[Postfixbuch-users] Spamassassin scannt nicht alle Mails

niels_kalle niels_kalle at web.de
Fr Jun 9 23:37:37 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kai Fürstenberg wrote:
> Niels Kalle schrieb:
> 
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Kai Fürstenberg wrote:
>>
>>  
>>
>>>Kai Fürstenberg wrote:
>>>
>>>    
>>>
>>>>Hallo,
Hallo Kai.
>>>>      
>>
>>Hallo Kai.
>>
>>  
>>
>>>>niels_kalle wrote:
>>>>
>>>>      
>>>>
>>>>>[..]
>>>>>
>>>>>        
>>>>>
>>>>>>Lass uns doch mal ein Update machen. Schick bitte nochmals
>>>>>>deine aktuelle master.cf, postconf -n, und die, sagen wir mal
>>>>>>20-30 ersten Zeilen der amavisd.conf
>>>>>>          
>>>>>
>>>>>OK, du hast es so gewollt... ;), hier kommt der Output von
>>>>>postconf -n:
>>>>>
>>>>>2bounce_notice_recipient = postmaster access_map_reject_code =
>>>>>554 alias_maps = mysql:/etc/postfix/mysql-aliases.cf
>>>>>allow_percent_hack = yes append_at_myorigin = yes
>>>>>append_dot_mydomain = yes biff = no body_checks =
>>>>>pcre:/etc/postfix/body_checks.pcre bounce_notice_recipient =
>>>>>postmaster bounce_size_limit = 65536 broken_sasl_auth_clients =
>>>>>yes command_directory = /usr/sbin command_time_limit = 600s
>>>>>config_directory = /etc/postfix content_filter =
>>>>>smtp-amavis:[127.0.0.1]:10024 daemon_directory =
>>>>>/usr/lib/postfix debug_peer_level = 2 debug_peer_list =
>>>>>mail.humbug.org, nikster.humbug.org, localhost
>>>>>default_destination_concurrency_limit = 5
>>>>>default_destination_recipient_limit = 1000
>>>>>default_process_limit = 150 default_rbl_reply = $rbl_code
>>>>>Service unavailable; $rbl_class [$rbl_what] blocked using
>>>>>$rbl_domain${rbl_reason?; $rbl_reason} - contact
>>>>>postmaster at humbug.org for details delay_notice_recipient =
>>>>>postmaster delay_warning_time = 1h disable_dns_lookups = no
>>>>>disable_vrfy_command = yes double_bounce_sender = double-bounce
>>>>>duplicate_filter_limit = 1000 empty_address_recipient =
>>>>>postmaster error_notice_recipient = postmaster header_checks =
>>>>>pcre:/etc/postfix/header_checks.pcre header_size_limit = 204800
>>>>>home_mailbox = .maildir/ hopcount_limit = 50 html_directory =
>>>>>/usr/share/doc/postfix-2.2.5/html ignore_mx_lookup_error = yes
>>>>>in_flow_delay = 1s inet_interfaces = all
>>>>>initial_destination_concurrency = 2
>>>>>invalid_hostname_reject_code = 501 line_length_limit = 4096
>>>>>local_destination_concurrency_limit = 10
>>>>>local_destination_recipient_limit = 1000 local_transport = no
>>>>>local mail delivery mail_name = humbug Mailservices mail_owner
>>>>>= postfix mailbox_command = /usr/bin/procmail
>>>>>mailbox_size_limit = 0 mailq_path = /usr/bin/mailq
>>>>>manpage_directory = /usr/share/man maps_rbl_reject_code = 554
>>>>>max_idle = 10s max_use = 20 maximal_backoff_time = 3600s
>>>>>maximal_queue_lifetime = 1d message_size_limit = 10240000
>>>>>minimal_backoff_time = 60s mydestination = $myhostname,
>>>>>localhost.$mydomain, $mydomain, mail.$mydomain mydomain =
>>>>>humbug.org myhostname = mail.humbug.org mynetworks =
>>>>>127.0.0.0/8 newaliases_path = /usr/bin/newaliases
>>>>>non_fqdn_reject_code = 504 notify_classes = resource, software
>>>>>prepend_delivered_header = forward qmgr_message_active_limit =
>>>>>10000 qmgr_message_recipient_limit = 10000 queue_directory =
>>>>>/var/spool/postfix queue_minfree = 603979776 queue_run_delay =
>>>>>1h readme_directory = /usr/share/doc/postfix-2.2.5/readme
>>>>>reject_code = 554 relay_domains_reject_code = 554
>>>>>relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
>>>>>require_home_directory = no sample_directory = /etc/postfix
>>>>>sendmail_path = /usr/sbin/sendmail setgid_group = postdrop
>>>>>smtp_tls_note_starttls_offer = yes smtpd_banner =
>>>>>mail.humbug.org ESMTP $mail_name smtpd_client_restrictions =
>>>>>permit_mynetworks check_client_access
>>>>>$default_database_type:/etc/postfix/rbl_checks_client_whitelist
>>>>>check_sender_access
>>>>>$default_database_type:/etc/postfix/rbl_checks_sender_whitelist
>>>>>check_recipient_access
