centos:mail_c7:spam_8

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Nächste Überarbeitung		 Vorhergehende Überarbeitung
centos:mail_c7:spam_8 [19.11.2014 15:19. ] – angelegt djangocentos:mail_c7:spam_8 [22.07.2019 15:01. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 375: Zeile 375:
 # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren
  
-# basierend auf IP-Adressen im Mailheader:+Header-Checks basierend auf IP-Adressen im Mailheader (Nummerierung 1000 - 1999):
  
 # whitelisting # whitelisting
Zeile 387: Zeile 387:
 tflags          HEADER_RECEIVED_CHECKS_NR_1000   noautolearn tflags          HEADER_RECEIVED_CHECKS_NR_1000   noautolearn
  
-dogehds weida 
  
 +# Header-Checks basierend auf "From" im Mailheader  (Nummerierung 2000 - 2999):
  
 +header          HEADER_FROM_CHECKS_NR_2004       From =~ /^.*bild-nachrichten.net/im
 +score           HEADER_FROM_CHECKS_NR_2004       20
 +tflags          HEADER_FROM_CHECKS_NR_2004       noautolearn
 +
 +header          HEADER_FROM_CHECKS_NR_2003       From =~ /^Gold Ring Support.*/im
 +score           HEADER_FROM_CHECKS_NR_2003       20
 +tflags          HEADER_FROM_CHECKS_NR_2003       noautolearn
 +
 +header          HEADER_FROM_CHECKS_NR_2002       From =~ /^.*Ruby.*/im
 +score           HEADER_FROM_CHECKS_NR_2002       20
 +tflags          HEADER_FROM_CHECKS_NR_2002       noautolearn
 +
 +header          HEADER_FROM_CHECKS_NR_2001       From =~ /^.*Euro Dice Casino/im
 +score           HEADER_FROM_CHECKS_NR_2001       20
 +tflags          HEADER_FROM_CHECKS_NR_2001       noautolearn
 +
 +header          HEADER_FROM_CHECKS_NR_2000       From =~ /^.*belohnungs-abteilung/im
 +score           HEADER_FROM_CHECKS_NR_2000       20
 +tflags          HEADER_FROM_CHECKS_NR_2000       noautolearn
 +
 +
 +# Header-Checks basierend auf "Subject" im Mailheader  (Nummerierung 3000 - 3999):
 +
 +header          HEADER_SUBJECT_CHECKS_NR_3002    Subject =~ /.*Risk.net.*/im
 +score           HEADER_SUBJECT_CHECKS_NR_3002    20
 +tflags          HEADER_SUBJECT_CHECKS_NR_3002    noautolearn
 +
 +header          HEADER_SUBJECT_CHECKS_NR_3001    Subject =~ /.*Ruby Palace.*/im
 +score           HEADER_SUBJECT_CHECKS_NR_3001    20
 +tflags          HEADER_SUBJECT_CHECKS_NR_3001    noautolearn
 +
 +# Header-Checks basierend auf "X-Mailer" im Mailheader  (Nummerierung 4000 - 4999):
 +
 +header          HEADER_XMAILER_CHECKS_NR_4000    X-Mailer =~ /.*\b(E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|SEKOFOXM|Blat.v3.1.1)\b/im
 +score           HEADER_XMAILER_CHECKS_NR_4000    20
 +tflags          HEADER_XMAILER_CHECKS_NR_4000    noautolearn
 </file> </file>
 +
 +==== amavisd ====
 +Zur Konfiguration von **AMaViS** haben wir bei der zugehörigen Konfigurationsdatei //**/etc/amavisd/amavisd.conf**// bei der Installation und [[|Konfiguration]] von AMaViS bereits die Section **SPAM POLICY** angelegt.
 +   # vim /etc/amavisd/amavisd.conf
 +
 +<code perl>################################################################################
 +## SPAM POLICY
 +#
 +
 +# Check aktivieren?
 +# @bypass_spam_checks_maps  = (1);
 +
 +# In Quarantäne?
 +$spam_quarantine_to = undef;
 +
 +# Admin benachrichtigen?
 +$spam_admin = undef;
 +
 +# Recipient-Adresse bei Release erweitern?
