Installation und Konfiguration von Spamassassin

SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie AMaViS ist SpamAssassin ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS.

Postfix MTA

Für die Unterscheidung zwischen HAM1) und SPAM2) bedient sich SpamAssassin unterschiedlicher Techniken:

  • Abfrage von RBLs3).
  • Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor.
  • Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails
  • Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln.

Wie üblich installieren wir die benötigten Programmpakete via YUM.

 # yum install spamassassin -y

Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte rpm.

 # rpm -qil spamassassin
Name        : spamassassin                 Relocations: (not relocatable)
Version     : 3.3.1                             Vendor: CentOS
Release     : 2.el6                         Build Date: Mon 23 Aug 2010 04:28:38 AM CEST
Install Date: Sun 10 Jun 2012 12:35:02 PM CEST      Build Host: c6b2.bsys.dev.centos.org
Group       : Applications/Internet         Source RPM: spamassassin-3.3.1-2.el6.src.rpm
Size        : 3253352                          License: ASL 2.0
Signature   : RSA/8, Sun 03 Jul 2011 07:02:17 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://spamassassin.apache.org/
Summary     : Spam filter for email which can be invoked from mail delivery agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email.  It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc.  It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software.  This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.

To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
/etc/cron.d/sa-update
/etc/logrotate.d/sa-update
/etc/mail/spamassassin
/etc/mail/spamassassin/channel.d
/etc/mail/spamassassin/channel.d/sought.conf
/etc/mail/spamassassin/channel.d/spamassassin-official.conf
/etc/mail/spamassassin/init.pre
/etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/sa-update-keys
/etc/mail/spamassassin/spamassassin-default.rc
/etc/mail/spamassassin/spamassassin-helper.sh
/etc/mail/spamassassin/spamassassin-spamc.rc
/etc/mail/spamassassin/v310.pre
/etc/mail/spamassassin/v312.pre
/etc/mail/spamassassin/v320.pre
/etc/mail/spamassassin/v330.pre
/etc/portreserve/spamd
/etc/rc.d/init.d/spamassassin
/etc/sysconfig/sa-update
/etc/sysconfig/spamassassin
/usr/bin/sa-awl
/usr/bin/sa-check_spamd
/usr/bin/sa-compile
/usr/bin/sa-learn
/usr/bin/sa-update
/usr/bin/spamassassin
/usr/bin/spamc
/usr/bin/spamd
/usr/share/doc/spamassassin-3.3.1
/usr/share/doc/spamassassin-3.3.1/CREDITS
/usr/share/doc/spamassassin-3.3.1/Changes
/usr/share/doc/spamassassin-3.3.1/LICENSE
/usr/share/doc/spamassassin-3.3.1/NOTICE
/usr/share/doc/spamassassin-3.3.1/README
/usr/share/doc/spamassassin-3.3.1/README.RHEL.Fedora
/usr/share/doc/spamassassin-3.3.1/TRADEMARK
/usr/share/doc/spamassassin-3.3.1/UPGRADE
/usr/share/doc/spamassassin-3.3.1/USAGE
/usr/share/doc/spamassassin-3.3.1/sample-nonspam.txt
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
/usr/share/man/man1/sa-compile.1.gz
/usr/share/man/man1/sa-learn.1.gz
/usr/share/man/man1/sa-update.1.gz
/usr/share/man/man1/spamassassin-run.1.gz
/usr/share/man/man1/spamassassin.1.gz
/usr/share/man/man1/spamc.1.gz
/usr/share/man/man1/spamd.1.gz
/usr/share/man/man3/Mail::SpamAssassin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz
/usr/share/man/man3/spamassassin-run.3pm.gz
/usr/share/perl5/Mail
/usr/share/perl5/Mail/SpamAssassin
/usr/share/perl5/Mail/SpamAssassin.pm
/usr/share/perl5/Mail/SpamAssassin/AICache.pm
/usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm
/usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm
/usr/share/perl5/Mail/SpamAssassin/AutoWhitelist.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes
/usr/share/perl5/Mail/SpamAssassin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineChi.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore
/usr/share/perl5/Mail/SpamAssassin/BayesStore.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/BDB.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/MySQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/PgSQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SDBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Client.pm
/usr/share/perl5/Mail/SpamAssassin/Conf
/usr/share/perl5/Mail/SpamAssassin/Conf.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/LDAP.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Constants.pm
/usr/share/perl5/Mail/SpamAssassin/DBBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Dns.pm
/usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm
/usr/share/perl5/Mail/SpamAssassin/HTML.pm
/usr/share/perl5/Mail/SpamAssassin/Locales.pm
/usr/share/perl5/Mail/SpamAssassin/Locker
/usr/share/perl5/Mail/SpamAssassin/Locker.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/Flock.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/Win32.pm
/usr/share/perl5/Mail/SpamAssassin/Logger
