Installation und Konfiguration von Spamassassin
Grundlagen
SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie AMaViS ist SpamAssassin ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS.
Für die Unterscheidung zwischen HAM1) und SPAM2) bedient sich SpamAssassin unterschiedlicher Techniken:
- Abfrage von RBLs3).
- Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor.
- Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails
- Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln.
Installation
Wie üblich installieren wir die benötigten Programmpakete via YUM.
# yum install spamassassin -y
Programminfo
Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte rpm.
# rpm -qil spamassassin
Name : spamassassin Relocations: (not relocatable)
Version : 3.3.1 Vendor: CentOS
Release : 2.el6 Build Date: Mon 23 Aug 2010 04:28:38 AM CEST
Install Date: Sun 10 Jun 2012 12:35:02 PM CEST Build Host: c6b2.bsys.dev.centos.org
Group : Applications/Internet Source RPM: spamassassin-3.3.1-2.el6.src.rpm
Size : 3253352 License: ASL 2.0
Signature : RSA/8, Sun 03 Jul 2011 07:02:17 AM CEST, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : http://spamassassin.apache.org/
Summary : Spam filter for email which can be invoked from mail delivery agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
/etc/cron.d/sa-update
/etc/logrotate.d/sa-update
/etc/mail/spamassassin
/etc/mail/spamassassin/channel.d
/etc/mail/spamassassin/channel.d/sought.conf
/etc/mail/spamassassin/channel.d/spamassassin-official.conf
/etc/mail/spamassassin/init.pre
/etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/sa-update-keys
/etc/mail/spamassassin/spamassassin-default.rc
/etc/mail/spamassassin/spamassassin-helper.sh
/etc/mail/spamassassin/spamassassin-spamc.rc
/etc/mail/spamassassin/v310.pre
/etc/mail/spamassassin/v312.pre
/etc/mail/spamassassin/v320.pre
/etc/mail/spamassassin/v330.pre
/etc/portreserve/spamd
/etc/rc.d/init.d/spamassassin
/etc/sysconfig/sa-update
/etc/sysconfig/spamassassin
/usr/bin/sa-awl
/usr/bin/sa-check_spamd
/usr/bin/sa-compile
/usr/bin/sa-learn
/usr/bin/sa-update
/usr/bin/spamassassin
/usr/bin/spamc
/usr/bin/spamd
/usr/share/doc/spamassassin-3.3.1
/usr/share/doc/spamassassin-3.3.1/CREDITS
/usr/share/doc/spamassassin-3.3.1/Changes
/usr/share/doc/spamassassin-3.3.1/LICENSE
/usr/share/doc/spamassassin-3.3.1/NOTICE
/usr/share/doc/spamassassin-3.3.1/README
/usr/share/doc/spamassassin-3.3.1/README.RHEL.Fedora
/usr/share/doc/spamassassin-3.3.1/TRADEMARK
/usr/share/doc/spamassassin-3.3.1/UPGRADE
/usr/share/doc/spamassassin-3.3.1/USAGE
/usr/share/doc/spamassassin-3.3.1/sample-nonspam.txt
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
/usr/share/man/man1/sa-compile.1.gz
/usr/share/man/man1/sa-learn.1.gz
/usr/share/man/man1/sa-update.1.gz
/usr/share/man/man1/spamassassin-run.1.gz
/usr/share/man/man1/spamassassin.1.gz
/usr/share/man/man1/spamc.1.gz
/usr/share/man/man1/spamd.1.gz
/usr/share/man/man3/Mail::SpamAssassin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz
/usr/share/man/man3/spamassassin-run.3pm.gz
/usr/share/perl5/Mail
/usr/share/perl5/Mail/SpamAssassin
/usr/share/perl5/Mail/SpamAssassin.pm
/usr/share/perl5/Mail/SpamAssassin/AICache.pm
/usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm
/usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm
/usr/share/perl5/Mail/SpamAssassin/AutoWhitelist.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes
/usr/share/perl5/Mail/SpamAssassin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineChi.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore
/usr/share/perl5/Mail/SpamAssassin/BayesStore.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/BDB.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/MySQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/PgSQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SDBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Client.pm
/usr/share/perl5/Mail/SpamAssassin/Conf
/usr/share/perl5/Mail/SpamAssassin/Conf.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/LDAP.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Constants.pm
/usr/share/perl5/Mail/SpamAssassin/DBBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Dns.pm
/usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm
/usr/share/perl5/Mail/SpamAssassin/HTML.pm
/usr/share/perl5/Mail/SpamAssassin/Locales.pm
/usr/share/perl5/Mail/SpamAssassin/Locker
/usr/share/perl5/Mail/SpamAssassin/Locker.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/Flock.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/Win32.pm
/usr/share/perl5/Mail/SpamAssassin/Logger
/usr/share/perl5/Mail/SpamAssassin/Logger.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/File.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Stderr.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Syslog.pm