 +@addr_extension_spam_maps = ('spam');
 +
 +# E-Mail bei Release wrappen?
 +$defang_spam = undef;
 +
 +# Wollen wir Content transportieren?
 +$final_spam_destiny = D_REJECT;
 +
 +# add spam info headers if at, or above that level
 +$sa_tag_level_deflt  = -1000.0;
 +# add 'spam detected' headers at that level
 +$sa_tag2_level_deflt = 6.31;
 +# triggers spam evasive actions (e.g. blocks mail)
 +$sa_kill_level_deflt = 6.31;
 +# spam level beyond which a DSN is not sent
 +$sa_dsn_cutoff_level = 10;
 +# likewise, but for a likely valid From
 +$sa_crediblefrom_dsn_cutoff_level = 18;
 +# spam level beyond which quarantine is off
 +# $sa_quarantine_cutoff_level = 25;
 +
 +# (no effect without a @storage_sql_dsn database)
 +$penpals_bonus_score = 8;
 +# don't waste time on hi spam
 +$penpals_threshold_high = $sa_kill_level_deflt;
 +# spam score points to add for joe-jobbed bounces
 +$bounce_killer_score = 100;
 +# don't waste time on SA if mail is larger
 +$sa_mail_body_size_limit = 400*1024;
 +# only tests which do not require internet access?
 +$sa_local_tests_only = 0;
 +
 +$sa_spam_subject_tag = '***Spam*** ';
 +</code>
 +
 +Somit müssen wir auf Seiten von AMaViS keine zusätzlichen Einstellungen vornehmen.
 +
 +===== Programmstart =====
 +==== erster Systemstart ====
 +Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.
 +   # systemctl start spamassassin
 +
 +Den Status des Daemon fragen wir bei Bedarf wie folgt ab.
 +   # systemctl status spamassassin
 +
 +<code>spamassassin.service - Spamassassin daemon
 +   Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; disabled)
 +   Active: active (running) since Wed 2014-11-19 18:52:53 CET; 2s ago
 +  Process: 12346 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid $SPAMDOPTIONS (code=exited, status=0/SUCCESS)
 +  Process: 12345 ExecStartPre=/sbin/portrelease spamd (code=exited, status=0/SUCCESS)
 + Main PID: 12350 (/usr/bin/spamd )
 +   CGroup: /system.slice/spamassassin.service
 +           ├─12350 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
 +           ├─12351 spamd child
 +           └─12352 spamd child
 +
 +Nov 19 18:52:46 vml000067.dmz.nausch.org systemd[1]: Starting Spamassassin daemon...
 +Nov 19 18:52:46 vml000067.dmz.nausch.org spamd[12346]: logger: removing stderr method
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2)
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server pid: 12350
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12351
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12352
 +Nov 19 18:52:53 vml000067.dmz.nausch.org systemd[1]: Started Spamassassin daemon.
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: IS
 +Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: II
 +</code>
 +
 +Im Maillog wird der Start des Daemon entsprechend protokolliert. 
 +
 +   # less /var/log/maillog
 +<code>Nov 19 18:52:32 vml000067 spamd[11411]: spamd: server killed by SIGTERM, shutting down
 +Nov 19 18:52:46 vml000067 spamd[12346]: logger: removing stderr method
 +Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2)
 +Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server pid: 12350
 +Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12351
 +Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12352
 +Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: IS
 +Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: II
 +</code>
 +
 +In der Prozessübersicht finden wir dazu dann auch entsprechend folgene Prozesse.
 +   # ps auxwww | grep spam
 +<code>root     12350  0.3  3.3 283472 64072 ?        Ss   18:52   0:02 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
 +root     12351  0.0  3.2 283472 61148 ?        S    18:52   0:00 spamd child
 +root     12352  0.0  3.2 283472 61152 ?        S    18:52   0:00 spamd child</code>
 +
 +Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht: 
 +   # lsof -i :783
 +<code>COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
 +/usr/bin/ 12350 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)
 +spamd     12351 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)
 +spamd     12352 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)</code>
 +
 +Das gleiche können wir natürlich auch via **netstat** abrufen.
