| Vorhergehende Überarbeitung |
| — | centos:mail_c7:spam_8 [22.07.2019 15:01. ] (aktuell) – Externe Bearbeitung 127.0.0.1 |
|---|
| | ====== Spamassassin für AMaViS unter CentOS 7.x ====== |
| | {{:centos:mail_c7:spamassassin-logobar.png?nolink&400 |Bild: Logo Apache Spamassassin}} |
| | ===== Grundlagen ===== |
| | **[[http://spamassassin.apache.org/|SpamAssassin]]** ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie **[[centos:mail_c7:spam_6|AMaViS]]** ist **SpamAssassin** ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS. |
| | |
| | {{page>centos:mail_c7:amavis&nofooter}} |
| | |
| | Für die Unterscheidung zwischen **HAM**((erwünschten Nachrichten)) und **SPAM**((unerwünschten Nachrichten)) bedient sich SpamAssassin unterschiedlicher Techniken: |
| | * Abfrage von **RBLs**((**R**eal **B**lackhole **L**ists)). |
| | * Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor. |
| | * Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails |
| | * Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln. |
| | |
| | ===== Installation ===== |
| | Wie üblich installieren wir die benötigten Programmpakete via **YUM**, falls das Paket nicht gleich bei der Installation von [[centos:mail_c7:spam_6?&#amavisd|AMaViS]] mitinstalliert wurde. |
| | # yum install spamassassin -y |
| | |
| | ===== Programminfo ===== |
| | Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte **rpm**. |
| | # rpm -qil spamassassin |
| | <code>Name : spamassassin |
| | Version : 3.3.2 |
| | Release : 18.el7 |
| | Architecture: x86_64 |
| | Install Date: Fri 14 Nov 2014 02:10:06 PM CET |
| | Group : Applications/Internet |
| | Size : 3332061 |
| | License : ASL 2.0 |
| | Signature : RSA/SHA256, Fri 04 Jul 2014 07:03:21 AM CEST, Key ID 24c6a8a7f4a80eb5 |
| | Source RPM : spamassassin-3.3.2-18.el7.src.rpm |
| | Build Date : Tue 10 Jun 2014 07:31:27 AM CEST |
| | Build Host : worker1.bsys.centos.org |
| | Relocations : (not relocatable) |
| | Packager : CentOS BuildSystem <http://bugs.centos.org> |
| | Vendor : CentOS |
| | URL : http://spamassassin.apache.org/ |
| | Summary : Spam filter for email which can be invoked from mail delivery agents |
| | Description : |
| | SpamAssassin provides you with a way to reduce if not completely eliminate |
| | Unsolicited Commercial Email (SPAM) from your incoming email. It can |
| | be invoked by a MDA such as sendmail or postfix, or can be called from |
| | a procmail script, .forward file, etc. It uses a genetic-algorithm |
| | evolved scoring system to identify messages which look spammy, then |
| | adds headers to the message so they can be filtered by the user's mail |
| | reading software. This distribution includes the spamd/spamc components |
| | which create a server that considerably speeds processing of mail. |
| | |
| | To enable spamassassin, if you are receiving mail locally, simply add |
| | this line to your ~/.procmailrc: |
| | INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc |
| | |
| | To filter spam for all users, add that line to /etc/procmailrc |
| | (creating if necessary). |
| | /etc/cron.d/sa-update |
| | /etc/logrotate.d/sa-update |
| | /etc/mail |
| | /etc/mail/spamassassin |
| | /etc/mail/spamassassin/channel.d |
| | /etc/mail/spamassassin/channel.d/sought.conf |
| | /etc/mail/spamassassin/channel.d/spamassassin-official.conf |
| | /etc/mail/spamassassin/init.pre |
| | /etc/mail/spamassassin/local.cf |
| | /etc/mail/spamassassin/sa-update-keys |
| | /etc/mail/spamassassin/spamassassin-default.rc |
| | /etc/mail/spamassassin/spamassassin-helper.sh |
| | /etc/mail/spamassassin/spamassassin-spamc.rc |
| | /etc/mail/spamassassin/v310.pre |
| | /etc/mail/spamassassin/v312.pre |
| | /etc/mail/spamassassin/v320.pre |
| | /etc/mail/spamassassin/v330.pre |
| | /etc/portreserve/spamd |
| | /etc/sysconfig/sa-update |
| | /etc/sysconfig/spamassassin |
| | /usr/bin/sa-awl |
| | /usr/bin/sa-check_spamd |
| | /usr/bin/sa-compile |
| | /usr/bin/sa-learn |
| | /usr/bin/sa-update |
| | /usr/bin/spamassassin |
| | /usr/bin/spamc |
| | /usr/bin/spamd |
| | /usr/lib/systemd/system/spamassassin.service |
| | /usr/share/doc/spamassassin-3.3.2 |
| | /usr/share/doc/spamassassin-3.3.2/CREDITS |
| | /usr/share/doc/spamassassin-3.3.2/Changes |
| | /usr/share/doc/spamassassin-3.3.2/LICENSE |
| | /usr/share/doc/spamassassin-3.3.2/NOTICE |
| | /usr/share/doc/spamassassin-3.3.2/README |
| | /usr/share/doc/spamassassin-3.3.2/README.RHEL.Fedora |
| | /usr/share/doc/spamassassin-3.3.2/TRADEMARK |
| | /usr/share/doc/spamassassin-3.3.2/UPGRADE |
| | /usr/share/doc/spamassassin-3.3.2/USAGE |
| | /usr/share/doc/spamassassin-3.3.2/sample-nonspam.txt |
| | /usr/share/doc/spamassassin-3.3.2/sample-spam.txt |
| | /usr/share/man/man1/sa-awl.1.gz |
| | /usr/share/man/man1/sa-compile.1.gz |
| | /usr/share/man/man1/sa-learn.1.gz |
| | /usr/share/man/man1/sa-update.1.gz |
| | /usr/share/man/man1/spamassassin-run.1.gz |
| | /usr/share/man/man1/spamassassin.1.gz |
| | /usr/share/man/man1/spamc.1.gz |
| | /usr/share/man/man1/spamd.1.gz |
| | /usr/share/man/man3/Mail::SpamAssassin.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz |
| | /usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz |
| | /usr/share/man/man3/spamassassin-run.3pm.gz |
