[Postfixbuch-users] Postfix - courier - amavis - spamassassin / Mailsubject wird nicht umgeschrieben

Jan Krüger jan at chef-ist.net
Di Jun 23 18:41:52 CEST 2009 

Hallo Liste,

irgendwie stehe ich gerade tierisch auf dem Schlauch. Ich versuche meine 
Postfixinstallation so umzustellen, dass durch amavis erkannte Spammails 
gleich in einen Order verschoben werden. Dafür brauch ich wohl sieve. 
Hat jemand hierzu einen kleinen Tipp, wo ich mir das mal anlesen kann, 
wie ich sowas einbinde?

Zweitens habe ich das Problem, dass Spamassassin eigentlich das Subject 
anpassen soll, wenn es meint, eine Spammail gefunden zu haben. Dies 
funktioniert leider nicht korrekt.

Ich habe mit Hilfe des Links http://spamassassin.apache.org/gtube/ eine 
Testmail generiert. Diese soll ja ca. 1000 Points erzeugen. Im Log steht 
dazu folgendes:

Jun 23 18:22:30 c3po postfix/smtpd[32199]: connect from 
mail.gmx.net[213.165.64.20]
Jun 23 18:22:40 c3po postfix/smtpd[32199]: warning: 
20.64.165.213.opm.blitzed.org: RBL lookup error: Host or domain name not 
found. Name service error for name=20.64.165.213.opm.blitzed.org type=A: 
Host not found, try again
Jun 23 18:22:50 c3po postfix/smtpd[32199]: warning: 
20.64.165.213.dynablock.njabl.org: RBL lookup error: Host or domain name 
not found. Name service error for name=20.64.165.213.dynablock.njabl.org 
type=A: Host not found, try again
Jun 23 18:23:00 c3po postfix/smtpd[32199]: warning: 
20.64.165.213.dialup.rbl.kropka.net: RBL lookup error: Host or domain 
name not found. Name service error for 
name=20.64.165.213.dialup.rbl.kropka.net type=A: Host not found, try again
Jun 23 18:23:00 c3po postfix/cleanup[32205]: D7E4D22C676: 
message-id=<20090623162300.D7E4D22C676 at postbote.chef-ist.net>
Jun 23 18:23:00 c3po postfix/qmgr[16190]: D7E4D22C676: 
from=<double-bounce at postbote.chef-ist.net>, size=286, nrcpt=1 (queue active)
Jun 23 18:23:01 c3po postfix/smtp[32207]: D7E4D22C676: 
to=<jan_kruger at gmx.net>, relay=mx0.gmx.net[213.165.64.100]:25, 
delay=0.39, delays=0.01/0.01/0.11/0.26, dsn=2.1.5, status=deliverable 
(250 2.1.5 ok {mx109})
Jun 23 18:23:01 c3po postfix/qmgr[16190]: D7E4D22C676: removed
Jun 23 18:23:03 c3po postfix/smtpd[32199]: DB34F22C676: 
client=mail.gmx.net[213.165.64.20]
Jun 23 18:23:03 c3po postfix/cleanup[32205]: DB34F22C676: 
message-id=<20090623162354.226480 at gmx.net>
Jun 23 18:23:03 c3po postfix/qmgr[16190]: DB34F22C676: 
from=<jan_kruger at gmx.net>, size=1103, nrcpt=1 (queue active)
Jun 23 18:23:03 c3po postfix/smtpd[32199]: disconnect from 
mail.gmx.net[213.165.64.20]
Jun 23 18:23:06 c3po postfix/smtpd[32212]: connect from localhost[127.0.0.1]
Jun 23 18:23:06 c3po postfix/smtpd[32212]: 3C5CA22C6AB: 
client=localhost[127.0.0.1]
Jun 23 18:23:06 c3po postfix/cleanup[32205]: 3C5CA22C6AB: 
message-id=<20090623162354.226480 at gmx.net>
Jun 23 18:23:06 c3po postfix/qmgr[16190]: 3C5CA22C6AB: 
from=<jan_kruger at gmx.net>, size=1551, nrcpt=1 (queue active)
Jun 23 18:23:06 c3po postfix/smtpd[32212]: disconnect from 
localhost[127.0.0.1]
Jun 23 18:23:06 c3po amavis[30159]: (30159-18) Passed SPAM, 
[213.165.64.20] [212.105.192.18] <jan_kruger at gmx.net> -> 
<jan at chef-ist.net>, quarantine: spam-yRsSMrNVE9Cc.gz, Message-ID: 
<20090623162354.226480 at gmx.net>, mail_id: yRsSMrNVE9Cc, Hits: 1005.283, 
size: 1103, queued_as: 3C5CA22C6AB, 2335 ms
Jun 23 18:23:06 c3po postfix/smtp[32208]: DB34F22C676: 
to=<jan at chef-ist.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=35, 
delays=33/0.01/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30159-18, 
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3C5CA22C6AB)
Jun 23 18:23:06 c3po postfix/qmgr[16190]: DB34F22C676: removed
Jun 23 18:23:06 c3po postfix/virtual[32213]: 3C5CA22C6AB: 
to=<jan at chef-ist.net>, relay=virtual, delay=0.08, 
delays=0.01/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Jun 23 18:23:06 c3po postfix/qmgr[16190]: 3C5CA22C6AB: removed