 +   # netstat -tulpen | grep spamd
 +
 +   tcp        0      0 127.0.0.1:783           0.0.0.0:              LISTEN      0          122819     12350/spamd.pid -d
 +
 +==== automatisches Starten des Dienste beim Systemstart ====
 +Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
 +   # systemctl enable spamassassin
 +
 +   ln -s '/usr/lib/systemd/system/spamassassin.service' '/etc/systemd/system/multi-user.target.wants/spamassassin.service'
 +
 +Wollen wir überprüfen ob der Dienst automatisch startet, verwenden wir folgenden Aufruf. 
 +   # systemctl is-enabled spamassassin
 +
 +   enabled
 +
 +Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet.
 +
 +===== Tests =====
 +Haben wir die Konfiguration unseres **[[centos:mail_c7:spam_6|AMaViS]]** fertiggestellt, können wir uns auch daransetzen unsere **[[centos:mail_c7:spam_6?&#programmstart|Spamassassin]]**-Installation zu überprüfen.
 +
 +==== HAM ====
 +Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. 
 +   # swaks --to django@nausch.org --from michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
 +<code>=== Trying 10.0.0.87:25...
 +=== Connected to 10.0.0.87.
 +<-  220 mx01.nausch.org ESMTP Postfix
 + -> EHLO vml000087.dmz.nausch.org
 +<-  250-mx01.nausch.org
 +<-  250-PIPELINING
 +<-  250-SIZE 52428800
 +<-  250-ETRN
 +<-  250-STARTTLS
 +<-  250-ENHANCEDSTATUSCODES
 +<-  250-8BITMIME
 +<-  250 DSN
 + -> MAIL FROM:<michael@nausch.org>
 +<-  250 2.1.0 Ok
 + -> RCPT TO:<django@nausch.org>
 +<-  250 2.1.5 Ok
 + -> DATA
 +<-  354 End data with <CR><LF>.<CR><LF>
 + -> Date: Wed, 19 Nov 2014 19:17:33 +0100
 + -> To: django@nausch.org
 + -> From: michael@nausch.org
 + -> Subject: test Wed, 19 Nov 2014 19:17:33 +0100
 + -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 + -> X-Test: test email
 + -> 
 + -> This is a test mailing
 + -> 
 + -> .
 +<-  250 2.0.0 Ok: queued as C24B9C00088
 + -> QUIT
 +<-  221 2.0.0 Bye
 +=== Connection closed with remote host.
 +</code>
 +
 +Im Maillog des **MTA**((**M**ail **T**ransport **A**gent)) finden wir die einträge der erfolgreichen Zustellung.
 +   # less /var/log/maillog
 +
 +<code>Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: connect from vml000087.dmz.nausch.org[10.0.0.87]
 +Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: C24B9C00088: client=vml000087.dmz.nausch.org[10.0.0.87]
 +Nov 19 19:17:34 vml000087 postfix/cleanup[10470]: C24B9C00088: message-id=<20141119181734.C24B9C00088@mx01.nausch.org>
 +Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: from=<michael@nausch.org>, size=535, nrcpt=1 (queue active)
 +Nov 19 19:17:36 vml000087 postfix/smtpd[10464]: disconnect from vml000087.dmz.nausch.org[10.0.0.87]
 +Nov 19 19:17:36 vml000087 postfix/lmtp[10471]: C24B9C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=2.9, delays=2.7/0.02/0.03/0.13, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> 6jMkM8DebFTdFwAArK2B9Q Saved)
 +Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: removed
 +</code>
 +
 +Auf Seiten unseres **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Hosts wird die Prüfung im Maillog dokumentiert.
