd[22372]: connect from skynet05.in-ulm.de[217.10.0.15]
Dec 2 07:43:22 spam postfix/smtpd[22372]: warning: 15.0.10.217.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=15.0.10.217.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 07:43:22 spam postfix/smtpd[22372]: NOQUEUE: reject: RCPT from skynet05.in-ulm.de[217.10.0.15]: 550 5.1.1 <las@proggen.net>: Recipient address rejected: User unknown in local recipient table; from=<akstcsouthernfurnituremnsdgs@southernfurniture.net> to=<las@proggen.net> proto=ESMTP helo=<skynet05.in-ulm.de>
Dec 2 07:43:22 spam postfix/smtpd[22372]: disconnect from skynet05.in-ulm.de[217.10.0.15]
Dec 2 07:46:42 spam postfix/anvil[22364]: statistics: max connection rate 1/60s for (smtp:59.53.110.69) at Dec 2 07:41:06
Dec 2 07:46:42 spam postfix/anvil[22364]: statistics: max connection count 1 for (smtp:59.53.110.69) at Dec 2 07:41:06
Dec 2 07:46:42 spam postfix/anvil[22364]: statistics: max cache size 2 at Dec 2 07:43:21
Dec 2 07:52:28 spam postfix/smtpd[22413]: connect from mx.uga-electro.ru[78.140.200.186]
Dec 2 07:52:28 spam postfix/smtpd[22413]: NOQUEUE: reject: RCPT from mx.uga-electro.ru[78.140.200.186]: 504 5.5.2 <logist_9>: Helo command rejected: need fully-qualified hostname; from=<las@poco.cn> to=<las@proggen.net> proto=SMTP helo=<logist_9>
Dec 2 07:52:28 spam postfix/smtpd[22413]: disconnect from mx.uga-electro.ru[78.140.200.186]
Dec 2 07:55:48 spam postfix/anvil[22415]: statistics: max connection rate 1/60s for (smtp:78.140.200.186) at Dec 2 07:52:28
Dec 2 07:55:48 spam postfix/anvil[22415]: statistics: max connection count 1 for (smtp:78.140.200.186) at Dec 2 07:52:28
Dec 2 07:55:48 spam postfix/anvil[22415]: statistics: max cache size 1 at Dec 2 07:52:28
Dec 2 07:57:22 spam postfix/smtpd[22437]: connect from yw-out-2324.google.com[74.125.46.28]
Dec 2 07:57:27 spam postfix/smtpd[22437]: warning: 28.46.125.74.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=28.46.125.74.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 07:57:27 spam postfix/smtpd[22437]: 2E3E7CA197: client=yw-out-2324.google.com[74.125.46.28]
Dec 2 07:57:27 spam postfix/cleanup[22441]: 2E3E7CA197: message-id=<ddaf469a0812012302x71c8e246mc070a64dff251360@mail. gmail.com>
Dec 2 07:57:27 spam postfix/qmgr[19286]: 2E3E7CA197: from=<snosong@googlemail.com>, size=2301, nrcpt=1 (queue active)
Dec 2 07:57:28 spam postfix/smtpd[22446]: connect from localhost[127.0.0.1]
Dec 2 07:57:28 spam postfix/smtpd[22446]: 4684BCA1B2: client=localhost[127.0.0.1]
Dec 2 07:57:28 spam postfix/cleanup[22441]: 4684BCA1B2: message-id=<ddaf469a0812012302x71c8e246mc070a64dff251360@mail. gmail.com>
Dec 2 07:57:28 spam postfix/smtpd[22446]: disconnect from localhost[127.0.0.1]
Dec 2 07:57:28 spam amavis[19104]: (19104-02) Passed CLEAN, [74.125.46.28] <snosong@googlemail.com> -> <basti@snowsong.de>, Message-ID: <ddaf469a0812012302x71c8e246mc070a64dff251360@mail. gmail.com>, mail_id: PbM+Xulz5KJt, Hits: -, queued_as: 4684BCA1B2, 955 ms
Dec 2 07:57:28 spam postfix/smtp[22443]: 2E3E7CA197: to=<basti@snowsong.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.6, delays=4.6/0.01/0.05/0.94, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=19104-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4684BCA1B2)
Dec 2 07:57:28 spam postfix/qmgr[19286]: 2E3E7CA197: removed