| | /usr/share/perl5/vendor_perl/Mail |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/AICache.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/ArchiveIterator.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/AsyncLoop.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/AutoWhitelist.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineChi.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/BDB.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/DBM.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/MySQL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/PgSQL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SDBM.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SQL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Client.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/LDAP.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/SQL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Constants.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/DBBasedAddrList.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locales.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Flock.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/UnixNFSSafe.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Win32.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/File.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Stderr.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Syslog.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/MailingList.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Node.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/NetSet.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgLearner.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgStatus.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/PersistentAddrList.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ASN.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AWL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AccessDB.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AntiVirus.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Bayes.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DCC.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DNSEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/FreeMail.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTMLEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Hashcash.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HeaderEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ImageInfo.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEHeader.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/PhishTag.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Pyzor.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayCountry.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ReplaceTags.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Reuse.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Rule2XSBody.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Shortcircuit.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SpamCop.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Test.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/TextCat.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDetail.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/VBounce.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WLBLEval.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WhiteListSubject.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/PluginHandler.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Reporter.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/SQLBasedAddrList.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/SpamdForkScaling.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/SubProcBackChannel.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Timeout.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/DependencyInfo.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/Progress.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/RegistrarBoundaries.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/ScopedTimer.pm |
| | /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/TieOneStringHash.pm |
| | /usr/share/perl5/vendor_perl/spamassassin-run.pod |
| | /usr/share/spamassassin |
| | /usr/share/spamassassin/10_default_prefs.cf |
| | /usr/share/spamassassin/20_advance_fee.cf |
| | /usr/share/spamassassin/20_aux_tlds.cf |
| | /usr/share/spamassassin/20_body_tests.cf |
| | /usr/share/spamassassin/20_compensate.cf |
| | /usr/share/spamassassin/20_dnsbl_tests.cf |
| | /usr/share/spamassassin/20_drugs.cf |
| | /usr/share/spamassassin/20_dynrdns.cf |
| | /usr/share/spamassassin/20_fake_helo_tests.cf |
| | /usr/share/spamassassin/20_freemail.cf |
| | /usr/share/spamassassin/20_freemail_domains.cf |
| | /usr/share/spamassassin/20_head_tests.cf |
| | /usr/share/spamassassin/20_html_tests.cf |
| | /usr/share/spamassassin/20_imageinfo.cf |
| | /usr/share/spamassassin/20_meta_tests.cf |
| | /usr/share/spamassassin/20_net_tests.cf |
| | /usr/share/spamassassin/20_phrases.cf |
| | /usr/share/spamassassin/20_porn.cf |
| | /usr/share/spamassassin/20_ratware.cf |
| | /usr/share/spamassassin/20_uri_tests.cf |
| | /usr/share/spamassassin/20_vbounce.cf |
| | /usr/share/spamassassin/23_bayes.cf |
| | /usr/share/spamassassin/25_accessdb.cf |
| | /usr/share/spamassassin/25_antivirus.cf |
| | /usr/share/spamassassin/25_asn.cf |
| | /usr/share/spamassassin/25_dcc.cf |
| | /usr/share/spamassassin/25_dkim.cf |
| | /usr/share/spamassassin/25_hashcash.cf |
| | /usr/share/spamassassin/25_pyzor.cf |
| | /usr/share/spamassassin/25_razor2.cf |
| | /usr/share/spamassassin/25_replace.cf |
| | /usr/share/spamassassin/25_spf.cf |
| | /usr/share/spamassassin/25_textcat.cf |
| | /usr/share/spamassassin/25_uribl.cf |
| | /usr/share/spamassassin/30_text_de.cf |
| | /usr/share/spamassassin/30_text_fr.cf |
| | /usr/share/spamassassin/30_text_it.cf |
| | /usr/share/spamassassin/30_text_nl.cf |
| | /usr/share/spamassassin/30_text_pl.cf |
| | /usr/share/spamassassin/30_text_pt_br.cf |
| | /usr/share/spamassassin/50_scores.cf |
| | /usr/share/spamassassin/60_adsp_override_dkim.cf |
| | /usr/share/spamassassin/60_awl.cf |
| | /usr/share/spamassassin/60_shortcircuit.cf |
| | /usr/share/spamassassin/60_whitelist.cf |
| | /usr/share/spamassassin/60_whitelist_dkim.cf |
| | /usr/share/spamassassin/60_whitelist_spf.cf |
| | /usr/share/spamassassin/60_whitelist_subject.cf |
| | /usr/share/spamassassin/72_active.cf |
| | /usr/share/spamassassin/72_scores.cf |
| | /usr/share/spamassassin/73_sandbox_manual_scores.cf |
| | /usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt |
| | /usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt |
| | /usr/share/spamassassin/languages |