 +   # less /var/log/maillog
 +<code>Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
 +Nov 19 19:17:34 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: request=AM.PDP
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: queue_id=C24B9C00088
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXulTBQB
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXulTBQB/email.txt
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.87
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_name=vml000087.dmz.nausch.org
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: helo_name=vml000087.dmz.nausch.org
 +Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Request: AM.PDP  /var/spool/amavisd/afXXXXulTBQB: <michael@nausch.org> -> <django@nausch.org>
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ip_trace: 10.0.0.87
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking: rMpVKZqRt9Zi AM.PDP-SOCK/MYNETS [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) 2822.From: <michael@nausch.org>
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) p001 1 Content-Type: text/plain, size: 24 B, name:
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) inspect_dsn: not a bounce
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking for banned types and filenames
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) skipping banned check: all recipients bypass banned checks
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXulTBQB/parts/p002
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n to socket /var/run/clamd.amavisd/clamd.sock
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) rw_loop read: got eof
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd): CLEAN
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd) result: clean
 +Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam_scan: score=-1.01 autolearn=ham tests=[ALL_TRUSTED=-1,T_RP_MATCHES_RCVD=-0.01] recips=0
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) do_notify_and_quar: ccat=CleanTag (1,1) ("1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) delivery method is 1, recips: django@nausch.org
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam-tag, <michael@nausch.org> -> <django@nausch.org>, No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: candidate originators: From:<michael@nausch.org>
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: not signing, empty signing domain, From: <michael@nausch.org>
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) DSN: sender is credible (orig), SA: -1.010, <michael@nausch.org>
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) status counters: InMsgsStatus{Accepted,AcceptedInternal,AcceptedOriginating}
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) Passed CLEAN {AcceptedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: C24B9C00088, Message-ID: <20141119181734.C24B9C00088@mx01.nausch.org>, mail_id: rMpVKZqRt9Zi, Hits: -1.01, size: 497, 1923 ms
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) TIMING-SA total 1851 ms - parse: 1.30 (0.1%), extract_message_metadata: 32 (1.7%), poll_dns_idle: 12 (0.7%), get_uri_detail_list: 0.58 (0.0%), tests_pri_-1000: 3 (0.2%), tests_pri_-950: 1.71 (0.1%), tests_pri_-900: 1.23 (0.1%), tests_pri_-400: 0.94 (0.1%), tests_pri_0: 1514 (81.8%), check_dkim_adsp: 14 (0.7%), check_spf: 0.88 (0.0%), check_razor2: 1449 (78.3%), check_pyzor: 0.22 (0.0%), tests_pri_500: 3 (0.2%), learn: 274 (14.8%), get_report: 2 (0.1%)
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) mail checking ended: version_server=2\nlog_id=12129-01\nsetreply=250 2.5.0 Ok,%20id=12129-01,%20continue%20delivery\ninsheader=0 X-Spam-Status No,%20score=-1.01%20tagged_above=-1000%20required=6.31%0a%09tests=[ALL_TRUSTED=-1,%20T_RP_MATCHES_RCVD=-0.01]%20autolearn=ham\ninsheader=0 X-Spam-Level \ninsheader=0 X-Spam-Score -1.01\ninsheader=0 X-Spam-Flag NO\nreturn_value=continue\nexit_code=0
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) size: 497, TIMING [total 1927 ms] - got data: 0.1 (0%)0, check_init: 4.3 (0%)0, digest_hdr: 1.2 (0%)0, digest_body_dkim: 0.3 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.3 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 17 (1%)2, parts_decode: 0.2 (0%)2, check_header: 0.4 (0%)2, AV-scan-1: 9 (0%)2, spam-wb-list: 4.6 (0%)3, SA msg read: 0.7 (0%)3, SA parse: 3.1 (0%)3, SA check: 1839 (95%)98, decide_mail_destiny: 15 (1%)99, notif-quar: 1.1 (0%)99, prepare-dsn: 4.7 (0%)99, report: 1.4 (0%)99, main_log_entry: 9 (0%)100, update_snmp: 1.4 (0%)100, rundown: 1.3 (0%)100
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) extra modules loaded: unicore/lib/Gc/Nd.pl
 +Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) load: 100 %, total idle 0.000 s, busy 1.953 s
 +</code>
 +
 +In der Inbox unseres **MUA**((**M**ail **U**ser **A**gent))s POP3/IMAP-Servers finden wir auch die zugestellte Nachricht.
