[Postfixbuch-users] Probleme in Verbindung mit Kaspersky Viren-Scanner

Rainer.Wiesenfarth at inpho.de Rainer.Wiesenfarth at inpho.de
Do Jan 5 10:33:27 CET 2006


Hallo,

ich bin gerade dabei unsere bisherige qmail L=F6sung auf postfix
umzustellen und im Zuge dessen dem MTA auch gleich ein paar zus=E4tzliche
"Features" zu verpassen. Das Setup scheint auch so weit zu
funktionieren, ich habe nur gestern Abend ein Problem mit dem Updater
des Kaspersky-Scanners gehabt, das mir das ganze E-Mail-System
hingestellt hat.

Hier die Details: Das System ist ein Debian Sarge, postfix und die
anderen Pakete sind der offiziellen Distribution entnommen. Angedacht
ist Folgendes:
- postfix h=E4ngt am Internet, nimmt Nachrichten von dort entgegen
  und leitet sie (nach einigen Tests) an den internen Exchange
  weiter. Zus=E4tzlich liefert es Nachrichten von innen ans Internet.
- gld l=E4uft (=FCber check_policy_service) f=FCrs Greylisting.
- =FCber SMTP ankommende Nachrichten werden mit SpamAssassin (mit
  spamc/spamd) SPAM-gefiltert.
- =FCber pickup ankommende Nachrichten (also die, die durch den
  Spamchecker durch sind) werden mit Kaspersky auf Viren
  untersucht.

Kann sein, dass das eine etwas umst=E4ndliche Methode ist - schlie=DFlich
bin ich postfix-Rookie. Falls hierzu jemand Verbesserungsvorschl=E4ge hat,
darf er/sie sie gerne =E4u=DFern. Aber bitte f=FCr Anf=E4nger verst=E4ndlich
halten ...

Jetzt aber zum Problem:

Gestern Abend hat pickup den content-filter just in dem Moment
aufgerufen, als der Kaspersky Updater gerade den aveserver neu gestartet
hat. Der smtpscanner konnte die Nachricht nicht pr=FCfen und wollte sie
daraufhin in die Queue zur=FCck stellen. Das hat aber wohl nicht
funktioniert, postfix hat sich hingestellt. Nach einem
/etc/init.d/postfix restart hat dann wieder alles funktioniert.

Da wir den Kaspersky Updater vier Mal t=E4glich laufen lassen wollen und
das E-Mail-Aufkommen nicht vernachl=E4ssigbar ist, sehe ich die Gefahr,
dass sich so etwas wiederholen kann und h=E4tte das gerne schon im Vorfeld
gel=F6st.

Hat jemand eine Idee?

Hier zur detaillierteren Analyse die Konfigurations- und Logdateien
(E-Mail Adressen und Seriennummer ersetzt):


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
master.cf:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

#
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
#
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D
smtp      inet  n       -       -       -       -       smtpd
##<KIS55> ## Added by Kaspersky Anti-Virus Installer ##
######          -o content_filter=3Dlmtp:127.0.0.1:10030
                -o content_filter=3Dspamchk:dummy
## Added by Kaspersky Anti-Virus Installer ##<KIS55>
#submission inet n      -       -       -       -       smtpd
#       -o smtpd_etrn_restrictions=3Dreject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
##<KIS55> ## Added by Kaspersky Anti-Virus Installer ##
                -o content_filter=3Dlmtp:127.0.0.1:10030
## Added by Kaspersky Anti-Virus Installer ##<KIS55>
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=3D5 -o smtp_connect_timeout=3D5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=3DDRhu user=3Dvmail argv=3D/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=3DFqhu user=3Duucp argv=3Duux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=3DF user=3Dftn argv=3D/usr/lib/ifmail/ifmail -r $nexthop ($recipien=
t)
bsmtp     unix  -       n       n       -       -       pipe
  flags=3DFq. user=3Dbsmtp argv=3D/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sen=
der
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=3DR user=3Dscalemail argv=3D/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}