| | /usr/share/spamassassin/local.cf |
| | /usr/share/spamassassin/regression_tests.cf |
| | /usr/share/spamassassin/sa-update-pubkey.txt |
| | /usr/share/spamassassin/sa-update.cron |
| | /usr/share/spamassassin/user_prefs.template |
| | /var/lib/spamassassin |
| | /var/run/spamassassin |
| | </code> |
| | |
| | ===== Konfiguration ===== |
| | ==== spamassassin ==== |
| | Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis //**/etc/mail/spamassassin/**// befindet sich die Konfigurationsdatei **local.cf** mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können. |
| | # vim /etc/mail/spamassassin/local.cf |
| | |
| | <file bash /etc/mail/spamassassin/local.cf> These values can be overridden by editing ~/.spamassassin/user_prefs.cf |
| | # (see spamassassin(1) for details) |
| | |
| | # These should be safe assumptions and allow for simple visual sifting |
| | # without risking lost emails. |
| | |
| | # Ab welchem Punktestand soll eine eMail als Spam betrachtet werden? |
| | required_hits 5 |
| | |
| | # Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. Sofern |
| | # report_safe 0 definiert wurde, fügt Spamassassin lediglich einige X-Spam-Header ein und lässt die |
| | # E-Mail ansonsten unverändert. |
| | report_safe 0 |
| | |
| | # Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, zusätzlich |
| | # mit dem Hinweis "[SPAM]" in der Betreffzeile gekennzeichnet werden sollen. |
| | rewrite_header Subject [SPAM] |
| | |
| | # Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken (Bayes- und |
| | # Autowhitelisting) vor gleichzeitigen Zugriffen zu schützen. Wenn sichergestellt ist, daß auf die beiden |
| | # Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen erheblich an Performance |
| | # gewonnen werden, indem die Sperrmethode flock verwendet wird. |
| | lock_method flock |
| | |
| | # lokale Headerchecks |
| | # Änderungen werden aufsteigend eingetragen, d.h. die neuesten Einträge sind *immer* oben zu finden! |
| | # /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten |
| | # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren |
| | |
| | # Header-Checks basierend auf IP-Adressen im Mailheader (Nummerierung 1000 - 1999): |
| | |
| | # whitelisting |
| | header HEADER_RECEIVED_CHECKS_NR_1001 Received =~ /^.*198.51.100/im |
| | score HEADER_RECEIVED_CHECKS_NR_1001 -5 |
| | tflags HEADER_RECEIVED_CHECKS_NR_1001 noautolearn |
| | |
| | # blacklisting |
| | header HEADER_RECEIVED_CHECKS_NR_1000 Received =~ /^.*203.0.113/im |
| | score HEADER_RECEIVED_CHECKS_NR_1000 20 |
| | tflags HEADER_RECEIVED_CHECKS_NR_1000 noautolearn |
| | |
| | |
| | # Header-Checks basierend auf "From" im Mailheader (Nummerierung 2000 - 2999): |
| | |
| | header HEADER_FROM_CHECKS_NR_2004 From =~ /^.*bild-nachrichten.net/im |
| | score HEADER_FROM_CHECKS_NR_2004 20 |
| | tflags HEADER_FROM_CHECKS_NR_2004 noautolearn |
| | |
| | header HEADER_FROM_CHECKS_NR_2003 From =~ /^Gold Ring Support.*/im |
| | score HEADER_FROM_CHECKS_NR_2003 20 |
| | tflags HEADER_FROM_CHECKS_NR_2003 noautolearn |
| | |
| | header HEADER_FROM_CHECKS_NR_2002 From =~ /^.*Ruby.*/im |
| | score HEADER_FROM_CHECKS_NR_2002 20 |
| | tflags HEADER_FROM_CHECKS_NR_2002 noautolearn |
| | |
| | header HEADER_FROM_CHECKS_NR_2001 From =~ /^.*Euro Dice Casino/im |
| | score HEADER_FROM_CHECKS_NR_2001 20 |
| | tflags HEADER_FROM_CHECKS_NR_2001 noautolearn |
| | |
| | header HEADER_FROM_CHECKS_NR_2000 From =~ /^.*belohnungs-abteilung/im |
| | score HEADER_FROM_CHECKS_NR_2000 20 |
| | tflags HEADER_FROM_CHECKS_NR_2000 noautolearn |
| | |
| | |
| | # Header-Checks basierend auf "Subject" im Mailheader (Nummerierung 3000 - 3999): |
| | |
| | header HEADER_SUBJECT_CHECKS_NR_3002 Subject =~ /.*Risk.net.*/im |
| | score HEADER_SUBJECT_CHECKS_NR_3002 20 |
| | tflags HEADER_SUBJECT_CHECKS_NR_3002 noautolearn |
| | |
| | header HEADER_SUBJECT_CHECKS_NR_3001 Subject =~ /.*Ruby Palace.*/im |
| | score HEADER_SUBJECT_CHECKS_NR_3001 20 |
| | tflags HEADER_SUBJECT_CHECKS_NR_3001 noautolearn |
| | |
| | # Header-Checks basierend auf "X-Mailer" im Mailheader (Nummerierung 4000 - 4999): |
| | |
| | header HEADER_XMAILER_CHECKS_NR_4000 X-Mailer =~ /.*\b(E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|SEKOFOXM|Blat.v3.1.1)\b/im |
| | score HEADER_XMAILER_CHECKS_NR_4000 20 |
| | tflags HEADER_XMAILER_CHECKS_NR_4000 noautolearn |
| | </file> |
| | |
| | ==== amavisd ==== |
| | Zur Konfiguration von **AMaViS** haben wir bei der zugehörigen Konfigurationsdatei //**/etc/amavisd/amavisd.conf**// bei der Installation und [[|Konfiguration]] von AMaViS bereits die Section **SPAM POLICY** angelegt. |
| | # vim /etc/amavisd/amavisd.conf |
| | |
| | <code perl>################################################################################ |
| | ## SPAM POLICY |
| | # |
| | |
| | # Check aktivieren? |
| | # @bypass_spam_checks_maps = (1); |
| | |
| | # In Quarantäne? |
| | $spam_quarantine_to = undef; |
| | |
| | # Admin benachrichtigen? |
| | $spam_admin = undef; |
| | |
| | # Recipient-Adresse bei Release erweitern? |
| | @addr_extension_spam_maps = ('spam'); |
| | |
| | # E-Mail bei Release wrappen? |
| | $defang_spam = undef; |
| | |
| | # Wollen wir Content transportieren? |
| | $final_spam_destiny = D_REJECT; |
| | |
| | # add spam info headers if at, or above that level |
| | $sa_tag_level_deflt = -1000.0; |
| | # add 'spam detected' headers at that level |
| | $sa_tag2_level_deflt = 6.31; |
| | # triggers spam evasive actions (e.g. blocks mail) |
| | $sa_kill_level_deflt = 6.31; |
| | # spam level beyond which a DSN is not sent |
| | $sa_dsn_cutoff_level = 10; |
| | # likewise, but for a likely valid From |
| | $sa_crediblefrom_dsn_cutoff_level = 18; |
| | # spam level beyond which quarantine is off |
| | # $sa_quarantine_cutoff_level = 25; |
| | |
| | # (no effect without a @storage_sql_dsn database) |
| | $penpals_bonus_score = 8; |
| | # don't waste time on hi spam |
| | $penpals_threshold_high = $sa_kill_level_deflt; |
| | # spam score points to add for joe-jobbed bounces |