/usr/share/perl5/Mail/SpamAssassin/MailingList.pm
/usr/share/perl5/Mail/SpamAssassin/Message
/usr/share/perl5/Mail/SpamAssassin/Message.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Node.pm
/usr/share/perl5/Mail/SpamAssassin/NetSet.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgLearner.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm
/usr/share/perl5/Mail/SpamAssassin/PersistentAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin
/usr/share/perl5/Mail/SpamAssassin/Plugin.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ASN.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AWL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AccessDB.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AntiVirus.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Check.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DCC.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/FreeMail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTMLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Hashcash.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HeaderEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ImageInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEHeader.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/PhishTag.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayCountry.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ReplaceTags.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Reuse.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Shortcircuit.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Test.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/TextCat.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDetail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/VBounce.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WLBLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm
/usr/share/perl5/Mail/SpamAssassin/PluginHandler.pm
/usr/share/perl5/Mail/SpamAssassin/Reporter.pm
/usr/share/perl5/Mail/SpamAssassin/SQLBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/SpamdForkScaling.pm
/usr/share/perl5/Mail/SpamAssassin/SubProcBackChannel.pm
/usr/share/perl5/Mail/SpamAssassin/Timeout.pm
/usr/share/perl5/Mail/SpamAssassin/Util
/usr/share/perl5/Mail/SpamAssassin/Util.pm
/usr/share/perl5/Mail/SpamAssassin/Util/DependencyInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Util/Progress.pm
/usr/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
/usr/share/perl5/Mail/SpamAssassin/Util/ScopedTimer.pm
/usr/share/perl5/Mail/SpamAssassin/Util/TieOneStringHash.pm
/usr/share/perl5/spamassassin-run.pod
/usr/share/spamassassin
/usr/share/spamassassin/10_default_prefs.cf
/usr/share/spamassassin/20_advance_fee.cf
/usr/share/spamassassin/20_aux_tlds.cf
/usr/share/spamassassin/20_body_tests.cf
/usr/share/spamassassin/20_compensate.cf
/usr/share/spamassassin/20_dnsbl_tests.cf
/usr/share/spamassassin/20_drugs.cf
/usr/share/spamassassin/20_dynrdns.cf
/usr/share/spamassassin/20_fake_helo_tests.cf
/usr/share/spamassassin/20_freemail.cf
/usr/share/spamassassin/20_freemail_domains.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/20_imageinfo.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_net_tests.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/20_vbounce.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_accessdb.cf
/usr/share/spamassassin/25_antivirus.cf
/usr/share/spamassassin/25_asn.cf
/usr/share/spamassassin/25_dcc.cf
/usr/share/spamassassin/25_dkim.cf
/usr/share/spamassassin/25_hashcash.cf
/usr/share/spamassassin/25_pyzor.cf
/usr/share/spamassassin/25_razor2.cf
/usr/share/spamassassin/25_replace.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/25_textcat.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/30_text_it.cf
/usr/share/spamassassin/30_text_nl.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_pt_br.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/60_adsp_override_dkim.cf
/usr/share/spamassassin/60_awl.cf
/usr/share/spamassassin/60_shortcircuit.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/60_whitelist_dkim.cf
/usr/share/spamassassin/60_whitelist_spf.cf
/usr/share/spamassassin/60_whitelist_subject.cf
/usr/share/spamassassin/72_active.cf
/usr/share/spamassassin/72_scores.cf
/usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt
/usr/share/spamassassin/languages
/usr/share/spamassassin/local.cf
/usr/share/spamassassin/regression_tests.cf
/usr/share/spamassassin/sa-update-pubkey.txt
/usr/share/spamassassin/sa-update.cron
/usr/share/spamassassin/user_prefs.template
/var/lib/spamassassin
/var/run/spamassassin
Konfiguration
spamassassin
Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis /etc/mail/spamassassin/ befindet sich die Konfigurationsdatei local.cf mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können.