/usr/share/perl5/Mail/SpamAssassin/Logger.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/File.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Stderr.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Syslog.pm
/usr/share/perl5/Mail/SpamAssassin/MailingList.pm
/usr/share/perl5/Mail/SpamAssassin/Message
/usr/share/perl5/Mail/SpamAssassin/Message.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Node.pm
/usr/share/perl5/Mail/SpamAssassin/NetSet.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgLearner.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm
/usr/share/perl5/Mail/SpamAssassin/PersistentAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin
/usr/share/perl5/Mail/SpamAssassin/Plugin.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ASN.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AWL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AccessDB.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AntiVirus.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Check.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DCC.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/FreeMail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTMLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Hashcash.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HeaderEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ImageInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEHeader.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/PhishTag.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayCountry.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ReplaceTags.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Reuse.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Shortcircuit.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Test.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/TextCat.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDetail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/VBounce.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WLBLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm
/usr/share/perl5/Mail/SpamAssassin/PluginHandler.pm
/usr/share/perl5/Mail/SpamAssassin/Reporter.pm
/usr/share/perl5/Mail/SpamAssassin/SQLBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/SpamdForkScaling.pm
/usr/share/perl5/Mail/SpamAssassin/SubProcBackChannel.pm
/usr/share/perl5/Mail/SpamAssassin/Timeout.pm
/usr/share/perl5/Mail/SpamAssassin/Util
/usr/share/perl5/Mail/SpamAssassin/Util.pm
/usr/share/perl5/Mail/SpamAssassin/Util/DependencyInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Util/Progress.pm
/usr/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
/usr/share/perl5/Mail/SpamAssassin/Util/ScopedTimer.pm
/usr/share/perl5/Mail/SpamAssassin/Util/TieOneStringHash.pm
/usr/share/perl5/spamassassin-run.pod
/usr/share/spamassassin
/usr/share/spamassassin/10_default_prefs.cf
/usr/share/spamassassin/20_advance_fee.cf
/usr/share/spamassassin/20_aux_tlds.cf
/usr/share/spamassassin/20_body_tests.cf
/usr/share/spamassassin/20_compensate.cf
/usr/share/spamassassin/20_dnsbl_tests.cf
/usr/share/spamassassin/20_drugs.cf
/usr/share/spamassassin/20_dynrdns.cf
/usr/share/spamassassin/20_fake_helo_tests.cf
/usr/share/spamassassin/20_freemail.cf
/usr/share/spamassassin/20_freemail_domains.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/20_imageinfo.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_net_tests.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/20_vbounce.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_accessdb.cf
/usr/share/spamassassin/25_antivirus.cf
/usr/share/spamassassin/25_asn.cf
/usr/share/spamassassin/25_dcc.cf
/usr/share/spamassassin/25_dkim.cf
/usr/share/spamassassin/25_hashcash.cf
/usr/share/spamassassin/25_pyzor.cf
/usr/share/spamassassin/25_razor2.cf
/usr/share/spamassassin/25_replace.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/25_textcat.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/30_text_it.cf
/usr/share/spamassassin/30_text_nl.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_pt_br.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/60_adsp_override_dkim.cf
/usr/share/spamassassin/60_awl.cf
/usr/share/spamassassin/60_shortcircuit.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/60_whitelist_dkim.cf
/usr/share/spamassassin/60_whitelist_spf.cf
/usr/share/spamassassin/60_whitelist_subject.cf
/usr/share/spamassassin/72_active.cf
/usr/share/spamassassin/72_scores.cf
/usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt
/usr/share/spamassassin/languages
/usr/share/spamassassin/local.cf
/usr/share/spamassassin/regression_tests.cf
/usr/share/spamassassin/sa-update-pubkey.txt
/usr/share/spamassassin/sa-update.cron
/usr/share/spamassassin/user_prefs.template
/var/lib/spamassassin
/var/run/spamassassin

spamassassin

Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis /etc/mail/spamassassin/ befindet sich die Konfigurationsdatei local.cf mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können.

