[Postfixbuch-users] Spamassassin scannt nicht alle Mails
Kai Fürstenberg
postfix at fuersti-net.de
Mi Jun 7 09:35:37 CEST 2006
Hallo,
niels_kalle wrote:
>[..]
>> Lass uns doch mal ein Update machen. Schick bitte nochmals deine
>> aktuelle master.cf, postconf -n, und die, sagen wir mal 20-30 ersten
>> Zeilen der amavisd.conf
>
> OK, du hast es so gewollt... ;), hier kommt der Output von postconf -n:
>
> 2bounce_notice_recipient = postmaster
> access_map_reject_code = 554
> alias_maps = mysql:/etc/postfix/mysql-aliases.cf
> allow_percent_hack = yes
> append_at_myorigin = yes
> append_dot_mydomain = yes
> biff = no
> body_checks = pcre:/etc/postfix/body_checks.pcre
> bounce_notice_recipient = postmaster
> bounce_size_limit = 65536
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> command_time_limit = 600s
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> debug_peer_list = mail.humbug.org, nikster.humbug.org, localhost
> default_destination_concurrency_limit = 5
> default_destination_recipient_limit = 1000
> default_process_limit = 150
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class
> [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} -
> contact postmaster at humbug.org for details
> delay_notice_recipient = postmaster
> delay_warning_time = 1h
> disable_dns_lookups = no
> disable_vrfy_command = yes
> double_bounce_sender = double-bounce
> duplicate_filter_limit = 1000
> empty_address_recipient = postmaster
> error_notice_recipient = postmaster
> header_checks = pcre:/etc/postfix/header_checks.pcre
> header_size_limit = 204800
> home_mailbox = .maildir/
> hopcount_limit = 50
> html_directory = /usr/share/doc/postfix-2.2.5/html
> ignore_mx_lookup_error = yes
> in_flow_delay = 1s
> inet_interfaces = all
> initial_destination_concurrency = 2
> invalid_hostname_reject_code = 501
> line_length_limit = 4096
> local_destination_concurrency_limit = 10
> local_destination_recipient_limit = 1000
> local_transport = no local mail delivery
> mail_name = humbug Mailservices
> mail_owner = postfix
> mailbox_command = /usr/bin/procmail
> mailbox_size_limit = 0
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maps_rbl_reject_code = 554
> max_idle = 10s
> max_use = 20
> maximal_backoff_time = 3600s
> maximal_queue_lifetime = 1d
> message_size_limit = 10240000
> minimal_backoff_time = 60s
> mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain
> mydomain = humbug.org
> myhostname = mail.humbug.org
> mynetworks = 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases
> non_fqdn_reject_code = 504
> notify_classes = resource, software
> prepend_delivered_header = forward
> qmgr_message_active_limit = 10000
> qmgr_message_recipient_limit = 10000
> queue_directory = /var/spool/postfix
> queue_minfree = 603979776
> queue_run_delay = 1h
> readme_directory = /usr/share/doc/postfix-2.2.5/readme
> reject_code = 554
> relay_domains_reject_code = 554
> relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
> require_home_directory = no
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtp_tls_note_starttls_offer = yes
> smtpd_banner = mail.humbug.org ESMTP $mail_name
> smtpd_client_restrictions = permit_mynetworks check_client_access
> $default_database_type:/etc/postfix/rbl_checks_client_whitelist
> check_sender_access
> $default_database_type:/etc/postfix/rbl_checks_sender_whitelist
> check_recipient_access
> $default_database_type:/etc/postfix/rbl_checks_recipient_whitelist
> rbl_checks permit
> smtpd_data_restrictions = reject_unauth_pipelining permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 1s
> smtpd_etrn_restrictions = reject
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks
> permit_sasl_authenticated reject_invalid_hostname permit
> smtpd_recipient_limit = 10000
> smtpd_recipient_restrictions = permit_mynetworks
> reject_unknown_recipient_domain reject_non_fqdn_recipient
> permit_auth_destination permit_sasl_authenticated
> check_sender_access regexp:/etc/postfix/nice_reject reject
> smtpd_restriction_classes = rbl_checks