 +<code>Return-Path: <michael@nausch.org>
 +Delivered-To: django@nausch.org
 +Received: from mx01.nausch.org ([10.0.0.87])
 + by imap.nausch.org (Dovecot) with LMTP id 6jMkM8DebFTdFwAArK2B9Q
 + for <django@nausch.org>; Wed, 19 Nov 2014 19:17:36 +0100
 +X-Spam-Flag: NO
 +X-Spam-Score: -1.01
 +X-Spam-Level: 
 +X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31
 + tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
 +Received: from vml000087.dmz.nausch.org (vml000087.dmz.nausch.org [10.0.0.87])
 + by mx01.nausch.org (Postfix) with ESMTP id C24B9C00088
 + for <django@nausch.org>; Wed, 19 Nov 2014 19:17:34 +0100 (CET)
 +Date: Wed, 19 Nov 2014 19:17:33 +0100
 +To: django@nausch.org
 +From: michael@nausch.org
 +Subject: test Wed, 19 Nov 2014 19:17:33 +0100
 +X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 +X-Test: test email
 +Message-Id: <20141119181734.C24B9C00088@mx01.nausch.org>
 +
 +This is a test mailing
 +</code>
 +
 +AMavis hat gemäß unserer Einstellung entsprechende **X-Spam-Header** des Spamassassin-Backends im Mailheader der eMail eingetragen.
 +<code>X-Spam-Flag: NO
 +X-Spam-Score: -1.01
 +X-Spam-Level: 
 +X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31
 + tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
 +</code>
 +
 +==== SPAM (blacklist) ====
 +Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin.
 +   # swaks --to django@nausch.org --from me@example.com --server 10.0.0.87 --header "From: Euro Dice Casino"
 +
 +<code>=== Trying 10.0.0.87:25...
 +=== Connected to 10.0.0.87.
 +<-  220 mx01.nausch.org ESMTP Postfix
 + -> EHLO vml000067.dmz.nausch.org
 +<-  250-mx01.nausch.org
 +<-  250-PIPELINING
 +<-  250-SIZE 52428800
 +<-  250-ETRN
 +<-  250-STARTTLS
 +<-  250-ENHANCEDSTATUSCODES
 +<-  250-8BITMIME
 +<-  250 DSN
 + -> MAIL FROM:<me@example.com>
 +<-  250 2.1.0 Ok
 + -> RCPT TO:<django@nausch.org>
 +<-  250 2.1.5 Ok
 + -> DATA
 +<-  354 End data with <CR><LF>.<CR><LF>
 + -> Date: Thu, 20 Nov 2014 09:14:37 +0100
 + -> To: django@nausch.org
 + -> From: Euro Dice Casino
 + -> Subject: test Thu, 20 Nov 2014 09:14:37 +0100
 + -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 + ->
 + -> This is a test mailing
 + ->
 + -> .
 +<** 554 5.7.0 Reject, id=02244-01 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 20 09:14:37), client (10.0.0.67) and server (mx01.nausch.org).
 + -> QUIT
 +<-  221 2.0.0 Bye
 +=== Connection closed with remote host.
 +</code>
 +
 +Im Maillog des **MTA**((**M**ail **T**ransport **A**gent)) finden wir die Einträge des Zustellungsversuch. 
 +   # less /var/log/maillog
 +<code>Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: connect from vml000067.dmz.nausch.org[10.0.0.67]
 +Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: 195FFC00088: client=vml000067.dmz.nausch.org[10.0.0.67]
 +Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: message-id=<>
 +Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: milter-reject: END-OF-MESSAGE from vml000067.dmz.nausch.org[10.0.0.67]: 5.7.0 Reject, id=02244-01 - spam; from=<me@example.com> to=<django@nausch.org> proto=ESMTP helo=<vml000067.dmz.nausch.org>
 +Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: disconnect from vml000067.dmz.nausch.org[10.0.0.67]
 +</code>
 +
 +Mit der id **02244-01** können wir dann im Maillog des **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Host Details zur SPAM-Bewertung herausfinden.