Dec 2 07:57:28 spam postfix/qmgr[19286]: 4684BCA1B2: from=<snosong@googlemail.com>, size=2686, nrcpt=1 (queue active)
Dec 2 07:57:28 spam postfix/smtp[22447]: connect to 78.46.197.209[78.46.197.209]: Connection refused (port 25)
Dec 2 07:57:28 spam postfix/smtp[22447]: 4684BCA1B2: to=<basti@snowsong.de>, relay=none, delay=0.32, delays=0.28/0.01/0.03/0, dsn=4.4.1, status=deferred (connect to 78.46.197.209[78.46.197.209]: Connection refused)
Dec 2 07:57:57 spam postfix/smtpd[22437]: disconnect from yw-out-2324.google.com[74.125.46.28]
Dec 2 08:01:17 spam postfix/anvil[22439]: statistics: max connection rate 1/60s for (smtp:74.125.46.28) at Dec 2 07:57:22
Dec 2 08:01:17 spam postfix/anvil[22439]: statistics: max connection count 1 for (smtp:74.125.46.28) at Dec 2 07:57:22
Dec 2 08:01:17 spam postfix/anvil[22439]: statistics: max cache size 1 at Dec 2 07:57:22
Dec 2 08:05:11 spam postfix/smtpd[22507]: connect from 220-137-253-235.dynamic.hinet.net[220.137.253.235]
Dec 2 08:05:20 spam postfix/smtpd[22507]: warning: 235.253.137.220.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=235.253.137.220.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 08:05:20 spam postfix/smtpd[22507]: NOQUEUE: reject: RCPT from 220-137-253-235.dynamic.hinet.net[220.137.253.235]: 550 5.1.1 <erik@proggen.net>: Recipient address rejected: User unknown in local recipient table; from=<stephenj@moebelheinrich.de> to=<erik@proggen.net> proto=ESMTP helo=<220-137-253-235.dynamic.hinet.net>
Dec 2 08:05:21 spam postfix/smtpd[22507]: disconnect from 220-137-253-235.dynamic.hinet.net[220.137.253.235]
Dec 2 08:06:50 spam postfix/smtpd[22507]: connect from unknown[121.20.142.11]
Dec 2 08:06:56 spam postfix/smtpd[22507]: NOQUEUE: reject: RCPT from unknown[121.20.142.11]: 554 5.7.1 Service unavailable; Client host [121.20.142.11] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?121.20.142.11; from=<KeithpresumptuousBell@theraidernation.com> to=<erik@proggen.net> proto=SMTP helo=<d88ae3ba8a4546a.domain>
Dec 2 08:06:57 spam postfix/smtpd[22507]: NOQUEUE: reject: RCPT from unknown[121.20.142.11]: 554 5.7.1 Service unavailable; Client host [121.20.142.11] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?121.20.142.11; from=<KeithpresumptuousBell@theraidernation.com> to=<las@proggen.net> proto=SMTP helo=<d88ae3ba8a4546a.domain>
Dec 2 08:07:19 spam postfix/smtpd[22507]: lost connection after RCPT from unknown[121.20.142.11]
Dec 2 08:07:19 spam postfix/smtpd[22507]: disconnect from unknown[121.20.142.11]
Dec 2 08:09:16 spam postfix/qmgr[19286]: 4684BCA1B2: from=<snosong@googlemail.com>, size=2686, nrcpt=1 (queue active)
Dec 2 08:09:17 spam postfix/smtp[22533]: 4684BCA1B2: to=<basti@snowsong.de>, relay=78.46.197.209[78.46.197.209]:25, delay=709, delays=708/0.03/0.38/0.37, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AF6C4168498)
Dec 2 08:09:17 spam postfix/qmgr[19286]: 4684BCA1B2: removed
Dec 2 08:10:39 spam postfix/anvil[22509]: statistics: max connection rate 1/60s for (smtp:220.137.253.235) at Dec 2 08:05:11
Dec 2 08:10:39 spam postfix/anvil[22509]: statistics: max connection count 1 for (smtp:220.137.253.235) at Dec 2 08:05:11
Dec 2 08:10:39 spam postfix/anvil[22509]: statistics: max cache size 1 at Dec 2 08:05:11
Dec 2 08:10:40 spam postfix/smtpd[22541]: connect from bb220-255-105-171.singnet.com.sg[220.255.105.171]