# only used by postfix-tls
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
#smtps    inet  n       -       n       -       -       smtpd -o
smtpd_tls_wrappermode=3Dyes -o smtpd_sasl_auth_enable=3Dyes
#587      inet  n       -       n       -       -       smtpd -o
smtpd_enforce_tls=3Dyes -o smtpd_sasl_auth_enable=3Dyes
#<KIS55>
127.0.0.1:10030     inet  n      n      n      -      20     spawn
                user=3Dfilter
argv=3D/opt/kav/5.5/kav4mailservers/bin/smtpscanner
127.0.0.1:10031    inet  n      -      n      -      21      smtpd
         -o content_filter=3D
         -o local_recipient_maps=3D
         -o relay_recipient_maps=3D
         -o smtpd_restriction_classes=3D
         -o smtpd_client_restrictions=3D
         -o smtpd_helo_restrictions=3D
         -o smtpd_sender_restrictions=3D
         -o mynetworks=3D127.0.0.0/8
         -o strict_rfc821_envelopes=3Dyes
         -o smtpd_error_sleep_time=3D0
         -o smtpd_soft_error_limit=3D1001
         -o smtpd_hard_error_limit=3D1000
         -o myhostname=3Dstargate

#<KIS55>
spamchk   unix  -       n       n       -       10      pipe
  flags=3DRq user=3Dfilter argv=3D/usr/local/bin/spamchk -f ${sender} --
${recipient}
  =


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
main.cf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

# See /usr/share/postfix/main.cf.dist for a commented, more complete
version

smtpd_banner =3D $myhostname ESMTP $mail_name (Debian/GNU)
biff =3D no

# appending .domain is the MUA's job.
append_dot_mydomain =3D no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time =3D 4h

myhostname =3D stargate.inpho.de
alias_maps =3D mysql:/etc/postfix/alias.mysql
alias_database =3D mysql:/etc/postfix/alias.mysql
virtual_maps =3D mysql:/etc/postfix/virtual.mysql
myorigin =3D /etc/mailname
mydestination =3D stargate.inpho.de, stargate.in.inpho.de,
localhost.in.inpho.de, localhost, stargate.demo.inpho.de, inpho.de,
geotoolbox.com, demo.inpho.de, in.inpho.de
relayhost =3D
mynetworks =3D 127.0.0.0/8, 192.168.137.0/24
mailbox_size_limit =3D 0
recipient_delimiter =3D +
inet_interfaces =3D all

smtpd_recipient_restrictions =3D
  permit_mynetworks,
  reject_unauth_destination,
  check_policy_service inet:127.0.0.1:2525
  =

  =

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
mail.log (Ausschnitt):
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

04.01.2006 20:03:15 : 005C62C4DE: uid=3D0 from=3D<root>
04.01.2006 20:03:15 : 005C62C4DE:
message-id=3D<20060104190314.005C62C4DE at domain.here>
04.01.2006 20:03:15 : 005C62C4DE: from=3D<root at domain.here>, size=3D2142,
nrcpt=3D1 (queue active)
04.01.2006 20:03:15 : warning: command
/opt/kav/5.5/kav4mailservers/bin/smtpscanner exit status 75
04.01.2006 20:03:15 : 005C62C4DE: to=3D<root at domain.here>, orig_to=3D<root>,
relay=3Dnone, delay=3D1, status=3Ddeferred (connect to 127.0.0.1[127.0.0.1]:
server refused mail service)


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
smtpscanner.log (Ausschnitt):
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

[04/01/06 20:03:15 E] [14330] Connection to daemon: /var/run/aveserver
failed: Can not connect to daemon..
[04/01/06 20:03:15 F] [14330] Cannot connect to aveserver. Message is
not checked, and is put back to queue.