| | $bounce_killer_score = 100; |
| | # don't waste time on SA if mail is larger |
| | $sa_mail_body_size_limit = 400*1024; |
| | # only tests which do not require internet access? |
| | $sa_local_tests_only = 0; |
| | |
| | $sa_spam_subject_tag = '***Spam*** '; |
| | </code> |
| | |
| | Somit müssen wir auf Seiten von AMaViS keine zusätzlichen Einstellungen vornehmen. |
| | |
| | ===== Programmstart ===== |
| | ==== erster Systemstart ==== |
| | Nun können wir unseren Anti-SMAP-Daemon das erste mal starten. |
| | # systemctl start spamassassin |
| | |
| | Den Status des Daemon fragen wir bei Bedarf wie folgt ab. |
| | # systemctl status spamassassin |
| | |
| | <code>spamassassin.service - Spamassassin daemon |
| | Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; disabled) |
| | Active: active (running) since Wed 2014-11-19 18:52:53 CET; 2s ago |
| | Process: 12346 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid $SPAMDOPTIONS (code=exited, status=0/SUCCESS) |
| | Process: 12345 ExecStartPre=/sbin/portrelease spamd (code=exited, status=0/SUCCESS) |
| | Main PID: 12350 (/usr/bin/spamd ) |
| | CGroup: /system.slice/spamassassin.service |
| | ├─12350 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H |
| | ├─12351 spamd child |
| | └─12352 spamd child |
| | |
| | Nov 19 18:52:46 vml000067.dmz.nausch.org systemd[1]: Starting Spamassassin daemon... |
| | Nov 19 18:52:46 vml000067.dmz.nausch.org spamd[12346]: logger: removing stderr method |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2) |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server pid: 12350 |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12351 |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12352 |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org systemd[1]: Started Spamassassin daemon. |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: IS |
| | Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: II |
| | </code> |
| | |
| | Im Maillog wird der Start des Daemon entsprechend protokolliert. |
| | |
| | # less /var/log/maillog |
| | <code>Nov 19 18:52:32 vml000067 spamd[11411]: spamd: server killed by SIGTERM, shutting down |
| | Nov 19 18:52:46 vml000067 spamd[12346]: logger: removing stderr method |
| | Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2) |
| | Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server pid: 12350 |
| | Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12351 |
| | Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12352 |
| | Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: IS |
| | Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: II |
| | </code> |
| | |
| | In der Prozessübersicht finden wir dazu dann auch entsprechend folgene Prozesse. |
| | # ps auxwww | grep spam |
| | <code>root 12350 0.3 3.3 283472 64072 ? Ss 18:52 0:02 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H |
| | root 12351 0.0 3.2 283472 61148 ? S 18:52 0:00 spamd child |
| | root 12352 0.0 3.2 283472 61152 ? S 18:52 0:00 spamd child</code> |
| | |
| | Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht: |
| | # lsof -i :783 |
| | <code>COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME |
| | /usr/bin/ 12350 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN) |
| | spamd 12351 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN) |
| | spamd 12352 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN)</code> |
| | |
| | Das gleiche können wir natürlich auch via **netstat** abrufen. |
| | # netstat -tulpen | grep spamd |
| | |
| | tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 122819 12350/spamd.pid -d |
| | |
| | ==== automatisches Starten des Dienste beim Systemstart ==== |
| | Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor. |
| | # systemctl enable spamassassin |
| | |
| | ln -s '/usr/lib/systemd/system/spamassassin.service' '/etc/systemd/system/multi-user.target.wants/spamassassin.service' |
| | |
| | Wollen wir überprüfen ob der Dienst automatisch startet, verwenden wir folgenden Aufruf. |
| | # systemctl is-enabled spamassassin |
| | |
| | enabled |
| | |
| | Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet. |
| | |
| | ===== Tests ===== |
| | Haben wir die Konfiguration unseres **[[centos:mail_c7:spam_6|AMaViS]]** fertiggestellt, können wir uns auch daransetzen unsere **[[centos:mail_c7:spam_6?&#programmstart|Spamassassin]]**-Installation zu überprüfen. |
| | |
| | ==== HAM ==== |
| | Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. |
| | # swaks --to django@nausch.org --from michael@nausch.org --header-X-Test "test email" --server 10.0.0.87 |
| | <code>=== Trying 10.0.0.87:25... |
| | === Connected to 10.0.0.87. |
| | <- 220 mx01.nausch.org ESMTP Postfix |
| | -> EHLO vml000087.dmz.nausch.org |
| | <- 250-mx01.nausch.org |
| | <- 250-PIPELINING |
| | <- 250-SIZE 52428800 |
| | <- 250-ETRN |
| | <- 250-STARTTLS |
| | <- 250-ENHANCEDSTATUSCODES |
| | <- 250-8BITMIME |
| | <- 250 DSN |
| | -> MAIL FROM:<michael@nausch.org> |
| | <- 250 2.1.0 Ok |
| | -> RCPT TO:<django@nausch.org> |
| | <- 250 2.1.5 Ok |
| | -> DATA |
| | <- 354 End data with <CR><LF>.<CR><LF> |
| | -> Date: Wed, 19 Nov 2014 19:17:33 +0100 |
| | -> To: django@nausch.org |
| | -> From: michael@nausch.org |
| | -> Subject: test Wed, 19 Nov 2014 19:17:33 +0100 |
| | -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ |
| | -> X-Test: test email |
| | -> |
| | -> This is a test mailing |
| | -> |
| | -> . |
| | <- 250 2.0.0 Ok: queued as C24B9C00088 |
| | -> QUIT |
| | <- 221 2.0.0 Bye |
| | === Connection closed with remote host. |
| | </code> |
| | |
| | Im Maillog des **MTA**((**M**ail **T**ransport **A**gent)) finden wir die einträge der erfolgreichen Zustellung. |
| | # less /var/log/maillog |
| | |
| | <code>Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: connect from vml000087.dmz.nausch.org[10.0.0.87] |
| | Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: C24B9C00088: client=vml000087.dmz.nausch.org[10.0.0.87] |
