[Postfixbuch-users] probleme mit amavisd+clamav+spamassasinnewbie

Sandy Drobic postfixbuch-users at japantest.homelinux.com
Di Apr 11 12:32:05 CEST 2006 

Lars Ernst wrote:
> Hallo Sandy,
> 
> vielen Dank für die fixe Antwort. Ich habe meinen Senf ;) unter die kommentare gesetzt sodass der Kontext gewahrt bleibt.
> Unterm Strich ist der Status leider noch unverändert. :(
> was mach ich hier noch falsch?

Du hast den Virusscan in der amavisd.conf aktiviert, aber keinen Virenscanner?

>>Apr 10 16:20:42 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd: sl 
>>eeping for 1 s 
>>Apr 10 16:20:43 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd: Co 
>>nnecting to socket  /var/run/clamav/clamd, retry #1 
>>Apr 10 16:20:43 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd: Ca 
>>n't connect to UNIX socket /var/run/clamav/clamd: No such file or directory, ret 
>>rying (2) 
>>Apr 10 16:20:43 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd: sl 
>>eeping for 6 s 

Was sagt er (clamd) denn, wenn du versuchst zu starten?


>>Apr 10 16:20:49 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd: Co 
>>nnecting to socket  /var/run/clamav/clamd, retry #2 
>>Apr 10 16:20:49 orion amavisd[32596]: (client-XXZIbaob) Clam Antivirus-clamd av- 
>>scanner FAILED: Too many retries to talk to /var/run/clamav/clamd (Can't connect 
>> to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 51) l 
>>ine 180. 
>>Apr 10 16:20:49 orion amavisd[32596]: (client-XXZIbaob) WARN: all primary virus 
>>scanners failed, considering backups 
> 
> 
> Korrigiere das!
> 
> Alle Viren-Scanner auskommentiert. Vorerst.

Dann deaktiviere besser die Virenprüfung durch amavis.

> 
> 
>>Apr 10 16:20:49 orion amavisd[32596]: (client-XXZIbaob) Using Clam Antivirus - c 
>>lamscan: /usr/bin/clamscan --stdout --no-summary -r /var/spool/amavis/amavis-cli 
>>ent-XXZIbaob/parts 
> 
> 
> Secondary Scanner command line clam scheint zu funktionieren.
> 
> Nun, er mosert nich. Jedoch erkannte er kein EICAR-TEST-File. Also Viren-Priorität erstmal zurückgestellt.
> 
> 
>>Apr 10 16:20:50 orion amavisd[32596]: (client-XXZIbaob) TROUBLE in check_mail: d 
>>elivery-notification FAILED: Explicit forwarding, but not all recips done at /us 
>>r/sbin/amavisd line 1412, <GEN3> line 76. 
> 
> 
> Da hängt es dann.
> 
> Ja, und ich vermute das ist wohl das hauptproblem, jedenfalls hängen alle mails in der Queu fest wenn ich Amavisd aktiviere. *grübl* hab mal in der Amavisd-Datei (code) auf der Zeile nachgekuckt, nur is so ein Code für mich ein Böhmisches Dorf und ausser das ich dort die Zeil mit dem "Explicit forwarding, but not all recips done..." gefunden hab sagt mir das nix. :(

> 
> Das wichtigste fehlt:
> Logs von Postfix und die Konfiguration von Amavis.
> 
> Postfix-Log:
> Apr 11 11:14:43 orion postfix/smtpd[4178]: connect from lexp.w-schraml.loc
> Apr 11 11:14:43 orion postfix/smtpd[4178]: 126561E08: client=lexp.w-schraml.loc
> Apr 11 11:14:43 orion postfix/cleanup[4180]: 126561E08: message-id=<002401c65d48$00422080$196ea8c0 at WSCHRAML.LOC>
> Apr 11 11:14:43 orion postfix/qmgr[4014]: 126561E08: from=<Lars.Ernst at schramlsoft.de>, size=921, nrcpt=1 (queue active)
> Apr 11 11:14:43 orion postfix/smtpd[4178]: disconnect from lexp.w-schraml.loc
> Apr 11 11:14:44 orion postfix/pipe[4181]: 126561E08: to=<lars.ernst at schramlsoft.de>, relay=amavisd, delay=1, status=deferred (temporary failure)

Postfix versucht also, die mail an den contentfilter zu übergeben, was 
jedoch scheitert.