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
kavupdater.log (Ausschnitt):
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

[04/01/06 20:03:01 I] Configuration file:
/etc/kav/5.5/kav4mailservers/kav4mailservers.conf
[04/01/06 20:03:01 A] License file xxx.key, serial xxxx-xxxxxx-xxxxxxxx,
"Kaspersky Anti-Virus BO Suite DACH Edition. 25-49 Workstation /
FileServer / MailServer 1 year Renewal Licence", expires in 147 days
[04/01/06 20:03:01 A] Use proxy: 'localhost:13000'
[04/01/06 20:03:01 I] Start update for 'Kaspersky Anti-Virus for Mail
Servers'
[04/01/06 20:03:02 I] Update source 'http://ru1h.kaspersky-labs.com'
[04/01/06 20:03:03 A] File 'master.xml' downloaded
[04/01/06 20:03:03 A] version: 1136390100
[04/01/06 20:03:03 E] Published: ev_type =3D 'UPD_UpdateVersion'
        Params: 'Ver' =3D 1136390100
[04/01/06 20:03:09 A] File 'kavset.xml' downloaded
[04/01/06 20:03:09 I] Update source 'http://ru4h.kaspersky-labs.com'
[04/01/06 20:03:09 A] File 'master.xml' downloaded
[04/01/06 20:03:09 A] version: 1136411700
[04/01/06 20:03:09 E] Published: ev_type =3D 'UPD_UpdateVersion'
        Params: 'Ver' =3D 1136411700
[04/01/06 20:03:09 A] File 'kavset.xml' downloaded
[04/01/06 20:03:10 A] File 'kavset.xml' downloaded
[04/01/06 20:03:10 A] File 'avp.klb' downloaded
[04/01/06 20:03:10 A] File 'daily.avc' downloaded
[04/01/06 20:03:10 A] File 'daily-ex.avc' downloaded
[04/01/06 20:03:10 A] Checking new bases
[04/01/06 20:03:14 A] File
'/var/db/kav/5.5/kav4mailservers/bases/master.xml' replaced
[04/01/06 20:03:14 A] File
'/var/db/kav/5.5/kav4mailservers/bases/kavset.xml' replaced
[04/01/06 20:03:14 A] File
'/var/db/kav/5.5/kav4mailservers/bases/avp.klb' replaced
[04/01/06 20:03:14 A] File
'/var/db/kav/5.5/kav4mailservers/bases/daily.avc' replaced
[04/01/06 20:03:14 A] File
'/var/db/kav/5.5/kav4mailservers/bases/daily-ex.avc' replaced
[04/01/06 20:03:14 I] Update 'Kaspersky Anti-Virus for Mail Servers'
completed successfully
[04/01/06 20:03:14 I] Command /etc/init.d/aveserver reload was executed
with code 0


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
aveserver.log (Ausschnitt):
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D

[04/01/06 20:03:14 I] [7637] Received SIGHUP
[04/01/06 20:03:15 I] [7637] Kaspersky Anti-Virus server version
5.5.2/RELEASE build #138, using configuration file
/etc/kav/5.5/kav4mailservers/kav4mailservers.conf
[04/01/06 20:03:15 A] [7637] License file xxx.key, serial
xxxx-xxxxxx-xxxxxxxx, "Kaspersky Anti-Virus BO Suite DACH Edition. 25-49
Workstation / FileServer / MailServer 1 year Renewal Licence", expires
01/06/06 in 147 days
[04/01/06 20:03:15 I] [7637] Your license will expire 01/06/06
[04/01/06 20:03:17 I] [7637] /opt/kav/5.5/kav4mailservers/bin/aveserver
is started, 158839 records loaded, latest update 04/01/06

Best Regards / Mit freundlichen Gr=FC=DFen
Rainer Wiesenfarth

-- =

INPHO GmbH   *   Smaragdweg 1   *   70174 Stuttgart   *   Germany
phone: +49 711 2288 10              *  fax: +49 711 2288 111
mailto:Rainer.Wiesenfarth at inpho.de  *  www.inpho.de
Leader in Photogrammetry and Digital Surface Modelling
Please visit www.inpho.de
-------------- n=E4chster Teil --------------
Ein Dateianhang mit Bin=E4rdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/x-pkcs7-signature
Dateigr=F6=DFe  : 2334 bytes
Beschreibung: nicht verf=FCgbar
URL         : http://listi.jpberlin.de/pipermail/postfixbuch-users/attachme=
nts/20060105/856148b0/smime.bin



Mehr Informationen über die Mailingliste Postfixbuch-users