 # vim /etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf 
# (see spamassassin(1) for details)
 
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
 
# Ab welchem Punktestand soll eine eMail als Spam betrachtet werden?
required_hits 5
 
# Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. 
# Wenn report_safe 0 angegeben ist, fügt  Spamassassin lediglich einige X-Spam-Header ein 
# und lässt die E-Mail ansonsten unverändert.
report_safe 0
 
# Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, 
# zusätzlich mit dem Hinweis "**** SPAM ****" in der Betreffzeile gekennzeichnet werden sollen.
rewrite_header Subject [SPAM]
 
# Django : 2012-05-21
# Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken (
# Bayes- und Autowhitelisting) vor gleichzeitigem Zugriffen zu schützen. Wenn sichergestellt 
# ist, daß auf die beiden Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen 
# erheblich an Performance gewonnen werden, indem die Sperrmethode flock verwendet wird.
lock_method flock
 
# Django : 2009-08-19
# Headercheck-Filterliste für die Absicherung des Postfix-Mailservers Information aus einer 
# vorhandenen Postfixdatei /etc/postfix/header_checks übernommen, da es unter gewissen Umständen 
# zu Backscatter-Problemen kommen könnte (Stand. 10-07-2009 AMaViS Version 
# amavisd-new-2.5.4-1.el5.rf.src.rpm Version 0.02 / 2009-08-19
#  
# /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten
# /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren
#   
# Header-Checks "From" (Nummerierung 1000 ...)
#    
header          HEADER_FROM_CHECKS_NR_1001       From =~ /^.*Euro Dice Casino/im
score           HEADER_FROM_CHECKS_NR_1001       20
tflags          HEADER_FROM_CHECKS_NR_1001       noautolearn
 
# Header-Checks "From" (Nummerierung 1000 ...)
 
header          HEADER_FROM_CHECKS_NR1002       From =~ /^.*ic-drei.de/im
score           HEADER_FROM_CHECKS_NR1002       20
tflags          HEADER_FROM_CHECKS_NR1002       noautolearn
 
header          HEADER_FROM_CHECKS_NR1001       From =~ /^.*Lottery/im
score           HEADER_FROM_CHECKS_NR1001       20
tflags          HEADER_FROM_CHECKS_NR1001       noautolearn

amavisd

Da wir weder SPAM, noch Viren noch unerwünschte Dateianhänge annehmen, noch speichern (wir haben die eMail ja gar nicht angenommen und mit einem 250er bestätigt und dem Endnutzer zustellen können, tragen wir in der Konfigurstionsdatei unseres AMaViS-Servers folgende Zeilen ein.

 # vim /etc/amavisd.conf
...
 
# Django : 2012-05-21
# default: $sa_tag2_level_deflt = 6.2;
$sa_tag2_level_deflt = 6.31;  # add 'spam detected' headers at that level
# Django : 2012-05-21
# default: $sa_kill_level_deflt = 6.9;
$sa_kill_level_deflt = 6.31;  # triggers spam evasive actions (e.g. blocks mail)
 
...
 
...
 
# Django : 2012-05-21
# default: unset
$final_virus_destiny      = D_REJECT;
# Django : 2012-05-21
# default: unset
$final_banned_destiny     = D_REJECT;
# Django : 2012-05-21
# default: unset
$final_spam_destiny       = D_REJECT;
# $final_bad_header_destiny = D_PASS;
# $bad_header_quarantine_method = undef;
 
# Django : 2012-05-21
# default: unset
$virus_quarantine_to = undef;
# Django : 2012-05-21
# default: unset
$banned_quarantine_to = undef;
# Django : 2012-05-21
# default: unset
$spam_quarantine_to = undef;
 
...

