Inhaltsverzeichnis

Spamassassin für AMaViS unter CentOS 7.x

Bild: Logo Apache Spamassassin

Grundlagen

SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie AMaViS ist SpamAssassin ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS.

zuständiges MHS(Mail Handling System)des Absenderszuständiges MHS (Mail Handling System) des EmpfängersMTA (Mail Transfer Agent)Milter-System(e) (MILTER = Mail FILTER)ASAV-System (AntiSpam und AntiVirus)Backend SystemeMTA (Mail Transfer Agent)des Mail Service Providers Versand der eMails von Kunden, InteressentenGeschäftspartner über deren Mail Service Providerzum eMail-Server (MTA) des Empfängers SMTP-Daemon(MTA-Traffic: Port  25)(MUA-Traffic: Port 587) Annahme des SMTP-Verkehrs von anderenMTAs (Mail Transfer Agents) auf Port 25 ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││  Hostname:                    vml000087  ││  IP (ext):                217.91.103.19  ││  IP (int):                    10.0.0.87  ││  Port (MTA-Traffic) :                25  ││  Port (MUA-Traffic) :               587  ││                                          │└──────────────────────────────────────────┘ Postscreen Daemon Schutz vor Überbelastung und SPAM-Abwehr:Prüfung der einliefernden HOSTsauf Zombie-/SPAM-Bot-Verhalten ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││  Black-/Whitelisting                     ││  "Pre 220 SMTP Server Greeting"  Tests   ││  "Post 220 SMTP Server Greeting" Tests   ││                                          │└──────────────────────────────────────────┘ Header- und Body-Checks Bedarfsweise Überprüfung der Mailheaderund der MailBodies ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││  Header- und Body-checks                 ││  /etc/postfix/header_checks_map          ││  /etc/postfix/body_checks_map            ││                                          │└──────────────────────────────────────────┘ SMTP-Client des MTAs SMTP/LMTP-Client zum Versenden vonNachrichten an andere SMTP/LMTP-Server(MTAs und Backend-Systeme) ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││                                          │└──────────────────────────────────────────┘ SMTP-Daemon (Port 10025) Annahme des SMTP-Verkehrs(Notification Mails)vom AMaViS-Host auf Port 10025 ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││  IP (int):                    10.0.0.87  ││  Port (MTA-Traffic) :             10025  ││  berechtigter Host                       ││  zum Einliefern     :         10.0.0.67  ││                                          │└──────────────────────────────────────────┘ AMaViS-Milter (amavisd_milter) Schnittstelle zwischen MTA (Port 10013)und AMaViS (Unix-Socket) ┌──────────────────────────────────────────────────┐│                                                  ││  amavisd-milter :                 Version 1.6.x  ││  Hostname       :                     vml000067  ││  IP (int):                            10.0.0.67  ││  Anbindungen                                     ││  SOCKET         :               10013@10.0.0.67  ││  AMAVISD_SOCKET : /var/run/amavisd/amavisd.sock  ││                                                  │└──────────────────────────────────────────────────┘ AMaViS (A Mail Virus Scanner) Frontendsystem zur Steuerung der Hilfsprogrammewie Entpacker, Scanner und Spamassassin. ┌──────────────────────────────────────────────────┐│                                                  ││  amavisd-new    :                 Version 2.9.x  ││  Hostname       :                     vml000067  ││  IP (int)       :                     10.0.0.67  ││  Anbindungen                                     ││  AMAVISD_SOCKET : /var/run/amavisd/amavisd.sock  ││  AMAVISD Port   :                         10024  ││                                                  │└──────────────────────────────────────────────────┘ SMTP-Client des MTAs AMaViS SMTP-Client zum Versenden vonBenachrichtigungs eMails (notifications)an den Postfix MTA auf Port 10025 ┌──────────────────────────────────────────┐│                                          ││  Postfix :               Version 2.11.x  ││                                          │└──────────────────────────────────────────┘ ApacheSpamAssassin SPAM-Berwertungs Daemon zum automati-sierten Betrachten und Prüfen vonein- und ausgehender eMails aufunerwünschte Inhalte ┌──────────────────────────────────────────┐│                                          ││  SpamAssassin :           Version 3.3.x  ││  Hostname     :               vml000067  ││  IP (int)     :               10.0.0.67  ││  Port         :                     783  ││                                          │└──────────────────────────────────────────┘ Clam Antivirus Scanner Server Virenprüfsummen-Scanner zum Testen vonNachrichten und Dateianhängen auf potentielleSchadcode-Routinen ┌────────────────────────────────────────────────────┐│                                                    ││  clamav-server:                    Version 0.98.x  ││  Hostname     :                         vml000067  ││  IP (int)     :                         10.0.0.67  ││  LocalSocket  : /var/run/clamd.amavisd/clamd.sock  ││                                                    │└────────────────────────────────────────────────────┘ MDA (Mail Delivery Agent) Server zum Bereitstellen und Verwaltender Nachrichten für die Kunden ┌──────────────────────────────────────────┐│                                          ││  Dovecot IMAP/POP3-Server                ││  Version:                        2.2.15  ││  Host:                  imap.nausch.org  ││                         pop3.nausch.org  ││  IP (ext):                217.91.103.19  ││  IP (int):                    10.0.0.87  ││  Maileingang       (LMTP)            24  ││  Mailausgang       (IMAP)           143  ││                    (POP3)           933  ││  Verwaltung        (SIEVE)         4190  ││  Authentifizierung (SASL)          3659  ││  Quota-backend                    10000  ││                                          │└──────────────────────────────────────────┘ Mailinglisten-Server: mailman Server zum Versenden von Newslettern undeMails an Abbonenten von Mailinglisten ┌──────────────────────────────────────────────────┐│                                                  ││  Mailinglisten Server / Daemon                   ││  Version                                 2.1.15  ││  Host:                   mailman.dmz.nausch.org  ││  IP:                                  10.0.0.97  ││  URL: https://lists.nausch.org/mailman/listinfo  ││                                                  │└──────────────────────────────────────────────────┘ MUA (Mail User Agent)des Postfachinhabers/Kunden Versand der eMails unserer eigenen Kundenam Submission-Portdes eigenen eMail-Server (MTA) 

Für die Unterscheidung zwischen HAM1) und SPAM2) bedient sich SpamAssassin unterschiedlicher Techniken:

Installation

Wie üblich installieren wir die benötigten Programmpakete via YUM, falls das Paket nicht gleich bei der Installation von AMaViS mitinstalliert wurde.

