[Postfixbuch-users] SPamhaus PBL Problem mit amavis

Marcel Hartmann (privat) mail at marcel-hartmann.com
So Apr 18 14:09:02 CEST 2010


Hallo,

ich habe meine Virtuellen User in virtual_alias_domains, 
virtual_alias_maps und aliasse in virtual_alias_maps stehen.
Sende ich eine Mail nach (DRAUSSEN) also an eine DOmain die nicht eine 
meiner Virtuellen DOmains ist ist es kein SPAM, sende ich aber eine Mail
von Virtdomain an Virtdomain auf meinem Server sagt Amavis das dazu im 
Mailheader etc.:

X-Spam-Status: Yes, score=6.18 required=3.5 tests=[RCVD_IN_PBL=3.558,
	RCVD_IN_RP_RNBL=1.284, RDNS_DYNAMIC=0.363, S25R_1=0.001,
	SPF_SOFTFAIL=0.972, TO_NO_BRKTS_DYNIP=0.001, TVD_SPACE_RATIO=0.001]
	autolearn=no

Bei Spamassassin steht hier -> 
http://wiki.apache.org/spamassassin/Rules/RCVD_IN_PBL
das der Absender angeblich in der PBL von SPAMHAUS steht. EIn check auf 
spamhaus.org ergibt aber false!!!

Was macht mein amavis denn hier?

Hier meine configs:
postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10030
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/delete_10031_header
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost, $myhostname
myhostname = mx02.insentic.de
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
receive_override_options = no_address_mappings
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 5s
smtpd_etrn_restrictions = permit_mynetworks
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks        permit_sasl_authenticated        reject_unauth_destination        check_recipient_access hash:/etc/postfix/access        reject_unknown_recipient_domain        reject_unknown_sender_domain        reject_unverified_recipient        reject_non_fqdn_recipient        reject_non_fqdn_sender        reject_invalid_hostname        reject_rbl_client combined.njabl.org        reject_rbl_client bl.spamcop.net        reject_rhsbl_sender dsn.rfc-ignorant.org        reject_rhsbl_sender bogusmx.rfc-ignorant.org        reject_rhsbl_sender rhsbl.sorbs.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/postfix/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/postfix/private/postfix.pem
smtpd_use_tls = yes
soft_bounce = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot

und die amavisd.conf:
use strict;
$max_servers = 5;            # num of pre-forked children (2..30 is common), -m
$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
$mydomain = 'mx02.domain.tld';   # a convenient default for other settings
$MYHOME = '/var/amavis';   # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = "/var/virusmails";
$quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine
$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
$log_level = 2;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'mail';   # Syslog facility as a string
            # e.g.: mail, daemon, user, local0, ... local7
$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
            # choose from: emerg, alert, crit, err, warning, notice, info, debug
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
$enable_dkim_verification = 1;  # enable DKIM signatures verification
$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
                # option(s) -p overrides $inet_socket_port and $unix_socketname
$inet_socket_port = 10030;   # listen on this local TCP port(s)
$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
   originating =>  1,  # is true in MYNETS by default, but let's make it explicit
   os_fingerprint_method =>  undef,  # don't query p0f for internal clients
};
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
   originating =>  1,  # declare that mail was submitted by our smtp client
   allow_disclaimers =>  1,  # enables disclaimer insertion if available
   # notify administrator of locally originating malware
   virus_admin_maps =>  ["virusalert\@$mydomain"],
   spam_admin_maps  =>  ["virusalert\@$mydomain"],
   warnbadhsender   =>  1,
   # forward to a smtpd service providing DKIM signing service
   forward_method =>  'smtp:[127.0.0.1]:10027',
   # force MTA conversion to 7-bit (e.g. before DKIM signing)
   smtpd_discard_ehlo_keywords =>  ['8BITMIME'],
   bypass_banned_checks_maps =>  [1],  # allow sending any file names and types
   terminate_dsn_on_notify_success =>  0,  # don't remove NOTIFY=SUCCESS option
};
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$policy_bank{'AM.PDP-SOCK'} = {
   protocol =>  'AM.PDP',
   auth_required_release =>  0,  # do not require secret_id for amavisd-release
};
$sa_tag_level_deflt  = undef; #2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.5;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
@lookup_sql_dsn = (
     ['DBI:mysql:database=db;host=127.0.0.1;port=3306',
      'user',
      'pass']);
$sql_select_policy = 'SELECT name FROM mta_virtual_domains WHERE CONCAT("@",name) IN (%k)';
$virus_admin               = "root\@$mydomain";  # notifications recip.
$insert_received_line = 0;
$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps      = ('virus');
@addr_extension_banned_maps     = ('banned');
@addr_extension_spam_maps       = ('spam');
@addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
$sa_spam_subject_tag = '[SPAM] ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name
$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error
$myhostname = 'mx02.insentic.de';  # must be a fully-qualified domain name!
$notify_method  = 'smtp:[127.0.0.1]:10031';
$forward_method = 'smtp:[127.0.0.1]:10031';  # set to undef with milter!
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;
$bad_header_quarantine_method = undef;
$spam_quarantine_to = undef;

Weiss jemand warum er mir da diesen Fehler in den SPAM TAG schreibt?
Und warum er das nur macht, wenn ich zwischen den virtuell gehosteten Domains versende?

Gruß,
Marcel

-- 
Marcel Hartmann (webdeveloper&&  project manager)	
mail at marcel-hartmann.com // www.marcel-hartmann.com

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20100418/1c69ee08/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users