[Postfixbuch-users] Postfix Amavis und abgeschnittene Mail
"Fischer, Patrick"
patrick.fischer at streck.de
Di Jul 24 15:38:49 CEST 2007
Hallo Liste,
ich habe eine Problem mit dem zusammenspiel von Postfix (
2:2.2.10-1.RHEL4.2 ) und Amavis(2.4.5-1.el4.rf), als BS setzten wir
CentOS 4.4 ein.
Problembeschreibung:
eine externe E-Mail kommt in "abgeschnittener" Form beim Absender an. Da
in der E-Mail ein einzeler Punkt in eine Zeile rutscht (EOF).
Absender E-Mail:
<body>
test
.
.
test
</body>
Beim Empfänger kommt die E-Mail so an:
<body>
test
</body>
Tests:
intern habe ich auf dem Amavis eine E-Mail erstellt mit folgenden
Befehlen:
[root at local etc]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
helo local
250 [127.0.0.1]
MAIL FROM: <whoknows at whocares.de>
250 2.1.0 Sender <whoknows at whocares.de> OK
rcpt to: <alibi at XXX.de>
250 2.1.5 Recipient <alibi at XXX.de> OK
data
354 End data with <CR><LF>.<CR><LF>
subject: test
test
..
..
test
.
250 2.6.0 Ok, id=01945-04, from MTA([127.0.0.1]:10025): 250 Ok: queued
as 13F582251B5
quit
Amavis überprüft wie gehabt nach Viren und Klassifiziert die
E-Mail(Spam) und gibt Sie an Postfix zurueck.
In meinem outlook kommt die Mail "richtig" an.
Lösungsansatz(?):
Da es so scheint als wuerde der Amavis die E-Mail RFC konform behandeln,
vermute ich das der Postfix die extern einkommende E-Mail "dekodiert"
und so an Amavis weiterleitet. Amavis erkennt den EOF punkt in einer
Zeile und schneidet diese ab.
Nun die Frage kann man Postix konfigurieren, dass Postfix die E-Mail
"undekodiert" an Amavis uebergibt. Dadurch waere gewehrleistet das
Amavis die E-Mail nicht abschneidet.
Oder liege ich total falsch? habt Ihr auch mal so ein Problem gesehen?
Gruß
Patrick
PS: hier mal die conf Files (Postfix: main.cf + master.cf, Amavis.conf)
------------------------------------------------------------------------
----------------------------------------
conf main.cf
queue_directory = /own2/var/spool/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = XXXXXXXXXXXXXXXX
mydomain = XXXXXXXXXXXX
myorigin = $mydomain
inet_interfaces = all
mydestination = XXXXXXXXXXXXXX
mynetworks_style = subnet
mynetworks = XXXXXXXXXXXXXXXXX
relay_domains = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
recipient_canonical_maps = hash:/etc/postfix/canonical
sender_canonical_maps =
transport_maps = hash:/etc/postfix/transport
alias_maps = hash:/etc/postfix/aliases
fast_flush_domains = $relay_domains
default_destination_concurrency_limit = 100
debug_peer_level = 1
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
alias_database = hash:/etc/postfix/aliases
# ab hier: neu eingefuegte Eintraege
#
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
smtpd_sender_restrictions =
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_whitelist,
reject_unknown_sender_domain,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
# reject_rbl_client multihop.dsbl.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client combined.njabl.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client black.uribl.com,
reject_rbl_client opm.blitzed.org
append_dot_mydomain = no
content_filter = smtp-amavis:[127.0.0.1]:10024
maximal_queue_lifetime = 2d
header_checks = regexp:/etc/postfix/header_checks
initial_destination_concurrency = 200
html_directory = /usr/share/doc/postfix-2.1.5-documentation/html
unknown_local_recipient_reject_code = 450
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_recipient_maps = hash:/etc/postfix/recipients
# Update auf Postfix 2.2 (27.03.07 ch)
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
connection_cache_service = scache
------------------------------------------------------------------------
---------------------------------------------
conf master.cf
#
========================================================================
==
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
#
========================================================================
==
smtp inet n - n - - smtpd
-o content_filter=dfilt:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail.postfix ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
# Amavis Interface
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
smtp-amavis unix - - n - 1 smtp -o smtp_data_done_timeoute=600 -o
disable_dns_lookups=yes
relay unix - - n - - smtp
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
proxymap unix - - n - - proxymap
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# Disclaimer
dfilt unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} --
${recipient}
------------------------------------------------------------------------
------------------------------------------------------
amavis.conf
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked
mail
$notify_method = $forward_method; # where to submit
notifications
$max_servers = 4; # number of pre-forked children (default
2)
$max_requests = 10; # retire a child after that many accepts (default
10)
$child_timeout=5*60; # abort child if it does not complete each task in
n sec
# (default: 8*60 seconds)
@local_domains_acl = qw( XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX );
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol
socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
@inet_acl = qw( 127.0.0.1 );
$DO_SYSLOG = 0;
$log_level = 0;
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED
name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