 # yum install spamassassin -y

Programminfo

Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte rpm.

 # rpm -qil spamassassin
Name        : spamassassin                                                                                                                                   
Version     : 3.3.2                                                                                                                                          
Release     : 18.el7                                                                                                                                         
Architecture: x86_64                                                                                                                                         
Install Date: Fri 14 Nov 2014 02:10:06 PM CET                                                                                                                
Group       : Applications/Internet                                                                                                                          
Size        : 3332061                                                                                                                                        
License     : ASL 2.0                                                                                                                                        
Signature   : RSA/SHA256, Fri 04 Jul 2014 07:03:21 AM CEST, Key ID 24c6a8a7f4a80eb5                                                                          
Source RPM  : spamassassin-3.3.2-18.el7.src.rpm                                                                                                              
Build Date  : Tue 10 Jun 2014 07:31:27 AM CEST                                                                                                               
Build Host  : worker1.bsys.centos.org                                                                                                                        
Relocations : (not relocatable)                                                                                                                              
Packager    : CentOS BuildSystem <http://bugs.centos.org>                                                                                                    
Vendor      : CentOS                                                                                                                                         
URL         : http://spamassassin.apache.org/                                                                                                                
Summary     : Spam filter for email which can be invoked from mail delivery agents                                                                           
Description :                                                                                                                                                
SpamAssassin provides you with a way to reduce if not completely eliminate                                                                                   
Unsolicited Commercial Email (SPAM) from your incoming email.  It can                                                                                        
be invoked by a MDA such as sendmail or postfix, or can be called from                                                                                       
a procmail script, .forward file, etc.  It uses a genetic-algorithm                                                                                          
evolved scoring system to identify messages which look spammy, then                                                                                          
adds headers to the message so they can be filtered by the user's mail                                                                                       
reading software.  This distribution includes the spamd/spamc components                                                                                     
which create a server that considerably speeds processing of mail.                                                                                           

To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:                                     
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc             

