[Postfixbuch-users] Spamassassin scannt nicht alle Mails

Kai Fürstenberg postfix at fuersti-net.de
Mi Jun 7 09:35:37 CEST 2006


Hallo,

niels_kalle wrote:
>[..]
>> Lass uns doch mal ein Update machen. Schick bitte nochmals deine 
>> aktuelle master.cf, postconf -n, und die, sagen wir mal 20-30 ersten 
>> Zeilen der amavisd.conf
> 
> OK, du hast es so gewollt... ;), hier kommt der Output von postconf -n:
> 
> 2bounce_notice_recipient = postmaster
> access_map_reject_code = 554
> alias_maps = mysql:/etc/postfix/mysql-aliases.cf
> allow_percent_hack = yes
> append_at_myorigin = yes
> append_dot_mydomain = yes
> biff = no
> body_checks = pcre:/etc/postfix/body_checks.pcre
> bounce_notice_recipient = postmaster
> bounce_size_limit = 65536
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> command_time_limit = 600s
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> debug_peer_list = mail.humbug.org, nikster.humbug.org, localhost
> default_destination_concurrency_limit = 5
> default_destination_recipient_limit = 1000
> default_process_limit = 150
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class
> [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} -
> contact postmaster at humbug.org for details
> delay_notice_recipient = postmaster
> delay_warning_time = 1h
> disable_dns_lookups = no
> disable_vrfy_command = yes
> double_bounce_sender = double-bounce
> duplicate_filter_limit = 1000
> empty_address_recipient = postmaster
> error_notice_recipient = postmaster
> header_checks = pcre:/etc/postfix/header_checks.pcre
> header_size_limit = 204800
> home_mailbox = .maildir/
> hopcount_limit = 50
> html_directory = /usr/share/doc/postfix-2.2.5/html
> ignore_mx_lookup_error = yes
> in_flow_delay = 1s
> inet_interfaces = all
> initial_destination_concurrency = 2
> invalid_hostname_reject_code = 501
> line_length_limit = 4096
> local_destination_concurrency_limit = 10
> local_destination_recipient_limit = 1000
> local_transport = no local mail delivery
> mail_name = humbug Mailservices
> mail_owner = postfix
> mailbox_command = /usr/bin/procmail
> mailbox_size_limit = 0
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maps_rbl_reject_code = 554
> max_idle = 10s
> max_use = 20
> maximal_backoff_time = 3600s
> maximal_queue_lifetime = 1d
> message_size_limit = 10240000
> minimal_backoff_time = 60s
> mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain
> mydomain = humbug.org
> myhostname = mail.humbug.org
> mynetworks = 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases
> non_fqdn_reject_code = 504
> notify_classes = resource, software
> prepend_delivered_header = forward
> qmgr_message_active_limit = 10000
> qmgr_message_recipient_limit = 10000
> queue_directory = /var/spool/postfix
> queue_minfree = 603979776
> queue_run_delay = 1h
> readme_directory = /usr/share/doc/postfix-2.2.5/readme
> reject_code = 554
> relay_domains_reject_code = 554
> relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
> require_home_directory = no
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtp_tls_note_starttls_offer = yes
> smtpd_banner = mail.humbug.org ESMTP $mail_name
> smtpd_client_restrictions = permit_mynetworks        check_client_access
> $default_database_type:/etc/postfix/rbl_checks_client_whitelist
> check_sender_access
> $default_database_type:/etc/postfix/rbl_checks_sender_whitelist
> check_recipient_access
> $default_database_type:/etc/postfix/rbl_checks_recipient_whitelist
>   rbl_checks        permit
> smtpd_data_restrictions = reject_unauth_pipelining        permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 1s
> smtpd_etrn_restrictions = reject
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks
> permit_sasl_authenticated        reject_invalid_hostname        permit
> smtpd_recipient_limit = 10000
> smtpd_recipient_restrictions = permit_mynetworks
> reject_unknown_recipient_domain        reject_non_fqdn_recipient
> permit_auth_destination        permit_sasl_authenticated
> check_sender_access regexp:/etc/postfix/nice_reject        reject
> smtpd_restriction_classes = rbl_checks
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = permit_mynetworks
> permit_sasl_authenticated        permit
> smtpd_timeout = 300s
> smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/tls/newcert.pem
> smtpd_tls_key_file = /etc/postfix/tls/newreq.pem
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> soft_bounce = no
> strict_rfc821_envelopes = yes
> swap_bangpath = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = mysql:/etc/postfix/mysql-transport.cf
> transport_retry_time = 30s
> undisclosed_recipients_header = To: undisclosed-recipients:;
> unknown_address_reject_code = 550
> unknown_client_reject_code = 550
> unknown_hostname_reject_code = 550
> unknown_local_recipient_reject_code = 550
> unknown_relay_recipient_reject_code = 550
> unknown_virtual_alias_reject_code = 550
> unknown_virtual_mailbox_reject_code = 550
> virtual_transport = virtual  virtual_minimum_uid = 1000
> virtual_gid_maps = static:1000  virtual_mailbox_maps =
> mysql:/etc/postfix/mysql-virtual-maps.cf  virtual_alias_maps =
> mysql:/etc/postfix/mysql-virtual.cf  virtual_uid_maps = static:100
> virtual_mailbox_base = /home/vmail