| | Nov 19 19:17:34 vml000087 postfix/cleanup[10470]: C24B9C00088: message-id=<20141119181734.C24B9C00088@mx01.nausch.org> |
| | Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: from=<michael@nausch.org>, size=535, nrcpt=1 (queue active) |
| | Nov 19 19:17:36 vml000087 postfix/smtpd[10464]: disconnect from vml000087.dmz.nausch.org[10.0.0.87] |
| | Nov 19 19:17:36 vml000087 postfix/lmtp[10471]: C24B9C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=2.9, delays=2.7/0.02/0.03/0.13, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> 6jMkM8DebFTdFwAArK2B9Q Saved) |
| | Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: removed |
| | </code> |
| | |
| | Auf Seiten unseres **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Hosts wird die Prüfung im Maillog dokumentiert. |
| | # less /var/log/maillog |
| | <code>Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK" |
| | Nov 19 19:17:34 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: request=AM.PDP |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: queue_id=C24B9C00088 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org> |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org> |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXulTBQB |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXulTBQB/email.txt |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: delivery_care_of=client |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.87 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_name=vml000087.dmz.nausch.org |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: helo_name=vml000087.dmz.nausch.org |
| | Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Request: AM.PDP /var/spool/amavisd/afXXXXulTBQB: <michael@nausch.org> -> <django@nausch.org> |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK" |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) body hash: 5e4a6c05336dff65870f1c8870955b2a |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ip_trace: 10.0.0.87 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking: rMpVKZqRt9Zi AM.PDP-SOCK/MYNETS [10.0.0.87] <michael@nausch.org> -> <django@nausch.org> |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) 2822.From: <michael@nausch.org> |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) p001 1 Content-Type: text/plain, size: 24 B, name: |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) inspect_dsn: not a bounce |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking for banned types and filenames |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) skipping banned check: all recipients bypass banned checks |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXulTBQB/parts/p002 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10 |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) rw_loop read: got eof |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd): CLEAN |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd) result: clean |
| | Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis" |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam_scan: score=-1.01 autolearn=ham tests=[ALL_TRUSTED=-1,T_RP_MATCHES_RCVD=-0.01] recips=0 |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) do_notify_and_quar: ccat=CleanTag (1,1) ("1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth= |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) delivery method is 1, recips: django@nausch.org |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam-tag, <michael@nausch.org> -> <django@nausch.org>, No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: candidate originators: From:<michael@nausch.org> |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: not signing, empty signing domain, From: <michael@nausch.org> |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) DSN: sender is credible (orig), SA: -1.010, <michael@nausch.org> |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) status counters: InMsgsStatus{Accepted,AcceptedInternal,AcceptedOriginating} |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) Passed CLEAN {AcceptedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: C24B9C00088, Message-ID: <20141119181734.C24B9C00088@mx01.nausch.org>, mail_id: rMpVKZqRt9Zi, Hits: -1.01, size: 497, 1923 ms |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) TIMING-SA total 1851 ms - parse: 1.30 (0.1%), extract_message_metadata: 32 (1.7%), poll_dns_idle: 12 (0.7%), get_uri_detail_list: 0.58 (0.0%), tests_pri_-1000: 3 (0.2%), tests_pri_-950: 1.71 (0.1%), tests_pri_-900: 1.23 (0.1%), tests_pri_-400: 0.94 (0.1%), tests_pri_0: 1514 (81.8%), check_dkim_adsp: 14 (0.7%), check_spf: 0.88 (0.0%), check_razor2: 1449 (78.3%), check_pyzor: 0.22 (0.0%), tests_pri_500: 3 (0.2%), learn: 274 (14.8%), get_report: 2 (0.1%) |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) mail checking ended: version_server=2\nlog_id=12129-01\nsetreply=250 2.5.0 Ok,%20id=12129-01,%20continue%20delivery\ninsheader=0 X-Spam-Status No,%20score=-1.01%20tagged_above=-1000%20required=6.31%0a%09tests=[ALL_TRUSTED=-1,%20T_RP_MATCHES_RCVD=-0.01]%20autolearn=ham\ninsheader=0 X-Spam-Level \ninsheader=0 X-Spam-Score -1.01\ninsheader=0 X-Spam-Flag NO\nreturn_value=continue\nexit_code=0 |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) size: 497, TIMING [total 1927 ms] - got data: 0.1 (0%)0, check_init: 4.3 (0%)0, digest_hdr: 1.2 (0%)0, digest_body_dkim: 0.3 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.3 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 17 (1%)2, parts_decode: 0.2 (0%)2, check_header: 0.4 (0%)2, AV-scan-1: 9 (0%)2, spam-wb-list: 4.6 (0%)3, SA msg read: 0.7 (0%)3, SA parse: 3.1 (0%)3, SA check: 1839 (95%)98, decide_mail_destiny: 15 (1%)99, notif-quar: 1.1 (0%)99, prepare-dsn: 4.7 (0%)99, report: 1.4 (0%)99, main_log_entry: 9 (0%)100, update_snmp: 1.4 (0%)100, rundown: 1.3 (0%)100 |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) extra modules loaded: unicore/lib/Gc/Nd.pl |
| | Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) load: 100 %, total idle 0.000 s, busy 1.953 s |