 +   # less /var/log/maillog
 +
 +<code>Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) extra modules loaded: unicore/lib/Gc/Nd.pl
 +Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) load: 100 %, total idle 0.000 s, busy 0.557 s
 +Nov 20 09:14:37 vml000067 amavis[2244]: loaded policy bank "AM.PDP-SOCK"
 +Nov 20 09:14:37 vml000067 amavis[2244]: process_request: fileno sock=13, STDIN=0, STDOUT=1
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: request=AM.PDP
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: queue_id=195FFC00088
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: sender=<me@example.com>
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: recipient=<django@nausch.org>
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir=/var/spool/amavisd/afXXXXSMIW7c
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir_removed_by=client
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: mail_file=/var/spool/amavisd/afXXXXSMIW7c/email.txt
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: delivery_care_of=client
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_address=10.0.0.67
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_name=vml000067.dmz.nausch.org
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: helo_name=vml000067.dmz.nausch.org
 +Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: policy_bank=mx01.nausch.org
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Request: AM.PDP  /var/spool/amavisd/afXXXXSMIW7c: <me@example.com> -> <django@nausch.org>
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ip_trace: 10.0.0.67
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking: vHWwCUxVEbSn AM.PDP-SOCK/MYNETS [10.0.0.67] <me@example.com> -> <django@nausch.org>
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) 2822.From: <"Euro Dice Casino">, 2821.Mail_From: <me@example.com>
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) p001 1 Content-Type: text/plain, size: 24 B, name:
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) inspect_dsn: not a bounce
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking for banned types and filenames
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) skipping banned check: all recipients bypass banned checks
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXSMIW7c/parts/p002
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n to socket /var/run/clamd.amavisd/clamd.sock
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) rw_loop read: got eof
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd): CLEAN
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd) result: clean
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) spam_scan: score=19.14 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_FROM_CHECKS_NR_2001=20,MISSING_MID=0.14] recips=0
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) blocking contents category is (6) for django@nausch.org, final_destiny -3
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) delivery method is 1, recips: django@nausch.org
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) DSN: sender is credible (orig), SA: 19.140, <me@example.com>
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.67] <me@example.com> -> <django@nausch.org>, Queue-ID: 195FFC00088, mail_id: vHWwCUxVEbSn, Hits: 19.14, size: 413, 373 ms
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) TIMING-SA total 318 ms - parse: 1.04 (0.3%), extract_message_metadata: 3 (0.8%), get_uri_detail_list: 0.25 (0.1%), tests_pri_-1000: 6 (1.9%), tests_pri_-950: 1.82 (0.6%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 0.93 (0.3%), tests_pri_0: 279 (87.8%), check_spf: 0.33 (0.1%), check_razor2: 249 (78.4%), check_pyzor: 0.34 (0.1%), tests_pri_500: 9 (2.9%), get_report: 0.88 (0.3%)
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) mail checking ended: version_server=2\nlog_id=02244-01\nsetreply=554 5.7.0 Reject,%20id=02244-01%20-%20spam\nreturn_value=reject\nexit_code=69
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) size: 413, TIMING [total 376 ms] - got data: 0.0 (0%)0, check_init: 3.7 (1%)1, digest_hdr: 1.0 (0%)1, digest_body_dkim: 0.4 (0%)1, collect_info: 1.7 (0%)2, mkdir parts: 1.5 (0%)2, mime_decode: 10 (3%)5, get-file-type1: 14 (4%)9, parts_decode: 0.1 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 8 (2%)11, spam-wb-list: 0.6 (0%)11, SA msg read: 0.6 (0%)11, SA parse: 2.7 (1%)12, SA check: 311 (82%)94, decide_mail_destiny: 8 (2%)96, notif-quar: 0.5 (0%)97, prepare-dsn: 0.7 (0%)97, report: 1.4 (0%)97, main_log_entry: 8 (2%)99, update_snmp: 1.6 (0%)100, rundown: 1.2 (0%)100
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) extra modules loaded: unicore/lib/Gc/Nd.pl
 +Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) load: 100 %, total idle 0.000 s, busy 0.408 s
 +</code>
 +
 +Der SPAM Score von **19.14** wird hauptsächlich von Wert **HEADER_FROM_CHECKS_NR_2001=20** gespeist. Somit wissen wir auch, welche unserer Definitionen aus der Spamassassin-Konfigurationsdatei //**/etc/mail/spamassassin/local.cf**// angesprochen hat.