Dec 2 08:10:41 spam postfix/smtpd[22541]: NOQUEUE: reject: RCPT from bb220-255-105-171.singnet.com.sg[220.255.105.171]: 504 5.5.2 <bernard>: Helo command rejected: need fully-qualified hostname; from=<FredextrudeWard@abcteach.com> to=<erik@proggen.net> proto=SMTP helo=<bernard>
Dec 2 08:10:41 spam postfix/smtpd[22541]: NOQUEUE: reject: RCPT from bb220-255-105-171.singnet.com.sg[220.255.105.171]: 504 5.5.2 <bernard>: Helo command rejected: need fully-qualified hostname; from=<FredextrudeWard@abcteach.com> to=<las@proggen.net> proto=SMTP helo=<bernard>
Dec 2 08:10:41 spam postfix/smtpd[22541]: lost connection after RCPT from bb220-255-105-171.singnet.com.sg[220.255.105.171]
Dec 2 08:10:41 spam postfix/smtpd[22541]: disconnect from bb220-255-105-171.singnet.com.sg[220.255.105.171]
Dec 2 08:14:01 spam postfix/anvil[22543]: statistics: max connection rate 1/60s for (smtp:220.255.105.171) at Dec 2 08:10:40
Dec 2 08:14:01 spam postfix/anvil[22543]: statistics: max connection count 1 for (smtp:220.255.105.171) at Dec 2 08:10:40
Dec 2 08:14:01 spam postfix/anvil[22543]: statistics: max cache size 1 at Dec 2 08:10:40
Dec 2 08:14:58 spam amavis[22572]: starting. /usr/sbin/amavisd-new at spam.snowsong.de amavisd-new-2.4.2 (20060627), Unicode aware, LANG=de_DE.UTF-8
Dec 2 08:14:58 spam amavis[22572]: Perl version 5.008008
Dec 2 08:14:59 spam amavis[22577]: Module Amavis::Conf 2.068
Dec 2 08:14:59 spam amavis[22577]: Module Archive::Tar 1.30
Dec 2 08:14:59 spam amavis[22577]: Module Archive::Zip 1.16
Dec 2 08:14:59 spam amavis[22577]: Module BerkeleyDB 0.31
Dec 2 08:14:59 spam amavis[22577]: Module Compress::Zlib 1.42
Dec 2 08:14:59 spam amavis[22577]: Module Convert::TNEF 0.17
Dec 2 08:14:59 spam amavis[22577]: Module Convert::UUlib 1.06
Dec 2 08:14:59 spam amavis[22577]: Module Digest::MD5 2.36
Dec 2 08:14:59 spam amavis[22577]: Module MIME::Entity 5.420
Dec 2 08:14:59 spam amavis[22577]: Module MIME::Parser 5.420
Dec 2 08:14:59 spam amavis[22577]: Module MIME::Tools 5.420
Dec 2 08:14:59 spam amavis[22577]: Module Mail::Header 1.74
Dec 2 08:14:59 spam amavis[22577]: Module Mail::Internet 1.74
Dec 2 08:14:59 spam amavis[22577]: Module Net::Cmd 2.26
Dec 2 08:14:59 spam amavis[22577]: Module Net::SMTP 2.29
Dec 2 08:14:59 spam amavis[22577]: Module Net::Server 0.94
Dec 2 08:14:59 spam amavis[22577]: Module Time::HiRes 1.86
Dec 2 08:14:59 spam amavis[22577]: Module Unix::Syslog 0.100
Dec 2 08:14:59 spam amavis[22577]: Amavis::DB code loaded
Dec 2 08:14:59 spam amavis[22577]: Amavis::Cache code loaded
Dec 2 08:14:59 spam amavis[22577]: SQL base code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: SQL::Log code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: SQL::Quarantine NOT loaded
Dec 2 08:14:59 spam amavis[22577]: Lookup::SQL code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: Lookup::LDAP code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: AM.PDP-in proto code loaded
Dec 2 08:14:59 spam amavis[22577]: SMTP-in proto code loaded
Dec 2 08:14:59 spam amavis[22577]: Courier proto code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: SMTP-out proto code loaded
Dec 2 08:14:59 spam amavis[22577]: Pipe-out proto code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: BSMTP-out proto code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: Local-out proto code loaded