Anhand dieses Log-Eintrages:

Jun 23 18:23:06 c3po amavis[30159]: (30159-18) Passed SPAM, 
[213.165.64.20] [212.105.192.18] <jan_kruger at gmx.net> -> 
<jan at chef-ist.net>, quarantine: spam-yRsSMrNVE9Cc.gz, Message-ID: 
<20090623162354.226480 at gmx.net>, mail_id: yRsSMrNVE9Cc, Hits: 1005.283, 
size: 1103, queued_as: 3C5CA22C6AB, 2335 ms

würde ich behaupten, dass spamassassin dem Ding auch die entsprechenden 
Punkte verpasst hat. Jedoch wird das Subject der Mail nicht umgeschrieben.

Zur Vollständigkeit einmal die Konfig's sowie den Header der 
angekommenden E-Mail:

------------------------------------------------------------------------
# /home/jan: postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix/html
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 15000000
mydestination = postbote.chef-ist.net, localhost, localhost.localdomain
myhostname = postbote.chef-ist.net
mynetworks = 127.0.0.0/8, 62.206.19.104/29
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, 
    reject_unauth_destination, reject_non_fqdn_sender, 
reject_non_fqdn_recipient, reject_unknown_recipient_domain, 
reject_non_fqdn_hostname, reject_invalid_hostname, 
reject_unverified_recipient, check_helo_access 
hash:/etc/postfix/check_helo,    reject_rbl_client zen.broadnet.de, 
reject_rbl_client njabl.broadnet.de, reject_rbl_client opm.blitzed.org, 
    reject_rbl_client cbl.abuseat.org,    reject_rbl_client 
dynablock.njabl.org,    reject_rbl_client cbl.abuseat.org, 
reject_unauth_pipelining
smtpd_recipient_restrictions = check_recipient_access 
pcre:/etc/postfix/access_recipient-rfc,    permit_mynetworks, 
permit_sasl_authenticated,    reject_invalid_hostname, 
reject_non_fqdn_hostname,    reject_unauth_destination, 
reject_unknown_sender_domain,    reject_unknown_recipient_domain, 
reject_unverified_recipient,    check_sender_access 
hash:/etc/postfix/maps/freemail_check,    check_helo_access 
hash:/etc/postfix/check_helo,    check_sender_access 
hash:/etc/postfix/verify_sender,    check_recipient_access 
hash:/etc/postfix/mailserver,    reject_rbl_client zen.broadnet.de, 
reject_rbl_client njabl.broadnet.de,    reject_rbl_client 
opm.blitzed.org,    reject_rbl_client blackholes.easynet.nl, 
reject_rbl_client dynablock.njabl.org,    reject_rbl_client 
cbl.abuseat.org,     permit
smtpd_restriction_classes = verify_sender    freemail_hotmail 
freemail_msn    freemail_yahoo    freemail_freenet
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_sasl_authenticated, 
permit_mynetworks,    reject_unauth_destination,    reject_rbl_client 
zen.broadnet.de,    reject_rbl_client njabl.broadnet.de, 
reject_rbl_client dynablock.njabl.org,    reject_rbl_client 
dialup.rbl.kropka.net,    reject_rbl_client opm.blitzed.org, 
reject_rbl_client cbl.abuseat.org,    reject_non_fqdn_sender, 
reject_non_fqdn_recipient,    reject_unknown_recipient_domain, 
reject_unverified_recipient,    reject_unauth_pipelining, 
check_sender_access hash:/etc/postfix/mailserver
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_client_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_maildir_limit_message = "The user you are trying to reach is 
over quota."
virtual_overquota_bounce = yes
virtual_uid_maps = static:5000