Soweit ok. Die ein oder andere Sache sollte vielleicht noch angepasst 
werden. Mir ist aufgefallen, dass du in den smtpd_sender_restrictions 
_alles_ erlaubst: permit_mynetworks, permit_sasl_authenticated, permit. 
Vielleicht leer lassen :-)

> Das ist etwas viel, aber ich habe schon mehrere Mailserver mit Postfix
> gebaut und da sind eine Menge nuetzlicher (und weniger nuetzlicher)
> Optionen, bzw. evtl. auch Leichen zusammengekommen. :)
> 
> Hier die ersten 30 (unkommentierten) Zeilen der amavisd.conf:
> 
> $MYHOME = '/var/amavis';   # (default is '/var/amavis')
> $mydomain = 'humbug.org';      # (no useful default)
> $myhostname = 'nikster.humbug.org';  # fqdn of this host, default by
> uname(3)
> $daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)
> $daemon_group = 'amavis';   # (no default;  customary: vscan or amavis
> or sweep)
> $TEMPBASE = "$MYHOME/tmp";      # prefer to keep home dir /var/amavis clean?
> $db_home = "$MYHOME/db";        # DB databases directory, default
> "$MYHOME/db"
> $helpers_home = $MYHOME;        # (defaults to $MYHOME)
> $ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
> $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and
> nanny)
> $enable_global_cache = 1;    # enabl
> $max_servers  =  4;   # number of pre-forked children          (default 2)
> $max_requests = 20;   # retire a child after that many accepts (default 10)
> $child_timeout=5*60;  # abort child if it does not complete each task in
> @local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
> $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
^^^^
Diese Zeile solltest du auskommentieren. Amavis weiss sonst nicht, ob er 
auf einen Socket (oben) oder einen Port (s. nächste Zeile) lauschen 
soll. Da sollte auch was entsprechendes in den Logfiles stehen.

> $inet_socket_port = 10024;        # accept SMTP on this local TCP port
> @inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP
> $DO_SYSLOG = 1;                   # (defaults to 0)
> $LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)
> $log_level = 0;           # (defaults to 0)
> $log_recip_templ = undef;  # undef disables by-recipient level-0 log entries
> $final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
> $final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
> $final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)
> $final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE
> suggested
> $warnspamsender = 1;    # (defaults to false (undef))

Hier ist noch eine Sache, die aber jetzt nichts mit dem Problem zu tun hat:
Möchtest du über den syslogd ($DO_SYSLOG = 1;) oder in ein Logfile 
($LOGFILE = "$MYHOME/amavis.log";) loggen? Beim Syslog solltest du einen 
Level z.B. mit
   $SYSLOG_LEVEL = 'mail.debug';
definieren und $LOGFILE auskommentieren.

Hast du noch eben die master.cf zur Hand?
Du hast gesagt, interne Mails werden gescannt, reinkommende jedoch 
nicht. Hast du ein paar Log-Daten hierzu?

Gruß
Kai



Mehr Informationen über die Mailingliste Postfixbuch-users