| Vorhergehende Überarbeitung |
| — | centos:mail_c6:spam_5 [20.05.2021 07:51. ] (aktuell) – Externe Bearbeitung 127.0.0.1 |
|---|
| | ====== Installation und Konfiguration von Spamassassin ====== |
| | {{:centos:mail_c6:spamassassin_logo.png?nolink&200|SpamAssassin Logo}} |
| | |
| | ===== Grundlagen ===== |
| | SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie **AMaViS** ist **SpamAssassin** ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS. |
| | |
| | <uml> |
| | |
| | state "MTA" as smtp_25 |
| | smtp_25 : (Mail Transport Agent) |
| | smtp_25 : andere SMTP-Server |
| | smtp_25 : im Internet bzw. Intranet |
| | smtp_25 : TCP/IP - Port 25 |
| | |
| | state Postfix { |
| | state "smtpd:25" as smtpd_25 |
| | smtpd_25 : SMTP-Daemon |
| | smtpd_25 : TCP/IP Port 25 |
| | smtpd_25 : mit smtpd_proxy_filter |
| | |
| | state "smtpd:10025" as smtpd_10025 |
| | smtpd_10025 : SMTP-Daemon |
| | smtpd_10025 : TCP/IP Port 10025 |
| | smtpd_10025 : *ohne* smtpd_proxy_filter |
| | |
| | state "Postfix" as work |
| | work : weitere Be-/Abarbeitung |
| | work : der eMail durch den |
| | work : Mail-Transport-Agent Postfix |
| | } |
| | |
| | state AMaViS { |
| | state "smtpd:10024" as smtpd_10024 |
| | smtpd_10024 : SMTP-Daemon |
| | smtpd_10024 : TCP/IP Port 10024 |
| | |
| | state "AMaViS" as amavis |
| | amavis : Master Prozess |
| | amavis : (Frontend-System) |
| | |
| | state "Entpacker" as packer |
| | packer : Backend-System zum |
| | packer : Entpacken von Dateianhängen |
| | state "Virenscanner" as virus |
| | virus : Backend-System zum |
| | virus : Prüfen der eMail und der |
| | virus : Anhänge auf Schadcode |
| | state "Spamassassin" as spam |
| | spam : Backend-System zum |
| | spam : Prüfen der eMail auf |
| | spam : unerwünschte Inhalte |
| | } |
| | |
| | state Dovecot { |
| | state "IMAP-Server" as smtpd_24 |
| | smtpd_24 : Mail-Delivery-Agent |
| | smtpd_24 : Dovecot IMAP-Server |
| | } |
| | |
| | |
| | smtp_25 --> smtpd_25 |
| | smtpd_10025 -right-> work |
| | |
| | smtpd_25 -right-> smtpd_10024 |
| | smtpd_10024 --> amavis |
| | |
| | amavis -right-> packer |
| | packer -left-> amavis |
| | amavis -down-> virus |
| | virus -up-> amavis |
| | amavis -left-> spam |
| | spam -right-> amavis |
| | |
| | amavis -left-> smtpd_10025 |
| | |
| | work -right-> smtpd_24 |
| | </uml> |
| | |
| | |
| | Für die Unterscheidung zwischen **HAM**((erwünschten Nachrichten)) und **SPAM**((unerwünschten Nachrichten)) bedient sich SpamAssassin unterschiedlicher Techniken: |
| | * Abfrage von **RBLs**((**R**eal **B**lackhole **L**ists)). |
| | * Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor. |
| | * Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails |
| | * Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln. |
| | |
| | ===== Installation ===== |
| | Wie üblich installieren wir die benötigten Programmpakete via **YUM**. |
| | # yum install spamassassin -y |
| | |
| | |
| | ===== Programminfo ===== |
| | Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte **rpm**. |
| | # rpm -qil spamassassin |
| | |
| | <code>Name : spamassassin Relocations: (not relocatable) |
| | Version : 3.3.1 Vendor: CentOS |
| | Release : 2.el6 Build Date: Mon 23 Aug 2010 04:28:38 AM CEST |
| | Install Date: Sun 10 Jun 2012 12:35:02 PM CEST Build Host: c6b2.bsys.dev.centos.org |
| | Group : Applications/Internet Source RPM: spamassassin-3.3.1-2.el6.src.rpm |
| | Size : 3253352 License: ASL 2.0 |
| | Signature : RSA/8, Sun 03 Jul 2011 07:02:17 AM CEST, Key ID 0946fca2c105b9de |
| | Packager : CentOS BuildSystem <http://bugs.centos.org> |
| | URL : http://spamassassin.apache.org/ |
| | Summary : Spam filter for email which can be invoked from mail delivery agents |
| | Description : |
| | SpamAssassin provides you with a way to reduce if not completely eliminate |
| | Unsolicited Commercial Email (SPAM) from your incoming email. It can |
| | be invoked by a MDA such as sendmail or postfix, or can be called from |
| | a procmail script, .forward file, etc. It uses a genetic-algorithm |
| | evolved scoring system to identify messages which look spammy, then |
| | adds headers to the message so they can be filtered by the user's mail |
| | reading software. This distribution includes the spamd/spamc components |
| | which create a server that considerably speeds processing of mail. |
| | |
| | To enable spamassassin, if you are receiving mail locally, simply add |
| | this line to your ~/.procmailrc: |
| | INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc |
| | |
| | To filter spam for all users, add that line to /etc/procmailrc |
| | (creating if necessary). |
| | /etc/cron.d/sa-update |
| | /etc/logrotate.d/sa-update |
| | /etc/mail/spamassassin |
| | /etc/mail/spamassassin/channel.d |
| | /etc/mail/spamassassin/channel.d/sought.conf |
| | /etc/mail/spamassassin/channel.d/spamassassin-official.conf |
| | /etc/mail/spamassassin/init.pre |
| | /etc/mail/spamassassin/local.cf |
| | /etc/mail/spamassassin/sa-update-keys |
| | /etc/mail/spamassassin/spamassassin-default.rc |
| | /etc/mail/spamassassin/spamassassin-helper.sh |
| | /etc/mail/spamassassin/spamassassin-spamc.rc |