 +
 +==== SPAM (GTUBE) ====
 +Zum Testen des Spamassassin schicken wir uns nun eine eMail via **telnet** und schicken im Mailbody den **[[http://spamassassin.apache.org/gtube/|GTUBE]]**((**G**eneric **T**est for **U**nsolicited **B**ulk **E**mail))-Teststring von der Seite [[http://spamassassin.apache.org/gtube/gtube.txt]] bzw. von //**/usr/share/doc/spamassassin-3.3.2/sample-spam.txt**// mit.
 +   $ telnet 10.0.0.87 25
 +<code>Trying 10.0.0.87...
 +Connected to 10.0.0.87.
 +Escape character is '^]'.
 +220 mx01.nausch.org ESMTP Postfix
 +helo pml010049
 +250 mx01.nausch.org
 +mail from:<michael@nausch.org>
 +250 2.1.0 Ok
 +rcpt to:<django@nausch.org>
 +250 2.1.5 Ok
 +DATA
 +354 End data with <CR><LF>.<CR><LF>
 +Subject: Test spam mail (GTUBE)
 +Message-ID: <GTUBE1.1010101@example.net>
 +Date: Wed, 19 Nov 2014 20:04:38 +0000
 +From: Sender <sender@example.net>
 +To: Recipient <recipient@example.net>
 +Precedence: junk
 +MIME-Version: 1.0
 +Content-Type: text/plain; charset=us-ascii
 +Content-Transfer-Encoding: 7bit
 +
 +This is the GTUBE, the
 +        Generic
 +        Test for
 +        Unsolicited
 +        Bulk
 +        Email
 +
 +If your spam filter supports it, the GTUBE provides a test by which you
 +can verify that the filter is installed correctly and is detecting incoming
 +spam. You can send yourself a test mail containing the following string of
 +characters (in upper case and with no white spaces and line breaks):
 +
 +XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
 +
 +You should send this test mail from an account outside of your network.
 +
 +.
 +554 5.7.0 Reject, id=12129-03 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 19 22:53:37), client (10.0.0.20) and server (mx01.nausch.org).
 +quit
 +221 2.0.0 Bye
 +Connection closed by foreign host.
 +</code>
 +
 +Dem einliefernden SMTP-Client wird also die eMail nicht abgenommen und mit einem Fehlercode **554 5.7.0 Reject, id=12129-03 - spam.** abgewiesen; d.h. der Sender erfährt also auch direkt sofort, dass ihm die Nachricht nicht abgenommen wurde.
 +
 +Im Maillog unseres MTAs finden wir nun wiederum einen Hinweis, warum die Nachricht mit dem Fehlercode **554 5.7.0 Reject, id=12129-03 - spam.** abgewiesen wurde. 
 +   # less /var/log/maillog
 +<code>Nov 19 22:52:17 vml000087 postfix/smtpd[10708]: connect from vml000020.dmz.nausch.org[10.0.0.20]
 +Nov 19 22:52:43 vml000087 postfix/smtpd[10708]: 48FF5C00088: client=vml000020.dmz.nausch.org[10.0.0.20]
 +Nov 19 22:53:36 vml000087 postfix/cleanup[10714]: 48FF5C00088: message-id=<GTUBE1.1010101@example.net>
 +Nov 19 22:53:37 vml000087 postfix/cleanup[10714]: 48FF5C00088: milter-reject: END-OF-MESSAGE from vml000020.dmz.nausch.org[10.0.0.20]: 5.7.0 Reject, id=12129-03 - spam; from=<michael@nausch.org> to=<django@nausch.org> proto=SMTP helo=<pml010049>
 +Nov 19 22:53:42 vml000087 postfix/smtpd[10708]: disconnect from vml000020.dmz.nausch.org[10.0.0.20]
 +</code>
 +
 +Im Maillog unseres AS/AV-Host können wir dann den Zustellversuch und die Bewertungen dazu einsehen. 