Zum Aktivieren der Änderungen starten wir den Daemon einmal durch.

 # service amavisd restart
 Shutting down Mail Virus Scanner (amavisd):                [  OK  ]
 Starting Mail Virus Scanner (amavisd):                     [  OK  ]

erster Systemstart

Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.

 # service spamassassin start
 Starting spamd:                                            [  OK  ]

Im Maillog wird der Start des Daemon entsprechend protokolliert.

 # less /var/log/maillog
Jun 10 22:44:30 vml000060 spamd[14620]: logger: removing stderr method
Jun 10 22:44:34 vml000060 spamd[14625]: rules: meta test FROM_41_FREEMAIL has dependency 'NSL_RCVD_FROM_41' with a zero score
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server started on port 783/tcp (running version 3.3.1)
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server pid: 14625
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14636
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14638
Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: IS
Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: II

Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht:

 # lsof -i :783
 COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
 spamd   14625 root    5u  IPv4  59884      0t0  TCP localhost:783 (LISTEN)
 spamd   14636 root    5u  IPv4  59884      0t0  TCP localhost:783 (LISTEN)
 spamd   14638 root    5u  IPv4  59884      0t0  TCP localhost:783 (LISTEN)

Eine ähnliche Abfrage kann man natürlich auch mit Hilfe von netstat -tulpen erreichen.

 # netstat -tulpen | grep spam
 tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      0          59884      14625/spamd.pid

automatisches Starten des Dienste beim Systemstart

Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.

 # chkconfig spamassassin on

Anschließend überprüfen wir noch unsere Änderung:

 # chkconfig --list | grep spamassassin
 spamassassin   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

HAM

Als erstes schicken wir eine Testnachricht via telnet an einen User.

 $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<bigchief@omni128.de>
250 2.1.0 Ok
rcpt to:<django@nausch.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: <bigchief@omni128.de>
To: <django@nausch.org>
Date: 2012-06-11 13:45
Subject: Testnachricht

Test
.
250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153
quit
221 2.0.0 Bye
Connection closed by foreign host.

Im Maillog des Postfix-servers wir die erfolgreiche Annahme der Nachricht entsprechend quittiert.

 # less /var/log/maillog
Jun 11 14:09:22 vml000080 postfix/smtpd[26920]: connect from localhost[127.0.0.1]
Jun 11 14:09:37 vml000080 postfix/smtpd[26920]: NOQUEUE: client=localhost[127.0.0.1]
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: connect from vml000060.dmz.nausch.org[10.0.0.60]
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: 4709153: client=localhost[127.0.0.1]
Jun 11 14:09:52 vml000080 postfix/cleanup[26923]: 4709153: message-id=<20120611120952.4709153@mx1.nausch.org>
Jun 11 14:09:52 vml000080 postfix/qmgr[24754]: 4709153: from=<bigchief@omni128.de>, size=777, nrcpt=1 (queue active)
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: disconnect from vml000060.dmz.nausch.org[10.0.0.60]

Im Maillog auf unserem AMaVis-Host sind die Ausgaben im Moment, dank des loglevel = 3, doch recht aussagekräftig.

