[Postfixbuch-users] Spamassassin scannt nicht alle Mails

Niels Kalle niels_kalle at web.de
Mi Jun 7 12:37:08 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kai Fürstenberg wrote:

> Kai Fürstenberg wrote:
>
>> Hallo,

Hallo Kai.

>>
>> niels_kalle wrote:
>>
>>> [..]
>>>
>>>> Lass uns doch mal ein Update machen. Schick bitte nochmals
>>>> deine aktuelle master.cf, postconf -n, und die, sagen wir mal
>>>> 20-30 ersten Zeilen der amavisd.conf
>>>
>>> OK, du hast es so gewollt... ;), hier kommt der Output von
>>> postconf -n:
>>>
>>> 2bounce_notice_recipient = postmaster access_map_reject_code =
>>> 554 alias_maps = mysql:/etc/postfix/mysql-aliases.cf
>>> allow_percent_hack = yes append_at_myorigin = yes
>>> append_dot_mydomain = yes biff = no body_checks =
>>> pcre:/etc/postfix/body_checks.pcre bounce_notice_recipient =
>>> postmaster bounce_size_limit = 65536 broken_sasl_auth_clients =
>>> yes command_directory = /usr/sbin command_time_limit = 600s
>>> config_directory = /etc/postfix content_filter =
>>> smtp-amavis:[127.0.0.1]:10024 daemon_directory =
>>> /usr/lib/postfix debug_peer_level = 2 debug_peer_list =
>>> mail.humbug.org, nikster.humbug.org, localhost
>>> default_destination_concurrency_limit = 5
>>> default_destination_recipient_limit = 1000
>>> default_process_limit = 150 default_rbl_reply = $rbl_code
>>> Service unavailable; $rbl_class [$rbl_what] blocked using
>>> $rbl_domain${rbl_reason?; $rbl_reason} - contact
>>> postmaster at humbug.org for details delay_notice_recipient =
>>> postmaster delay_warning_time = 1h disable_dns_lookups = no
>>> disable_vrfy_command = yes double_bounce_sender = double-bounce
>>> duplicate_filter_limit = 1000 empty_address_recipient =
>>> postmaster error_notice_recipient = postmaster header_checks =
>>> pcre:/etc/postfix/header_checks.pcre header_size_limit = 204800
>>> home_mailbox = .maildir/ hopcount_limit = 50 html_directory =
>>> /usr/share/doc/postfix-2.2.5/html ignore_mx_lookup_error = yes
>>> in_flow_delay = 1s inet_interfaces = all
>>> initial_destination_concurrency = 2
>>> invalid_hostname_reject_code = 501 line_length_limit = 4096
>>> local_destination_concurrency_limit = 10
>>> local_destination_recipient_limit = 1000 local_transport = no
>>> local mail delivery mail_name = humbug Mailservices mail_owner
>>> = postfix mailbox_command = /usr/bin/procmail
>>> mailbox_size_limit = 0 mailq_path = /usr/bin/mailq
>>> manpage_directory = /usr/share/man maps_rbl_reject_code = 554
>>> max_idle = 10s max_use = 20 maximal_backoff_time = 3600s
>>> maximal_queue_lifetime = 1d message_size_limit = 10240000
>>> minimal_backoff_time = 60s mydestination = $myhostname,
>>> localhost.$mydomain, $mydomain, mail.$mydomain mydomain =
>>> humbug.org myhostname = mail.humbug.org mynetworks =
>>> 127.0.0.0/8 newaliases_path = /usr/bin/newaliases
>>> non_fqdn_reject_code = 504 notify_classes = resource, software
>>> prepend_delivered_header = forward qmgr_message_active_limit =
>>> 10000 qmgr_message_recipient_limit = 10000 queue_directory =
>>> /var/spool/postfix queue_minfree = 603979776 queue_run_delay =
>>> 1h readme_directory = /usr/share/doc/postfix-2.2.5/readme
>>> reject_code = 554 relay_domains_reject_code = 554
>>> relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
>>> require_home_directory = no sample_directory = /etc/postfix