Dec 2 08:14:59 spam amavis[22577]: OS_Fingerprint code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: ANTI-VIRUS code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: ANTI-SPAM code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: ANTI-SPAM-SA code NOT loaded
Dec 2 08:14:59 spam amavis[22577]: Unpackers code loaded
Dec 2 08:14:59 spam amavis[22577]: Found $file at /usr/bin/file
Dec 2 08:14:59 spam amavis[22577]: No $dspam, not using it
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .mail
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .asc
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .uue
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .hqx
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .ync
Dec 2 08:14:59 spam amavis[22577]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .Z at /bin/uncompress
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .gz
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .bz2 at /bin/bzip2 -d
Dec 2 08:14:59 spam amavis[22577]: No decoder for .lzo tried: lzop -d
Dec 2 08:14:59 spam amavis[22577]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio
Dec 2 08:14:59 spam amavis[22577]: No decoder for .cpio tried: pax
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .cpio at /bin/cpio
Dec 2 08:14:59 spam amavis[22577]: No decoder for .tar tried: pax
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .tar at /bin/cpio
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .deb at /usr/bin/ar
Dec 2 08:14:59 spam amavis[22577]: Internal decoder for .zip
Dec 2 08:14:59 spam amavis[22577]: No decoder for .rar tried: rar, unrar
Dec 2 08:14:59 spam amavis[22577]: Found decoder for .arj at /usr/bin/arj
Dec 2 08:15:00 spam amavis[22577]: No decoder for .arc tried: nomarch, arc
Dec 2 08:15:00 spam amavis[22577]: No decoder for .zoo tried: zoo
Dec 2 08:15:00 spam amavis[22577]: No decoder for .lha tried: lha
Dec 2 08:15:00 spam amavis[22577]: No decoder for .doc tried: ripole
Dec 2 08:15:00 spam amavis[22577]: No decoder for .cab tried: cabextract
Dec 2 08:15:00 spam amavis[22577]: No decoder for .tnef
Dec 2 08:15:00 spam amavis[22577]: Internal decoder for .tnef
Dec 2 08:15:00 spam amavis[22577]: Found decoder for .exe at /usr/bin/arj
Dec 2 08:15:00 spam amavis[22577]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
Dec 2 08:16:33 spam postfix/master[19183]: terminating on signal 15
Dec 2 08:16:35 spam postfix/master[22667]: daemon started -- version 2.3.8, configuration /etc/postfix
Dec 2 08:18:17 spam postfix/smtpd[22685]: connect from rn-out-0910.google.com[64.233.170.185]
Dec 2 08:18:19 spam postfix/smtpd[22685]: warning: 185.170.233.64.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=185.170.233.64.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 08:18:19 spam postfix/smtpd[22685]: 0DB4ACA1A8: client=rn-out-0910.google.com[64.233.170.185]
Dec 2 08:18:19 spam postfix/cleanup[22690]: 0DB4ACA1A8: message-id=<ddaf469a0812012323r686a3c28k11e66600976da2ce@mail. gmail.com>
Dec 2 08:18:19 spam postfix/qmgr[22673]: 0DB4ACA1A8: from=<snosong@googlemail.com>, size=3277, nrcpt=1 (queue active)
Dec 2 08:18:19 spam postfix/smtpd[22693]: connect from localhost[127.0.0.1]
Dec 2 08:18:19 spam postfix/smtpd[22693]: D1211CA1B0: client=localhost[127.0.0.1]
Dec 2 08:18:19 spam postfix/cleanup[22690]: D1211CA1B0: message-id=<ddaf469a0812012323r686a3c28k11e66600976da2ce@mail. gmail.com>
