[Postfixbuch-users] Drei Probleme mit Postfix-Combo

Sandy Drobic postfixbuch-users at japantest.homelinux.com
Di Sep 12 18:27:37 CEST 2006


Andreas Gehrke wrote:
> Sandy Drobic schrieb:
>> Andreas Gehrke wrote:
>>  
>>> Hi Sandy!
>>>
>>> Sandy Drobic schrieb:
>>>    
>>>> Am besten mal die Ausgabe von "saslfinger -s" von Patrick posten 
>>>> (google mal nach dem Script).
>>>>
>>>>         
>>> Vielen Dank Gott und dir und vor allem Patrick für dieses Tool! 
>>> Seitdem die smtpd.conf auch smtpd.conf heisst und nicht mehr 
>>> smtp.conf funzt es! Ich könnt ko.... naja, ihr wisst was ich meine. 
>>> Ich hab mir schon gedacht, dass das irgendwie mit der Datei zu tun hat.
>>>
>>>    
>>>> relayhost = [mail.blasfasel.de]
>>>>         
>>> hab ich geändert, bringt aber nichts (auch in /etc/postfix/smtp_auth).
>>> hab auch smtp_sasl_password_maps versucht (also ohne das 'd'), bringt 
>>> aber auch nichts.
>>>     
>>
>> Der Servername in /etc/postfix/smtp_auth mux EXAKT so da stehen, auch 
>> mit den eckigen Klammern, wie in der main.cf angegeben! Notfalls copy 
>> & paste, damit es auch stimmt.
>>
>> Das einzige Problem könnte jetzt noch eine Frage des Mechanismus sein. 
>> Brauchst du den ntlm? Wenn nicht, dann lösche ihn mal. Welche 
>> Mechanismen unterstützt der Server (AUTH- Zeile des Servers)?
>>
>>   
> Der Servername steht da genau so. Hab den vorhin da schon aus der 
> main.cf reingepastet.
> AUTH_Zeile des Servers:
> 250-AUTH LOGIN CRAM-MD5 PLAIN
> ich kann mich da mit plain auch manuell mit den Daten aus der smtp_auth 
> anmelden.

Dann zeige doch mal, ob du den smtp in der master.cf im chroot hast. Wenn 
nicht, dann mal die Ausgabe von smtp -v, wenn eine Mail an den Relayhost geht.

>>>>> 3. Ich nutze amavisd-new um eingehende Mails auf Viren und Spam zu 
>>>>> checken. Der Virenscanner scheint zu laufen und zu checken aber 
>>>>> Spamassasin kann ich nicht dazu bewegen auch zu arbeiten. Der 
>>>>> Dienst läuft einwandfrei. Aber es findet laut Mailheader und Logs 
>>>>> kein Check durch SpamAssassin statt.
>>>>> In /etc/postfix/main.cf habe ich für amavis folgendes hinzugeüfgt:
>>>>>             
>>>> Vermutlich eher ein Amavis-Problem.
>>>>
>>>> /etc/init.d/amavisd stop
>>>> amavisd debug
>>>>
>>>> Gibt es dann Zeilen, wo steht "Antivirus code loaded" "Antispam code 
>>>> loaded"?
>>>>
>>>>         
>>> Nein, bei beidem steht 'NOT loaded'
>>>     
>>
>> Okay, du hast in der Tat ein Problem.

Hast du denn eigentlich einen Virenscanner installiert, der in der Liste 
steht?

Sind alle Abhängigkeiten für Amavis erfüllt?

>>
>> Poste doch mal die Ausgabe von :
>> egrep -v '^#|^$|^[ ]+#' /etc/amavisd.conf
>>
>> Sandy
>>   
> Habe ich als Textdatei angehängt.
> 
> Danke für deine Mühe!
> Andy
> 
> 
> ------------------------------------------------------------------------
> 
> use strict;
> $MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')
> $mydomain = 'localhost.localdomain';      # (no useful default)

He he, ich bezweifle mal, dass diese Einstellung gut ist. (^-^)
Davon hängen eine ganze Menge anderer Parameter ab, die für die Funktion 
wichtig sind. Setze auch mal $myhostname explizit auf den FQDN deines Servers.