# vim /etc/mail/spamassassin/local.cf
- /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting # without risking lost emails. # Ab welchem Punktestand soll eine eMail als Spam betrachtet werden? required_hits 5 # Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. # Wenn report_safe 0 angegeben ist, fügt Spamassassin lediglich einige X-Spam-Header ein # und lässt die E-Mail ansonsten unverändert. report_safe 0 # Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, # zusätzlich mit dem Hinweis "**** SPAM ****" in der Betreffzeile gekennzeichnet werden sollen. rewrite_header Subject [SPAM] # Django : 2012-05-21 # Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken ( # Bayes- und Autowhitelisting) vor gleichzeitigem Zugriffen zu schützen. Wenn sichergestellt # ist, daß auf die beiden Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen # erheblich an Performance gewonnen werden, indem die Sperrmethode flock verwendet wird. lock_method flock # Django : 2009-08-19 # Headercheck-Filterliste für die Absicherung des Postfix-Mailservers Information aus einer # vorhandenen Postfixdatei /etc/postfix/header_checks übernommen, da es unter gewissen Umständen # zu Backscatter-Problemen kommen könnte (Stand. 10-07-2009 AMaViS Version # amavisd-new-2.5.4-1.el5.rf.src.rpm Version 0.02 / 2009-08-19 # # /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren # # Header-Checks "From" (Nummerierung 1000 ...) # header HEADER_FROM_CHECKS_NR_1001 From =~ /^.*Euro Dice Casino/im score HEADER_FROM_CHECKS_NR_1001 20 tflags HEADER_FROM_CHECKS_NR_1001 noautolearn # Header-Checks "From" (Nummerierung 1000 ...) header HEADER_FROM_CHECKS_NR1002 From =~ /^.*ic-drei.de/im score HEADER_FROM_CHECKS_NR1002 20 tflags HEADER_FROM_CHECKS_NR1002 noautolearn header HEADER_FROM_CHECKS_NR1001 From =~ /^.*Lottery/im score HEADER_FROM_CHECKS_NR1001 20 tflags HEADER_FROM_CHECKS_NR1001 noautolearn
amavisd
Da wir weder SPAM, noch Viren noch unerwünschte Dateianhänge annehmen, noch speichern (wir haben die eMail ja gar nicht angenommen und mit einem 250er bestätigt und dem Endnutzer zustellen können, tragen wir in der Konfigurstionsdatei unseres AMaViS-Servers folgende Zeilen ein.
# vim /etc/amavisd.conf
... # Django : 2012-05-21 # default: $sa_tag2_level_deflt = 6.2; $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level # Django : 2012-05-21 # default: $sa_kill_level_deflt = 6.9; $sa_kill_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) ... ... # Django : 2012-05-21 # default: unset $final_virus_destiny = D_REJECT; # Django : 2012-05-21 # default: unset $final_banned_destiny = D_REJECT; # Django : 2012-05-21 # default: unset $final_spam_destiny = D_REJECT; # $final_bad_header_destiny = D_PASS; # $bad_header_quarantine_method = undef; # Django : 2012-05-21 # default: unset $virus_quarantine_to = undef; # Django : 2012-05-21 # default: unset $banned_quarantine_to = undef; # Django : 2012-05-21 # default: unset $spam_quarantine_to = undef; ...
Zum Aktivieren der Änderungen starten wir den Daemon einmal durch.
# service amavisd restart
Shutting down Mail Virus Scanner (amavisd): [ OK ] Starting Mail Virus Scanner (amavisd): [ OK ]
Programmstart
erster Systemstart
Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.
# service spamassassin start
Starting spamd: [ OK ]
Im Maillog wird der Start des Daemon entsprechend protokolliert.