| | /etc/mail/spamassassin/v310.pre |
| | /etc/mail/spamassassin/v312.pre |
| | /etc/mail/spamassassin/v320.pre |
| | /etc/mail/spamassassin/v330.pre |
| | /etc/portreserve/spamd |
| | /etc/rc.d/init.d/spamassassin |
| | /etc/sysconfig/sa-update |
| | /etc/sysconfig/spamassassin |
| | /usr/bin/sa-awl |
| | /usr/bin/sa-check_spamd |
| | /usr/bin/sa-compile |
| | /usr/bin/sa-learn |
| | /usr/bin/sa-update |
| | /usr/bin/spamassassin |
| | /usr/bin/spamc |
| | /usr/bin/spamd |
| | /usr/share/doc/spamassassin-3.3.1 |
| | /usr/share/doc/spamassassin-3.3.1/CREDITS |
| | /usr/share/doc/spamassassin-3.3.1/Changes |
| | /usr/share/doc/spamassassin-3.3.1/LICENSE |
| | /usr/share/doc/spamassassin-3.3.1/NOTICE |
| | /usr/share/doc/spamassassin-3.3.1/README |
| | /usr/share/doc/spamassassin-3.3.1/README.RHEL.Fedora |
| | /usr/share/doc/spamassassin-3.3.1/TRADEMARK |
| | /usr/share/doc/spamassassin-3.3.1/UPGRADE |
| | /usr/share/doc/spamassassin-3.3.1/USAGE |
| | /usr/share/doc/spamassassin-3.3.1/sample-nonspam.txt |
| | /usr/share/doc/spamassassin-3.3.1/sample-spam.txt |
| | /usr/share/man/man1/sa-compile.1.gz |
| | /usr/share/man/man1/sa-learn.1.gz |
| | /usr/share/man/man1/sa-update.1.gz |
| | /usr/share/man/man1/spamassassin-run.1.gz |
| | /usr/share/man/man1/spamassassin.1.gz |
| | /usr/share/man/man1/spamc.1.gz |
| | /usr/share/man/man1/spamd.1.gz |
| | /usr/share/man/man3/Mail::SpamAssassin.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz |
| | /usr/share/man/man3/spamassassin-run.3pm.gz |
| | /usr/share/perl5/Mail |
| | /usr/share/perl5/Mail/SpamAssassin |
| | /usr/share/perl5/Mail/SpamAssassin.pm |
| | /usr/share/perl5/Mail/SpamAssassin/AICache.pm |
| | /usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm |
| | /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm |
| | /usr/share/perl5/Mail/SpamAssassin/AutoWhitelist.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Bayes |
| | /usr/share/perl5/Mail/SpamAssassin/Bayes.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Bayes/CombineChi.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/BDB.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/MySQL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/PgSQL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/SDBM.pm |
| | /usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Client.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Conf |
| | /usr/share/perl5/Mail/SpamAssassin/Conf.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Conf/LDAP.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Conf/SQL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Constants.pm |
| | /usr/share/perl5/Mail/SpamAssassin/DBBasedAddrList.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Dns.pm |
| | /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm |
| | /usr/share/perl5/Mail/SpamAssassin/HTML.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Locales.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Locker |
| | /usr/share/perl5/Mail/SpamAssassin/Locker.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Locker/Flock.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Locker/Win32.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Logger |
| | /usr/share/perl5/Mail/SpamAssassin/Logger.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Logger/File.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Logger/Stderr.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Logger/Syslog.pm |
| | /usr/share/perl5/Mail/SpamAssassin/MailingList.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Message |
| | /usr/share/perl5/Mail/SpamAssassin/Message.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Message/Metadata |
| | /usr/share/perl5/Mail/SpamAssassin/Message/Metadata.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Message/Node.pm |
| | /usr/share/perl5/Mail/SpamAssassin/NetSet.pm |
| | /usr/share/perl5/Mail/SpamAssassin/PerMsgLearner.pm |
| | /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm |
| | /usr/share/perl5/Mail/SpamAssassin/PersistentAddrList.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/ASN.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/AWL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/AccessDB.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/AntiVirus.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/BodyEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Check.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/DCC.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/FreeMail.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/HTMLEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Hashcash.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/HeaderEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/ImageInfo.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEHeader.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/PhishTag.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/RelayCountry.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/RelayEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/ReplaceTags.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Reuse.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Rule2XSBody.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Shortcircuit.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/Test.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/TextCat.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/URIDetail.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/URIEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/VBounce.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/WLBLEval.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm |
| | /usr/share/perl5/Mail/SpamAssassin/PluginHandler.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Reporter.pm |
| | /usr/share/perl5/Mail/SpamAssassin/SQLBasedAddrList.pm |
| | /usr/share/perl5/Mail/SpamAssassin/SpamdForkScaling.pm |
| | /usr/share/perl5/Mail/SpamAssassin/SubProcBackChannel.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Timeout.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util |
| | /usr/share/perl5/Mail/SpamAssassin/Util.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util/DependencyInfo.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util/Progress.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util/ScopedTimer.pm |
| | /usr/share/perl5/Mail/SpamAssassin/Util/TieOneStringHash.pm |
| | /usr/share/perl5/spamassassin-run.pod |
| | /usr/share/spamassassin |
| | /usr/share/spamassassin/10_default_prefs.cf |
| | /usr/share/spamassassin/20_advance_fee.cf |
| | /usr/share/spamassassin/20_aux_tlds.cf |
| | /usr/share/spamassassin/20_body_tests.cf |
| | /usr/share/spamassassin/20_compensate.cf |
| | /usr/share/spamassassin/20_dnsbl_tests.cf |
| | /usr/share/spamassassin/20_drugs.cf |
| | /usr/share/spamassassin/20_dynrdns.cf |
| | /usr/share/spamassassin/20_fake_helo_tests.cf |
| | /usr/share/spamassassin/20_freemail.cf |
| | /usr/share/spamassassin/20_freemail_domains.cf |
| | /usr/share/spamassassin/20_head_tests.cf |
| | /usr/share/spamassassin/20_html_tests.cf |
| | /usr/share/spamassassin/20_imageinfo.cf |
| | /usr/share/spamassassin/20_meta_tests.cf |
| | /usr/share/spamassassin/20_net_tests.cf |
| | /usr/share/spamassassin/20_phrases.cf |
| | /usr/share/spamassassin/20_porn.cf |
| | /usr/share/spamassassin/20_ratware.cf |
| | /usr/share/spamassassin/20_uri_tests.cf |
| | /usr/share/spamassassin/20_vbounce.cf |
| | /usr/share/spamassassin/23_bayes.cf |
| | /usr/share/spamassassin/25_accessdb.cf |
| | /usr/share/spamassassin/25_antivirus.cf |
| | /usr/share/spamassassin/25_asn.cf |
| | /usr/share/spamassassin/25_dcc.cf |
| | /usr/share/spamassassin/25_dkim.cf |
| | /usr/share/spamassassin/25_hashcash.cf |
| | /usr/share/spamassassin/25_pyzor.cf |
| | /usr/share/spamassassin/25_razor2.cf |
| | /usr/share/spamassassin/25_replace.cf |
| | /usr/share/spamassassin/25_spf.cf |
| | /usr/share/spamassassin/25_textcat.cf |
| | /usr/share/spamassassin/25_uribl.cf |
| | /usr/share/spamassassin/30_text_de.cf |
| | /usr/share/spamassassin/30_text_fr.cf |
| | /usr/share/spamassassin/30_text_it.cf |
| | /usr/share/spamassassin/30_text_nl.cf |
| | /usr/share/spamassassin/30_text_pl.cf |
| | /usr/share/spamassassin/30_text_pt_br.cf |
| | /usr/share/spamassassin/50_scores.cf |
| | /usr/share/spamassassin/60_adsp_override_dkim.cf |
| | /usr/share/spamassassin/60_awl.cf |
| | /usr/share/spamassassin/60_shortcircuit.cf |
| | /usr/share/spamassassin/60_whitelist.cf |
| | /usr/share/spamassassin/60_whitelist_dkim.cf |
| | /usr/share/spamassassin/60_whitelist_spf.cf |
| | /usr/share/spamassassin/60_whitelist_subject.cf |
| | /usr/share/spamassassin/72_active.cf |
| | /usr/share/spamassassin/72_scores.cf |
| | /usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt |
| | /usr/share/spamassassin/languages |
| | /usr/share/spamassassin/local.cf |
| | /usr/share/spamassassin/regression_tests.cf |
| | /usr/share/spamassassin/sa-update-pubkey.txt |
| | /usr/share/spamassassin/sa-update.cron |
| | /usr/share/spamassassin/user_prefs.template |
| | /var/lib/spamassassin |
| | /var/run/spamassassin |
| | </code> |
| | |
| | ===== Konfiguration ===== |
| | ==== spamassassin ==== |
| | Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis ** /etc/mail/spamassassin/ ** befindet sich die Konfigurationsdatei **local.cf** mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können. |
| | # vim /etc/mail/spamassassin/local.cf |
| | <file bash /etc/mail/spamassassin/local.cf># These values can be overridden by editing ~/.spamassassin/user_prefs.cf |
| | # (see spamassassin(1) for details) |
| | |
| | # These should be safe assumptions and allow for simple visual sifting |
| | # without risking lost emails. |
| | |
| | # Ab welchem Punktestand soll eine eMail als Spam betrachtet werden? |
| | required_hits 5 |
| | |
| | # Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. |
| | # Wenn report_safe 0 angegeben ist, fügt Spamassassin lediglich einige X-Spam-Header ein |
| | # und lässt die E-Mail ansonsten unverändert. |
| | report_safe 0 |
| | |
| | # Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, |