To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).                                      
/etc/cron.d/sa-update                                         
/etc/logrotate.d/sa-update                                    
/etc/mail                                                     
/etc/mail/spamassassin                                        
/etc/mail/spamassassin/channel.d                              
/etc/mail/spamassassin/channel.d/sought.conf                  
/etc/mail/spamassassin/channel.d/spamassassin-official.conf   
/etc/mail/spamassassin/init.pre                               
/etc/mail/spamassassin/local.cf                               
/etc/mail/spamassassin/sa-update-keys                         
/etc/mail/spamassassin/spamassassin-default.rc                
/etc/mail/spamassassin/spamassassin-helper.sh                 
/etc/mail/spamassassin/spamassassin-spamc.rc                  
/etc/mail/spamassassin/v310.pre                               
/etc/mail/spamassassin/v312.pre                               
/etc/mail/spamassassin/v320.pre                               
/etc/mail/spamassassin/v330.pre                               
/etc/portreserve/spamd                                        
/etc/sysconfig/sa-update                                      
/etc/sysconfig/spamassassin                                   
/usr/bin/sa-awl                                               
/usr/bin/sa-check_spamd                                       
/usr/bin/sa-compile                                           
/usr/bin/sa-learn                                             
/usr/bin/sa-update                                            
/usr/bin/spamassassin                                         
/usr/bin/spamc                                                
/usr/bin/spamd                                                
/usr/lib/systemd/system/spamassassin.service                  
/usr/share/doc/spamassassin-3.3.2                             
/usr/share/doc/spamassassin-3.3.2/CREDITS                     
/usr/share/doc/spamassassin-3.3.2/Changes                     
/usr/share/doc/spamassassin-3.3.2/LICENSE                     
/usr/share/doc/spamassassin-3.3.2/NOTICE                      
/usr/share/doc/spamassassin-3.3.2/README                      
/usr/share/doc/spamassassin-3.3.2/README.RHEL.Fedora          
/usr/share/doc/spamassassin-3.3.2/TRADEMARK                   
/usr/share/doc/spamassassin-3.3.2/UPGRADE                     
/usr/share/doc/spamassassin-3.3.2/USAGE                       
/usr/share/doc/spamassassin-3.3.2/sample-nonspam.txt          
/usr/share/doc/spamassassin-3.3.2/sample-spam.txt             
/usr/share/man/man1/sa-awl.1.gz                               
/usr/share/man/man1/sa-compile.1.gz                           
/usr/share/man/man1/sa-learn.1.gz                             
/usr/share/man/man1/sa-update.1.gz                            
/usr/share/man/man1/spamassassin-run.1.gz                     
/usr/share/man/man1/spamassassin.1.gz                         
/usr/share/man/man1/spamc.1.gz                                
/usr/share/man/man1/spamd.1.gz                                
/usr/share/man/man3/Mail::SpamAssassin.3pm.gz                 
/usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz        
/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz      
/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz  
/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz          
/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz     
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz  
/usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz           
/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz       
/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz     
/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz        
/usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz      
/usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz           
/usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz     
/usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz   
/usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz   
/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz          
/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz    
/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz    
/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz     
/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz            
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz       
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz       
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz  
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz 
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz                
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz                  
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz                 
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz           
/usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz  
/usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz                
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz               
/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz         
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz          
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz                
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz          
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz                  
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz         
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz              
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz                 
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz              
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz            
/usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz              
/usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz     
/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz                
/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz             
/usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz           
/usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz                      
/usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz                         
/usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz         
/usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz               
/usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz    
/usr/share/man/man3/spamassassin-run.3pm.gz                                 
/usr/share/perl5/vendor_perl/Mail                                           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin                              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm                           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AICache.pm                   
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/ArchiveIterator.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AsyncLoop.pm                 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AutoWhitelist.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes                        
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes.pm                     
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineChi.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm   
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore                   
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/BDB.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/DBM.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/MySQL.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/PgSQL.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SDBM.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SQL.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Client.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf                         
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf.pm                      
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/LDAP.pm                 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/SQL.pm                  
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Constants.pm                 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/DBBasedAddrList.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm                       
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm                      
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locales.pm                   
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker                       
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Flock.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/UnixNFSSafe.pm        
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Win32.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger                       
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/File.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Stderr.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Syslog.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/MailingList.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message                      
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm                   
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Node.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/NetSet.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgLearner.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgStatus.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PersistentAddrList.pm        
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin                       
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ASN.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AWL.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AccessDB.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AntiVirus.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Bayes.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyEval.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DCC.pm                  
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm                 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DNSEval.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/FreeMail.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTMLEval.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm        
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Hashcash.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HeaderEval.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ImageInfo.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEEval.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEHeader.pm           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm  
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/PhishTag.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Pyzor.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayCountry.pm         
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayEval.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ReplaceTags.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Reuse.pm                
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Rule2XSBody.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm                  
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Shortcircuit.pm         
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SpamCop.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Test.pm                 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/TextCat.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDetail.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIEval.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/VBounce.pm              
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WLBLEval.pm             
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WhiteListSubject.pm     
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PluginHandler.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Reporter.pm                    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SQLBasedAddrList.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SpamdForkScaling.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SubProcBackChannel.pm          
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Timeout.pm                     
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util                           
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util.pm                        
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/DependencyInfo.pm         
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/Progress.pm               
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/RegistrarBoundaries.pm    
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/ScopedTimer.pm            
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/TieOneStringHash.pm       
/usr/share/perl5/vendor_perl/spamassassin-run.pod                             
/usr/share/spamassassin                                                       
/usr/share/spamassassin/10_default_prefs.cf                                   
/usr/share/spamassassin/20_advance_fee.cf                                     
/usr/share/spamassassin/20_aux_tlds.cf                                        
/usr/share/spamassassin/20_body_tests.cf                                      
/usr/share/spamassassin/20_compensate.cf                                      
/usr/share/spamassassin/20_dnsbl_tests.cf                                     
/usr/share/spamassassin/20_drugs.cf                                           
/usr/share/spamassassin/20_dynrdns.cf                                         
/usr/share/spamassassin/20_fake_helo_tests.cf                                 
/usr/share/spamassassin/20_freemail.cf                                        
/usr/share/spamassassin/20_freemail_domains.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/20_imageinfo.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_net_tests.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/20_vbounce.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_accessdb.cf
/usr/share/spamassassin/25_antivirus.cf
/usr/share/spamassassin/25_asn.cf
/usr/share/spamassassin/25_dcc.cf
/usr/share/spamassassin/25_dkim.cf
/usr/share/spamassassin/25_hashcash.cf
/usr/share/spamassassin/25_pyzor.cf
/usr/share/spamassassin/25_razor2.cf
/usr/share/spamassassin/25_replace.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/25_textcat.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/30_text_it.cf
/usr/share/spamassassin/30_text_nl.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_pt_br.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/60_adsp_override_dkim.cf
/usr/share/spamassassin/60_awl.cf
/usr/share/spamassassin/60_shortcircuit.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/60_whitelist_dkim.cf
/usr/share/spamassassin/60_whitelist_spf.cf
/usr/share/spamassassin/60_whitelist_subject.cf
/usr/share/spamassassin/72_active.cf
/usr/share/spamassassin/72_scores.cf
/usr/share/spamassassin/73_sandbox_manual_scores.cf
/usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt
/usr/share/spamassassin/languages
/usr/share/spamassassin/local.cf
/usr/share/spamassassin/regression_tests.cf
/usr/share/spamassassin/sa-update-pubkey.txt
/usr/share/spamassassin/sa-update.cron
/usr/share/spamassassin/user_prefs.template
/var/lib/spamassassin
/var/run/spamassassin

Konfiguration

spamassassin

Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis /etc/mail/spamassassin/ befindet sich die Konfigurationsdatei local.cf mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können.

 # vim /etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/local.cf
 These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
 
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
 
# Ab welchem Punktestand soll eine eMail als Spam betrachtet werden?
required_hits 5
 
# Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. Sofern 
# report_safe 0 definiert wurde, fügt Spamassassin lediglich einige X-Spam-Header ein und lässt die
# E-Mail ansonsten unverändert.
report_safe 0
 
# Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, zusätzlich 
# mit dem Hinweis "[SPAM]" in der Betreffzeile gekennzeichnet werden sollen.
rewrite_header Subject [SPAM]
 
# Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken (Bayes- und 
# Autowhitelisting) vor gleichzeitigen Zugriffen zu schützen. Wenn sichergestellt ist, daß auf die beiden 
# Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen  erheblich an Performance 
# gewonnen werden, indem die Sperrmethode flock verwendet wird.
lock_method flock
 
