PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Benötige Hilfe: clamav,amavis,spamassassin,postfix



-caretaker-
30.03.09, 09:45
Hallo Zusammen,

ich habe momentan ein recht grosses Problem mit meinem Mailserver.
Anfangs hat der prima funktioniert, Postfix stellte die Mails umgehend den Postfächern (virtuell, via Mysql) zu.

Dann dachte ich ich könnte ja noch ein Mail-Antivirus sowie einen AntiSpam installieren (amavis, clamav, spamassassin)....
und damit fing das Drama auch schon an.
Irgendwie scheint das zu funktionieren aber irgendwie bekomme ich jetzt keine Mails mehr - respektive nur noch leere Nachrichten ohne Betreff und als Empfänger "undisclosed-recipients:;".
Weiter unten findet Ihr die Logfiles sowie die Konfigurationsfiles von postfix, clamav, amavis und spamassassin.

Parallel zu dem Ganzen verwende ich noch courier imap für den webmailer (roundcubemail)

Wäre super wenn Ihr mal einen Blick drauf werfen könntet - vielleicht fällt Euch ja etwas auf, ich bin mit meinem Latein am Ende.
Bin die Howto's schon hoch und runter gegangen.

Die einzelnen Programme müssten soweit einwandfrei laufen.


Danke Euch :-)



Postfix - main.cf:


smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
myhostname = vadmin27
mydomain = eurohost.ch
mydestination = $myhostname $mydomain localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
alias_maps = $alias_database
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
virtual_mailbox_base = /var/kunden/mail/
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
content_filter = amavis:[127.0.0.1]:10024
smtpd_sasl_authenticated_header = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key


Postfix - master.cf


#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
-o content_filter=spamfilter:dummy
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}

amavis unix - - y - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1


CLAMAV - clamd.conf


#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
TemporaryDirectory /tmp
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0



CLAMAV - freshclam.conf

# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogTime no
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav/
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
ScriptedUpdates yes
CompressLocalDatabase no
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.de.clamav.net


AMAVIS - 01-debian
irrelevant

AMAVIS - 05-domain_id
irrelevant

AMAVIS - 05-node_id
irrelevant

AMAVIS - 15-av_scanners

(hier nur NICHT-Kommentierte Zeilen)

### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
'/opt/kav/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
qr/(?:INFECTED|SUSPICION) (.+)/,
],

['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],

['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],

['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],

['Symantec CarrierScan via Symantec CommandLineScanner',
'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/^Files Infected:\s+0$/, qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],

['Symantec AntiVirus Scan Engine',
'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
[0], qr/^Infected\b/,
qr/^(?:Info|Virus Name):\s+(.+)/ ],

['F-Secure Antivirus', 'fsav',
'--dumb --mime --archive {}', [0], [3,8],
qr/(?:infection|Infected|Suspected): (.+)/ ],

['CAI InoculateIT', 'inocucmd', # retired product
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],

['CAI eTrust Antivirus', 'etrust-wrapper',
'-arc -nex -spm h {}', [0], [101],

['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],

['MkS_Vir daemon', 'mksscan',
'-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],

['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli',
'--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],

['Norman Virus Control v5 / Linux', 'nvcc',
'-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
qr/(?i).* virus in .* -> \'(.+)\'/ ],

['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ .]*: 0+(?!\d)/,
qr/Number of files infected[ .]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],

['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --mime --summary --noboot - {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ (.+?)\s*! |
:\ (.+)\ NOT\ a\ virus)/,
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
# sub {delete $ENV{LD_PRELOAD}},
],

['VirusBuster', ['vbuster', 'vbengcl'],
# VirusBuster Ltd. does not support the daemon version for the workstation
# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
# binaries, some parameters AND return codes have changed (from 3 to 1).
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/ ],

['CyberSoft VFind', 'vfind',
'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
],

### http://www.avast.com/
['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
'-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],

### http://www.ikarus-software.com/
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/ ],

### http://www.bitdefender.com/
['BitDefender', 'bdc',
'--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

['check-jpeg',
sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ],
# NOTE: place file JpegTester.pm somewhere where Perl can find it,
# for example in /usr/local/lib/perl5/site_perl

);


@av_scanners_backup = (

### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

### http://www.f-prot.com/ - backs up F-Prot Daemon
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],

### http://www.trendmicro.com/ - backs up Trophie
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
['drweb - DrWeb Antivirus',
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
'-path={} -al -go -ot -cn -upn -ok-',
[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],

# Commented out because the name 'sweep' clashes with Debian and FreeBSD
# package/port of an audio editor. Make sure the correct 'sweep' is found
# in the path when enabling.
#
# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
# ['Sophos Anti Virus (sweep)', 'sweep',
# '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
# [0,2], qr/Virus .*? found/,
# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
# ],
# # other options to consider: -mime -oe -idedir=/usr/local/sav