> $daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)
> $daemon_group = 'amavis';   # (no default;  customary: vscan or amavis or sweep)
> $TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
> $pid_file  = "/var/run/amavis/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")
> $lock_file = "var/run/amavis/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
> $ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
> $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
> $enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
> $max_servers  =  2;   # number of pre-forked children          (default 2)
> $max_requests = 20;   # retire a child after that many accepts (default 10)
> $child_timeout=5*60;  # abort child if it does not complete each task in
> @local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains
> 			          # (does not apply to sendmail/milter)
> 			          # (default is true)
> $unix_socketname = "/var/lib/amavis/amavisd.sock"; # amavis helper protocol socket
> $inet_socket_port = 10024;        # accept SMTP on this local TCP port
> @inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP
> $DO_SYSLOG = 0;                   # (defaults to 0)
> $LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)

Existiert die Datei, oder musst du sie noch anlegen?

> $log_level = 0;		  # (defaults to 0)

Setze den mal etwas höher, z.B. auf 2, damit du siehst, was passiert.

> $log_recip_templ = undef;  # undef disables by-recipient level-0 log entries
> $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
> [?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
> read_l10n_templates('de_DE', '/etc/amavis');
> $final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)
> $final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
> $final_spam_destiny       = D_REJECT;  # (defaults to D_BOUNCE)

Das kann sehr gefährlich sein, da amavisd-new ein after-queue-Filter ist, 
und deshalb ein REJECT die Mail bounced! Wenn du Amavisd-New nicht extra 
als before-queue-Filter eingerichtet hast, dann sollte das entweder auf 
D_PASS (zustellen) oder D_DISCARD stehen. Für letzteres solltest du aber 
eine Quarantäne einrichten, damit im Notfall die Mail dort noch abgelegt ist.

> $final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
> @viruses_that_fake_sender_maps = (new_RE(
>   qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
>   qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
>   qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
>   qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
>   qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
>   qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
>   [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
>   [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
>   [qr/^/ => 1],   # true by default  (remove or comment-out if undesired)
> ));
> $virus_admin = "virusalert\@$mydomain";
> $virus_admin = 'postmaster/@$mydomain';
> $spam_admin = "spamalert\@$mydomain";
> $mailfrom_to_quarantine = '';   # override sender address with null return path
> $QUARANTINEDIR = '/var/lib/amavis/virusmails';

Okay, gut.