| | # zusätzlich mit dem Hinweis "**** SPAM ****" in der Betreffzeile gekennzeichnet werden sollen. |
| | rewrite_header Subject [SPAM] |
| | |
| | # Django : 2012-05-21 |
| | # Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken ( |
| | # Bayes- und Autowhitelisting) vor gleichzeitigem Zugriffen zu schützen. Wenn sichergestellt |
| | # ist, daß auf die beiden Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen |
| | # erheblich an Performance gewonnen werden, indem die Sperrmethode flock verwendet wird. |
| | lock_method flock |
| | |
| | # Django : 2009-08-19 |
| | # Headercheck-Filterliste für die Absicherung des Postfix-Mailservers Information aus einer |
| | # vorhandenen Postfixdatei /etc/postfix/header_checks übernommen, da es unter gewissen Umständen |
| | # zu Backscatter-Problemen kommen könnte (Stand. 10-07-2009 AMaViS Version |
| | # amavisd-new-2.5.4-1.el5.rf.src.rpm Version 0.02 / 2009-08-19 |
| | # |
| | # /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten |
| | # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren |
| | # |
| | # Header-Checks "From" (Nummerierung 1000 ...) |
| | # |
| | header HEADER_FROM_CHECKS_NR_1001 From =~ /^.*Euro Dice Casino/im |
| | score HEADER_FROM_CHECKS_NR_1001 20 |
| | tflags HEADER_FROM_CHECKS_NR_1001 noautolearn |
| | |
| | # Header-Checks "From" (Nummerierung 1000 ...) |
| | |
| | header HEADER_FROM_CHECKS_NR1002 From =~ /^.*ic-drei.de/im |
| | score HEADER_FROM_CHECKS_NR1002 20 |
| | tflags HEADER_FROM_CHECKS_NR1002 noautolearn |
| | |
| | header HEADER_FROM_CHECKS_NR1001 From =~ /^.*Lottery/im |
| | score HEADER_FROM_CHECKS_NR1001 20 |
| | tflags HEADER_FROM_CHECKS_NR1001 noautolearn |
| | </file> |
| | |
| | ==== amavisd ==== |
| | Da wir weder SPAM, noch Viren noch unerwünschte Dateianhänge annehmen, noch speichern (wir haben die eMail ja gar nicht angenommen und mit einem **250er** bestätigt und dem Endnutzer zustellen können, tragen wir in der Konfigurstionsdatei unseres AMaViS-Servers folgende Zeilen ein. |
| | # vim /etc/amavisd.conf |
| | <code bash>... |
| | |
| | # Django : 2012-05-21 |
| | # default: $sa_tag2_level_deflt = 6.2; |
| | $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level |
| | # Django : 2012-05-21 |
| | # default: $sa_kill_level_deflt = 6.9; |
| | $sa_kill_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) |
| | |
| | ... |
| | |
| | ... |
| | |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $final_virus_destiny = D_REJECT; |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $final_banned_destiny = D_REJECT; |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $final_spam_destiny = D_REJECT; |
| | # $final_bad_header_destiny = D_PASS; |
| | # $bad_header_quarantine_method = undef; |
| | |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $virus_quarantine_to = undef; |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $banned_quarantine_to = undef; |
| | # Django : 2012-05-21 |
| | # default: unset |
| | $spam_quarantine_to = undef; |
| | |
| | ... |
| | </code> |
| | |
| | Zum Aktivieren der Änderungen starten wir den Daemon einmal durch. |
| | # service amavisd restart |
| | |
| | Shutting down Mail Virus Scanner (amavisd): [ OK ] |
| | Starting Mail Virus Scanner (amavisd): [ OK ] |
| | ===== Programmstart ===== |
| | ==== erster Systemstart ==== |
| | Nun können wir unseren Anti-SMAP-Daemon das erste mal starten. |
| | # service spamassassin start |
| | |
| | Starting spamd: [ OK ] |
| | |
| | Im Maillog wird der Start des Daemon entsprechend protokolliert. |
| | # less /var/log/maillog |
| | |
| | <code>Jun 10 22:44:30 vml000060 spamd[14620]: logger: removing stderr method |
| | Jun 10 22:44:34 vml000060 spamd[14625]: rules: meta test FROM_41_FREEMAIL has dependency 'NSL_RCVD_FROM_41' with a zero score |
| | Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server started on port 783/tcp (running version 3.3.1) |
| | Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server pid: 14625 |
| | Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14636 |
| | Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14638 |
| | Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: IS |
| | Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: II |
| | </code> |
| | |
| | Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht: |
| | # lsof -i :783 |
| | |
| | COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME |
| | spamd 14625 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN) |
| | spamd 14636 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN) |
| | spamd 14638 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN) |
| | |
| | Eine ähnliche Abfrage kann man natürlich auch mit Hilfe von **netstat -tulpen** erreichen. |
| | # netstat -tulpen | grep spam |
| | |
| | tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 59884 14625/spamd.pid |
| | |
| | ==== automatisches Starten des Dienste beim Systemstart ==== |
| | Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor. |
| | # chkconfig spamassassin on |
| | Anschließend überprüfen wir noch unsere Änderung: |
| | # chkconfig --list | grep spamassassin |
| | |
| | spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