# lokale Headerchecks
# Änderungen werden aufsteigend eingetragen, d.h. die neuesten Einträge sind *immer* oben zu finden!
# /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten
# /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren
 
# Header-Checks basierend auf IP-Adressen im Mailheader (Nummerierung 1000 - 1999):
 
# whitelisting
header          HEADER_RECEIVED_CHECKS_NR_1001   Received =~ /^.*198.51.100/im
score           HEADER_RECEIVED_CHECKS_NR_1001   -5
tflags          HEADER_RECEIVED_CHECKS_NR_1001   noautolearn
 
# blacklisting
header          HEADER_RECEIVED_CHECKS_NR_1000   Received =~ /^.*203.0.113/im
score           HEADER_RECEIVED_CHECKS_NR_1000   20
tflags          HEADER_RECEIVED_CHECKS_NR_1000   noautolearn
 
 
# Header-Checks basierend auf "From" im Mailheader  (Nummerierung 2000 - 2999):
 
header          HEADER_FROM_CHECKS_NR_2004       From =~ /^.*bild-nachrichten.net/im
score           HEADER_FROM_CHECKS_NR_2004       20
tflags          HEADER_FROM_CHECKS_NR_2004       noautolearn
 
header          HEADER_FROM_CHECKS_NR_2003       From =~ /^Gold Ring Support.*/im
score           HEADER_FROM_CHECKS_NR_2003       20
tflags          HEADER_FROM_CHECKS_NR_2003       noautolearn
 
header          HEADER_FROM_CHECKS_NR_2002       From =~ /^.*Ruby.*/im
score           HEADER_FROM_CHECKS_NR_2002       20
tflags          HEADER_FROM_CHECKS_NR_2002       noautolearn
 
header          HEADER_FROM_CHECKS_NR_2001       From =~ /^.*Euro Dice Casino/im
score           HEADER_FROM_CHECKS_NR_2001       20
tflags          HEADER_FROM_CHECKS_NR_2001       noautolearn
 
header          HEADER_FROM_CHECKS_NR_2000       From =~ /^.*belohnungs-abteilung/im
score           HEADER_FROM_CHECKS_NR_2000       20
tflags          HEADER_FROM_CHECKS_NR_2000       noautolearn
 
 
# Header-Checks basierend auf "Subject" im Mailheader  (Nummerierung 3000 - 3999):
 
header          HEADER_SUBJECT_CHECKS_NR_3002    Subject =~ /.*Risk.net.*/im
score           HEADER_SUBJECT_CHECKS_NR_3002    20
tflags          HEADER_SUBJECT_CHECKS_NR_3002    noautolearn
 
header          HEADER_SUBJECT_CHECKS_NR_3001    Subject =~ /.*Ruby Palace.*/im
score           HEADER_SUBJECT_CHECKS_NR_3001    20
tflags          HEADER_SUBJECT_CHECKS_NR_3001    noautolearn
 
# Header-Checks basierend auf "X-Mailer" im Mailheader  (Nummerierung 4000 - 4999):
 
header          HEADER_XMAILER_CHECKS_NR_4000    X-Mailer =~ /.*\b(E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|SEKOFOXM|Blat.v3.1.1)\b/im
score           HEADER_XMAILER_CHECKS_NR_4000    20
tflags          HEADER_XMAILER_CHECKS_NR_4000    noautolearn

amavisd

Zur Konfiguration von AMaViS haben wir bei der zugehörigen Konfigurationsdatei /etc/amavisd/amavisd.conf bei der Installation und Konfiguration von AMaViS bereits die Section SPAM POLICY angelegt.

 # vim /etc/amavisd/amavisd.conf
################################################################################
## SPAM POLICY
#
 
# Check aktivieren?
# @bypass_spam_checks_maps  = (1);
 
# In Quarantäne?
$spam_quarantine_to = undef;
 
# Admin benachrichtigen?
$spam_admin = undef;
 
# Recipient-Adresse bei Release erweitern?
@addr_extension_spam_maps = ('spam');
 
# E-Mail bei Release wrappen?
$defang_spam = undef;
 
# Wollen wir Content transportieren?
$final_spam_destiny = D_REJECT;
 
# add spam info headers if at, or above that level
$sa_tag_level_deflt  = -1000.0;
# add 'spam detected' headers at that level
$sa_tag2_level_deflt = 6.31;
# triggers spam evasive actions (e.g. blocks mail)
$sa_kill_level_deflt = 6.31;
# spam level beyond which a DSN is not sent
$sa_dsn_cutoff_level = 10;
# likewise, but for a likely valid From
$sa_crediblefrom_dsn_cutoff_level = 18;
# spam level beyond which quarantine is off
# $sa_quarantine_cutoff_level = 25;
 
# (no effect without a @storage_sql_dsn database)
$penpals_bonus_score = 8;
# don't waste time on hi spam
$penpals_threshold_high = $sa_kill_level_deflt;
# spam score points to add for joe-jobbed bounces
$bounce_killer_score = 100;
# don't waste time on SA if mail is larger
$sa_mail_body_size_limit = 400*1024;
# only tests which do not require internet access?
$sa_local_tests_only = 0;
 
$sa_spam_subject_tag = '***Spam*** ';

Somit müssen wir auf Seiten von AMaViS keine zusätzlichen Einstellungen vornehmen.

Programmstart

erster Systemstart

Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.

 # systemctl start spamassassin

Den Status des Daemon fragen wir bei Bedarf wie folgt ab.