> Amavisd Fonfig (da ich nicht weiss obs hier sowas wie postconf -n gibt kommt nun der ganze baatz):
> # Section I - Essential daemon and MTA settings

Das war genau der grep-Befehl, der unten kommt. Deshalb mal das ganze 
gelöscht...


> 
> 
> Zeige mal die Ausgaben von
> egrep '(fatal|error|panic|warning) /var/log/mail
> 
> Apr 11 10:08:14 orion postfix/smtpd[3589]: warning: smtpd_peer_init: 61.11.16.89: hostname 61.11.16.89.bb-static.vsnl.net.in verification failed: Name or service not known
> Apr 11 10:16:44 orion postfix/smtpd[3641]: warning: smtpd_peer_init: 201.245.131.90: hostname adsl_plus_245131-90.etb.net.co verification failed: Name or service not known
> Apr 11 10:18:14 orion postfix/smtpd[3649]: warning: smtpd_peer_init: 62.81.151.163: hostname 163-151-81-62.libre.auna.net verification failed: Name or service not known
> Apr 11 10:26:40 orion postfix/smtpd[3649]: warning: smtpd_peer_init: 218.61.33.41: hostname cncln.online.ln.cn verification failed: Name or service not known
> Apr 11 10:29:00 orion postfix/smtpd[3678]: NOQUEUE: reject_warning: RCPT from dslb-084-056-036-218.pools.arcor-ip.net[84.56.36.218]: 450 <hildegard at alam-latin.de>: Sender address rejected: Domain not found; from=<hildegard at alam-latin.de> to=<bernhard.roedel at schramlsoft.de> proto=SMTP helo=<schramlsoft.de>
> Apr 11 10:30:25 orion postfix/smtpd[3677]: warning: smtpd_peer_init: 83.230.176.196: hostname cliente-28870.iberbanda.es verification failed: Name or service not known
> Apr 11 10:32:32 orion postfix/smtpd[3678]: warning: smtpd_peer_init: 81.210.81.162: hostname curie.pfeso.edu.pl verification failed: Name or service not known
> Apr 11 10:33:09 orion postfix/smtpd[3678]: warning: smtpd_peer_init: 84.24.250.62: hostname cp530967-a.tilbu1.nb.home.nl verification failed: Name or service not known
> Apr 11 10:54:41 orion postfix/smtpd[4027]: warning: smtpd_peer_init: 201.14.108.92: hostname 201-14-106-92.gnace701.t.brasiltelecom.net.br verification failed: Name or service not known
> Apr 11 11:08:07 orion postfix/smtpd[4027]: warning: smtpd_peer_init: 202.134.169.253: hostname 202.134.169.253.customer.7starnet.com verification failed: Name or service not known
> Apr 11 11:11:31 orion postfix/smtpd[4148]: warning: smtpd_peer_init: 84.24.250.62: hostname cp530967-a.tilbu1.nb.home.nl verification failed: Name or service not known
> Apr 11 11:11:40 orion postfix/smtpd[4027]: warning: smtpd_peer_init: 201.245.131.90: hostname adsl_plus_245131-90.etb.net.co verification failed: Name or service not known
> Apr 11 11:21:18 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 203.150.96.185: hostname 203-150-96-185.inter.net.th verification failed: Name or service not known
> Apr 11 11:27:12 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 210.211.169.60: hostname 210.211.169.60.bb-static.vsnl.net.in verification failed: Name or service not known
> Apr 11 11:27:55 orion postfix/smtpd[4446]: warning: smtpd_peer_init: 148.235.6.86: hostname customer-148-235-6-86.uninet-ide.com.mx verification failed: Name or service not known
> Apr 11 11:28:46 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 203.131.131.250: hostname adsl-131.131.250.info.com.ph verification failed: Name or service not known
> Apr 11 11:28:53 orion postfix/smtpd[4446]: warning: smtpd_peer_init: 220.134.78.16: address not listed for hostname 220-134-79-16.HINET-IP.hinet.net
> Apr 11 11:29:10 orion postfix/smtpd[4446]: warning: smtpd_peer_init: 61.63.99.6: hostname 61-63-99-6.nty.dynamic.lsc.net.tw verification failed: Name or service not known
> Apr 11 11:31:31 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 201.37.64.159: hostname C925409F.poa.virtua.com.br verification failed: Name or service not known
> Apr 11 11:32:33 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 84.119.109.16: hostname fr-ssy-C3-04-084119109016.chello.fr verification failed: Name or service not known
> Apr 11 11:38:06 orion postfix/smtpd[4325]: warning: smtpd_peer_init: 222.124.144.227: hostname 227.subnet144.astinet.telkom.net.id verification failed: Name or service not known
> Apr 11 11:45:22 orion postfix/smtpd[4525]: warning: smtpd_peer_init: 203.199.185.200: hostname illhyd-203.199.185.200.static.vsnl.net.in verification failed: Name or service not known
> Apr 11 11:54:41 orion postfix/smtpd[4553]: warning: smtpd_peer_init: 201.144.137.222: hostname dsl-201-144-137-222.prod-infinitum.com.mx verification failed: Name or service not known
> Apr 11 11:54:57 orion postfix/smtpd[4525]: warning: smtpd_peer_init: 24.106.201.145: hostname rrcs-24-106-201-145.se.biz.rr.com verification failed: Name or service not known
> Apr 11 11:57:44 orion postfix/smtpd[4553]: warning: smtpd_peer_init: 200.47.5.76: hostname line76.equal.net.ar verification failed: Name or service not known
> 