>>>>>$default_database_type:/etc/postfix/rbl_checks_recipient_whitelist
>>>>>rbl_checks permit smtpd_data_restrictions =
>>>>>reject_unauth_pipelining permit smtpd_delay_reject = yes
>>>>>smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = reject
>>>>>smtpd_helo_required = yes smtpd_helo_restrictions =
>>>>>permit_mynetworks permit_sasl_authenticated
>>>>>reject_invalid_hostname permit smtpd_recipient_limit =
>>>>>10000 smtpd_recipient_restrictions = permit_mynetworks
>>>>>reject_unknown_recipient_domain reject_non_fqdn_recipient
>>>>>permit_auth_destination permit_sasl_authenticated
>>>>>check_sender_access regexp:/etc/postfix/nice_reject
>>>>>reject smtpd_restriction_classes = rbl_checks
>>>>>smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain =
>>>>>smtpd_sasl_security_options = noanonymous
>>>>>smtpd_sender_restrictions = permit_mynetworks
>>>>>permit_sasl_authenticated permit smtpd_timeout = 300s
>>>>>smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
>>>>>smtpd_tls_cert_file = /etc/postfix/tls/newcert.pem
>>>>>smtpd_tls_key_file = /etc/postfix/tls/newreq.pem
>>>>>smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes
>>>>>smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes
>>>>>soft_bounce = no strict_rfc821_envelopes = yes swap_bangpath =
>>>>>yes tls_random_source = dev:/dev/urandom transport_maps =
>>>>>mysql:/etc/postfix/mysql-transport.cf transport_retry_time =
>>>>>30s undisclosed_recipients_header = To:
>>>>>undisclosed-recipients:; unknown_address_reject_code = 550
>>>>>unknown_client_reject_code = 550 unknown_hostname_reject_code =
>>>>>550 unknown_local_recipient_reject_code = 550
>>>>>unknown_relay_recipient_reject_code = 550
>>>>>unknown_virtual_alias_reject_code = 550
>>>>>unknown_virtual_mailbox_reject_code = 550 virtual_transport =
>>>>>virtual virtual_minimum_uid = 1000 virtual_gid_maps =
>>>>>static:1000 virtual_mailbox_maps =
>>>>>mysql:/etc/postfix/mysql-virtual-maps.cf virtual_alias_maps =
>>>>>mysql:/etc/postfix/mysql-virtual.cf virtual_uid_maps =
>>>>>static:100 virtual_mailbox_base = /home/vmail
>>>>>        
>>>>
>>>>Soweit ok. Die ein oder andere Sache sollte vielleicht noch
>>>>angepasst werden. Mir ist aufgefallen, dass du in den
>>>>smtpd_sender_restrictions _alles_ erlaubst: permit_mynetworks,
>>>>permit_sasl_authenticated, permit. Vielleicht leer lassen :-)
>>>>
>>>>      
>>>>
>>>>>Das ist etwas viel, aber ich habe schon mehrere Mailserver mit
>>>>>Postfix gebaut und da sind eine Menge nuetzlicher (und weniger
>>>>>nuetzlicher) Optionen, bzw. evtl. auch Leichen
>>>>>zusammengekommen. :)
>>>>>
>>>>>Hier die ersten 30 (unkommentierten) Zeilen der amavisd.conf:
>>>>>
>>>>>$MYHOME = '/var/amavis'; # (default is '/var/amavis')
>>>>>$mydomain = 'humbug.org'; # (no useful default)
>>>>>$myhostname = 'nikster.humbug.org'; # fqdn of this host,
>>>>>default by uname(3) $daemon_user = 'amavis'; # (no default;
>>>>>customary: vscan or amavis) $daemon_group = 'amavis'; # (no
>>>>>default; customary: vscan or amavis or sweep) $TEMPBASE =
>>>>>"$MYHOME/tmp"; # prefer to keep home dir /var/amavis
>>>>>clean? $db_home = "$MYHOME/db"; # DB databases
>>>>>directory, default "$MYHOME/db" $helpers_home = $MYHOME; #
>>>>>(defaults to $MYHOME) $ENV{TMPDIR} = $TEMPBASE; # wise to
>>>>>set TMPDIR, but not obligatory $enable_db = 1; # enable use of
>>>>>BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1;
>>>>># enabl $max_servers = 4; # number of pre-forked children
>>>>>(default 2) $max_requests = 20; # retire a child after that
>>>>>many accepts (default 10) $child_timeout=5*60; # abort child
>>>>>if it does not complete each task in @local_domains_maps = (
>>>>>[".$mydomain"] ); # $mydomain and its subdomains
>>>>>$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper
>>>>>protocol socket
>>>>>        
>>>>
>>>>^^^^ Diese Zeile solltest du auskommentieren. Amavis weiss sonst
>>>>nicht, ob er auf einen Socket (oben) oder einen Port (s. nächste
>>>>Zeile) lauschen soll. Da sollte auch was entsprechendes in den
>>>>Logfiles stehen.