 # systemctl status spamassassin
spamassassin.service - Spamassassin daemon
   Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; disabled)
   Active: active (running) since Wed 2014-11-19 18:52:53 CET; 2s ago
  Process: 12346 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid $SPAMDOPTIONS (code=exited, status=0/SUCCESS)
  Process: 12345 ExecStartPre=/sbin/portrelease spamd (code=exited, status=0/SUCCESS)
 Main PID: 12350 (/usr/bin/spamd )
   CGroup: /system.slice/spamassassin.service
           ├─12350 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
           ├─12351 spamd child
           └─12352 spamd child

Nov 19 18:52:46 vml000067.dmz.nausch.org systemd[1]: Starting Spamassassin daemon...
Nov 19 18:52:46 vml000067.dmz.nausch.org spamd[12346]: logger: removing stderr method
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2)
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server pid: 12350
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12351
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12352
Nov 19 18:52:53 vml000067.dmz.nausch.org systemd[1]: Started Spamassassin daemon.
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: IS
Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: II

Im Maillog wird der Start des Daemon entsprechend protokolliert.

 # less /var/log/maillog
Nov 19 18:52:32 vml000067 spamd[11411]: spamd: server killed by SIGTERM, shutting down
Nov 19 18:52:46 vml000067 spamd[12346]: logger: removing stderr method
Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2)
Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server pid: 12350
Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12351
Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12352
Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: IS
Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: II

In der Prozessübersicht finden wir dazu dann auch entsprechend folgene Prozesse.

 # ps auxwww | grep spam
root     12350  0.3  3.3 283472 64072 ?        Ss   18:52   0:02 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
root     12351  0.0  3.2 283472 61148 ?        S    18:52   0:00 spamd child
root     12352  0.0  3.2 283472 61152 ?        S    18:52   0:00 spamd child

Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht:

 # lsof -i :783
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 12350 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)
spamd     12351 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)
spamd     12352 root    5u  IPv4 122819      0t0  TCP localhost:783 (LISTEN)

Das gleiche können wir natürlich auch via netstat abrufen.

 # netstat -tulpen | grep spamd
 tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      0          122819     12350/spamd.pid -d

automatisches Starten des Dienste beim Systemstart

Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.

 # systemctl enable spamassassin
 ln -s '/usr/lib/systemd/system/spamassassin.service' '/etc/systemd/system/multi-user.target.wants/spamassassin.service'

Wollen wir überprüfen ob der Dienst automatisch startet, verwenden wir folgenden Aufruf.

 # systemctl is-enabled spamassassin
 enabled

Die Rückmeldung enabled zeigt an, dass der Dienst automatisch startet; ein disabled zeigt entsprechend an, dass der Dienst nicht automatisch startet.

Tests

Haben wir die Konfiguration unseres AMaViS fertiggestellt, können wir uns auch daransetzen unsere Spamassassin-Installation zu überprüfen.

HAM

Haben wir unsere AMaViS-Konfiguration abgeschlossen, schicken wir uns entweder via telnet eine Nachricht, oder nutzen das Hilfsprogramm swaks für den tippfaulen Admin.

 # swaks --to django@nausch.org --from michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
=== Trying 10.0.0.87:25...
=== Connected to 10.0.0.87.
<-  220 mx01.nausch.org ESMTP Postfix
 -> EHLO vml000087.dmz.nausch.org
<-  250-mx01.nausch.org
<-  250-PIPELINING
<-  250-SIZE 52428800
<-  250-ETRN
<-  250-STARTTLS
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250 DSN
 -> MAIL FROM:<michael@nausch.org>
<-  250 2.1.0 Ok
 -> RCPT TO:<django@nausch.org>
<-  250 2.1.5 Ok
 -> DATA
<-  354 End data with <CR><LF>.<CR><LF>
 -> Date: Wed, 19 Nov 2014 19:17:33 +0100
 -> To: django@nausch.org
 -> From: michael@nausch.org
 -> Subject: test Wed, 19 Nov 2014 19:17:33 +0100
 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 -> X-Test: test email
 -> 
 -> This is a test mailing
 -> 
 -> .
<-  250 2.0.0 Ok: queued as C24B9C00088
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.

Im Maillog des MTA4) finden wir die einträge der erfolgreichen Zustellung.

 # less /var/log/maillog
Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: connect from vml000087.dmz.nausch.org[10.0.0.87]
Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: C24B9C00088: client=vml000087.dmz.nausch.org[10.0.0.87]
Nov 19 19:17:34 vml000087 postfix/cleanup[10470]: C24B9C00088: message-id=<20141119181734.C24B9C00088@mx01.nausch.org>
Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: from=<michael@nausch.org>, size=535, nrcpt=1 (queue active)
Nov 19 19:17:36 vml000087 postfix/smtpd[10464]: disconnect from vml000087.dmz.nausch.org[10.0.0.87]
Nov 19 19:17:36 vml000087 postfix/lmtp[10471]: C24B9C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=2.9, delays=2.7/0.02/0.03/0.13, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> 6jMkM8DebFTdFwAArK2B9Q Saved)
Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: removed

Auf Seiten unseres AS/AV5)-Hosts wird die Prüfung im Maillog dokumentiert.