 +
 +   # less /var/log/maillog
 +<code>Nov 19 22:45:02 vml000067 amavis[12130]: (12130-02) load: 0 %, total idle 555.690 s, busy 2.718 s
 +Nov 19 22:53:36 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
 +Nov 19 22:53:36 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: request=AM.PDP
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: queue_id=48FF5C00088
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXPaVp4C
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXPaVp4C/email.txt
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.20
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_name=vml000020.dmz.nausch.org
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: helo_name=pml010049
 +Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Request: AM.PDP  /var/spool/amavisd/afXXXXPaVp4C: <michael@nausch.org> -> <django@nausch.org>
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) body hash: 51d53ffa32db4873fdf05a6e976eb0c7
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ip_trace: 10.0.0.20
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking: nCETkk_ruRal AM.PDP-SOCK/MYNETS [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) 2822.From: <sender@example.net>, 2821.Mail_From: <michael@nausch.org>
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) p001 1 Content-Type: text/plain, size: 540 B, name:
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) inspect_dsn: not a bounce
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking for banned types and filenames
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) skipping banned check: all recipients bypass banned checks
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) presenting full original message to scanners as /var/spool/amavisd/afXXXXPaVp4C/parts/p002
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n to socket /var/run/clamd.amavisd/clamd.sock
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) rw_loop read: got eof
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd): CLEAN
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd) result: clean
 +Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) blocking contents category is (6) for django@nausch.org, final_destiny -3
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) delivery method is 1, recips: django@nausch.org
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) DSN: sender is credible (orig), SA: 998.990, <michael@nausch.org>
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: 48FF5C00088, Message-ID: <GTUBE1.1010101@example.net>, mail_id: nCETkk_ruRal, Hits: 998.99, size: 1043, 1565 ms
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) TIMING-SA total 1498 ms - parse: 1.78 (0.1%), extract_message_metadata: 4 (0.3%), get_uri_detail_list: 0.92 (0.1%), tests_pri_-1000: 8 (0.5%), tests_pri_-950: 1.67 (0.1%), tests_pri_-900: 1.18 (0.1%), tests_pri_-400: 2 (0.1%), tests_pri_0: 1457 (97.3%), check_dkim_adsp: 269 (18.0%), check_spf: 0.34 (0.0%), check_razor2: 1119 (74.7%), check_pyzor: 0.20 (0.0%), tests_pri_500: 3 (0.2%), get_report: 1.53 (0.1%)
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) mail checking ended: version_server=2\nlog_id=12129-03\nsetreply=554 5.7.0 Reject,%20id=12129-03%20-%20spam\nreturn_value=reject\nexit_code=69
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) size: 1043, TIMING [total 1571 ms] - got data: 0.0 (0%)0, check_init: 2.9 (0%)0, digest_hdr: 1.0 (0%)0, digest_body_dkim: 0.2 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.1 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 24 (2%)3, parts_decode: 0.2 (0%)3, check_header: 0.6 (0%)3, AV-scan-1: 15 (1%)4, spam-wb-list: 0.8 (0%)4, SA msg read: 0.9 (0%)4, SA parse: 2.5 (0%)4, SA check: 1489 (95%)99, decide_mail_destiny: 9 (1%)99, notif-quar: 0.5 (0%)99, prepare-dsn: 0.6 (0%)99, report: 1.4 (0%)99, main_log_entry: 4.0 (0%)100, update_snmp: 5.0 (0%)100, rundown: 1.0 (0%)100
 +Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) load: 0 %, total idle 12954.550 s, busy 8.537 s
 +</code>
 +
 +Hier suche wir dann nach besagter ID 12129-03 und erfahren den eigentlichen Grund, warum die Annahme der Nachricht verweigert wurde.
 +
 +   Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0
 +
 +Der SPAM-Score liegt mit **998.99** geringfügig über unserem Schwellwert von **6.31**, was natürlich die Annahmeverweigerung entsprechend begründet.
 +
 +====== Links ======
 +  * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "ClamAV für AMaViS unter CentOS 7.x"]]**
 +  * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "Grundinstallation von AMaViS unter CentOS 7.x"]]**
 +  * **⇒ [[centos:mail_c7:spam_9|Weiter zum Kapitel "DKIM - Domain Key Identified Mail unter CentOS 7.x"]]**
 +  * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]**
 +  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
 +  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
 +
 +
  • centos/mail_c7/spam_8.1416410345.txt.gz
  • Zuletzt geändert: 19.11.2014 15:19.
  • von django