Dec 2 08:18:19 spam postfix/qmgr[22673]: D1211CA1B0: from=<snosong@googlemail.com>, size=3662, nrcpt=1 (queue active)
Dec 2 08:18:20 spam postfix/smtpd[22693]: disconnect from localhost[127.0.0.1]
Dec 2 08:18:20 spam amavis[22578]: (22578-01) Passed CLEAN, [64.233.170.185] <snosong@googlemail.com> -> <basti@snowsong.de>, Message-ID: <ddaf469a0812012323r686a3c28k11e66600976da2ce@mail. gmail.com>, mail_id: eQWqwCUCmsht, Hits: -, queued_as: D1211CA1B0, 662 ms
Dec 2 08:18:20 spam postfix/smtp[22691]: 0DB4ACA1A8: to=<basti@snowsong.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=1.3/0.03/0.02/0.66, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=22578-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D1211CA1B0)
Dec 2 08:18:20 spam postfix/qmgr[22673]: 0DB4ACA1A8: removed
Dec 2 08:18:20 spam postfix/smtp[22694]: D1211CA1B0: to=<basti@snowsong.de>, relay=78.46.197.209[78.46.197.209]:25, delay=0.62, delays=0.14/0.03/0.11/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 296F3168498)
Dec 2 08:18:20 spam postfix/qmgr[22673]: D1211CA1B0: removed
Dec 2 08:18:49 spam postfix/smtpd[22685]: disconnect from rn-out-0910.google.com[64.233.170.185]
Dec 2 08:20:32 spam postfix/smtpd[22704]: connect from an-out-0708.google.com[209.85.132.247]
Dec 2 08:20:33 spam postfix/smtpd[22704]: warning: 247.132.85.209.dun.dnsrbl.net: RBL lookup error: Host or domain name not found. Name service error for name=247.132.85.209.dun.dnsrbl.net type=A: Host not found, try again
Dec 2 08:20:33 spam postfix/smtpd[22704]: 834F3CA1A8: client=an-out-0708.google.com[209.85.132.247]
Dec 2 08:20:33 spam postfix/cleanup[22709]: 834F3CA1A8: message-id=<ddaf469a0812012325q44b65677l15e70e086925c0c7@mail. gmail.com>
Dec 2 08:20:34 spam postfix/qmgr[22673]: 834F3CA1A8: from=<snosong@googlemail.com>, size=31830, nrcpt=1 (queue active)
Dec 2 08:20:34 spam postfix/smtpd[22712]: connect from localhost[127.0.0.1]
Dec 2 08:20:34 spam postfix/smtpd[22712]: C3A99CA1B7: client=localhost[127.0.0.1]
Dec 2 08:20:34 spam postfix/cleanup[22709]: C3A99CA1B7: message-id=<ddaf469a0812012325q44b65677l15e70e086925c0c7@mail. gmail.com>
Dec 2 08:20:34 spam postfix/qmgr[22673]: C3A99CA1B7: from=<snosong@googlemail.com>, size=32215, nrcpt=1 (queue active)
Dec 2 08:20:34 spam postfix/smtpd[22712]: disconnect from localhost[127.0.0.1]
Dec 2 08:20:34 spam amavis[22579]: (22579-01) Passed CLEAN, [209.85.132.247] <snosong@googlemail.com> -> <basti@snowsong.de>, Message-ID: <ddaf469a0812012325q44b65677l15e70e086925c0c7@mail. gmail.com>, mail_id: RnUMO4sfGI52, Hits: -, queued_as: C3A99CA1B7, 692 ms
Dec 2 08:20:34 spam postfix/smtp[22710]: 834F3CA1A8: to=<basti@snowsong.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=1.7/0.03/0.02/0.69, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=22579-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C3A99CA1B7)
Dec 2 08:20:34 spam postfix/qmgr[22673]: 834F3CA1A8: removed
Dec 2 08:20:35 spam postfix/smtp[22713]: C3A99CA1B7: to=<basti@snowsong.de>, relay=78.46.197.209[78.46.197.209]:25, delay=0.48, delays=0.1/0.03/0.08/0.27, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 0AB9D168498)
Dec 2 08:20:35 spam postfix/qmgr[22673]: C3A99CA1B7: removed
Dec 2 08:21:04 spam postfix/smtpd[22704]: disconnect from an-out-0708.google.com[209.85.132.247]