# always succeeds (uncomment to consider mail clean if all other scanners fail)
# ['always-clean', sub {0}],

);

1; # insure a defined return



AMAVIS - 15-content_filter_mode


use strict;

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

# Default SPAM checking mode
# Uncomment the two lines below to enable it back

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return



AMAVIS - 20-debian_defaults


use strict;

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # default listenting socket

$sa_spam_subject_tag = '*****SPAM*****';
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default

# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";

@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr/.*/ => 1], # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));

# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components

# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict

qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.

qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed

## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|mar ket\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specia loffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|ye sitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),

# read_hash("/var/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
'dennis.stoll@gmx.de' => -5.0,

lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,

},
], # end of site-wide tables
});

1; # insure a defined return


AMAVIS - 25-amavis_helpers


use strict;

$unix_socketname = "/var/run/amavis/amavisd.sock";

$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # don't require secret-id for release
};

1; # insure a defined return


AMAVIS - 50-user


use strict;

$pax='pax';

#------------ Do not modify anything below this line -------------
1; # insure a defined return


CLAMAV - clamav-check.conf


0.90-1 6
0.88.7-0volatile2 4
0.88.7-2 4
default 5

CLAMAV - clamd.conf


LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
TemporaryDirectory /tmp
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0


CLAMAV - freshclam.conf


DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogTime no
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav/
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
ScriptedUpdates yes
CompressLocalDatabase no
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.de.clamav.net


/etc/passwd


spamfilter:x:1000:1000:,,,:/home/spamfilter:/sbin/nologin
clamav:x:109:109::/var/lib/clamav:/bin/false
amavis:x:110:110:AMaViS system user,,,:/var/lib/amavis:/bin/sh


/etc/group


spamfilter:x:1000:
clamav:x:109:amavis
amavis:!:110:clamav



LOGFILES:
(nur Fehlermeldungen, bzw. statusmeldungen)


freshclam.log


--------------------------------------
Received signal: wake up
ClamAV update process started at Mon Mar 30 08:26:54 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.2 Recommended version: 0.95
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cld is up to date (version: 9180, sigs: 37728, f-level: 41, builder: guitar)
--------------------------------------

clamav.log


Mon Mar 30 09:33:28 2009 -> Socket file removed.
Mon Mar 30 09:33:28 2009 -> Pid file removed.
Mon Mar 30 09:33:28 2009 -> --- Stopped at Mon Mar 30 09:33:28 2009
Mon Mar 30 09:33:29 2009 -> +++ Started at Mon Mar 30 09:33:29 2009
Mon Mar 30 09:33:29 2009 -> clamd daemon 0.94.2 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Mar 30 09:33:29 2009 -> Log file size limit disabled.
Mon Mar 30 09:33:29 2009 -> Reading databases from /var/lib/clamav
Mon Mar 30 09:33:29 2009 -> Not loading PUA signatures.
Mon Mar 30 09:33:32 2009 -> Loaded 537604 signatures.
Mon Mar 30 09:33:32 2009 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Mar 30 09:33:32 2009 -> LOCAL: Setting connection queue length to 15
Mon Mar 30 09:33:32 2009 -> Limits: Global size limit set to 104857600 bytes.
Mon Mar 30 09:33:32 2009 -> Limits: File size limit set to 26214400 bytes.
Mon Mar 30 09:33:32 2009 -> Limits: Recursion level limit set to 16.
Mon Mar 30 09:33:32 2009 -> Limits: Files limit set to 10000.
Mon Mar 30 09:33:32 2009 -> Archive support enabled.
Mon Mar 30 09:33:32 2009 -> Algorithmic detection enabled.
Mon Mar 30 09:33:32 2009 -> Portable Executable support enabled.
Mon Mar 30 09:33:32 2009 -> ELF support enabled.
Mon Mar 30 09:33:32 2009 -> Mail files support enabled.
Mon Mar 30 09:33:32 2009 -> OLE2 support enabled.
Mon Mar 30 09:33:32 2009 -> PDF support enabled.
Mon Mar 30 09:33:32 2009 -> HTML support enabled.
Mon Mar 30 09:33:32 2009 -> Self checking every 3600 seconds.