# less /var/log/maillog
Jun 10 22:44:30 vml000060 spamd[14620]: logger: removing stderr method Jun 10 22:44:34 vml000060 spamd[14625]: rules: meta test FROM_41_FREEMAIL has dependency 'NSL_RCVD_FROM_41' with a zero score Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server started on port 783/tcp (running version 3.3.1) Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server pid: 14625 Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14636 Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned child process, pid 14638 Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: IS Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: II
Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht:
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME spamd 14625 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN) spamd 14636 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN) spamd 14638 root 5u IPv4 59884 0t0 TCP localhost:783 (LISTEN)
Eine ähnliche Abfrage kann man natürlich auch mit Hilfe von netstat -tulpen erreichen.
# netstat -tulpen | grep spam
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 59884 14625/spamd.pid
automatisches Starten des Dienste beim Systemstart
Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
# chkconfig spamassassin on
Anschließend überprüfen wir noch unsere Änderung:
# chkconfig --list | grep spamassassin
spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Tests
HAM
Als erstes schicken wir eine Testnachricht via telnet an einen User.
$ telnet localhost 25
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mx1.nausch.org ESMTP Postfix helo vml00080.dmz.nausch.org 250 mx1.nausch.org mail from:<bigchief@omni128.de> 250 2.1.0 Ok rcpt to:<django@nausch.org> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: <bigchief@omni128.de> To: <django@nausch.org> Date: 2012-06-11 13:45 Subject: Testnachricht Test . 250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153 quit 221 2.0.0 Bye Connection closed by foreign host.
Im Maillog des Postfix-servers wir die erfolgreiche Annahme der Nachricht entsprechend quittiert.
# less /var/log/maillog
Jun 11 14:09:22 vml000080 postfix/smtpd[26920]: connect from localhost[127.0.0.1] Jun 11 14:09:37 vml000080 postfix/smtpd[26920]: NOQUEUE: client=localhost[127.0.0.1] Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: connect from vml000060.dmz.nausch.org[10.0.0.60] Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: 4709153: client=localhost[127.0.0.1] Jun 11 14:09:52 vml000080 postfix/cleanup[26923]: 4709153: message-id=<20120611120952.4709153@mx1.nausch.org> Jun 11 14:09:52 vml000080 postfix/qmgr[24754]: 4709153: from=<bigchief@omni128.de>, size=777, nrcpt=1 (queue active) Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: disconnect from vml000060.dmz.nausch.org[10.0.0.60]
Im Maillog auf unserem AMaVis-Host sind die Ausgaben im Moment, dank des loglevel = 3, doch recht aussagekräftig.
# less /var/log/maillog
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-01) process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-02) loaded policy bank "MYNETS"
Jun 11 14:09:39 vml000060 amavis[18855]: (18855-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T135937-18855: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:09:37 +0200 (CEST)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4, state: 1
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache, dt: 578.4 -> disabling
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) body hash: 2205e48de5f93c784733ffcca841d2b5
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking: 8GFFkUKKobVo MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) 2822.From: <bigchief@omni128.de>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Cached virus check expired, TTL = 180 s
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) cached 2205e48de5f93c784733ffcca841d2b5 from <bigchief@omni128.de> (0,0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p001 1 Content-Type: text/plain, size: 5 B, name:
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) inspect_dsn: not a bounce
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking for banned types and filenames
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x20db1a0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T135937-18855/parts/p002
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd): CLEAN
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd) result: clean
