[Postfixbuch-users] Postfix Amavis und abgeschnittene Mail

"Fischer, Patrick" patrick.fischer at streck.de
Di Jul 24 15:38:49 CEST 2007


Hallo Liste,
 
ich habe eine Problem mit dem zusammenspiel von Postfix (
2:2.2.10-1.RHEL4.2 ) und Amavis(2.4.5-1.el4.rf), als BS setzten wir
CentOS 4.4 ein. 
 
Problembeschreibung:
 
eine externe E-Mail kommt in "abgeschnittener" Form beim Absender an. Da
in der E-Mail ein einzeler Punkt in eine Zeile rutscht (EOF). 
Absender E-Mail:
 
<body>
test
.
.
test
</body>
 
Beim Empfänger kommt die E-Mail so an:
<body>
test
</body>
 
Tests:
 
intern habe ich auf dem Amavis eine E-Mail erstellt mit folgenden
Befehlen:
[root at local etc]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
helo local
250 [127.0.0.1]
MAIL FROM: <whoknows at whocares.de>
250 2.1.0 Sender <whoknows at whocares.de> OK
rcpt to: <alibi at XXX.de>
250 2.1.5 Recipient <alibi at XXX.de> OK
data
354 End data with <CR><LF>.<CR><LF>
subject: test
 

test
..
..
test
.
250 2.6.0 Ok, id=01945-04, from MTA([127.0.0.1]:10025): 250 Ok: queued
as 13F582251B5
quit
 
Amavis überprüft wie gehabt nach Viren und Klassifiziert die
E-Mail(Spam) und gibt Sie an Postfix zurueck.
 
In meinem outlook kommt die Mail "richtig" an. 
 
Lösungsansatz(?): 
 
Da es so scheint als wuerde der Amavis die E-Mail RFC konform behandeln,
vermute ich das der Postfix die extern einkommende E-Mail "dekodiert"
und so an Amavis weiterleitet. Amavis erkennt den EOF punkt in einer
Zeile und schneidet diese ab. 
Nun die Frage kann man Postix konfigurieren, dass Postfix die E-Mail
"undekodiert" an Amavis uebergibt. Dadurch waere gewehrleistet das
Amavis die E-Mail nicht abschneidet. 
 
Oder liege ich total falsch? habt Ihr auch mal so ein Problem gesehen? 

Gruß

Patrick

PS: hier mal die conf Files (Postfix: main.cf + master.cf, Amavis.conf)

------------------------------------------------------------------------
----------------------------------------
conf main.cf 

queue_directory = /own2/var/spool/postfix

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

myhostname = XXXXXXXXXXXXXXXX

mydomain = XXXXXXXXXXXX

myorigin = $mydomain

inet_interfaces = all

mydestination = XXXXXXXXXXXXXX

mynetworks_style = subnet

mynetworks = XXXXXXXXXXXXXXXXX

relay_domains = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

recipient_canonical_maps = hash:/etc/postfix/canonical

sender_canonical_maps =

transport_maps = hash:/etc/postfix/transport

alias_maps = hash:/etc/postfix/aliases

fast_flush_domains = $relay_domains

default_destination_concurrency_limit = 100

debug_peer_level = 1

debugger_command =
         PATH=/usr/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.10/samples

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
alias_database = hash:/etc/postfix/aliases

# ab hier: neu eingefuegte Eintraege
#
smtpd_recipient_restrictions =
   permit_mynetworks,
   reject_unauth_destination
smtpd_sender_restrictions =
   permit_mynetworks,
   check_sender_access hash:/etc/postfix/sender_whitelist,
   reject_unknown_sender_domain,
   reject_rhsbl_sender dsn.rfc-ignorant.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client list.dsbl.org,
#   reject_rbl_client multihop.dsbl.org,
   reject_rbl_client relays.ordb.org,
   reject_rbl_client dnsbl.sorbs.net,
   reject_rbl_client combined.njabl.org,
   reject_rbl_client ix.dnsbl.manitu.net,
   reject_rbl_client blackholes.easynet.nl,
   reject_rbl_client proxies.blackholes.wirehub.net,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client black.uribl.com,
   reject_rbl_client opm.blitzed.org
append_dot_mydomain = no
content_filter = smtp-amavis:[127.0.0.1]:10024
maximal_queue_lifetime = 2d
header_checks = regexp:/etc/postfix/header_checks
initial_destination_concurrency = 200
html_directory = /usr/share/doc/postfix-2.1.5-documentation/html
unknown_local_recipient_reject_code = 450
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_recipient_maps = hash:/etc/postfix/recipients

# Update auf Postfix 2.2 (27.03.07 ch)

anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
connection_cache_service = scache