 # less /var/log/maillog
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-01) process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-02) loaded policy bank "MYNETS"
Jun 11 14:09:39 vml000060 amavis[18855]: (18855-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T135937-18855: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:09:37 +0200 (CEST)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4, state: 1
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4 -> disabling
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) body hash: 2205e48de5f93c784733ffcca841d2b5
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking: 8GFFkUKKobVo MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) 2822.From: <bigchief@omni128.de>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Cached virus check expired, TTL = 180 s
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) cached 2205e48de5f93c784733ffcca841d2b5 from <bigchief@omni128.de> (0,0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p001 1 Content-Type: text/plain, size: 5 B, name: 
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) inspect_dsn: not a bounce
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking for banned types and filenames
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x20db1a0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T135937-18855/parts/p002
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Connecting to socket  /var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd): CLEAN
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd) result: clean
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) spam_scan: score=-0.427 autolearn=no tests=[ALL_TRUSTED=-1,INVALID_DATE=0.432,MISSING_MID=0.14,TVD_SPACE_RATIO=0.001]
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) do_notify_and_quar: ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp session reuse, 1 transactions so far
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> NOOP
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to NOOP (idle 593.5 s): 421 4.4.2 mx1.nausch.org Error: timeout exceeded
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp creating socket by IO::Socket::INET6 to [mail.dmz.nausch.org]:10025
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to greeting: 220 mx1.nausch.org ESMTP Postfix
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> EHLO localhost
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to EHLO: 250 mx1.nausch.org\nPIPELINING\nSIZE 52428800\nETRN\nSTARTTLS\nXFORWARD NAME ADDR PROTO HELO SOURCE PORT\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> XFORWARD ADDR=127.0.0.1 NAME=localhost PORT=42232 PROTO=SMTP HELO=vml00080.dmz.nausch.org SOURCE=LOCAL
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to XFORWARD: 250 2.0.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) AUTH not needed, user='', MTA offers ''
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> MAIL FROM:<bigchief@omni128.de> BODY=7BIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> RCPT TO:<django@nausch.org>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> DATA
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to MAIL (pip): 250 2.1.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to RCPT (pip) (<django@nausch.org>): 250 2.1.5 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> QUIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to data-dot (<django@nausch.org>): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) FWD via SMTP: <bigchief@omni128.de> -> <django@nausch.org>,BODY=7BIT 250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) DSN: sender is credible (orig), SA: -0.427, <bigchief@omni128.de>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: 8GFFkUKKobVo, Hits: -0.427, size: 280, queued_as: 4709153, 15120 ms
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING-SA total 435 ms - parse: 2 (0.6%), extract_message_metadata: 308 (70.9%), poll_dns_idle: 291 (67.0%), get_uri_detail_list: 0.43 (0.1%), tests_pri_-1000: 7 (1.7%), tests_pri_-950: 2 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.23 (0.3%), tests_pri_0: 89 (20.6%), check_dkim_adsp: 13 (3.0%), check_spf: 0.48 (0.1%), check_pyzor: 0.42 (0.1%), tests_pri_500: 5 (1.1%), get_report: 1.09 (0.3%)
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) sending SMTP response: "250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153"
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING [total 15125 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2718 (18%)18, SMTP DATA: 11840 (78%)96, check_init: 1 (0%)96, digest_hdr: 1 (0%)96, digest_body_dkim: 1 (0%)96, gen_mail_id: 1 (0%)96, mime_decode: 10 (0%)96, get-file-type1: 15 (0%)96, decompose_part: 1 (0%)96, parts_decode: 0 (0%)96, check_header: 2 (0%)96, AV-scan-1: 8 (0%)97, spam-wb-list: 2 (0%)97, SA parse: 5 (0%)97, SA check: 429 (3%)99, update_cache: 6 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-connect: 12 (0%)100, fwd-xforward: 1 (0%)100, fwd-mail-pip: 12 (0%)100, fwd-rcpt-pip: 0 (0%)100, fwd-data-chkpnt: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 0 (0%)100, fwd-end-chkpnt: 39 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) load: 5 %, total idle 583.913 s, busy 30.553 s

SPAM (Blacklist)

Als nächstes schicken wir nun eine Testmessage an einen unserer User, die in der Betreffzeile einen verbotenen Ausdruck beinhaltet, z.B. gevoegelt:

 $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<bigchief@omni128.de>
250 2.1.0 Ok
rcpt to:<django@nausch.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: <bigchief@omni128.de>
To: <django@nausch.org>
Date: 2012-06-11 13:45
Subject: Hast Du Sie heute schon gevoegelt?

Spamnachricht mit verbotenem Ausdruck im Betreff.
.
554 5.7.0 Reject, id=19055-01 - SPAM
quit
221 2.0.0 Bye
Connection closed by foreign host.

Die Testmessage wird natürlich nicht angenommen und direkt und nur einmal rejected.