 # less /var/log/maillog
Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
Nov 19 19:17:34 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: request=AM.PDP
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: queue_id=C24B9C00088
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXulTBQB
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXulTBQB/email.txt
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.87
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_name=vml000087.dmz.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: helo_name=vml000087.dmz.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Request: AM.PDP  /var/spool/amavisd/afXXXXulTBQB: <michael@nausch.org> -> <django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ip_trace: 10.0.0.87
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking: rMpVKZqRt9Zi AM.PDP-SOCK/MYNETS [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) 2822.From: <michael@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) p001 1 Content-Type: text/plain, size: 24 B, name:
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) inspect_dsn: not a bounce
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking for banned types and filenames
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) skipping banned check: all recipients bypass banned checks
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXulTBQB/parts/p002
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) rw_loop read: got eof
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd): CLEAN
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd) result: clean
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam_scan: score=-1.01 autolearn=ham tests=[ALL_TRUSTED=-1,T_RP_MATCHES_RCVD=-0.01] recips=0
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) do_notify_and_quar: ccat=CleanTag (1,1) ("1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) delivery method is 1, recips: django@nausch.org
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam-tag, <michael@nausch.org> -> <django@nausch.org>, No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: candidate originators: From:<michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: not signing, empty signing domain, From: <michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) DSN: sender is credible (orig), SA: -1.010, <michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) status counters: InMsgsStatus{Accepted,AcceptedInternal,AcceptedOriginating}
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) Passed CLEAN {AcceptedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: C24B9C00088, Message-ID: <20141119181734.C24B9C00088@mx01.nausch.org>, mail_id: rMpVKZqRt9Zi, Hits: -1.01, size: 497, 1923 ms
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) TIMING-SA total 1851 ms - parse: 1.30 (0.1%), extract_message_metadata: 32 (1.7%), poll_dns_idle: 12 (0.7%), get_uri_detail_list: 0.58 (0.0%), tests_pri_-1000: 3 (0.2%), tests_pri_-950: 1.71 (0.1%), tests_pri_-900: 1.23 (0.1%), tests_pri_-400: 0.94 (0.1%), tests_pri_0: 1514 (81.8%), check_dkim_adsp: 14 (0.7%), check_spf: 0.88 (0.0%), check_razor2: 1449 (78.3%), check_pyzor: 0.22 (0.0%), tests_pri_500: 3 (0.2%), learn: 274 (14.8%), get_report: 2 (0.1%)
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) mail checking ended: version_server=2\nlog_id=12129-01\nsetreply=250 2.5.0 Ok,%20id=12129-01,%20continue%20delivery\ninsheader=0 X-Spam-Status No,%20score=-1.01%20tagged_above=-1000%20required=6.31%0a%09tests=[ALL_TRUSTED=-1,%20T_RP_MATCHES_RCVD=-0.01]%20autolearn=ham\ninsheader=0 X-Spam-Level \ninsheader=0 X-Spam-Score -1.01\ninsheader=0 X-Spam-Flag NO\nreturn_value=continue\nexit_code=0
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) size: 497, TIMING [total 1927 ms] - got data: 0.1 (0%)0, check_init: 4.3 (0%)0, digest_hdr: 1.2 (0%)0, digest_body_dkim: 0.3 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.3 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 17 (1%)2, parts_decode: 0.2 (0%)2, check_header: 0.4 (0%)2, AV-scan-1: 9 (0%)2, spam-wb-list: 4.6 (0%)3, SA msg read: 0.7 (0%)3, SA parse: 3.1 (0%)3, SA check: 1839 (95%)98, decide_mail_destiny: 15 (1%)99, notif-quar: 1.1 (0%)99, prepare-dsn: 4.7 (0%)99, report: 1.4 (0%)99, main_log_entry: 9 (0%)100, update_snmp: 1.4 (0%)100, rundown: 1.3 (0%)100
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) load: 100 %, total idle 0.000 s, busy 1.953 s

In der Inbox unseres MUA6)s POP3/IMAP-Servers finden wir auch die zugestellte Nachricht.

Return-Path: <michael@nausch.org>
Delivered-To: django@nausch.org
Received: from mx01.nausch.org ([10.0.0.87])
	by imap.nausch.org (Dovecot) with LMTP id 6jMkM8DebFTdFwAArK2B9Q
	for <django@nausch.org>; Wed, 19 Nov 2014 19:17:36 +0100
X-Spam-Flag: NO
X-Spam-Score: -1.01
X-Spam-Level: 
X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31
	tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from vml000087.dmz.nausch.org (vml000087.dmz.nausch.org [10.0.0.87])
	by mx01.nausch.org (Postfix) with ESMTP id C24B9C00088
	for <django@nausch.org>; Wed, 19 Nov 2014 19:17:34 +0100 (CET)
Date: Wed, 19 Nov 2014 19:17:33 +0100
To: django@nausch.org
From: michael@nausch.org
Subject: test Wed, 19 Nov 2014 19:17:33 +0100
X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
X-Test: test email
Message-Id: <20141119181734.C24B9C00088@mx01.nausch.org>

This is a test mailing

AMavis hat gemäß unserer Einstellung entsprechende X-Spam-Header des Spamassassin-Backends im Mailheader der eMail eingetragen.

X-Spam-Flag: NO
X-Spam-Score: -1.01
X-Spam-Level: 
X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31
	tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham

SPAM (blacklist)

Haben wir unsere AMaViS-Konfiguration abgeschlossen, schicken wir uns entweder via telnet eine Nachricht, oder nutzen das Hilfsprogramm swaks für den tippfaulen Admin.

 # swaks --to django@nausch.org --from me@example.com --server 10.0.0.87 --header "From: Euro Dice Casino"
=== Trying 10.0.0.87:25...
=== Connected to 10.0.0.87.
<-  220 mx01.nausch.org ESMTP Postfix
 -> EHLO vml000067.dmz.nausch.org
<-  250-mx01.nausch.org
<-  250-PIPELINING
<-  250-SIZE 52428800
<-  250-ETRN
<-  250-STARTTLS
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250 DSN
 -> MAIL FROM:<me@example.com>
<-  250 2.1.0 Ok
 -> RCPT TO:<django@nausch.org>
<-  250 2.1.5 Ok
 -> DATA
<-  354 End data with <CR><LF>.<CR><LF>
 -> Date: Thu, 20 Nov 2014 09:14:37 +0100
 -> To: django@nausch.org
 -> From: Euro Dice Casino
 -> Subject: test Thu, 20 Nov 2014 09:14:37 +0100
 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ->
 -> This is a test mailing
 ->
 -> .
<** 554 5.7.0 Reject, id=02244-01 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 20 09:14:37), client (10.0.0.67) and server (mx01.nausch.org).
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.