------------------------------------------------------------------------
---------------------------------------------

conf master.cf


#
========================================================================
==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
#
========================================================================
==
smtp    inet    n       -       n       -       -       smtpd
  -o content_filter=dfilt:
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission     inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup  fifo    n       -       n       60      1       pickup
cleanup unix    n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr   fifo    n       -       n       300     1       nqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite unix    -       -       n       -       -       trivial-rewrite
bounce  unix    -       -       n       -       0       bounce
defer   unix    -       -       n       -       0       bounce
flush   unix    n       -       n       1000?   0       flush
smtp    unix    -       -       n       -       -       smtp
showq   unix    n       -       n       -       -       showq
error   unix    -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual unix    -       n       n       -       -       virtual
lmtp    unix    -       -       n       -       -       lmtp


cyrus     unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail.postfix ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient

# Amavis Interface

127.0.0.1:10025 inet n - n - - smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o smtpd_helo_restrictions=
   -o smtpd_client_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8

smtp-amavis unix - - n - 1 smtp -o smtp_data_done_timeoute=600 -o
disable_dns_lookups=yes
relay     unix  -       -       n       -       -       smtp
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
proxymap  unix  -       -       n       -       -       proxymap
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

# Disclaimer

dfilt     unix  -       n       n       -       -       pipe
   flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} --
${recipient}

------------------------------------------------------------------------
------------------------------------------------------

amavis.conf 


$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked
mail
$notify_method = $forward_method;          # where to submit
notifications

$max_servers  =  4;   # number of pre-forked children          (default
2)
$max_requests = 10;   # retire a child after that many accepts (default
10)

$child_timeout=5*60;  # abort child if it does not complete each task in
n sec
                      # (default: 8*60 seconds)

@local_domains_acl = qw( XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX );

$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol
socket

$inet_socket_port = 10024;        # accept SMTP on this local TCP port

@inet_acl = qw( 127.0.0.1 ); 

$DO_SYSLOG = 0; 

$log_level = 0;

$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED
name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';

$notify_sender_templ      =
read_text('/var/amavis/templates/notify_sender.txt');
$notify_virus_sender_templ=
read_text('/var/amavis/templates/notify_virus_sender.txt');
$notify_virus_admin_templ =
read_text('/var/amavis/templates/notify_virus_admin.txt');
$notify_virus_recips_templ=
read_text('/var/amavis/templates/notify_virus_recips.txt');
$notify_spam_sender_templ =
read_text('/var/amavis/templates/notify_spam_sender.txt');
$notify_spam_admin_templ  =
read_text('/var/amavis/templates/notify_spam_admin.txt');

$final_virus_destiny      = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE
suggested

$warnvirussender = 0;   # (defaults to false (undef))

$warnspamsender = 1;    # (defaults to false (undef))

$warnbannedsender = 1;  # (defaults to false (undef))

$warnvirusrecip = 1;    # (defaults to false (undef))
$warnbannedrecip = 1;   # (defaults to false (undef))

$warn_offsite = 0;

$viruses_that_fake_sender_re = new_RE(
 
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i
,
  qr'tanatos|lentin|bridex|mimail|trojan\.dropper'i,
);

$virus_admin = "postmaster\@XXXXXXXX";

$spam_admin = "";

$mailfrom_notify_admin     = "postmaster\XXXXX";
$mailfrom_notify_recip     = "postmaster\XXXXX";
$mailfrom_notify_spamadmin = "spam.police\XXXX";

$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";

$mailfrom_to_quarantine = undef;

$QUARANTINEDIR = '/own2/var/virusmails';

$spam_quarantine_to = 'spam-quarantine';

$virus_quarantine_to  = 'virus-quarantine'; 

$X_HEADER_TAG = 'X-Virus-Scanned';

$X_HEADER_LINE = "by amavisd-new at $mydomain";

$keep_decoded_original_re = new_RE(
  qr'^MAIL$',   # retain full original message for virus checking (can
be slow)
  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains
undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex|html|zip|Zip)'i,

$banned_filename_re = new_RE(
   qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, #
double extension
  qr'.\.(exe|vbs|pif|scr|bat|com)$'i,               # banned extension -
basic
  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
         vbe|vbs|wsc|wsf|wsh|mpg|mpeg|mov|avi|mp3|mpe|wmv)$'ix,  #
banned extension - long
#  qr'^\.(exe|zip|lha|tnef)$'i,                      # banned file(1)
types
  qr'^\.(exe|com|msi|bat|cmd|inf|pif|scr|vb|vbe|vbs|wsh)$'i, # banned
file(1) types
  qr'^application/x-msdownload$'i,                  # banned MIME types
  qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
);

$banned_files_lovers{lc("postmaster\@XXXXXXX")} = 1;
$banned_files_lovers_re = new_RE(
qr'contact\@nomenclaturedouaniere\.com$'i );

$sql_select_white_black_list = undef;

$recipient_delimiter = '+';

@whitelist_sender_acl = ( "XXXXXXX", "XXXXXX" );

$blacklist_sender_re = new_RE(
    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
 
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'
i,
 
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);

$MAXLEVELS = 14;