mail.info


Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: connect from mailhost.commail.ch[
87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: 4CBFB122B99: client=mailhost.commail.ch[87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/cleanup[24497]: 4CBFB122B99: message-id=<1722D78E5FC283458DE9F07A528302B4BCA6AAB6@Exchange0 1.ramsen.jet
.ch>
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 4CBFB122B99: from=<d.stoll@jet.ch>, size=1878, nrcpt=1 (queue active)
Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: disconnect from mailhost.commail.ch[87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/pipe[24498]: 4CBFB122B99: to=<dennis@stollis.de>, relay=spamfilter, delay=0.2, delays=0.11/0.01/0/0.08,
dsn=2.0.0, status=sent (delivered via spamfilter service)
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 4CBFB122B99: removed
Mar 30 09:36:23 vadmin27 postfix/pickup[23682]: 75047122BA6: uid=1000 from=<d.stoll@jet.ch>
Mar 30 09:36:23 vadmin27 postfix/cleanup[24497]: 75047122BA6: message-id=<20090330073623.75047122BA6@vadmin27>
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 75047122BA6: from=<d.stoll@jet.ch>, size=257, nrcpt=1 (queue active)
Mar 30 09:36:23 vadmin27 postfix/virtual[24503]: 75047122BA6: to=<dennis@stollis.de>, relay=virtual, delay=0.09, delays=0.04/0.02/0/0.03
, dsn=2.0.0, status=sent (delivered to maildir)
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 75047122BA6: removed


syslog


Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: connect from mailhost.commail.ch[87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: 4CBFB122B99: client=mailhost.commail.ch[87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/cleanup[24497]: 4CBFB122B99: message-id=<1722D78E5FC283458DE9F07A528302B4BCA6AAB6@Exchange0 1.ramsen.jet.ch>
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 4CBFB122B99: from=<d.stoll@jet.ch>, size=1878, nrcpt=1 (queue active)
Mar 30 09:36:23 vadmin27 postfix/smtpd[24494]: disconnect from mailhost.commail.ch[87.245.120.146]
Mar 30 09:36:23 vadmin27 postfix/pipe[24498]: 4CBFB122B99: to=<dennis@stollis.de>, relay=spamfilter, delay=0.2, delays=0.11/0.01/0/0.08, dsn=2.0.0, status=se
nt (delivered via spamfilter service)
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 4CBFB122B99: removed
Mar 30 09:36:23 vadmin27 postfix/pickup[23682]: 75047122BA6: uid=1000 from=<d.stoll@jet.ch>
Mar 30 09:36:23 vadmin27 postfix/cleanup[24497]: 75047122BA6: message-id=<20090330073623.75047122BA6@vadmin27>
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 75047122BA6: from=<d.stoll@jet.ch>, size=257, nrcpt=1 (queue active)
Mar 30 09:36:23 vadmin27 postfix/virtual[24503]: 75047122BA6: to=<dennis@stollis.de>, relay=virtual, delay=0.09, delays=0.04/0.02/0/0.03, dsn=2.0.0, status=s
ent (delivered to maildir)
Mar 30 09:36:23 vadmin27 postfix/qmgr[1476]: 75047122BA6: removed
Mar 30 09:37:01 vadmin27 /USR/SBIN/CRON[24515]: (root) CMD (/usr/bin/php -q /var/www/syscp/scripts/cron_tasks.php >> /dev/null 2>&1)


syslog & mail.info enstanden beim versenden der testmail, clamav.log & freshclam.log unverändert.

Die email wurde an mich gesendet jedoch steht als empfänger: undisclosed-recipients:;
Die Kopfzeilen weisen weder auf den amavis/clamav virenscanner noch auf spamassassin hin.


Was meint Ihr dazu?

Roger Wilco
30.03.09, 12:19
1. Benutze nächstes mal bitte den CODE-Tag und nicht den QUOTE-Tag für Konfigurationsdateien und Logauszüge.
2.


Mar 30 09:36:23 vadmin27 postfix/pipe[24498]: 4CBFB122B99: to=<dennis@stollis.de>, relay=spamfilter, delay=0.2, delays=0.11/0.01/0/0.08,
dsn=2.0.0, status=sent (delivered via spamfilter service)
Dein Content-Filter wird offenbar nicht verwendet.
3. Welchen Wert hat $forward_method in deiner amavisd-new Konfiguration?
4. Was steht in /var/log/mail.debug?

-caretaker-
30.03.09, 12:46
Hallo Roger_Wilco,

sorry wegen quote statt code.
Habe ich geändert.

Mail Debug existiert als solches nicht,

Es gibt nur mail.err, mail.info, mail.log, mail.warn :(

Bzgwl. $forward_method .... das müsst ja eigentlich in der amavisd.conf stehn... aber die genau die vermisse ich.
Ich bin davon ausgegangen dass die automatisch angelegt wird.
Dem ist wohl nicht so :eek:

/edit: bei version 2.4.2 gibt es keine amavisd.conf mehr.

Grüsse

-caretaker-
30.03.09, 14:58
Ich glaub ich habs gefunden, die Mails kommen zumindest jetzt an.

master.cf von postfix:
smtp inet n - n - - smtpd
-o content_filter=spamfilter:dummy


spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}

das rote kommentiert (gehört da nicht hin, war ein fehler von mir)

Der X-Spam-Status fehlt noch, aber die mails kommen an