>>> sendmail_path = /usr/sbin/sendmail setgid_group = postdrop
>>> smtp_tls_note_starttls_offer = yes smtpd_banner =
>>> mail.humbug.org ESMTP $mail_name smtpd_client_restrictions =
>>> permit_mynetworks check_client_access
>>> $default_database_type:/etc/postfix/rbl_checks_client_whitelist
>>> check_sender_access
>>> $default_database_type:/etc/postfix/rbl_checks_sender_whitelist
>>> check_recipient_access
>>> $default_database_type:/etc/postfix/rbl_checks_recipient_whitelist
>>> rbl_checks permit smtpd_data_restrictions =
>>> reject_unauth_pipelining permit smtpd_delay_reject = yes
>>> smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = reject
>>> smtpd_helo_required = yes smtpd_helo_restrictions =
>>> permit_mynetworks permit_sasl_authenticated
>>> reject_invalid_hostname permit smtpd_recipient_limit =
>>> 10000 smtpd_recipient_restrictions = permit_mynetworks
>>> reject_unknown_recipient_domain reject_non_fqdn_recipient
>>> permit_auth_destination permit_sasl_authenticated
>>> check_sender_access regexp:/etc/postfix/nice_reject
>>> reject smtpd_restriction_classes = rbl_checks
>>> smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain =
>>> smtpd_sasl_security_options = noanonymous
>>> smtpd_sender_restrictions = permit_mynetworks
>>> permit_sasl_authenticated permit smtpd_timeout = 300s
>>> smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
>>> smtpd_tls_cert_file = /etc/postfix/tls/newcert.pem
>>> smtpd_tls_key_file = /etc/postfix/tls/newreq.pem
>>> smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes
>>> smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes
>>> soft_bounce = no strict_rfc821_envelopes = yes swap_bangpath =
>>> yes tls_random_source = dev:/dev/urandom transport_maps =
>>> mysql:/etc/postfix/mysql-transport.cf transport_retry_time =
>>> 30s undisclosed_recipients_header = To:
>>> undisclosed-recipients:; unknown_address_reject_code = 550
>>> unknown_client_reject_code = 550 unknown_hostname_reject_code =
>>> 550 unknown_local_recipient_reject_code = 550
>>> unknown_relay_recipient_reject_code = 550
>>> unknown_virtual_alias_reject_code = 550
>>> unknown_virtual_mailbox_reject_code = 550 virtual_transport =
>>> virtual virtual_minimum_uid = 1000 virtual_gid_maps =
>>> static:1000 virtual_mailbox_maps =
>>> mysql:/etc/postfix/mysql-virtual-maps.cf virtual_alias_maps =
>>> mysql:/etc/postfix/mysql-virtual.cf virtual_uid_maps =
>>> static:100 virtual_mailbox_base = /home/vmail
>>
>> Soweit ok. Die ein oder andere Sache sollte vielleicht noch
>> angepasst werden. Mir ist aufgefallen, dass du in den
>> smtpd_sender_restrictions _alles_ erlaubst: permit_mynetworks,
>> permit_sasl_authenticated, permit. Vielleicht leer lassen :-)
>>
>>> Das ist etwas viel, aber ich habe schon mehrere Mailserver mit
>>> Postfix gebaut und da sind eine Menge nuetzlicher (und weniger
>>> nuetzlicher) Optionen, bzw. evtl. auch Leichen
>>> zusammengekommen. :)
>>>
>>> Hier die ersten 30 (unkommentierten) Zeilen der amavisd.conf:
>>>
>>> $MYHOME = '/var/amavis'; # (default is '/var/amavis')
>>> $mydomain = 'humbug.org'; # (no useful default)
>>> $myhostname = 'nikster.humbug.org'; # fqdn of this host,
>>> default by uname(3) $daemon_user = 'amavis'; # (no default;
>>> customary: vscan or amavis) $daemon_group = 'amavis'; # (no
>>> default; customary: vscan or amavis or sweep) $TEMPBASE =