Im Maillog des MTA7) finden wir die Einträge des Zustellungsversuch.

 # less /var/log/maillog
Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: connect from vml000067.dmz.nausch.org[10.0.0.67]
Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: 195FFC00088: client=vml000067.dmz.nausch.org[10.0.0.67]
Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: message-id=<>
Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: milter-reject: END-OF-MESSAGE from vml000067.dmz.nausch.org[10.0.0.67]: 5.7.0 Reject, id=02244-01 - spam; from=<me@example.com> to=<django@nausch.org> proto=ESMTP helo=<vml000067.dmz.nausch.org>
Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: disconnect from vml000067.dmz.nausch.org[10.0.0.67]

Mit der id 02244-01 können wir dann im Maillog des AS/AV8)-Host Details zur SPAM-Bewertung herausfinden.

 # less /var/log/maillog
Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) load: 100 %, total idle 0.000 s, busy 0.557 s
Nov 20 09:14:37 vml000067 amavis[2244]: loaded policy bank "AM.PDP-SOCK"
Nov 20 09:14:37 vml000067 amavis[2244]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: request=AM.PDP
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: queue_id=195FFC00088
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: sender=<me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: recipient=<django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir=/var/spool/amavisd/afXXXXSMIW7c
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir_removed_by=client
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: mail_file=/var/spool/amavisd/afXXXXSMIW7c/email.txt
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: delivery_care_of=client
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_address=10.0.0.67
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_name=vml000067.dmz.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: helo_name=vml000067.dmz.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: policy_bank=mx01.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Request: AM.PDP  /var/spool/amavisd/afXXXXSMIW7c: <me@example.com> -> <django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ip_trace: 10.0.0.67
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking: vHWwCUxVEbSn AM.PDP-SOCK/MYNETS [10.0.0.67] <me@example.com> -> <django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) 2822.From: <"Euro Dice Casino">, 2821.Mail_From: <me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) p001 1 Content-Type: text/plain, size: 24 B, name:
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) inspect_dsn: not a bounce
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking for banned types and filenames
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) skipping banned check: all recipients bypass banned checks
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXSMIW7c/parts/p002
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) rw_loop read: got eof
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd): CLEAN
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd) result: clean
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) spam_scan: score=19.14 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_FROM_CHECKS_NR_2001=20,MISSING_MID=0.14] recips=0
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) blocking contents category is (6) for django@nausch.org, final_destiny -3
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) delivery method is 1, recips: django@nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) DSN: sender is credible (orig), SA: 19.140, <me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.67] <me@example.com> -> <django@nausch.org>, Queue-ID: 195FFC00088, mail_id: vHWwCUxVEbSn, Hits: 19.14, size: 413, 373 ms
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) TIMING-SA total 318 ms - parse: 1.04 (0.3%), extract_message_metadata: 3 (0.8%), get_uri_detail_list: 0.25 (0.1%), tests_pri_-1000: 6 (1.9%), tests_pri_-950: 1.82 (0.6%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 0.93 (0.3%), tests_pri_0: 279 (87.8%), check_spf: 0.33 (0.1%), check_razor2: 249 (78.4%), check_pyzor: 0.34 (0.1%), tests_pri_500: 9 (2.9%), get_report: 0.88 (0.3%)
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) mail checking ended: version_server=2\nlog_id=02244-01\nsetreply=554 5.7.0 Reject,%20id=02244-01%20-%20spam\nreturn_value=reject\nexit_code=69
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) size: 413, TIMING [total 376 ms] - got data: 0.0 (0%)0, check_init: 3.7 (1%)1, digest_hdr: 1.0 (0%)1, digest_body_dkim: 0.4 (0%)1, collect_info: 1.7 (0%)2, mkdir parts: 1.5 (0%)2, mime_decode: 10 (3%)5, get-file-type1: 14 (4%)9, parts_decode: 0.1 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 8 (2%)11, spam-wb-list: 0.6 (0%)11, SA msg read: 0.6 (0%)11, SA parse: 2.7 (1%)12, SA check: 311 (82%)94, decide_mail_destiny: 8 (2%)96, notif-quar: 0.5 (0%)97, prepare-dsn: 0.7 (0%)97, report: 1.4 (0%)97, main_log_entry: 8 (2%)99, update_snmp: 1.6 (0%)100, rundown: 1.2 (0%)100
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) load: 100 %, total idle 0.000 s, busy 0.408 s

Der SPAM Score von 19.14 wird hauptsächlich von Wert HEADER_FROM_CHECKS_NR_2001=20 gespeist. Somit wissen wir auch, welche unserer Definitionen aus der Spamassassin-Konfigurationsdatei /etc/mail/spamassassin/local.cf angesprochen hat.

SPAM (GTUBE)

Zum Testen des Spamassassin schicken wir uns nun eine eMail via telnet und schicken im Mailbody den GTUBE9)-Teststring von der Seite http://spamassassin.apache.org/gtube/gtube.txt bzw. von /usr/share/doc/spamassassin-3.3.2/sample-spam.txt mit.

 $ telnet 10.0.0.87 25
Trying 10.0.0.87...
Connected to 10.0.0.87.
Escape character is '^]'.
220 mx01.nausch.org ESMTP Postfix
helo pml010049
250 mx01.nausch.org
mail from:<michael@nausch.org>
250 2.1.0 Ok
rcpt to:<django@nausch.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 19 Nov 2014 20:04:38 +0000
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
        Generic
        Test for
        Unsolicited
        Bulk
        Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

You should send this test mail from an account outside of your network.

.
554 5.7.0 Reject, id=12129-03 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 19 22:53:37), client (10.0.0.20) and server (mx01.nausch.org).
quit
221 2.0.0 Bye
Connection closed by foreign host.