$MAXFILES = 1500; 

$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not
enforced)
$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be
specified)
$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be
specified)

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$file   = 'file';   # file(1) utility; use 3.41 or later to avoid
vulnerability

$gzip   = 'gzip';
$bzip2  = 'bzip2';
$lzop   = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];  # both can extract, same options
$unrar      = ['rar', 'unrar'];  # both can extract, same options
$zoo    = 'zoo';
$lha    = 'lha';
$cpio   = 'cpio';   # comment out if cpio does not support GNU options

$sa_local_tests_only = 0;   # (default: false)
$sa_auto_whitelist = 1;    # turn on AWL (default: false)

$sa_mail_body_size_limit = 64*1024;  # don't waste time on SA if mail is
larger

$sa_tag_level_deflt  = 2.0; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 3.5; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions

$sa_spam_subject_tag = '***SPAM*** ';   # (defaults to undef, disables)
 
$sa_spam_modifies_subj = 1;

@av_scanners = (
# NOTE: not sure which entry suits which kavscanner version
 ['KasperskyLab kavscanner 4.5',
['/opt/kav/bin/kavscanner','kavscanner'],
   '-i1 -xp {}', [0], [5,20,21,25],
   qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
   sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
   sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
 ],
  ### http://www.symantec.com/
  ['Symantec CarrierScan via Symantec CommandLineScanner',
    ['cscmdline','savsecls'],
    '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/Files Infected: 0/, qr/^Infected: /,
    qr/Info:\s+(.+)/ ],

  ### http://drweb.imshop.de/
  ['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
    '-al -ar -fm -go -ha -ml -ot -sd -up {}',
    [0], [1], sub {('no-name')} ],

  ### http://www.f-secure.com/products/anti-virus/
  ['F-Secure Antivirus', 'fsav',
    '--dumb --archive {}', [0], [3,8],
    qr/(?:infection|Infected): (.+)/ ],
  ['CAI InoculateIT', 'inocucmd',
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/ ],

  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/ ],

  ['MkS_Vir daemon',
    'mksscan', '-s -q {}', [0], [1..7],
    qr/^... (\S+)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32', 'nod32',
    '-all -subdir+ {}', [0], [1,2],
    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
    '-a -r -d recurse --heur standard {}', [0], [10,11],
    qr/^\S+\s+infected:\s+(.+)/ ],

  ### http://www.norman.com/products_nvc.shtml
  ['Norman Virus Control v5 / Linux', 'nvccmd',
    '-c -l:0 -s -u {}', [0], [1],
    qr/(?i).* virus in .* -> \'(.+)\'/ ],

  ### http://www.pandasoftware.com/
  ['Panda Antivirus for Linux', ['pavcl'],
    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
    qr/Number of files infected[ \.]*: 0(?!\d)/,
    qr/Number of files infected[ \.]*: 0*[1-9]/,
    qr/Found virus :\s*(\S+)/ ],
@av_scanners_backup = (

  ### http://clamav.elektrapro.com/
  ['Clam Antivirus - clamscan', 'clamscan',
    '--stdout --disable-summary -r {}', [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ### http://www.f-prot.com/
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],
    qr/Infection: (.+)/ ],

  ### http://www.trendmicro.com/
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

1;





Wir arbeiten ausschliesslich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen, jeweils neueste Fassung. Diese beschraenken in Zif. 23 ADSp die gesetzliche Haftung fuer Gueterschaeden nach Par. 431 HGB fuer Schaeden in speditionellem Gewahrsam auf 5 EUR/kg; bei multimodalen Transporten unter Einschluss einer Seebefoerderung auf 2 SZR/kg sowie darueberhinaus je Schadenfall bzw. -ereignis auf 1 Mio bzw. 2 Mio EUR oder 2 SZR/kg, je nachdem, welcher Betrag hoeher ist.

We work exclusively according to the German Freight Forwarders Standard Terms and Conditions (ADSp), in their respectively current version. In Item 23 ADSp, these terms and conditions limit the statutory liability for loss or damage of goods in the custody of the forwarder according to par. 431 German Commercial Code (HGB) to 5 EUR/kg (2 SDR/kg for intermodal transports including sea transports) and, in addition, to 1 Mio EUR per claim or to 2 Mio EUR for each damaging event or, in both cases, to 2 SDR/kg - whichever amount is higher.

***********************************************************************************************************************
Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
***********************************************************************************************************************

Streck Transportges.mbH, Brombacher Str. 61, D-79539 Loerrach; Tel.: 0049 7621 177 0 
Sitz der Gesellschaft: Loerrach; AG Freiburg HRB Nr. 410317,Ust-Id-Nr DE 142 398 169. 
Vorsitzender der Geschaeftsfuehrung: Herbert Boll, Geschaeftsfuehrer: Ingolf Heuring, Peter Mandel. 
Vorsitzender des Beirates: Dr. Guenter Boll

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20070724/de186c26/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users