$notify_sender_templ =
read_text('/var/amavis/templates/notify_sender.txt');
$notify_virus_sender_templ=
read_text('/var/amavis/templates/notify_virus_sender.txt');
$notify_virus_admin_templ =
read_text('/var/amavis/templates/notify_virus_admin.txt');
$notify_virus_recips_templ=
read_text('/var/amavis/templates/notify_virus_recips.txt');
$notify_spam_sender_templ =
read_text('/var/amavis/templates/notify_spam_sender.txt');
$notify_spam_admin_templ =
read_text('/var/amavis/templates/notify_spam_admin.txt');
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
suggested
$warnvirussender = 0; # (defaults to false (undef))
$warnspamsender = 1; # (defaults to false (undef))
$warnbannedsender = 1; # (defaults to false (undef))
$warnvirusrecip = 1; # (defaults to false (undef))
$warnbannedrecip = 1; # (defaults to false (undef))
$warn_offsite = 0;
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i
,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper'i,
);
$virus_admin = "postmaster\@XXXXXXXX";
$spam_admin = "";
$mailfrom_notify_admin = "postmaster\XXXXX";
$mailfrom_notify_recip = "postmaster\XXXXX";
$mailfrom_notify_spamadmin = "spam.police\XXXX";
$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
$mailfrom_to_quarantine = undef;
$QUARANTINEDIR = '/own2/var/virusmails';
$spam_quarantine_to = 'spam-quarantine';
$virus_quarantine_to = 'virus-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$keep_decoded_original_re = new_RE(
qr'^MAIL$', # retain full original message for virus checking (can
be slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex|html|zip|Zip)'i,
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, #
double extension
qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension -
basic
qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
vbe|vbs|wsc|wsf|wsh|mpg|mpeg|mov|avi|mp3|mpe|wmv)$'ix, #
banned extension - long
# qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1)
types
qr'^\.(exe|com|msi|bat|cmd|inf|pif|scr|vb|vbe|vbs|wsh)$'i, # banned
file(1) types
qr'^application/x-msdownload$'i, # banned MIME types
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
);
$banned_files_lovers{lc("postmaster\@XXXXXXX")} = 1;
$banned_files_lovers_re = new_RE(
qr'contact\@nomenclaturedouaniere\.com$'i );
$sql_select_white_black_list = undef;
$recipient_delimiter = '+';
@whitelist_sender_acl = ( "XXXXXXX", "XXXXXX" );
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'
i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be
specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be
specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid
vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_local_tests_only = 0; # (default: false)
$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is
larger
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 3.5; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disables)
$sa_spam_modifies_subj = 1;
@av_scanners = (
# NOTE: not sure which entry suits which kavscanner version
['KasperskyLab kavscanner 4.5',
['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
### http://drweb.imshop.de/
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl'],
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
qr/Number of files infected[ \.]*: 0(?!\d)/,
qr/Number of files infected[ \.]*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
@av_scanners_backup = (
### http://clamav.elektrapro.com/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.f-prot.com/
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
### http://www.trendmicro.com/
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
1;
Wir arbeiten ausschliesslich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen, jeweils neueste Fassung. Diese beschraenken in Zif. 23 ADSp die gesetzliche Haftung fuer Gueterschaeden nach Par. 431 HGB fuer Schaeden in speditionellem Gewahrsam auf 5 EUR/kg; bei multimodalen Transporten unter Einschluss einer Seebefoerderung auf 2 SZR/kg sowie darueberhinaus je Schadenfall bzw. -ereignis auf 1 Mio bzw. 2 Mio EUR oder 2 SZR/kg, je nachdem, welcher Betrag hoeher ist.
We work exclusively according to the German Freight Forwarders Standard Terms and Conditions (ADSp), in their respectively current version. In Item 23 ADSp, these terms and conditions limit the statutory liability for loss or damage of goods in the custody of the forwarder according to par. 431 German Commercial Code (HGB) to 5 EUR/kg (2 SDR/kg for intermodal transports including sea transports) and, in addition, to 1 Mio EUR per claim or to 2 Mio EUR for each damaging event or, in both cases, to 2 SDR/kg - whichever amount is higher.
***********************************************************************************************************************
Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
***********************************************************************************************************************
Streck Transportges.mbH, Brombacher Str. 61, D-79539 Loerrach; Tel.: 0049 7621 177 0
Sitz der Gesellschaft: Loerrach; AG Freiburg HRB Nr. 410317,Ust-Id-Nr DE 142 398 169.
Vorsitzender der Geschaeftsfuehrung: Herbert Boll, Geschaeftsfuehrer: Ingolf Heuring, Peter Mandel.
Vorsitzender des Beirates: Dr. Guenter Boll
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20070724/de186c26/attachment.html>
Mehr Informationen über die Mailingliste Postfixbuch-users