Das sind alles nur harmlose Warnungen. Scheint aber nur im laufenden 
Betrieb zu sein, nicht nach Neustart von Postfix.

> 
> und
> egrep -v '^#|^$|^[ ]+#' /etc/amavisd.conf
> use strict;
> $MYHOME = '/var/spool/amavis';
> $mydomain = 'w-schraml.loc';
> $daemon_user = 'vscan';
> $daemon_group = 'vscan';
> $TEMPBASE = $MYHOME;            # (must be set if other config vars use is)
> $ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
> $forward_method = 'lmtp:127.0.0.1:10025';  # where to forward checked mail

Warum lmtp?

> $notify_method = $forward_method;          # where to submit notifications
> $max_servers  =  2;   # number of pre-forked children          (default 2)
> $max_requests = 10;   # retire a child after that many accepts (default 10)
> $child_timeout=5*60;  # abort child if it does not complete each task in n sec
> @local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains
>                                   # (does not apply to sendmail/milter)
>                                   # (default is true)
> $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
> $inet_socket_port = 10024;        # accept SMTP on this local TCP port

Okay, dann ändere doch mal die Übermittlung von Postfix nach Amavis auf 
smtp um! Hier hängt es nämlich.

In master.cf folgende Zeile:
smtp      inet  n       -       n       -       20       smtpd
	-o content_filter=smtp:127.0.0.1:10024

Schalte besser die content_filter Option in main.cf dafür ab. Danach mal 
einen "postfix reload" und eine Testmail. Wenn das funktioniert, dann kann 
man den Transport etwas sauberer definieren.


> @inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP
> $DO_SYSLOG = 1;                   # (defaults to false)
> $LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)
> $log_level = 2;           # (defaults to 0)
> $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
> <%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
> $final_virus_destiny      = D_BOUNCE;  # (defaults to D_BOUNCE)
> $final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
> $final_spam_destiny = D_PASS;
> $final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
> $viruses_that_fake_sender_re = new_RE(
>   qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
>   qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
>   qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
>   qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
>   qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
>   qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
>   [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
>   [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
>   [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
> );
> $virus_admin = "virusalert\@$mydomain";

Ist das eine gültige Adresse?

Sandy

Mehr Informationen über die Mailingliste Postfixbuch-users