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) spam_scan: score=-0.427 autolearn=no tests=[ALL_TRUSTED=-1,INVALID_DATE=0.432,MISSING_MID=0.14,TVD_SPACE_RATIO=0.001]
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) do_notify_and_quar: ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp session reuse, 1 transactions so far
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> NOOP
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to NOOP (idle 593.5 s): 421 4.4.2 mx1.nausch.org Error: timeout exceeded
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp creating socket by IO::Socket::INET6 to [mail.dmz.nausch.org]:10025
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to greeting: 220 mx1.nausch.org ESMTP Postfix
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> EHLO localhost
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to EHLO: 250 mx1.nausch.org\nPIPELINING\nSIZE 52428800\nETRN\nSTARTTLS\nXFORWARD NAME ADDR PROTO HELO SOURCE PORT\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> XFORWARD ADDR=127.0.0.1 NAME=localhost PORT=42232 PROTO=SMTP HELO=vml00080.dmz.nausch.org SOURCE=LOCAL
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to XFORWARD: 250 2.0.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) AUTH not needed, user='', MTA offers ''
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> MAIL FROM:<bigchief@omni128.de> BODY=7BIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> RCPT TO:<django@nausch.org>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> DATA
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to MAIL (pip): 250 2.1.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to RCPT (pip) (<django@nausch.org>): 250 2.1.5 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> QUIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to data-dot (<django@nausch.org>): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) FWD via SMTP: <bigchief@omni128.de> -> <django@nausch.org>,BODY=7BIT 250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) DSN: sender is credible (orig), SA: -0.427, <bigchief@omni128.de>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: 8GFFkUKKobVo, Hits: -0.427, size: 280, queued_as: 4709153, 15120 ms
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING-SA total 435 ms - parse: 2 (0.6%), extract_message_metadata: 308 (70.9%), poll_dns_idle: 291 (67.0%), get_uri_detail_list: 0.43 (0.1%), tests_pri_-1000: 7 (1.7%), tests_pri_-950: 2 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.23 (0.3%), tests_pri_0: 89 (20.6%), check_dkim_adsp: 13 (3.0%), check_spf: 0.48 (0.1%), check_pyzor: 0.42 (0.1%), tests_pri_500: 5 (1.1%), get_report: 1.09 (0.3%)
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) sending SMTP response: "250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153"
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING [total 15125 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2718 (18%)18, SMTP DATA: 11840 (78%)96, check_init: 1 (0%)96, digest_hdr: 1 (0%)96, digest_body_dkim: 1 (0%)96, gen_mail_id: 1 (0%)96, mime_decode: 10 (0%)96, get-file-type1: 15 (0%)96, decompose_part: 1 (0%)96, parts_decode: 0 (0%)96, check_header: 2 (0%)96, AV-scan-1: 8 (0%)97, spam-wb-list: 2 (0%)97, SA parse: 5 (0%)97, SA check: 429 (3%)99, update_cache: 6 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-connect: 12 (0%)100, fwd-xforward: 1 (0%)100, fwd-mail-pip: 12 (0%)100, fwd-rcpt-pip: 0 (0%)100, fwd-data-chkpnt: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 0 (0%)100, fwd-end-chkpnt: 39 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) load: 5 %, total idle 583.913 s, busy 30.553 s
SPAM (Blacklist)
Als nächstes schicken wir nun eine Testmessage an einen unserer User, die in der Betreffzeile einen verbotenen Ausdruck beinhaltet, z.B. gevoegelt:
$ telnet localhost 25
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mx1.nausch.org ESMTP Postfix helo vml00080.dmz.nausch.org 250 mx1.nausch.org mail from:<bigchief@omni128.de> 250 2.1.0 Ok rcpt to:<django@nausch.org> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: <bigchief@omni128.de> To: <django@nausch.org> Date: 2012-06-11 13:45 Subject: Hast Du Sie heute schon gevoegelt? Spamnachricht mit verbotenem Ausdruck im Betreff. . 554 5.7.0 Reject, id=19055-01 - SPAM quit 221 2.0.0 Bye Connection closed by foreign host.
Die Testmessage wird natürlich nicht angenommen und direkt und nur einmal rejected.