------------------------------------------------------------------------

# /home/jan: cat /etc/amavis/conf.d/50-user (ohne Komentare)
use strict;

$pax='pax';

$final_spam_destiny = D_PASS;
@local_domains_acl = ( ".$mydomain","localhost" );

$sa_spam_subject_tag = '[SPAM] ';
$sa_tag_level_deflt  = 3.0;
$sa_tag2_level_deflt = 6.31;
$sa_kill_level_deflt = 6.31;
$sa_dsn_cutoff_level = 10;

1;

------------------------------------------------------------------------

# /home/jan: cat /etc/spamassassin/local.cf | grep -v '#'

rewrite_header Subject [SPAM]

required_score 3.0

use_bayes 1

bayes_auto_learn 1

------------------------------------------------------------------------

Mail-Header:

Return-Path: <jan_kruger at gmx.net>
X-Original-To: jan at chef-ist.net
Delivered-To: jan at chef-ist.net
Received: from localhost (localhost [127.0.0.1])
     by postbote.chef-ist.net (Postfix) with ESMTP id 3C5CA22C6AB
     for <jan at chef-ist.net>; Tue, 23 Jun 2009 18:23:06 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c3po.chef-ist.net
Received: from postbote.chef-ist.net ([127.0.0.1])
     by localhost (c3po.chef-ist.net [127.0.0.1]) (amavisd-new, port 10024)
     with ESMTP id yRsSMrNVE9Cc for <jan at chef-ist.net>;
     Tue, 23 Jun 2009 18:23:03 +0200 (CEST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
     by postbote.chef-ist.net (Postfix) with SMTP id DB34F22C676
     for <jan at chef-ist.net>; Tue, 23 Jun 2009 18:22:30 +0200 (CEST)
Received: (qmail 29525 invoked by uid 0); 23 Jun 2009 16:23:57 -0000
Received: from 212.105.192.18 by www152.gmx.net with HTTP;
  Tue, 23 Jun 2009 18:23:54 +0200 (CEST)
Content-Type: text/plain; charset="iso-8859-1"
Date: Tue, 23 Jun 2009 18:23:54 +0200
From: =?iso-8859-1?Q?=22Jan_Kr=FCger=22?= <jan_kruger at gmx.net>
Message-ID: <20090623162354.226480 at gmx.net>
MIME-Version: 1.0
Subject: Test
To: jan at chef-ist.net
X-Authenticated: #40147429
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX19ZwGs0wWFZrLB1g7jlRt3BnomRgJIZe16K7e7oeL
  haCw2RgqOSmo/BjT9yBediZrnNtTUZ+TF4XQ==
Content-Transfer-Encoding: 8bit
X-GMX-UID: zWQzahw5eSEqa4T6D3YhTVN+IGRvb0BJ
X-FuHaFi:

<<< -- Zeile gelöscht, da ich sonst hier auch ne SPAM Mail generiere -- >>>
-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

---------------------------------------------------------------------------

Hoffe ich habe nichts vergessen und mich nicht all zu dumm angestellt. 
Bin für jeden Denkanstoß dankbar ;)

Grüße aus Hamburg
Jan

Mehr Informationen über die Mailingliste Postfixbuch-users