[Postfixbuch-users] Drei Probleme mit Postfix-Combo
Sandy Drobic
postfixbuch-users at japantest.homelinux.com
Di Sep 12 18:27:37 CEST 2006
Andreas Gehrke wrote:
> Sandy Drobic schrieb:
>> Andreas Gehrke wrote:
>>
>>> Hi Sandy!
>>>
>>> Sandy Drobic schrieb:
>>>
>>>> Am besten mal die Ausgabe von "saslfinger -s" von Patrick posten
>>>> (google mal nach dem Script).
>>>>
>>>>
>>> Vielen Dank Gott und dir und vor allem Patrick für dieses Tool!
>>> Seitdem die smtpd.conf auch smtpd.conf heisst und nicht mehr
>>> smtp.conf funzt es! Ich könnt ko.... naja, ihr wisst was ich meine.
>>> Ich hab mir schon gedacht, dass das irgendwie mit der Datei zu tun hat.
>>>
>>>
>>>> relayhost = [mail.blasfasel.de]
>>>>
>>> hab ich geändert, bringt aber nichts (auch in /etc/postfix/smtp_auth).
>>> hab auch smtp_sasl_password_maps versucht (also ohne das 'd'), bringt
>>> aber auch nichts.
>>>
>>
>> Der Servername in /etc/postfix/smtp_auth mux EXAKT so da stehen, auch
>> mit den eckigen Klammern, wie in der main.cf angegeben! Notfalls copy
>> & paste, damit es auch stimmt.
>>
>> Das einzige Problem könnte jetzt noch eine Frage des Mechanismus sein.
>> Brauchst du den ntlm? Wenn nicht, dann lösche ihn mal. Welche
>> Mechanismen unterstützt der Server (AUTH- Zeile des Servers)?
>>
>>
> Der Servername steht da genau so. Hab den vorhin da schon aus der
> main.cf reingepastet.
> AUTH_Zeile des Servers:
> 250-AUTH LOGIN CRAM-MD5 PLAIN
> ich kann mich da mit plain auch manuell mit den Daten aus der smtp_auth
> anmelden.
Dann zeige doch mal, ob du den smtp in der master.cf im chroot hast. Wenn
nicht, dann mal die Ausgabe von smtp -v, wenn eine Mail an den Relayhost geht.
>>>>> 3. Ich nutze amavisd-new um eingehende Mails auf Viren und Spam zu
>>>>> checken. Der Virenscanner scheint zu laufen und zu checken aber
>>>>> Spamassasin kann ich nicht dazu bewegen auch zu arbeiten. Der
>>>>> Dienst läuft einwandfrei. Aber es findet laut Mailheader und Logs
>>>>> kein Check durch SpamAssassin statt.
>>>>> In /etc/postfix/main.cf habe ich für amavis folgendes hinzugeüfgt:
>>>>>
>>>> Vermutlich eher ein Amavis-Problem.
>>>>
>>>> /etc/init.d/amavisd stop
>>>> amavisd debug
>>>>
>>>> Gibt es dann Zeilen, wo steht "Antivirus code loaded" "Antispam code
>>>> loaded"?
>>>>
>>>>
>>> Nein, bei beidem steht 'NOT loaded'
>>>
>>
>> Okay, du hast in der Tat ein Problem.
Hast du denn eigentlich einen Virenscanner installiert, der in der Liste
steht?
Sind alle Abhängigkeiten für Amavis erfüllt?
>>
>> Poste doch mal die Ausgabe von :
>> egrep -v '^#|^$|^[ ]+#' /etc/amavisd.conf
>>
>> Sandy
>>
> Habe ich als Textdatei angehängt.
>
> Danke für deine Mühe!
> Andy
>
>
> ------------------------------------------------------------------------
>
> use strict;
> $MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
> $mydomain = 'localhost.localdomain'; # (no useful default)
He he, ich bezweifle mal, dass diese Einstellung gut ist. (^-^)
Davon hängen eine ganze Menge anderer Parameter ab, die für die Funktion
wichtig sind. Setze auch mal $myhostname explizit auf den FQDN deines Servers.