554 5.7.0 Reject, id=19055-01 - SPAM
Im Maillog unseres AMaViS-Frontendsystems können wir dann den genauen Ablehnungsgrund, an Hand des übermitteltet AMaViS-Codes 19055-01 ermitteln. (Voraussetzung ist hierzu das der Loglevel in der /etc/amavisd.conf mindestens auf dem Wert 2 steht!):
Jun 11 14:27:36 vml000060 amavis[19055]: process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:27:36 vml000060 amavis[19055]: (19055-01) loaded policy bank "MYNETS"
Jun 11 14:27:38 vml000060 amavis[19055]: (19055-01) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T142736-19055: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:27:36 +0200 (CEST)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) body hash: a49713537d48347c846b5432811446b3
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking: B0eSk4whQh6x MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) 2822.From: <bigchief@omni128.de>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p001 1 Content-Type: text/plain, size: 50 B, name:
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) inspect_dsn: not a bounce
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking for banned types and filenames
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T142736-19055/parts/p002
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd): CLEAN
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd) result: clean
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) spam_scan: score=19.572 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_SUBJECT_CHECKS_NR2041=20,INVALID_DATE=0.432,MISSING_MID=0.14]
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) blocking contents category is (6) for django@nausch.org
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=19.572 tag=2 tag2=6.31 kill=6.31 tests=[ALL_TRUSTED=-1, HEADER_SUBJECT_CHECKS_NR2041=20, INVALID_DATE=0.432, MISSING_MID=0.14] autolearn=no
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) DSN: sender is credible (orig), SA: 19.572, <bigchief@omni128.de>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, mail_id: B0eSk4whQh6x, Hits: 19.572, size: 346, 16258 ms
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING-SA total 143 ms - parse: 3 (1.8%), extract_message_metadata: 5 (3.5%), get_uri_detail_list: 0.50 (0.3%), tests_pri_-1000: 10 (7.0%), tests_pri_-950: 3 (1.9%), tests_pri_-900: 1.92 (1.3%), tests_pri_-400: 1.30 (0.9%), tests_pri_0: 94 (66.1%), check_dkim_adsp: 15 (10.4%), check_spf: 0.48 (0.3%), check_pyzor: 0.34 (0.2%), tests_pri_500: 4 (2.8%), get_report: 1.44 (1.0%)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) sending SMTP response: "554 5.7.0 Reject, id=19055-01 - SPAM"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING [total 16262 ms] - SMTP greeting: 12 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir tempdir: 1 (0%)0, create email.txt: 1 (0%)0, SMTP pre-DATA-flush: 2361 (15%)15, SMTP DATA: 13667 (84%)99, check_init: 1 (0%)99, digest_hdr: 2 (0%)99, digest_body_dkim: 1 (0%)99, gen_mail_id: 2 (0%)99, mkdir parts: 2 (0%)99, mime_decode: 11 (0%)99, get-file-type1: 16 (0%)99, decompose_part: 2 (0%)99, parts_decode: 0 (0%)99, check_header: 2 (0%)99, AV-scan-1: 9 (0%)99, spam-wb-list: 2 (0%)99, SA parse: 7 (0%)99, SA check: 136 (1%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 4 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) load: 86 %, total idle 2.356 s, busy 13.912 s
Die Regel HEADER_SUBJECT_CHECKS_NR2041=20 hat also zugeschlagen - so könnten wir bei einem etwaigen FalsePositiv die Ursache einer Ablehnung ergründen.
# grep HEADER_SUBJECT_CHECKS_NR2041 /etc/mail/spamassassin/local.cf
header HEADER_SUBJECT_CHECKS_NR2041 Subject =~ /.*gevoegelt.*/im score HEADER_SUBJECT_CHECKS_NR2041 20 tflags HEADER_SUBJECT_CHECKS_NR2041 noautolearn
SPAM (GTUBE)
Im Dokumentationspfad ( /usr/share/doc/spamassassin-3.3.1 ) unserer SpamAssassin-Installation finden wird unter anderem das GTUBE Testfile.
- Generic
- Test for
- Unsolicited
- Bulk
- Email
# less /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
- /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
Subject: Test spam mail (GTUBE) Message-ID: <GTUBE1.1010101@example.net> Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender <sender@example.net> To: Recipient <recipient@example.net> Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This is the GTUBE, the Generic Test for Unsolicited Bulk Email If your spam filter supports it, the GTUBE provides a test by which you can verify that the filter is installed correctly and is detecting incoming spam. You can send yourself a test mail containing the following string of characters (in upper case and with no white spaces and line breaks): XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X You should send this test mail from an account outside of your network.
Wir verbinden uns nun auf Port 25 auf unserem Postfix-server und laden dort den Inhalt dieser Datei als eMail ab.
$ telnet mail.dmz.nausch.org 25
Trying 10.0.0.80... Connected to mail.dmz.nausch.org. Escape character is '^]'. 220 mx1.nausch.org ESMTP Postfix helo vml00080.dmz.nausch.org 250 mx1.nausch.org mail from:<bigchief@omni128.de> 250 2.1.0 Ok rcpt to:<django@nausch.org> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Subject: Test spam mail (GTUBE) Message-ID: <GTUBE1.1010101@example.net> Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender <sender@example.net> To: Recipient <recipient@example.net> Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This is the GTUBE, the Generic Test for Unsolicited Bulk Email If your spam filter supports it, the GTUBE provides a test by which you can verify that the filter is installed correctly and is detecting incoming spam. You can send yourself a test mail containing the following string of characters (in upper case and with no white spaces and line breaks): XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X You should send this test mail from an account outside of your network. . 554 5.7.0 Reject, id=19056-02 - SPAM quit 221 2.0.0 Bye Connection closed by foreign host.