>>>>
>>>>      
>>>>
>>>>>$inet_socket_port = 10024; # accept SMTP on this local
>>>>>TCP port @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access
>>>>>only from localhost IP $DO_SYSLOG = 1; #
>>>>>(defaults to 0) $LOGFILE = "$MYHOME/amavis.log"; # (defaults
>>>>>to empty, no log) $log_level = 0; # (defaults to 0)
>>>>>$log_recip_templ = undef; # undef disables by-recipient
>>>>>level-0 log entries $final_virus_destiny = D_DISCARD; #
>>>>>(defaults to D_DISCARD) $final_banned_destiny = D_DISCARD;
>>>>># (defaults to D_BOUNCE) $final_spam_destiny = D_DISCARD;
>>>>># (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS;
>>>>># (defaults to D_PASS), D_BOUNCE suggested $warnspamsender = 1;
>>>>># (defaults to false (undef))
>>>>>        
>>>>
>>>>Hier ist noch eine Sache, die aber jetzt nichts mit dem Problem
>>>>zu tun hat: Möchtest du über den syslogd ($DO_SYSLOG = 1;) oder
>>>>in ein Logfile ($LOGFILE = "$MYHOME/amavis.log";) loggen? Beim
>>>>Syslog solltest du einen Level z.B. mit $SYSLOG_LEVEL =
>>>>'mail.debug'; definieren und $LOGFILE auskommentieren.
>>>>
>>>>Hast du noch eben die master.cf zur Hand? Du hast gesagt, interne
>>>>Mails werden gescannt, reinkommende jedoch nicht. Hast du ein
>>>>paar Log-Daten hierzu?
>>>>      
>>>
>>>Wart mal eben. Das ist nicht so ganz klar geworden. Wieso glaubst
>>>du, dass Amavis keine SA-Checks bei eingehenden Mails durchführt?
>>>Zum genauen Test: Setz $log_level mal auf 5, also hammermäßiges
>>>Logging ;-) Im Log taucht dann unter hunderten von anderen Log eine
>>>bestimmte auf Jun 7 10:13:46 root amavis[32433]: (32433-01)
>>>spam_scan: score=0.87 tests=[..] Das heisst, die Mail wurde
>>>gescannt. Nur werden nicht unbedingt entsprechende Header-Zeilen zu
>>>der Mail hinzugefügt. Die werden erstens nur für lokale Empfänger
>>>ergänzt ($mydomain in amavid.conf) und zudem nur, wenn die Score
>>>höher als $sa_tag_level_deflt ist. Sollen immer Header-Zeilen
>>>ergänzt werden, einfach $sa_tag_level_deflt auf undef setzen.
>>>Außerdem darauf achten, dass *alle* Domains in $mydomain
>>>eingetragen sind.
>>>    
>>
>>
>>Danke fuer deine Tips, ich probiere das sofort wenn ich nach Hause komme.
>>  
> 
> Funktioniert's?
Ja, jetzt geht alles. :)
Sorry fuer die spaete Antwort, man kommt zu nichts...
> 
> Kai

Gruesse

Niels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEieoh58f/63U87UsRAlu0AJ9DiYwDMtbr84XXsM+II8A/qZL1BACfav1U
cU/Ki8rlob9x8qLWJXu1kaE=
=Pa4/
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Postfixbuch-users