>>> "$MYHOME/tmp"; # prefer to keep home dir /var/amavis
>>> clean? $db_home = "$MYHOME/db"; # DB databases
>>> directory, default "$MYHOME/db" $helpers_home = $MYHOME; #
>>> (defaults to $MYHOME) $ENV{TMPDIR} = $TEMPBASE; # wise to
>>> set TMPDIR, but not obligatory $enable_db = 1; # enable use of
>>> BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1;
>>> # enabl $max_servers = 4; # number of pre-forked children
>>> (default 2) $max_requests = 20; # retire a child after that
>>> many accepts (default 10) $child_timeout=5*60; # abort child
>>> if it does not complete each task in @local_domains_maps = (
>>> [".$mydomain"] ); # $mydomain and its subdomains
>>> $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper
>>> protocol socket
>>
>> ^^^^ Diese Zeile solltest du auskommentieren. Amavis weiss sonst
>> nicht, ob er auf einen Socket (oben) oder einen Port (s. nächste
>> Zeile) lauschen soll. Da sollte auch was entsprechendes in den
>> Logfiles stehen.
>>
>>> $inet_socket_port = 10024; # accept SMTP on this local
>>> TCP port @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access
>>> only from localhost IP $DO_SYSLOG = 1; #
>>> (defaults to 0) $LOGFILE = "$MYHOME/amavis.log"; # (defaults
>>> to empty, no log) $log_level = 0; # (defaults to 0)
>>> $log_recip_templ = undef; # undef disables by-recipient
>>> level-0 log entries $final_virus_destiny = D_DISCARD; #
>>> (defaults to D_DISCARD) $final_banned_destiny = D_DISCARD;
>>> # (defaults to D_BOUNCE) $final_spam_destiny = D_DISCARD;
>>> # (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS;
>>> # (defaults to D_PASS), D_BOUNCE suggested $warnspamsender = 1;
>>> # (defaults to false (undef))
>>
>> Hier ist noch eine Sache, die aber jetzt nichts mit dem Problem
>> zu tun hat: Möchtest du über den syslogd ($DO_SYSLOG = 1;) oder
>> in ein Logfile ($LOGFILE = "$MYHOME/amavis.log";) loggen? Beim
>> Syslog solltest du einen Level z.B. mit $SYSLOG_LEVEL =
>> 'mail.debug'; definieren und $LOGFILE auskommentieren.
>>
>> Hast du noch eben die master.cf zur Hand? Du hast gesagt, interne
>> Mails werden gescannt, reinkommende jedoch nicht. Hast du ein
>> paar Log-Daten hierzu?
>
>
> Wart mal eben. Das ist nicht so ganz klar geworden. Wieso glaubst
> du, dass Amavis keine SA-Checks bei eingehenden Mails durchführt?
> Zum genauen Test: Setz $log_level mal auf 5, also hammermäßiges
> Logging ;-) Im Log taucht dann unter hunderten von anderen Log eine
> bestimmte auf Jun 7 10:13:46 root amavis[32433]: (32433-01)
> spam_scan: score=0.87 tests=[..] Das heisst, die Mail wurde
> gescannt. Nur werden nicht unbedingt entsprechende Header-Zeilen zu
> der Mail hinzugefügt. Die werden erstens nur für lokale Empfänger
> ergänzt ($mydomain in amavid.conf) und zudem nur, wenn die Score
> höher als $sa_tag_level_deflt ist. Sollen immer Header-Zeilen
> ergänzt werden, einfach $sa_tag_level_deflt auf undef setzen.
> Außerdem darauf achten, dass *alle* Domains in $mydomain
> eingetragen sind.


Danke fuer deine Tips, ich probiere das sofort wenn ich nach Hause komme.

>
> Kai


Gruesse

Niels

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhqxU58f/63U87UsRAtM4AJ9AGxVZLizacHjGbtQaSpXomGbhBACdF+BD
5hxt+xA/P7xDXegBKgiNj7M=
=JBJx
-----END PGP SIGNATURE-----




Mehr Informationen über die Mailingliste Postfixbuch-users