| | |
| | ===== Tests ===== |
| | ==== HAM ==== |
| | Als erstes schicken wir eine Testnachricht via telnet an einen User. |
| | $ telnet localhost 25 |
| | |
| | <code>Trying 127.0.0.1... |
| | Connected to localhost. |
| | Escape character is '^]'. |
| | 220 mx1.nausch.org ESMTP Postfix |
| | helo vml00080.dmz.nausch.org |
| | 250 mx1.nausch.org |
| | mail from:<bigchief@omni128.de> |
| | 250 2.1.0 Ok |
| | rcpt to:<django@nausch.org> |
| | 250 2.1.5 Ok |
| | DATA |
| | 354 End data with <CR><LF>.<CR><LF> |
| | From: <bigchief@omni128.de> |
| | To: <django@nausch.org> |
| | Date: 2012-06-11 13:45 |
| | Subject: Testnachricht |
| | |
| | Test |
| | . |
| | 250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153 |
| | quit |
| | 221 2.0.0 Bye |
| | Connection closed by foreign host. |
| | </code> |
| | |
| | Im Maillog des Postfix-servers wir die erfolgreiche Annahme der Nachricht entsprechend quittiert. |
| | # less /var/log/maillog |
| | <code>Jun 11 14:09:22 vml000080 postfix/smtpd[26920]: connect from localhost[127.0.0.1] |
| | Jun 11 14:09:37 vml000080 postfix/smtpd[26920]: NOQUEUE: client=localhost[127.0.0.1] |
| | Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: connect from vml000060.dmz.nausch.org[10.0.0.60] |
| | Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: 4709153: client=localhost[127.0.0.1] |
| | Jun 11 14:09:52 vml000080 postfix/cleanup[26923]: 4709153: message-id=<20120611120952.4709153@mx1.nausch.org> |
| | Jun 11 14:09:52 vml000080 postfix/qmgr[24754]: 4709153: from=<bigchief@omni128.de>, size=777, nrcpt=1 (queue active) |
| | Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: disconnect from vml000060.dmz.nausch.org[10.0.0.60] |
| | </code> |
| | |
| | Im Maillog auf unserem AMaVis-Host sind die Ausgaben im Moment, dank des **loglevel = 3**, doch recht aussagekräftig. |
| | # less /var/log/maillog |
| | <code>Jun 11 14:09:37 vml000060 amavis[18855]: (18855-01) process_request: fileno sock=11, STDIN=0, STDOUT=1 |
| | Jun 11 14:09:37 vml000060 amavis[18855]: (18855-02) loaded policy bank "MYNETS" |
| | Jun 11 14:09:39 vml000060 amavis[18855]: (18855-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T135937-18855: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:09:37 +0200 (CEST) |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4, state: 1 |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4 -> disabling |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) body hash: 2205e48de5f93c784733ffcca841d2b5 |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking: 8GFFkUKKobVo MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org> |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) 2822.From: <bigchief@omni128.de> |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Cached virus check expired, TTL = 180 s |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) cached 2205e48de5f93c784733ffcca841d2b5 from <bigchief@omni128.de> (0,0) |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p001 1 Content-Type: text/plain, size: 5 B, name: |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) inspect_dsn: not a bounce |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking for banned types and filenames |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x20db1a0) |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc" |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T135937-18855/parts/p002 |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n to UNIX socket /var/run/clamav/clamd.sock |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd): CLEAN |
| | Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd) result: clean |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) spam_scan: score=-0.427 autolearn=no tests=[ALL_TRUSTED=-1,INVALID_DATE=0.432,MISSING_MID=0.14,TVD_SPACE_RATIO=0.001] |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) do_notify_and_quar: ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth= |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp session reuse, 1 transactions so far |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> NOOP |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to NOOP (idle 593.5 s): 421 4.4.2 mx1.nausch.org Error: timeout exceeded |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp creating socket by IO::Socket::INET6 to [mail.dmz.nausch.org]:10025 |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to greeting: 220 mx1.nausch.org ESMTP Postfix |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> EHLO localhost |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to EHLO: 250 mx1.nausch.org\nPIPELINING\nSIZE 52428800\nETRN\nSTARTTLS\nXFORWARD NAME ADDR PROTO HELO SOURCE PORT\nENHANCEDSTATUSCODES\n8BITMIME\nDSN |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> XFORWARD ADDR=127.0.0.1 NAME=localhost PORT=42232 PROTO=SMTP HELO=vml00080.dmz.nausch.org SOURCE=LOCAL |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to XFORWARD: 250 2.0.0 Ok |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) AUTH not needed, user='', MTA offers '' |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> MAIL