[Postfixbuch-users] Spamassassin scannt nicht alle Mails

niels_kalle niels_kalle at web.de
Di Jun 6 23:35:43 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kai Fürstenberg wrote:
> Niels Kalle wrote:
> 
> Kai Fürstenberg wrote:
> 
> 
>>Niels Kalle wrote:
> 
> 
>>>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> 
>>>Kai Fürstenberg wrote:
> 
> 
>>>>Hallo,
>>>>
>>>>Niels Kalle wrote:
>>>>
>>>>
>>>>>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>
>>>>>Heiner Lamprecht wrote:
>>>>>
>>>>>
>>>>>>Hi,
>>>>>
>>>>>Hallo.
>>>>>
>>>>>
>>>>>>On Sunday 04 June 2006 10:04, niels_kalle wrote:
>>>>>>
>>>>>>
>>>>>>>Hallo Liste. Mein Spamassassin scannt anscheinend nur
>>>>>>>Mails, die von meinem Server aus versandt werden aber
>>>>>>>nicht Mails die ich von (mal wieder...;)) GMX, etc.
>>>>>>>empfange.
>>>>>>
>>>>>>Wie wird SA aufgerufen?
>>>>>
>>>>>Das macht Amavis, ich bin leider klaeglich bei dem Versuch
>>>>>gescheitert spamassassin und clamav ohne Amavis in der
>>>>>master.cf hintereinanderzuschalten :>
>>>>
>>>>Das geht auch so nicht. Die Mail wird mittels "content_filter"
>>>>an Amavis übergeben und der schickt sie weiter an den ClamAV.
>>>>In Amavis ist SA bereits integriert. Du brauchst also nicht
>>>>mehr. Alternativ kann man auch z.B. über Procmail o.ä. arbeiten
>>>>und die Mails von dort durch den SA schicken.
> 
>>>Ja, aber procmail nutze ich nur um die Mails zu verteilen. Aber
>>>das Problem ist leider immer noch das Spamassasin (bzw. Amavis)
>>>nicht alle Mails scannt...
> 
>>Nimm doch mal in der master.cf
> 
> 
>>>smtp inet n - - - - smtpd -o
>>>content_filter=spamassassin
> 
>>den Contentfilter raus.
> 
> Der ist schon draussen, amavis hat jetzt seinen eigenen Anschluss und
> es funktioniert auch alles ganz wunderbar,
> man kann mails versenden, empfangen, alle mails werden von clamav
> geprueft.
> Nur halt incoming-Mails werden nicht vom Spamassassin geprueft (es sei
> denn man schickt sie sich gegenseitig ueber den Mailserver).
> 
> 
>>Über diese Anschluss schickst du deine Mail mit dem Contentfilter
>>Amavis aus deiner main.cf. Dieser wird aber hier in Spamassassin
>>umgeschrieben. Und der funktioniert ja momentan nicht.
> 
>>Schmeiss den raus, dann übernimmt Amavis die Sache.
> 
>>Vielleicht wäre es aber auch vorteilhafter dem Amavis seinen
>>eigenen Anschluss zu geben und nicht über den Standard smtp zu
>>gehen...
> 
>>Kai
> 
> Gruesse
> 
> Niels

> Lass uns doch mal ein Update machen. Schick bitte nochmals deine 
> aktuelle master.cf, postconf -n, und die, sagen wir mal 20-30 ersten 
> Zeilen der amavisd.conf

OK, du hast es so gewollt... ;), hier kommt der Output von postconf -n:

2bounce_notice_recipient = postmaster
access_map_reject_code = 554
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
allow_percent_hack = yes
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_notice_recipient = postmaster
bounce_size_limit = 65536
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
command_time_limit = 600s
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debug_peer_list = mail.humbug.org, nikster.humbug.org, localhost
default_destination_concurrency_limit = 5
default_destination_recipient_limit = 1000
default_process_limit = 150
default_rbl_reply = $rbl_code Service unavailable; $rbl_class
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} -
contact postmaster at humbug.org for details
delay_notice_recipient = postmaster
delay_warning_time = 1h
disable_dns_lookups = no
disable_vrfy_command = yes
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = postmaster
error_notice_recipient = postmaster
header_checks = pcre:/etc/postfix/header_checks.pcre
header_size_limit = 204800
home_mailbox = .maildir/
hopcount_limit = 50
html_directory = /usr/share/doc/postfix-2.2.5/html
ignore_mx_lookup_error = yes
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 2
invalid_hostname_reject_code = 501
line_length_limit = 4096
local_destination_concurrency_limit = 10
local_destination_recipient_limit = 1000
local_transport = no local mail delivery
mail_name = humbug Mailservices
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_reject_code = 554
max_idle = 10s
max_use = 20
maximal_backoff_time = 3600s
maximal_queue_lifetime = 1d
message_size_limit = 10240000
minimal_backoff_time = 60s
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain
mydomain = humbug.org
myhostname = mail.humbug.org
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
notify_classes = resource, software
prepend_delivered_header = forward
qmgr_message_active_limit = 10000
qmgr_message_recipient_limit = 10000
queue_directory = /var/spool/postfix
queue_minfree = 603979776
queue_run_delay = 1h
readme_directory = /usr/share/doc/postfix-2.2.5/readme
reject_code = 554
relay_domains_reject_code = 554
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
require_home_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtpd_banner = mail.humbug.org ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks        check_client_access
$default_database_type:/etc/postfix/rbl_checks_client_whitelist
check_sender_access
$default_database_type:/etc/postfix/rbl_checks_sender_whitelist
check_recipient_access
$default_database_type:/etc/postfix/rbl_checks_recipient_whitelist
  rbl_checks        permit
smtpd_data_restrictions = reject_unauth_pipelining        permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
permit_sasl_authenticated        reject_invalid_hostname        permit
smtpd_recipient_limit = 10000
smtpd_recipient_restrictions = permit_mynetworks
reject_unknown_recipient_domain        reject_non_fqdn_recipient
permit_auth_destination        permit_sasl_authenticated
check_sender_access regexp:/etc/postfix/nice_reject        reject
smtpd_restriction_classes = rbl_checks
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks
permit_sasl_authenticated        permit
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_cert_file = /etc/postfix/tls/newcert.pem
smtpd_tls_key_file = /etc/postfix/tls/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = yes
swap_bangpath = yes
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/mysql-transport.cf
transport_retry_time = 30s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
virtual_transport = virtual  virtual_minimum_uid = 1000
virtual_gid_maps = static:1000  virtual_mailbox_maps =
mysql:/etc/postfix/mysql-virtual-maps.cf  virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual.cf  virtual_uid_maps = static:100
virtual_mailbox_base = /home/vmail

Das ist etwas viel, aber ich habe schon mehrere Mailserver mit Postfix
gebaut und da sind eine Menge nuetzlicher (und weniger nuetzlicher)
Optionen, bzw. evtl. auch Leichen zusammengekommen. :)

Hier die ersten 30 (unkommentierten) Zeilen der amavisd.conf:

$MYHOME = '/var/amavis';   # (default is '/var/amavis')
$mydomain = 'humbug.org';      # (no useful default)
$myhostname = 'nikster.humbug.org';  # fqdn of this host, default by
uname(3)
$daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)
$daemon_group = 'amavis';   # (no default;  customary: vscan or amavis
or sweep)
$TEMPBASE = "$MYHOME/tmp";      # prefer to keep home dir /var/amavis clean?
$db_home = "$MYHOME/db";        # DB databases directory, default
"$MYHOME/db"
$helpers_home = $MYHOME;        # (defaults to $MYHOME)
$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1;    # enabl
$max_servers  =  4;   # number of pre-forked children          (default 2)
$max_requests = 20;   # retire a child after that many accepts (default 10)
$child_timeout=5*60;  # abort child if it does not complete each task in
@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024;        # accept SMTP on this local TCP port
@inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP
$DO_SYSLOG = 1;                   # (defaults to 0)
$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)
$log_level = 0;           # (defaults to 0)
$log_recip_templ = undef;  # undef disables by-recipient level-0 log entries
$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE
suggested
$warnspamsender = 1;    # (defaults to false (undef))

> Kai

Danke und Gruesse

Niels


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhfUv58f/63U87UsRAqVIAJoDb00g4TKXl6JFWJOrfjnwYnGUkACeNUaU
jOzzDlgUs6wYrb2zNLrQmjo=
=m9gw
-----END PGP SIGNATURE-----

Mehr Informationen über die Mailingliste Postfixbuch-users