 554 5.7.0 Reject, id=19055-01 - SPAM

Im Maillog unseres AMaViS-Frontendsystems können wir dann den genauen Ablehnungsgrund, an Hand des übermitteltet AMaViS-Codes 19055-01 ermitteln. (Voraussetzung ist hierzu das der Loglevel in der /etc/amavisd.conf mindestens auf dem Wert 2 steht!):

Jun 11 14:27:36 vml000060 amavis[19055]: process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:27:36 vml000060 amavis[19055]: (19055-01) loaded policy bank "MYNETS"
Jun 11 14:27:38 vml000060 amavis[19055]: (19055-01) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T142736-19055: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:27:36 +0200 (CEST)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) body hash: a49713537d48347c846b5432811446b3
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking: B0eSk4whQh6x MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) 2822.From: <bigchief@omni128.de>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p001 1 Content-Type: text/plain, size: 50 B, name: 
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) inspect_dsn: not a bounce
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking for banned types and filenames
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T142736-19055/parts/p002
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Connecting to socket  /var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd): CLEAN
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd) result: clean
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) spam_scan: score=19.572 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_SUBJECT_CHECKS_NR2041=20,INVALID_DATE=0.432,MISSING_MID=0.14]
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) blocking contents category is (6) for django@nausch.org
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=19.572 tag=2 tag2=6.31 kill=6.31 tests=[ALL_TRUSTED=-1, HEADER_SUBJECT_CHECKS_NR2041=20, INVALID_DATE=0.432, MISSING_MID=0.14] autolearn=no
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) DSN: sender is credible (orig), SA: 19.572, <bigchief@omni128.de>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: B0eSk4whQh6x, Hits: 19.572, size: 346, 16258 ms
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING-SA total 143 ms - parse: 3 (1.8%), extract_message_metadata: 5 (3.5%), get_uri_detail_list: 0.50 (0.3%), tests_pri_-1000: 10 (7.0%), tests_pri_-950: 3 (1.9%), tests_pri_-900: 1.92 (1.3%), tests_pri_-400: 1.30 (0.9%), tests_pri_0: 94 (66.1%), check_dkim_adsp: 15 (10.4%), check_spf: 0.48 (0.3%), check_pyzor: 0.34 (0.2%), tests_pri_500: 4 (2.8%), get_report: 1.44 (1.0%)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) sending SMTP response: "554 5.7.0 Reject, id=19055-01 - SPAM"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING [total 16262 ms] - SMTP greeting: 12 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir tempdir: 1 (0%)0, create email.txt: 1 (0%)0, SMTP pre-DATA-flush: 2361 (15%)15, SMTP DATA: 13667 (84%)99, check_init: 1 (0%)99, digest_hdr: 2 (0%)99, digest_body_dkim: 1 (0%)99, gen_mail_id: 2 (0%)99, mkdir parts: 2 (0%)99, mime_decode: 11 (0%)99, get-file-type1: 16 (0%)99, decompose_part: 2 (0%)99, parts_decode: 0 (0%)99, check_header: 2 (0%)99, AV-scan-1: 9 (0%)99, spam-wb-list: 2 (0%)99, SA parse: 7 (0%)99, SA check: 136 (1%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 4 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) load: 86 %, total idle 2.356 s, busy 13.912 s

Die Regel HEADER_SUBJECT_CHECKS_NR2041=20 hat also zugeschlagen - so könnten wir bei einem etwaigen FalsePositiv die Ursache einer Ablehnung ergründen.

 # grep HEADER_SUBJECT_CHECKS_NR2041 /etc/mail/spamassassin/local.cf 
 header          HEADER_SUBJECT_CHECKS_NR2041    Subject =~ /.*gevoegelt.*/im
 score           HEADER_SUBJECT_CHECKS_NR2041    20
 tflags          HEADER_SUBJECT_CHECKS_NR2041    noautolearn

SPAM (GTUBE)

Im Dokumentationspfad ( /usr/share/doc/spamassassin-3.3.1 ) unserer SpamAssassin-Installation finden wird unter anderem das GTUBE Testfile.

  • Generic
  • Test for
  • Unsolicited
  • Bulk
  • Email
 # less /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
 
This is the GTUBE, the
	Generic
	Test for
	Unsolicited
	Bulk
	Email
 
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
 
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
 
You should send this test mail from an account outside of your network.