FROM:<bigchief@omni128.de> BODY=7BIT |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> RCPT TO:<django@nausch.org> |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> DATA |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to MAIL (pip): 250 2.1.0 Ok |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to RCPT (pip) (<django@nausch.org>): 250 2.1.5 Ok |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF> |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> QUIT |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to data-dot (<django@nausch.org>): 250 2.0.0 Ok: queued as 4709153 |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) FWD via SMTP: <bigchief@omni128.de> -> <django@nausch.org>,BODY=7BIT 250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153 |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) DSN: sender is credible (orig), SA: -0.427, <bigchief@omni128.de> |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: 8GFFkUKKobVo, Hits: -0.427, size: 280, queued_as: 4709153, 15120 ms |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING-SA total 435 ms - parse: 2 (0.6%), extract_message_metadata: 308 (70.9%), poll_dns_idle: 291 (67.0%), get_uri_detail_list: 0.43 (0.1%), tests_pri_-1000: 7 (1.7%), tests_pri_-950: 2 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.23 (0.3%), tests_pri_0: 89 (20.6%), check_dkim_adsp: 13 (3.0%), check_spf: 0.48 (0.1%), check_pyzor: 0.42 (0.1%), tests_pri_500: 5 (1.1%), get_report: 1.09 (0.3%) |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) sending SMTP response: "250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153" |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING [total 15125 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2718 (18%)18, SMTP DATA: 11840 (78%)96, check_init: 1 (0%)96, digest_hdr: 1 (0%)96, digest_body_dkim: 1 (0%)96, gen_mail_id: 1 (0%)96, mime_decode: 10 (0%)96, get-file-type1: 15 (0%)96, decompose_part: 1 (0%)96, parts_decode: 0 (0%)96, check_header: 2 (0%)96, AV-scan-1: 8 (0%)97, spam-wb-list: 2 (0%)97, SA parse: 5 (0%)97, SA check: 429 (3%)99, update_cache: 6 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-connect: 12 (0%)100, fwd-xforward: 1 (0%)100, fwd-mail-pip: 12 (0%)100, fwd-rcpt-pip: 0 (0%)100, fwd-data-chkpnt: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 0 (0%)100, fwd-end-chkpnt: 39 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100 |
| | Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) load: 5 %, total idle 583.913 s, busy 30.553 s |
| | </code> |
| | ==== SPAM (Blacklist) ==== |
| | Als nächstes schicken wir nun eine Testmessage an einen unserer User, die in der Betreffzeile einen verbotenen Ausdruck beinhaltet, z.B. **gevoegelt**: |
| | $ telnet localhost 25 |
| | <code>Trying 127.0.0.1... |
| | Connected to localhost. |
| | Escape character is '^]'. |
| | 220 mx1.nausch.org ESMTP Postfix |
| | helo vml00080.dmz.nausch.org |
| | 250 mx1.nausch.org |
| | mail from:<bigchief@omni128.de> |
| | 250 2.1.0 Ok |
| | rcpt to:<django@nausch.org> |
| | 250 2.1.5 Ok |
| | DATA |
| | 354 End data with <CR><LF>.<CR><LF> |
| | From: <bigchief@omni128.de> |
| | To: <django@nausch.org> |
| | Date: 2012-06-11 13:45 |
| | Subject: Hast Du Sie heute schon gevoegelt? |
| | |
| | Spamnachricht mit verbotenem Ausdruck im Betreff. |
| | . |
| | 554 5.7.0 Reject, id=19055-01 - SPAM |
| | quit |
| | 221 2.0.0 Bye |
| | Connection closed by foreign host. |
| | </code> |
| | |
| | Die Testmessage wird natürlich nicht angenommen und direkt und **__nur einmal__** rejected. |
| | 554 5.7.0 Reject, id=19055-01 - SPAM |
| | |
| | Im Maillog unseres AMaViS-Frontendsystems können wir dann den genauen Ablehnungsgrund, an Hand des übermitteltet AMaViS-Codes **19055-01** ermitteln. (Voraussetzung ist hierzu das der Loglevel in der **/etc/amavisd.conf** mindestens auf dem Wert **2** steht!): |
| | |
| | <code>Jun 11 14:27:36 vml000060 amavis[19055]: process_request: fileno sock=11, STDIN=0, STDOUT=1 |
| | Jun 11 14:27:36 vml000060 amavis[19055]: (19055-01) loaded policy bank "MYNETS" |
| | Jun 11 14:27:38 vml000060 amavis[19055]: (19055-01) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T142736-19055: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:27:36 +0200 (CEST) |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) body hash: a49713537d48347c846b5432811446b3 |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking: B0eSk4whQh6x MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org> |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) 2822.From: <bigchief@omni128.de> |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p001 1 Content-Type: text/plain, size: 50 B, name: |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) inspect_dsn: not a bounce |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking for banned types and filenames |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0) |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc" |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T142736-19055/parts/p002 |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n