Im Maillog unseres AMaViS-Servers finden wir nun wiederum einen Hinweis. warum die Nachricht mit dem Fehlercode 554 5.7.0 Reject, id=19056-02 - SPAM abgewiesen wurde.
# less /var/log/maillog
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-01) process_request: fileno sock=11, STDIN=0, STDOUT=1
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-02) loaded policy bank "MYNETS"
Jun 11 14:55:47 vml000060 amavis[19056]: (19056-02) ESMTP:[10.0.0.60]:10024 /var/amavis/tmp/amavis-20120611T145223-19056: <bigchief@omni128.de> -> <django@nausch.org> Received: from mx1.nausch.org ([10.0.0.80]) by localhost (amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for <django@nausch.org>; Mon, 11 Jun 2012 14:55:45 +0200 (CEST)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8, state: 1
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache, dt: 201.8 -> disabling
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) body hash: a2740fd1baff60a1aa0bfb88a79036d6
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking: juTHROjwPrnV MYNETS [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) 2822.From: <sender@example.net>, 2821.Mail_From: <bigchief@omni128.de>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p001 1 Content-Type: text/plain, size: 504 B, name:
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) inspect_dsn: not a bounce
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking for banned types and filenames
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) collect banned table[0]: django@nausch.org, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p.path django@nausch.org: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) presenting full original message to scanners as /var/amavis/tmp/amavis-20120611T145223-19056/parts/p002
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Connecting to socket /var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Sending CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n to UNIX socket /var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd): CLEAN
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd) result: clean
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) wbl: soft-blacklisted (3) sender <sender@example.net> => <django@nausch.org>, recip_key="."
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) blocking contents category is (6) for django@nausch.org
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) SPAM, <bigchief@omni128.de> -> <django@nausch.org>, Yes, score=1001.07+3 tag=2 tag2=6.31 kill=6.31 tests=[AM:BOOST=3, ALL_TRUSTED=-1, DATE_IN_PAST_96_XX=2.07, GTUBE=1000] autolearn=no
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) DSN: sender is credible (orig), SA: 1001.070, <bigchief@omni128.de>
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <bigchief@omni128.de> -> <django@nausch.org>, Message-ID: <GTUBE1.1010101@example.net>, mail_id: juTHROjwPrnV, Hits: 1004.07, size: 993, 26905 ms
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING-SA total 492 ms - parse: 3 (0.6%), extract_message_metadata: 5 (1.1%), get_uri_detail_list: 0.94 (0.2%), tests_pri_-1000: 8 (1.7%), tests_pri_-950: 3 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.35 (0.3%), tests_pri_0: 316 (64.2%), check_dkim_adsp: 204 (41.4%), check_spf: 0.56 (0.1%), check_pyzor: 0.44 (0.1%), tests_pri_500: 134 (27.2%), poll_dns_idle: 128 (26.0%), get_report: 1.88 (0.4%)
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) sending SMTP response: "554 5.7.0 Reject, id=19056-02 - SPAM"
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING [total 26909 ms] - SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2179 (8%)8, SMTP DATA: 24165 (90%)98, check_init: 1 (0%)98, digest_hdr: 2 (0%)98, digest_body_dkim: 1 (0%)98, gen_mail_id: 1 (0%)98, mime_decode: 10 (0%)98, get-file-type1: 16 (0%)98, decompose_part: 2 (0%)98, parts_decode: 0 (0%)98, check_header: 2 (0%)98, AV-scan-1: 9 (0%)98, spam-wb-list: 3 (0%)98, SA parse: 5 (0%)98, SA check: 485 (2%)100, update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 3 (0%)100, main_log_entry: 7 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1 (0%)100
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) load: 11 %, total idle 204.011 s, busy 25.318 s
In der Zeile:
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07 autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]
wird der eMail ein SPAM-Score von 1001,07 bescheinigt, der - nun sagen wir mal geringfügig - über den 6.31, die wir in der /etc/amavisd.conf definiert hatten. Die Annahme der eMail wird also mit einem 500er-Fehlercode verweigert.