Wir verbinden uns nun auf Port 25 auf unserem Postfix-server und laden dort den Inhalt dieser Datei als eMail ab.

 $ telnet mail.dmz.nausch.org 25
Trying 10.0.0.80...
Connected to mail.dmz.nausch.org.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<bigchief@omni128.de>
250 2.1.0 Ok
rcpt to:<django@nausch.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
	Generic
	Test for
	Unsolicited
	Bulk
	Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

You should send this test mail from an account outside of your network.
.
554 5.7.0 Reject, id=19056-02 - SPAM
quit
221 2.0.0 Bye
Connection closed by foreign host.

Im Maillog unseres AMaViS-Servers finden wir nun wiederum einen Hinweis. warum die Nachricht mit dem Fehlercode 554 5.7.0 Reject, id=19056-02 - SPAM abgewiesen wurde.

 # less /var/log/maillog
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-01) process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-02) loaded policy bank "MYNETS"
Jun 11 14:55:47 vml000060 amavis[19056]: (19056-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T145223-19056: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:55:45 +0200 (CEST)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8, state: 1
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8 -> disabling
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) body hash: a2740fd1baff60a1aa0bfb88a79036d6
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking: juTHROjwPrnV MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) 2822.From: <sender@example.net>, 2821.Mail_From: <bigchief@omni128.de>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p001 1 Content-Type: text/plain, size: 504 B, name: 
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) inspect_dsn: not a bounce
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking for banned types and filenames
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T145223-19056/parts/p002
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Connecting to socket  /var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd): CLEAN
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd) result: clean
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) wbl: soft-blacklisted (3) sender <sender@example.net> => <django@nausch.org>, recip_key="."
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) blocking contents category is (6) for django@nausch.org
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=1001.07+3 tag=2 tag2=6.31 kill=6.31 tests=[AM:BOOST=3, ALL_TRUSTED=-1, DATE_IN_PAST_96_XX=2.07, GTUBE=1000] autolearn=no
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) DSN: sender is credible (orig), SA: 1001.070, <bigchief@omni128.de>
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, Message-ID: <GTUBE1.1010101@example.net>, mail_id: juTHROjwPrnV, Hits: 1004.07, size: 993, 26905 ms
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING-SA total 492 ms - parse: 3 (0.6%), extract_message_metadata: 5 (1.1%), get_uri_detail_list: 0.94 (0.2%), tests_pri_-1000: 8 (1.7%), tests_pri_-950: 3 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.35 (0.3%), tests_pri_0: 316 (64.2%), check_dkim_adsp: 204 (41.4%), check_spf: 0.56 (0.1%), check_pyzor: 0.44 (0.1%), tests_pri_500: 134 (27.2%), poll_dns_idle: 128 (26.0%), get_report: 1.88 (0.4%)
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) sending SMTP response: "554 5.7.0 Reject, id=19056-02 - SPAM"
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING [total 26909 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2179 (8%)8, SMTP DATA: 24165 (90%)98, check_init: 1 (0%)98, digest_hdr: 2 (0%)98, digest_body_dkim: 1 (0%)98, gen_mail_id: 1 (0%)98, mime_decode: 10 (0%)98, get-file-type1: 16 (0%)98, decompose_part: 2 (0%)98, parts_decode: 0 (0%)98, check_header: 2 (0%)98, AV-scan-1: 9 (0%)98, spam-wb-list: 3 (0%)98, SA parse: 5 (0%)98, SA check: 485 (2%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 3 (0%)100, main_log_entry: 7 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) load: 11 %, total idle 204.011 s, busy 25.318 s

In der Zeile:

 Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]

wird der eMail ein SPAM-Score von 1001,07 bescheinigt, der - nun sagen wir mal geringfügig - über den 6.31, die wir in der /etc/amavisd.conf definiert hatten. Die Annahme der eMail wird also mit einem 500er-Fehlercode verweigert.

Links


1)
erwünschten Nachrichten
2)
unerwünschten Nachrichten
3)
Real Blackhole Lists
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/mail_c6/spam_5.txt
  • Zuletzt geändert: 20.04.2018 10:44.
  • (Externe Bearbeitung)