to UNIX socket /var/run/clamav/clamd.sock |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd): CLEAN |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd) result: clean |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) spam_scan: score=19.572 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_SUBJECT_CHECKS_NR2041=20,INVALID_DATE=0.432,MISSING_MID=0.14] |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) blocking contents category is (6) for django@nausch.org |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth= |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=19.572 tag=2 tag2=6.31 kill=6.31 tests=[ALL_TRUSTED=-1, HEADER_SUBJECT_CHECKS_NR2041=20, INVALID_DATE=0.432, MISSING_MID=0.14] autolearn=no |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) DSN: sender is credible (orig), SA: 19.572, <bigchief@omni128.de> |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: B0eSk4whQh6x, Hits: 19.572, size: 346, 16258 ms |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING-SA total 143 ms - parse: 3 (1.8%), extract_message_metadata: 5 (3.5%), get_uri_detail_list: 0.50 (0.3%), tests_pri_-1000: 10 (7.0%), tests_pri_-950: 3 (1.9%), tests_pri_-900: 1.92 (1.3%), tests_pri_-400: 1.30 (0.9%), tests_pri_0: 94 (66.1%), check_dkim_adsp: 15 (10.4%), check_spf: 0.48 (0.3%), check_pyzor: 0.34 (0.2%), tests_pri_500: 4 (2.8%), get_report: 1.44 (1.0%) |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) sending SMTP response: "554 5.7.0 Reject, id=19055-01 - SPAM" |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING [total 16262 ms] - SMTP greeting: 12 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir tempdir: 1 (0%)0, create email.txt: 1 (0%)0, SMTP pre-DATA-flush: 2361 (15%)15, SMTP DATA: 13667 (84%)99, check_init: 1 (0%)99, digest_hdr: 2 (0%)99, digest_body_dkim: 1 (0%)99, gen_mail_id: 2 (0%)99, mkdir parts: 2 (0%)99, mime_decode: 11 (0%)99, get-file-type1: 16 (0%)99, decompose_part: 2 (0%)99, parts_decode: 0 (0%)99, check_header: 2 (0%)99, AV-scan-1: 9 (0%)99, spam-wb-list: 2 (0%)99, SA parse: 7 (0%)99, SA check: 136 (1%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 4 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100 |
| | Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) load: 86 %, total idle 2.356 s, busy 13.912 s |
| | </code> |
| | |
| | Die Regel **HEADER_SUBJECT_CHECKS_NR2041=20** hat also zugeschlagen - so könnten wir bei einem etwaigen FalsePositiv die Ursache einer Ablehnung ergründen. |
| | |
| | # grep HEADER_SUBJECT_CHECKS_NR2041 /etc/mail/spamassassin/local.cf |
| | |
| | header HEADER_SUBJECT_CHECKS_NR2041 Subject =~ /.*gevoegelt.*/im |
| | score HEADER_SUBJECT_CHECKS_NR2041 20 |
| | tflags HEADER_SUBJECT_CHECKS_NR2041 noautolearn |
| | |
| | ==== SPAM (GTUBE) ==== |
| | Im Dokumentationspfad ( ** // /usr/share/doc/spamassassin-3.3.1 // ** ) unserer **SpamAssassin**-Installation finden wird unter anderem das **GTUBE** Testfile. |
| | * **G**eneric |
| | * **T**est for |
| | * **U**nsolicited |
| | * **B**ulk |
| | * **E**mail |
| | |
| | # less /usr/share/doc/spamassassin-3.3.1/sample-spam.txt |
| | <file mail /usr/share/doc/spamassassin-3.3.1/sample-spam.txt>Subject: Test spam mail (GTUBE) |
| | Message-ID: <GTUBE1.1010101@example.net> |
| | Date: Wed, 23 Jul 2003 23:30:00 +0200 |
| | From: Sender <sender@example.net> |
| | To: Recipient <recipient@example.net> |
| | Precedence: junk |
| | MIME-Version: 1.0 |
| | Content-Type: text/plain; charset=us-ascii |
| | Content-Transfer-Encoding: 7bit |
| | |
| | This is the GTUBE, the |
| | Generic |
| | Test for |
| | Unsolicited |
| | Bulk |
| | Email |
| | |
| | If your spam filter supports it, the GTUBE provides a test by which you |
| | can verify that the filter is installed correctly and is detecting incoming |
| | spam. You can send yourself a test mail containing the following string of |
| | characters (in upper case and with no white spaces and line breaks): |
| | |
| | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X |
| | |
| | You should send this test mail from an account outside of your network. |
| | |
| | </file> |
| | |
| | Wir verbinden uns nun auf Port **25** auf unserem Postfix-server und laden dort den Inhalt dieser Datei als eMail ab. |
| | $ telnet mail.dmz.nausch.org 25 |
| | <code>Trying 10.0.0.80... |
| | Connected to mail.dmz.nausch.org. |
| | Escape character is '^]'. |
| | 220 mx1.nausch.org ESMTP Postfix |
| | helo vml00080.dmz.nausch.org |
| | 250 mx1.nausch.org |
| | mail from:<bigchief@omni128.de> |
| | 250 2.1.0 Ok |
| | rcpt to:<django@nausch.org> |
| | 250 2.1.5 Ok |
| | DATA |
| | 354 End data with <CR><LF>.<CR><LF> |
| | Subject: Test spam mail (GTUBE) |
| | Message-ID: <GTUBE1.1010101@example.net> |
| | Date: Wed, 23 Jul 2003 23:30:00 +0200 |
| | From: Sender <sender@example.net> |
| | To: Recipient <recipient@example.net> |
| | Precedence: junk |
| | MIME-Version: 1.0 |
| | Content-Type: text/plain; charset=us-ascii |
| | Content-Transfer-Encoding: 7bit |
| | |
| | This is the GTUBE, the |
| | Generic |
| | Test for |
| | Unsolicited |
| | Bulk |
| | Email |
| | |