00-amavis_conf

# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
$mydomain = 'snowsong.de'; # (no useful default)

# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications

$sa_debug = 0;

01-debian

# SETTINGS RARELY MODIFIED BY THE LOCAL ADMIN

$ENV{PATH} = $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file';
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$pax = 'pax';
$cpio = 'cpio';
$ar = 'ar';
$ripole = 'ripole';
$dspam = 'dspam';

1; # insure a defined return

05-domain_id

use strict;

# $mydomain is used just for convenience in the config files and it is not
# used internally by amavisd-new except in the default X_HEADER_LINE (which
# Debian overrides by default anyway).

chomp($mydomain = `head -n 1 /etc/mailname`);

# amavisd-new needs to know which email domains are to be considered local
# to the administrative domain. Only emails to "local" domains are subject
# to certain functionality, such as the addition of spam tags.
#
# Default local domains to $mydomain and all subdomains. Remember to
# override or redefine this if $mydomain is changed later in the config
# sequence.

@local_domains_acl = ( ".$mydomain", '.zockkeller.com', '.snowsong.de', '.weilichskann.de', '.afoolslife.com', '.proggen.net' );

1; # insure a defined return

15-content_filter_mode

use strict;

# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header # (default: undef)
$X_HEADER_LINE = "by Amavis-new,ClamAV at spam.snowsong.net";



# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_spam_checks_maps = (
# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return


20-debian-defaults

#$QUARANTINEDIR = "$MYHOME/virusmails";
$QUARANTINEDIR = undef;

$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';

$sa_tag_level_deflt = -1000; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";

$banned_quarantine_to = "postmaster\@$mydomain";
$bad_header_quarantine_to = "postmaster\@$mydomain";
$spam_quarantine_to = "postmaster\@$mydomain";

$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";

$virus_quarantine_to = undef;
# You should:
# Use D_DISCARD to discard data (viruses)
# Use D_BOUNCE to generate local bounces by amavisd-new
# Use D_REJECT to generate local or remote bounces by the calling MTA
# Use D_PASS to deliver the message
#
# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
# mail to your account. Use D_BOUNCE instead, otherwise you are delegating
# the bounce work to your friendly forwarders, which might not like it at all.
#
# On dual-MTA setups, one can often D_REJECT, as this just makes your own
# MTA generate the bounce message. Test it first.
#
# Bouncing viruses is stupid, always discard them after you are sure the AV
# is working correctly. Bouncing real SPAM is also useless, if you cannot
# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).

$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)

$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
$banned_admin = "postmaster\@$mydomain";

# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";


Postfix:
main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = spam.snowsong.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = spam.snowsong.de, localhost.snowsong.de, , localhost, snowsong.de, weilichskann.de, zockkeller.com, afoolslife.com, proggen.net
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

content_filter=smtp-amavis:[127.0.0.1]:10024

transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
relay_recipient_maps = hash:/etc/postfix/relay_recipients

smtpd_helo_required = yes


# Filter
smtpd_data_restrictions =
reject_unauth_pipelining

smtpd_client_restrictions =
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dun.dnsrbl.net,
permit

smtpd_recipient_restrictions =
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
permit

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit

receive_override_options = no_address_mappings


master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#
# The amavis interface
#
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - 2 smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes



Also wie gesagt, es funktioniert alles - nur seh ich nich, ob der Spamassassin eMails prüft, oder nicht :/

kworx
02.12.08, 11:17
Probier mal folgende Änderung: ;)

15-content_filter_mode


@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

Neo van Matix
02.12.08, 14:49
oh mann wie peinlich -_-

danke!