> $daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
> $daemon_group = 'amavis'; # (no default; customary: vscan or amavis or sweep)
> $TEMPBASE = $MYHOME; # (must be set if other config vars use is)
> $pid_file = "/var/run/amavis/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
> $lock_file = "var/run/amavis/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
> $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
> $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
> $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
> $max_servers = 2; # number of pre-forked children (default 2)
> $max_requests = 20; # retire a child after that many accepts (default 10)
> $child_timeout=5*60; # abort child if it does not complete each task in
> @local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains
> # (does not apply to sendmail/milter)
> # (default is true)
> $unix_socketname = "/var/lib/amavis/amavisd.sock"; # amavis helper protocol socket
> $inet_socket_port = 10024; # accept SMTP on this local TCP port
> @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
> $DO_SYSLOG = 0; # (defaults to 0)
> $LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
Existiert die Datei, oder musst du sie noch anlegen?
> $log_level = 0; # (defaults to 0)
Setze den mal etwas höher, z.B. auf 2, damit du siehst, was passiert.
> $log_recip_templ = undef; # undef disables by-recipient level-0 log entries
> $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
> [?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
> read_l10n_templates('de_DE', '/etc/amavis');
> $final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
> $final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
> $final_spam_destiny = D_REJECT; # (defaults to D_BOUNCE)
Das kann sehr gefährlich sein, da amavisd-new ein after-queue-Filter ist,
und deshalb ein REJECT die Mail bounced! Wenn du Amavisd-New nicht extra
als before-queue-Filter eingerichtet hast, dann sollte das entweder auf
D_PASS (zustellen) oder D_DISCARD stehen. Für letzteres solltest du aber
eine Quarantäne einrichten, damit im Notfall die Mail dort noch abgelegt ist.
> $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
> @viruses_that_fake_sender_maps = (new_RE(
> qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
> qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
> qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
> qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
> qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
> qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
> [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
> [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
> [qr/^/ => 1], # true by default (remove or comment-out if undesired)
> ));
> $virus_admin = "virusalert\@$mydomain";
> $virus_admin = 'postmaster/@$mydomain';
> $spam_admin = "spamalert\@$mydomain";
> $mailfrom_to_quarantine = ''; # override sender address with null return path
> $QUARANTINEDIR = '/var/lib/amavis/virusmails';
Okay, gut.
> $virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
> $spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
> $virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
> $banned_quarantine_to = 'banned-quarantine'; # local quarantine
> $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
> $spam_quarantine_to = 'spam-quarantine'; # local quarantine
> $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
> $X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
> $undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
> $defang_virus = 1; # default is false: don't modify mail body
> $defang_banned = 1; # default is false: don't modify mail body
> $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
> # (defaults to false)
> $remove_existing_spam_headers = 1; # remove existing spam headers if
> # spam scanning is enabled (default)
> @keep_decoded_original_maps = (new_RE(
> qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables
> qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
> ));
> $banned_filename_re = new_RE(
> qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
> qr'^application/x-msdownload$'i, # block these MIME types
> qr'^application/x-msdos-program$'i,
> qr'^application/hta$'i,
> [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
> qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
> qr'^\.(exe-ms)$', # banned file(1) types
> );
> $banned_namepath_re = new_RE(
> qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi,
> qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,
> qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi,
> [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow
> qr'(?# BLOCK DOUBLE-EXTENSIONS )
> ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
> (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
> qr'(?# BLOCK COMMON NAME EXENSIONS )
> ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,
> [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )
> ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi
> => 'DISCARD' ],
> qr'(?# BLOCK Microsoft EXECUTABLES )
> ^ (.*\t)? T=exe-ms (\t.*)? $'xm, # banned file(1) type
> );
> $banned_namepath_re = undef; # to disable new-style
> $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
> $localpart_is_case_sensitive = 0; # (default is false)
> @score_sender_maps = ({ # a by-recipient hash lookup table
> '.' => [ # the _first_ matching sender determines the score boost
> new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
> [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
> [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
> [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
> [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
> [qr'^(your_friend|greatoffers)@'i => 5.0],
> [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
> ),
> { # a hash-type lookup table (associative array)
> 'nobody at cert.org' => -3.0,
> 'cert-advisory at us-cert.gov' => -3.0,
> 'owner-alert at iss.net' => -3.0,
> 'slashdot at slashdot.org' => -3.0,
> 'bugtraq at securityfocus.com' => -3.0,
> 'ntbugtraq at listserv.ntbugtraq.com' => -3.0,
> 'security-alerts at linuxsecurity.com' => -3.0,
> 'mailman-announce-admin at python.org' => -3.0,
> 'amavis-user-admin at lists.sourceforge.net'=> -3.0,
> 'notification-return at lists.sophos.com' => -3.0,
> 'owner-postfix-users at postfix.org' => -3.0,
> 'owner-postfix-announce at postfix.org' => -3.0,
> 'owner-sendmail-announce at lists.sendmail.org' => -3.0,
> 'sendmail-announce-request at lists.sendmail.org' => -3.0,
> 'donotreply at sendmail.org' => -3.0,
> 'ca+envelope at sendmail.org' => -3.0,
> 'noreply at freshmeat.net' => -3.0,
> 'owner-technews at postel.acm.org' => -3.0,
> 'ietf-123-owner at loki.ietf.org' => -3.0,
> 'cvs-commits-list-admin at gnome.org' => -3.0,
> 'rt-users-admin at lists.fsck.com' => -3.0,
> 'clp-request at comp.nus.edu.sg' => -3.0,
> 'surveys-errors at lists.nua.ie' => -3.0,
> 'emailnews at genomeweb.com' => -5.0,
> 'yahoo-dev-null at yahoo-inc.com' => -3.0,
> 'returns.groups.yahoo.com' => -3.0,
> 'clusternews at linuxnetworx.com' => -3.0,
> lc('lvs-users-admin at LinuxVirtualServer.org') => -3.0,
> lc('owner-textbreakingnews at CNNIMAIL12.CNN.COM') => -5.0,
> 'sender at example.net' => 3.0,
> '.example.net' => 1.0,
> },
> ], # end of site-wide tables
> });
> @blacklist_sender_maps = ( new_RE(
> qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
> qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
> qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
> qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
> qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
> qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
> ));
> $MAXLEVELS = 14; # (default is undef, no limit)
> $MAXFILES = 1500; # (default is undef, no limit)
> $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
> $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
> $MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
> $MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)
> $virus_check_negative_ttl= 3*60; # time to remember that mail was not infected
> $virus_check_positive_ttl= 30*60; # time to remember that mail was infected
> $spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
> $spam_check_positive_ttl = 30*60; # time to remember that mail was spam
> $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
> $file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
> $dspam = 'dspam';
> @decoders = (
> ['mail', \&do_mime_decode],
> ['asc', \&do_ascii],
> ['uue', \&do_ascii],
> ['hqx', \&do_ascii],
> ['ync', \&do_ascii],
> ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
> ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
> ['gz', \&do_gunzip],
> ['gz', \&do_uncompress, 'gzip -d'],
> ['bz2', \&do_uncompress, 'bzip2 -d'],
> ['lzo', \&do_uncompress, 'lzop -d'],
> ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
> ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
> ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
> ['tar', \&do_tar],
> ['deb', \&do_ar, 'ar'],
> ['zip', \&do_unzip],
> ['rar', \&do_unrar, ['rar','unrar'] ],
> ['arj', \&do_unarj, ['arj','unarj'] ],
> ['arc', \&do_arc, ['nomarch','arc'] ],
> ['zoo', \&do_zoo, 'zoo'],
> ['lha', \&do_lha, 'lha'],
> ['cab', \&do_cabextract, 'cabextract'],
> ['tnef', \&do_tnef_ext, 'tnef'],
> ['tnef', \&do_tnef],
> ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
> );
> $sa_local_tests_only = 1; # (default: false)
Das ist nicht sinnvoll für einen Mailserver. Damit fallen sämtliche
Blacklist-Abfragen weg, die sehr viele Spams erkennen helfen.
Sandy
--
Antworten bitte nur in die Mailingliste!
PMs bitte an: news-reply2 (@) japantest (.) homelinux (.) com
Mehr Informationen über die Mailingliste Postfixbuch-users