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = permit_mynetworks
> permit_sasl_authenticated permit
> smtpd_timeout = 300s
> smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/tls/newcert.pem
> smtpd_tls_key_file = /etc/postfix/tls/newreq.pem
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> soft_bounce = no
> strict_rfc821_envelopes = yes
> swap_bangpath = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = mysql:/etc/postfix/mysql-transport.cf
> transport_retry_time = 30s
> undisclosed_recipients_header = To: undisclosed-recipients:;
> unknown_address_reject_code = 550
> unknown_client_reject_code = 550
> unknown_hostname_reject_code = 550
> unknown_local_recipient_reject_code = 550
> unknown_relay_recipient_reject_code = 550
> unknown_virtual_alias_reject_code = 550
> unknown_virtual_mailbox_reject_code = 550
> virtual_transport = virtual virtual_minimum_uid = 1000
> virtual_gid_maps = static:1000 virtual_mailbox_maps =
> mysql:/etc/postfix/mysql-virtual-maps.cf virtual_alias_maps =
> mysql:/etc/postfix/mysql-virtual.cf virtual_uid_maps = static:100
> virtual_mailbox_base = /home/vmail
Soweit ok. Die ein oder andere Sache sollte vielleicht noch angepasst
werden. Mir ist aufgefallen, dass du in den smtpd_sender_restrictions
_alles_ erlaubst: permit_mynetworks, permit_sasl_authenticated, permit.
Vielleicht leer lassen :-)
> Das ist etwas viel, aber ich habe schon mehrere Mailserver mit Postfix
> gebaut und da sind eine Menge nuetzlicher (und weniger nuetzlicher)
> Optionen, bzw. evtl. auch Leichen zusammengekommen. :)
>
> Hier die ersten 30 (unkommentierten) Zeilen der amavisd.conf:
>
> $MYHOME = '/var/amavis'; # (default is '/var/amavis')
> $mydomain = 'humbug.org'; # (no useful default)
> $myhostname = 'nikster.humbug.org'; # fqdn of this host, default by
> uname(3)
> $daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
> $daemon_group = 'amavis'; # (no default; customary: vscan or amavis
> or sweep)
> $TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
> $db_home = "$MYHOME/db"; # DB databases directory, default
> "$MYHOME/db"
> $helpers_home = $MYHOME; # (defaults to $MYHOME)
> $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
> $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
> nanny)
> $enable_global_cache = 1; # enabl
> $max_servers = 4; # number of pre-forked children (default 2)
> $max_requests = 20; # retire a child after that many accepts (default 10)
> $child_timeout=5*60; # abort child if it does not complete each task in
> @local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains
> $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
^^^^
Diese Zeile solltest du auskommentieren. Amavis weiss sonst nicht, ob er
auf einen Socket (oben) oder einen Port (s. nächste Zeile) lauschen
soll. Da sollte auch was entsprechendes in den Logfiles stehen.
> $inet_socket_port = 10024; # accept SMTP on this local TCP port
> @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
> $DO_SYSLOG = 1; # (defaults to 0)
> $LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
> $log_level = 0; # (defaults to 0)
> $log_recip_templ = undef; # undef disables by-recipient level-0 log entries
> $final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
> $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
> $final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)
> $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
> suggested
> $warnspamsender = 1; # (defaults to false (undef))
Hier ist noch eine Sache, die aber jetzt nichts mit dem Problem zu tun hat:
Möchtest du über den syslogd ($DO_SYSLOG = 1;) oder in ein Logfile
($LOGFILE = "$MYHOME/amavis.log";) loggen? Beim Syslog solltest du einen
Level z.B. mit
$SYSLOG_LEVEL = 'mail.debug';
definieren und $LOGFILE auskommentieren.
Hast du noch eben die master.cf zur Hand?
Du hast gesagt, interne Mails werden gescannt, reinkommende jedoch
nicht. Hast du ein paar Log-Daten hierzu?
Gruß
Kai
Mehr Informationen über die Mailingliste Postfixbuch-users