| | </code> |
| | |
| | In der Inbox unseres **MUA**((**M**ail **U**ser **A**gent))s POP3/IMAP-Servers finden wir auch die zugestellte Nachricht. |
| | <code>Return-Path: <michael@nausch.org> |
| | Delivered-To: django@nausch.org |
| | Received: from mx01.nausch.org ([10.0.0.87]) |
| | by imap.nausch.org (Dovecot) with LMTP id 6jMkM8DebFTdFwAArK2B9Q |
| | for <django@nausch.org>; Wed, 19 Nov 2014 19:17:36 +0100 |
| | X-Spam-Flag: NO |
| | X-Spam-Score: -1.01 |
| | X-Spam-Level: |
| | X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31 |
| | tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham |
| | Received: from vml000087.dmz.nausch.org (vml000087.dmz.nausch.org [10.0.0.87]) |
| | by mx01.nausch.org (Postfix) with ESMTP id C24B9C00088 |
| | for <django@nausch.org>; Wed, 19 Nov 2014 19:17:34 +0100 (CET) |
| | Date: Wed, 19 Nov 2014 19:17:33 +0100 |
| | To: django@nausch.org |
| | From: michael@nausch.org |
| | Subject: test Wed, 19 Nov 2014 19:17:33 +0100 |
| | X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ |
| | X-Test: test email |
| | Message-Id: <20141119181734.C24B9C00088@mx01.nausch.org> |
| | |
| | This is a test mailing |
| | </code> |
| | |
| | AMavis hat gemäß unserer Einstellung entsprechende **X-Spam-Header** des Spamassassin-Backends im Mailheader der eMail eingetragen. |
| | <code>X-Spam-Flag: NO |
| | X-Spam-Score: -1.01 |
| | X-Spam-Level: |
| | X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31 |
| | tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham |
| | </code> |
| | |
| | ==== SPAM (blacklist) ==== |
| | Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. |
| | # swaks --to django@nausch.org --from me@example.com --server 10.0.0.87 --header "From: Euro Dice Casino" |
| | |
| | <code>=== Trying 10.0.0.87:25... |
| | === Connected to 10.0.0.87. |
| | <- 220 mx01.nausch.org ESMTP Postfix |
| | -> EHLO vml000067.dmz.nausch.org |
| | <- 250-mx01.nausch.org |
| | <- 250-PIPELINING |
| | <- 250-SIZE 52428800 |
| | <- 250-ETRN |
| | <- 250-STARTTLS |
| | <- 250-ENHANCEDSTATUSCODES |
| | <- 250-8BITMIME |
| | <- 250 DSN |
| | -> MAIL FROM:<me@example.com> |
| | <- 250 2.1.0 Ok |
| | -> RCPT TO:<django@nausch.org> |
| | <- 250 2.1.5 Ok |
| | -> DATA |
| | <- 354 End data with <CR><LF>.<CR><LF> |
| | -> Date: Thu, 20 Nov 2014 09:14:37 +0100 |
| | -> To: django@nausch.org |
| | -> From: Euro Dice Casino |
| | -> Subject: test Thu, 20 Nov 2014 09:14:37 +0100 |
| | -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ |
| | -> |
| | -> This is a test mailing |
| | -> |
| | -> . |
| | <** 554 5.7.0 Reject, id=02244-01 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 20 09:14:37), client (10.0.0.67) and server (mx01.nausch.org). |
| | -> QUIT |
| | <- 221 2.0.0 Bye |
| | === Connection closed with remote host. |
| | </code> |
| | |
| | Im Maillog des **MTA**((**M**ail **T**ransport **A**gent)) finden wir die Einträge des Zustellungsversuch. |
| | # less /var/log/maillog |
| | <code>Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: connect from vml000067.dmz.nausch.org[10.0.0.67] |
| | Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: 195FFC00088: client=vml000067.dmz.nausch.org[10.0.0.67] |
| | Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: message-id=<> |
| | Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: milter-reject: END-OF-MESSAGE from vml000067.dmz.nausch.org[10.0.0.67]: 5.7.0 Reject, id=02244-01 - spam; from=<me@example.com> to=<django@nausch.org> proto=ESMTP helo=<vml000067.dmz.nausch.org> |
| | Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: disconnect from vml000067.dmz.nausch.org[10.0.0.67] |
| | </code> |
| | |
| | Mit der id **02244-01** können wir dann im Maillog des **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Host Details zur SPAM-Bewertung herausfinden. |
| | # less /var/log/maillog |
| | |
| | <code>Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) extra modules loaded: unicore/lib/Gc/Nd.pl |
| | Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) load: 100 %, total idle 0.000 s, busy 0.557 s |
| | Nov 20 09:14:37 vml000067 amavis[2244]: loaded policy bank "AM.PDP-SOCK" |
| | Nov 20 09:14:37 vml000067 amavis[2244]: process_request: fileno sock=13, STDIN=0, STDOUT=1 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: request=AM.PDP |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: queue_id=195FFC00088 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: sender=<me@example.com> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: recipient=<django@nausch.org> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir=/var/spool/amavisd/afXXXXSMIW7c |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir_removed_by=client |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: mail_file=/var/spool/amavisd/afXXXXSMIW7c/email.txt |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: delivery_care_of=client |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_address=10.0.0.67 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_name=vml000067.dmz.nausch.org |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: helo_name=vml000067.dmz.nausch.org |
| | Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: policy_bank=mx01.nausch.org |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Request: AM.PDP /var/spool/amavisd/afXXXXSMIW7c: <me@example.com> -> <django@nausch.org> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK" |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) body hash: 5e4a6c05336dff65870f1c8870955b2a |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ip_trace: 10.0.0.67 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking: vHWwCUxVEbSn AM.PDP-SOCK/MYNETS [10.0.0.67] <me@example.com> -> <django@nausch.org> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) 2822.From: <"Euro Dice Casino">, 2821.Mail_From: <me@example.com> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) p001 1 Content-Type: text/plain, size: 24 B, name: |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) inspect_dsn: not a bounce |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking for banned types and filenames |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) skipping banned check: all recipients bypass banned checks |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXSMIW7c/parts/p002 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) rw_loop read: got eof |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd): CLEAN |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd) result: clean |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis" |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) spam_scan: score=19.14 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_FROM_CHECKS_NR_2001=20,MISSING_MID=0.14] recips=0 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) blocking contents category is (6) for django@nausch.org, final_destiny -3 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth= |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) delivery method is 1, recips: django@nausch.org |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) DSN: sender is credible (orig), SA: 19.140, <me@example.com> |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating} |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.67] <me@example.com> -> <django@nausch.org>, Queue-ID: 195FFC00088, mail_id: vHWwCUxVEbSn, Hits: 19.14, size: 413, 373 ms |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) TIMING-SA total 318 ms - parse: 1.04 (0.3%), extract_message_metadata: 3 (0.8%), get_uri_detail_list: 0.25 (0.1%), tests_pri_-1000: 6 (1.9%), tests_pri_-950: 1.82 (0.6%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 0.93 (0.3%), tests_pri_0: 279 (87.8%), check_spf: 0.33 (0.1%), check_razor2: 249 (78.4%), check_pyzor: 0.34 (0.1%), tests_pri_500: 9 (2.9%), get_report: 0.88 (0.3%) |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) mail checking ended: version_server=2\nlog_id=02244-01\nsetreply=554 5.7.0 Reject,%20id=02244-01%20-%20spam\nreturn_value=reject\nexit_code=69 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) size: 413, TIMING [total 376 ms] - got data: 0.0 (0%)0, check_init: 3.7 (1%)1, digest_hdr: 1.0 (0%)1, digest_body_dkim: 0.4 (0%)1, collect_info: 1.7 (0%)2, mkdir parts: 1.5 (0%)2, mime_decode: 10 (3%)5, get-file-type1: 14 (4%)9, parts_decode: 0.1 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 8 (2%)11, spam-wb-list: 0.6 (0%)11, SA msg read: 0.6 (0%)11, SA parse: 2.7 (1%)12, SA check: 311 (82%)94, decide_mail_destiny: 8 (2%)96, notif-quar: 0.5 (0%)97, prepare-dsn: 0.7 (0%)97, report: 1.4 (0%)97, main_log_entry: 8 (2%)99, update_snmp: 1.6 (0%)100, rundown: 1.2 (0%)100 |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) extra modules loaded: unicore/lib/Gc/Nd.pl |
| | Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) load: 100 %, total idle 0.000 s, busy 0.408 s |
| | </code> |
| | |
| | Der SPAM Score von **19.14** wird hauptsächlich von Wert **HEADER_FROM_CHECKS_NR_2001=20** gespeist. Somit wissen wir auch, welche unserer Definitionen aus der Spamassassin-Konfigurationsdatei //**/etc/mail/spamassassin/local.cf**// angesprochen hat. |
| | |
| | ==== SPAM (GTUBE) ==== |
| | Zum Testen des Spamassassin schicken wir uns nun eine eMail via **telnet** und schicken im Mailbody den **[[http://spamassassin.apache.org/gtube/|GTUBE]]**((**G**eneric **T**est for **U**nsolicited **B**ulk **E**mail))-Teststring von der Seite [[http://spamassassin.apache.org/gtube/gtube.txt]] bzw. von //**/usr/share/doc/spamassassin-3.3.2/sample-spam.txt**// mit. |
| | $ telnet 10.0.0.87 25 |
| | <code>Trying 10.0.0.87... |
| | Connected to 10.0.0.87. |
| | Escape character is '^]'. |
| | 220 mx01.nausch.org ESMTP Postfix |
| | helo pml010049 |
| | 250 mx01.nausch.org |
| | mail from:<michael@nausch.org> |
| | 250 2.1.0 Ok |
| | rcpt to:<django@nausch.org> |
| | 250 2.1.5 Ok |
| | DATA |
| | 354 End data with <CR><LF>.<CR><LF> |
| | Subject: Test spam mail (GTUBE) |
| | Message-ID: <GTUBE1.1010101@example.net> |
| | Date: Wed, 19 Nov 2014 20:04:38 +0000 |
| | From: Sender <sender@example.net> |
| | To: Recipient <recipient@example.net> |
| | Precedence: junk |
| | MIME-Version: 1.0 |
| | Content-Type: text/plain; charset=us-ascii |
| | Content-Transfer-Encoding: 7bit |
| | |
| | This is the GTUBE, the |
| | Generic |
| | Test for |
| | Unsolicited |
| | Bulk |
| | Email |
| | |
| | If your spam filter supports it, the GTUBE provides a test by which you |
| | can verify that the filter is installed correctly and is detecting incoming |
| | spam. You can send yourself a test mail containing the following string of |
| | characters (in upper case and with no white spaces and line breaks): |
| | |
| | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X |
| | |
| | You should send this test mail from an account outside of your network. |
| | |
| | . |
| | 554 5.7.0 Reject, id=12129-03 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 19 22:53:37), client (10.0.0.20) and server (mx01.nausch.org). |
| | quit |
| | 221 2.0.0 Bye |
| | Connection closed by foreign host. |
| | </code> |
| | |
| | Dem einliefernden SMTP-Client wird also die eMail nicht abgenommen und mit einem Fehlercode **554 5.7.0 Reject, id=12129-03 - spam.** abgewiesen; d.h. der Sender erfährt also auch direkt sofort, dass ihm die Nachricht nicht abgenommen wurde. |
| | |
| | Im Maillog unseres MTAs finden wir nun wiederum einen Hinweis, warum die Nachricht mit dem Fehlercode **554 5.7.0 Reject, id=12129-03 - spam.** abgewiesen wurde. |
| | # less /var/log/maillog |
| | <code>Nov 19 22:52:17 vml000087 postfix/smtpd[10708]: connect from vml000020.dmz.nausch.org[10.0.0.20] |
| | Nov 19 22:52:43 vml000087 postfix/smtpd[10708]: 48FF5C00088: client=vml000020.dmz.nausch.org[10.0.0.20] |
| | Nov 19 22:53:36 vml000087 postfix/cleanup[10714]: 48FF5C00088: message-id=<GTUBE1.1010101@example.net> |