Dem einliefernden SMTP-Client wird also die eMail nicht abgenommen und mit einem Fehlercode 554 5.7.0 Reject, id=12129-03 - spam. abgewiesen; d.h. der Sender erfährt also auch direkt sofort, dass ihm die Nachricht nicht abgenommen wurde.

Im Maillog unseres MTAs finden wir nun wiederum einen Hinweis, warum die Nachricht mit dem Fehlercode 554 5.7.0 Reject, id=12129-03 - spam. abgewiesen wurde.

 # less /var/log/maillog
Nov 19 22:52:17 vml000087 postfix/smtpd[10708]: connect from vml000020.dmz.nausch.org[10.0.0.20]
Nov 19 22:52:43 vml000087 postfix/smtpd[10708]: 48FF5C00088: client=vml000020.dmz.nausch.org[10.0.0.20]
Nov 19 22:53:36 vml000087 postfix/cleanup[10714]: 48FF5C00088: message-id=<GTUBE1.1010101@example.net>
Nov 19 22:53:37 vml000087 postfix/cleanup[10714]: 48FF5C00088: milter-reject: END-OF-MESSAGE from vml000020.dmz.nausch.org[10.0.0.20]: 5.7.0 Reject, id=12129-03 - spam; from=<michael@nausch.org> to=<django@nausch.org> proto=SMTP helo=<pml010049>
Nov 19 22:53:42 vml000087 postfix/smtpd[10708]: disconnect from vml000020.dmz.nausch.org[10.0.0.20]

Im Maillog unseres AS/AV-Host können wir dann den Zustellversuch und die Bewertungen dazu einsehen.

 # less /var/log/maillog
Nov 19 22:45:02 vml000067 amavis[12130]: (12130-02) load: 0 %, total idle 555.690 s, busy 2.718 s
Nov 19 22:53:36 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
Nov 19 22:53:36 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: request=AM.PDP
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: queue_id=48FF5C00088
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXPaVp4C
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXPaVp4C/email.txt
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.20
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_name=vml000020.dmz.nausch.org
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: helo_name=pml010049
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Request: AM.PDP  /var/spool/amavisd/afXXXXPaVp4C: <michael@nausch.org> -> <django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) body hash: 51d53ffa32db4873fdf05a6e976eb0c7
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ip_trace: 10.0.0.20
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking: nCETkk_ruRal AM.PDP-SOCK/MYNETS [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) 2822.From: <sender@example.net>, 2821.Mail_From: <michael@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) p001 1 Content-Type: text/plain, size: 540 B, name:
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) inspect_dsn: not a bounce
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking for banned types and filenames
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) skipping banned check: all recipients bypass banned checks
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) presenting full original message to scanners as /var/spool/amavisd/afXXXXPaVp4C/parts/p002
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Connecting to socket  /var/run/clamd.amavisd/clamd.sock
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) rw_loop read: got eof
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd): CLEAN
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd) result: clean
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) blocking contents category is (6) for django@nausch.org, final_destiny -3
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) delivery method is 1, recips: django@nausch.org
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) DSN: sender is credible (orig), SA: 998.990, <michael@nausch.org>
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: 48FF5C00088, Message-ID: <GTUBE1.1010101@example.net>, mail_id: nCETkk_ruRal, Hits: 998.99, size: 1043, 1565 ms
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) TIMING-SA total 1498 ms - parse: 1.78 (0.1%), extract_message_metadata: 4 (0.3%), get_uri_detail_list: 0.92 (0.1%), tests_pri_-1000: 8 (0.5%), tests_pri_-950: 1.67 (0.1%), tests_pri_-900: 1.18 (0.1%), tests_pri_-400: 2 (0.1%), tests_pri_0: 1457 (97.3%), check_dkim_adsp: 269 (18.0%), check_spf: 0.34 (0.0%), check_razor2: 1119 (74.7%), check_pyzor: 0.20 (0.0%), tests_pri_500: 3 (0.2%), get_report: 1.53 (0.1%)
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) mail checking ended: version_server=2\nlog_id=12129-03\nsetreply=554 5.7.0 Reject,%20id=12129-03%20-%20spam\nreturn_value=reject\nexit_code=69
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) size: 1043, TIMING [total 1571 ms] - got data: 0.0 (0%)0, check_init: 2.9 (0%)0, digest_hdr: 1.0 (0%)0, digest_body_dkim: 0.2 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.1 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 24 (2%)3, parts_decode: 0.2 (0%)3, check_header: 0.6 (0%)3, AV-scan-1: 15 (1%)4, spam-wb-list: 0.8 (0%)4, SA msg read: 0.9 (0%)4, SA parse: 2.5 (0%)4, SA check: 1489 (95%)99, decide_mail_destiny: 9 (1%)99, notif-quar: 0.5 (0%)99, prepare-dsn: 0.6 (0%)99, report: 1.4 (0%)99, main_log_entry: 4.0 (0%)100, update_snmp: 5.0 (0%)100, rundown: 1.0 (0%)100
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) load: 0 %, total idle 12954.550 s, busy 8.537 s

Hier suche wir dann nach besagter ID 12129-03 und erfahren den eigentlichen Grund, warum die Annahme der Nachricht verweigert wurde.

 Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0

Der SPAM-Score liegt mit 998.99 geringfügig über unserem Schwellwert von 6.31, was natürlich die Annahmeverweigerung entsprechend begründet.

Links

1)
erwünschten Nachrichten
2)
unerwünschten Nachrichten
3)
Real Blackhole Lists
4) , 7)
Mail Transport Agent
5) , 8)
AntiSpam und AntiVirus
6)
Mail User Agent
9)
Generic Test for Unsolicited Bulk Email