> $virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
> $spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
> $virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
> $banned_quarantine_to     = 'banned-quarantine';     # local quarantine
> $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
> $spam_quarantine_to       = 'spam-quarantine';       # local quarantine
> $X_HEADER_TAG = 'X-Virus-Scanned';	# (default: 'X-Virus-Scanned')
> $X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
> $undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
> $defang_virus  = 1;  # default is false: don't modify mail body
> $defang_banned = 1;  # default is false: don't modify mail body
> $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
> 					# (defaults to false)
> $remove_existing_spam_headers  = 1;     # remove existing spam headers if
> 					# spam scanning is enabled (default)
> @keep_decoded_original_maps = (new_RE(
>   qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
>   qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
> ));
> $banned_filename_re = new_RE(
>   qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
>   qr'^application/x-msdownload$'i,                  # block these MIME types
>   qr'^application/x-msdos-program$'i,
>   qr'^application/hta$'i,
>   [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
>   qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
>   qr'^\.(exe-ms)$',                       # banned file(1) types
> );
> $banned_namepath_re = new_RE(
>   qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,
>   qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,
>   qr'(?#NO HTA)            ^(.*\t)? M=application/hta            (\t.*)? $'xmi,
>   [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow
>   qr'(?# BLOCK DOUBLE-EXTENSIONS )
>      ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
>                   (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
>   qr'(?# BLOCK COMMON NAME EXENSIONS )
>      ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,
>   [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )
>        ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi
>     => 'DISCARD' ],
>   qr'(?# BLOCK Microsoft EXECUTABLES )
>      ^ (.*\t)? T=exe-ms (\t.*)? $'xm,              # banned file(1) type
> );
>   $banned_namepath_re = undef;  # to disable new-style
> $sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
> $localpart_is_case_sensitive = 0;	# (default is false)
> @score_sender_maps = ({  # a by-recipient hash lookup table
>   '.' => [  # the _first_ matching sender determines the score boost
>    new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
>     [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
>     [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
>     [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
>     [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
>     [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
>     [qr'^(your_friend|greatoffers)@'i                                => 5.0],
>     [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
>    ),
>    { # a hash-type lookup table (associative array)
>      'nobody at cert.org'                        => -3.0,
>      'cert-advisory at us-cert.gov'              => -3.0,
>      'owner-alert at iss.net'                    => -3.0,
>      'slashdot at slashdot.org'                  => -3.0,
>      'bugtraq at securityfocus.com'              => -3.0,
>      'ntbugtraq at listserv.ntbugtraq.com'       => -3.0,
>      'security-alerts at linuxsecurity.com'      => -3.0,
>      'mailman-announce-admin at python.org'      => -3.0,
>      'amavis-user-admin at lists.sourceforge.net'=> -3.0,
>      'notification-return at lists.sophos.com'   => -3.0,
>      'owner-postfix-users at postfix.org'        => -3.0,
>      'owner-postfix-announce at postfix.org'     => -3.0,
>      'owner-sendmail-announce at lists.sendmail.org'   => -3.0,
>      'sendmail-announce-request at lists.sendmail.org' => -3.0,
>      'donotreply at sendmail.org'                => -3.0,
>      'ca+envelope at sendmail.org'               => -3.0,
>      'noreply at freshmeat.net'                  => -3.0,
>      'owner-technews at postel.acm.org'          => -3.0,
>      'ietf-123-owner at loki.ietf.org'           => -3.0,
>      'cvs-commits-list-admin at gnome.org'       => -3.0,
>      'rt-users-admin at lists.fsck.com'          => -3.0,
>      'clp-request at comp.nus.edu.sg'            => -3.0,
>      'surveys-errors at lists.nua.ie'            => -3.0,
>      'emailnews at genomeweb.com'                => -5.0,
>      'yahoo-dev-null at yahoo-inc.com'           => -3.0,
>      'returns.groups.yahoo.com'               => -3.0,
>      'clusternews at linuxnetworx.com'           => -3.0,
>      lc('lvs-users-admin at LinuxVirtualServer.org')    => -3.0,
>      lc('owner-textbreakingnews at CNNIMAIL12.CNN.COM') => -5.0,
>      'sender at example.net'                     =>  3.0,
>      '.example.net'                           =>  1.0,
>    },
>   ],  # end of site-wide tables
> });
> @blacklist_sender_maps = ( new_RE(
>     qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
>     qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
>     qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
>     qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
>     qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
>     qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
> ));
> $MAXLEVELS = 14;		# (default is undef, no limit)
> $MAXFILES = 1500;		# (default is undef, no limit)
> $MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
> $MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
> $MIN_EXPANSION_FACTOR =   5;  # times original mail size  (default is 5)
> $MAX_EXPANSION_FACTOR = 500;  # times original mail size  (default is 500)
> $virus_check_negative_ttl=  3*60; # time to remember that mail was not infected
> $virus_check_positive_ttl= 30*60; # time to remember that mail was infected
> $spam_check_negative_ttl = 30*60; # time to remember that mail was not spam
> $spam_check_positive_ttl = 30*60; # time to remember that mail was spam
> $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
> $file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability
> $dspam  = 'dspam';
> @decoders = (
>   ['mail', \&do_mime_decode],
>   ['asc',  \&do_ascii],
>   ['uue',  \&do_ascii],
>   ['hqx',  \&do_ascii],
>   ['ync',  \&do_ascii],
>   ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
>   ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
>   ['gz',   \&do_gunzip],
>   ['gz',   \&do_uncompress,  'gzip -d'],
>   ['bz2',  \&do_uncompress,  'bzip2 -d'],
>   ['lzo',  \&do_uncompress,  'lzop -d'],
>   ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
>   ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
>   ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
>   ['tar',  \&do_tar],
>   ['deb',  \&do_ar,          'ar'],
>   ['zip',  \&do_unzip],
>   ['rar',  \&do_unrar,      ['rar','unrar'] ],
>   ['arj',  \&do_unarj,      ['arj','unarj'] ],
>   ['arc',  \&do_arc,        ['nomarch','arc'] ],
>   ['zoo',  \&do_zoo,         'zoo'],
>   ['lha',  \&do_lha,         'lha'],
>   ['cab',  \&do_cabextract,  'cabextract'],
>   ['tnef', \&do_tnef_ext,    'tnef'],
>   ['tnef', \&do_tnef],
>   ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
> );
> $sa_local_tests_only = 1;   # (default: false)

Das ist nicht sinnvoll für einen Mailserver. Damit fallen sämtliche 
Blacklist-Abfragen weg, die sehr viele Spams erkennen helfen.

Sandy

-- 
Antworten bitte nur in die Mailingliste!
PMs bitte an: news-reply2 (@) japantest (.) homelinux (.) com




Mehr Informationen über die Mailingliste Postfixbuch-users