| | Nov 19 22:53:37 vml000087 postfix/cleanup[10714]: 48FF5C00088: milter-reject: END-OF-MESSAGE from vml000020.dmz.nausch.org[10.0.0.20]: 5.7.0 Reject, id=12129-03 - spam; from=<michael@nausch.org> to=<django@nausch.org> proto=SMTP helo=<pml010049> |
| | Nov 19 22:53:42 vml000087 postfix/smtpd[10708]: disconnect from vml000020.dmz.nausch.org[10.0.0.20] |
| | </code> |
| | |
| | Im Maillog unseres AS/AV-Host können wir dann den Zustellversuch und die Bewertungen dazu einsehen. |
| | |
| | # less /var/log/maillog |
| | <code>Nov 19 22:45:02 vml000067 amavis[12130]: (12130-02) load: 0 %, total idle 555.690 s, busy 2.718 s |
| | Nov 19 22:53:36 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK" |
| | Nov 19 22:53:36 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: request=AM.PDP |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: queue_id=48FF5C00088 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org> |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org> |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXPaVp4C |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXPaVp4C/email.txt |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: delivery_care_of=client |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.20 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_name=vml000020.dmz.nausch.org |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: helo_name=pml010049 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Request: AM.PDP /var/spool/amavisd/afXXXXPaVp4C: <michael@nausch.org> -> <django@nausch.org> |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) loaded policy bank "MYNETS" over "AM.PDP-SOCK" |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) body hash: 51d53ffa32db4873fdf05a6e976eb0c7 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ip_trace: 10.0.0.20 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking: nCETkk_ruRal AM.PDP-SOCK/MYNETS [10.0.0.20] <michael@nausch.org> -> <django@nausch.org> |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) 2822.From: <sender@example.net>, 2821.Mail_From: <michael@nausch.org> |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) p001 1 Content-Type: text/plain, size: 540 B, name: |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) inspect_dsn: not a bounce |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking for banned types and filenames |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) skipping banned check: all recipients bypass banned checks |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) presenting full original message to scanners as /var/spool/amavisd/afXXXXPaVp4C/parts/p002 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10 |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n to socket /var/run/clamd.amavisd/clamd.sock |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) rw_loop read: got eof |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd): CLEAN |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd) result: clean |
| | Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis" |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0 |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) blocking contents category is (6) for django@nausch.org, final_destiny -3 |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth= |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) delivery method is 1, recips: django@nausch.org |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) DSN: sender is credible (orig), SA: 998.990, <michael@nausch.org> |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating} |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: 48FF5C00088, Message-ID: <GTUBE1.1010101@example.net>, mail_id: nCETkk_ruRal, Hits: 998.99, size: 1043, 1565 ms |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) TIMING-SA total 1498 ms - parse: 1.78 (0.1%), extract_message_metadata: 4 (0.3%), get_uri_detail_list: 0.92 (0.1%), tests_pri_-1000: 8 (0.5%), tests_pri_-950: 1.67 (0.1%), tests_pri_-900: 1.18 (0.1%), tests_pri_-400: 2 (0.1%), tests_pri_0: 1457 (97.3%), check_dkim_adsp: 269 (18.0%), check_spf: 0.34 (0.0%), check_razor2: 1119 (74.7%), check_pyzor: 0.20 (0.0%), tests_pri_500: 3 (0.2%), get_report: 1.53 (0.1%) |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) mail checking ended: version_server=2\nlog_id=12129-03\nsetreply=554 5.7.0 Reject,%20id=12129-03%20-%20spam\nreturn_value=reject\nexit_code=69 |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) size: 1043, TIMING [total 1571 ms] - got data: 0.0 (0%)0, check_init: 2.9 (0%)0, digest_hdr: 1.0 (0%)0, digest_body_dkim: 0.2 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.1 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 24 (2%)3, parts_decode: 0.2 (0%)3, check_header: 0.6 (0%)3, AV-scan-1: 15 (1%)4, spam-wb-list: 0.8 (0%)4, SA msg read: 0.9 (0%)4, SA parse: 2.5 (0%)4, SA check: 1489 (95%)99, decide_mail_destiny: 9 (1%)99, notif-quar: 0.5 (0%)99, prepare-dsn: 0.6 (0%)99, report: 1.4 (0%)99, main_log_entry: 4.0 (0%)100, update_snmp: 5.0 (0%)100, rundown: 1.0 (0%)100 |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) load: 0 %, total idle 12954.550 s, busy 8.537 s |
| | </code> |
| | |
| | Hier suche wir dann nach besagter ID 12129-03 und erfahren den eigentlichen Grund, warum die Annahme der Nachricht verweigert wurde. |
| | |
| | Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0 |
| | |
| | Der SPAM-Score liegt mit **998.99** geringfügig über unserem Schwellwert von **6.31**, was natürlich die Annahmeverweigerung entsprechend begründet. |
| | |
| | ====== Links ====== |
| | * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "ClamAV für AMaViS unter CentOS 7.x"]]** |
| | * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "Grundinstallation von AMaViS unter CentOS 7.x"]]** |
| | * **⇒ [[centos:mail_c7:spam_9|Weiter zum Kapitel "DKIM - Domain Key Identified Mail unter CentOS 7.x"]]** |
| | * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]** |
| | * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]** |
| | * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]** |
| | |
| |
127.0.0.1