| | If your spam filter supports it, the GTUBE provides a test by which you |
| | can verify that the filter is installed correctly and is detecting incoming |
| | spam. You can send yourself a test mail containing the following string of |
| | characters (in upper case and with no white spaces and line breaks): |
| | |
| | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X |
| | |
| | You should send this test mail from an account outside of your network. |
| | . |
| | 554 5.7.0 Reject, id=19056-02 - SPAM |
| | quit |
| | 221 2.0.0 Bye |
| | Connection closed by foreign host. |
| | </code> |
| | |
| | Im Maillog unseres AMaViS-Servers finden wir nun wiederum einen Hinweis. warum die Nachricht mit dem Fehlercode **554 5.7.0 Reject, id=19056-02 - SPAM** abgewiesen wurde. |
| | |
| | # less /var/log/maillog |
| | <code>Jun 11 14:55:45 vml000060 amavis[19056]: (19056-01) process_request: fileno sock=11, STDIN=0, STDOUT=1 |
| | Jun 11 14:55:45 vml000060 amavis[19056]: (19056-02) loaded policy bank "MYNETS" |
| | Jun 11 14:55:47 vml000060 amavis[19056]: (19056-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T145223-19056: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:55:45 +0200 (CEST) |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8, state: 1 |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8 -> disabling |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) body hash: a2740fd1baff60a1aa0bfb88a79036d6 |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking: juTHROjwPrnV MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org> |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) 2822.From: <sender@example.net>, 2821.Mail_From: <bigchief@omni128.de> |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p001 1 Content-Type: text/plain, size: 504 B, name: |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) inspect_dsn: not a bounce |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking for banned types and filenames |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0) |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc" |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T145223-19056/parts/p002 |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n to UNIX socket /var/run/clamav/clamd.sock |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd): CLEAN |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd) result: clean |
| | Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) wbl: soft-blacklisted (3) sender <sender@example.net> => <django@nausch.org>, recip_key="." |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000] |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) blocking contents category is (6) for django@nausch.org |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth= |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=1001.07+3 tag=2 tag2=6.31 kill=6.31 tests=[AM:BOOST=3, ALL_TRUSTED=-1, DATE_IN_PAST_96_XX=2.07, GTUBE=1000] autolearn=no |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) DSN: sender is credible (orig), SA: 1001.070, <bigchief@omni128.de> |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, Message-ID: <GTUBE1.1010101@example.net>, mail_id: juTHROjwPrnV, Hits: 1004.07, size: 993, 26905 ms |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING-SA total 492 ms - parse: 3 (0.6%), extract_message_metadata: 5 (1.1%), get_uri_detail_list: 0.94 (0.2%), tests_pri_-1000: 8 (1.7%), tests_pri_-950: 3 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.35 (0.3%), tests_pri_0: 316 (64.2%), check_dkim_adsp: 204 (41.4%), check_spf: 0.56 (0.1%), check_pyzor: 0.44 (0.1%), tests_pri_500: 134 (27.2%), poll_dns_idle: 128 (26.0%), get_report: 1.88 (0.4%) |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) sending SMTP response: "554 5.7.0 Reject, id=19056-02 - SPAM" |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING [total 26909 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2179 (8%)8, SMTP DATA: 24165 (90%)98, check_init: 1 (0%)98, digest_hdr: 2 (0%)98, digest_body_dkim: 1 (0%)98, gen_mail_id: 1 (0%)98, mime_decode: 10 (0%)98, get-file-type1: 16 (0%)98, decompose_part: 2 (0%)98, parts_decode: 0 (0%)98, check_header: 2 (0%)98, AV-scan-1: 9 (0%)98, spam-wb-list: 3 (0%)98, SA parse: 5 (0%)98, SA check: 485 (2%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 3 (0%)100, main_log_entry: 7 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100 |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) load: 11 %, total idle 204.011 s, busy 25.318 s |
| | </code> |
| | |
| | In der Zeile: |
| | Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000] |
| | wird der eMail ein SPAM-Score von **1001,07** bescheinigt, der - nun sagen wir mal geringfügig - über den **6.31**, die wir in der ** /etc/amavisd.conf ** definiert hatten. Die Annahme der eMail wird also mit einem **500er**-Fehlercode verweigert. |
| | |
| | ====== Links ====== |
| | * **[[centos:mail_c6:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 6<<]]** |
| | * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]** |
| | * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]** |
| | |
| |