Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung |
centos:mail_c7:spam_8 [20.11.2014 08:16. ] – [HAM] django | centos:mail_c7:spam_8 [22.07.2019 15:01. ] (aktuell) – Externe Bearbeitung 127.0.0.1 |
---|
# Header-Checks basierend auf "From" im Mailheader (Nummerierung 2000 - 2999): | # Header-Checks basierend auf "From" im Mailheader (Nummerierung 2000 - 2999): |
| |
header HEADER_FROM_CHECKS_NR_2004 From =~ /^*.bild-nachrichten.net/im | header HEADER_FROM_CHECKS_NR_2004 From =~ /^.*bild-nachrichten.net/im |
score HEADER_FROM_CHECKS_NR_2004 20 | score HEADER_FROM_CHECKS_NR_2004 20 |
tflags HEADER_FROM_CHECKS_NR_2004 noautolearn | tflags HEADER_FROM_CHECKS_NR_2004 noautolearn |
| |
enabled | enabled |
| |
| |
Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet. | Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet. |
| |
===== Tests ===== | ===== Tests ===== |
| Haben wir die Konfiguration unseres **[[centos:mail_c7:spam_6|AMaViS]]** fertiggestellt, können wir uns auch daransetzen unsere **[[centos:mail_c7:spam_6?&#programmstart|Spamassassin]]**-Installation zu überprüfen. |
| |
==== HAM ==== | ==== HAM ==== |
Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. | Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. |
</code> | </code> |
| |
Auf Seiten unseres **AS/AV**((**A**nti**S**pam/**A**nti**Virus**))-Hosts wird die Prüfung im Maillog dokumentiert. | Auf Seiten unseres **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Hosts wird die Prüfung im Maillog dokumentiert. |
# less /var/log/maillog | # less /var/log/maillog |
<code>Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK" | <code>Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK" |
| |
==== SPAM (blacklist) ==== | ==== SPAM (blacklist) ==== |
| Haben wir unsere **AMaViS**-Konfiguration abgeschlossen, schicken wir uns entweder via **telnet** eine Nachricht, oder nutzen das Hilfsprogramm **[[http://www.jetmore.org/john/code/swaks/|swaks]]** für den tippfaulen Admin. |
| # swaks --to django@nausch.org --from me@example.com --server 10.0.0.87 --header "From: Euro Dice Casino" |
| |
| <code>=== Trying 10.0.0.87:25... |
| === Connected to 10.0.0.87. |
| <- 220 mx01.nausch.org ESMTP Postfix |
| -> EHLO vml000067.dmz.nausch.org |
| <- 250-mx01.nausch.org |
| <- 250-PIPELINING |
| <- 250-SIZE 52428800 |
| <- 250-ETRN |
| <- 250-STARTTLS |
| <- 250-ENHANCEDSTATUSCODES |
| <- 250-8BITMIME |
| <- 250 DSN |
| -> MAIL FROM:<me@example.com> |
| <- 250 2.1.0 Ok |
| -> RCPT TO:<django@nausch.org> |
| <- 250 2.1.5 Ok |
| -> DATA |
| <- 354 End data with <CR><LF>.<CR><LF> |
| -> Date: Thu, 20 Nov 2014 09:14:37 +0100 |
| -> To: django@nausch.org |
| -> From: Euro Dice Casino |
| -> Subject: test Thu, 20 Nov 2014 09:14:37 +0100 |
| -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ |
| -> |
| -> This is a test mailing |
| -> |
| -> . |
| <** 554 5.7.0 Reject, id=02244-01 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 20 09:14:37), client (10.0.0.67) and server (mx01.nausch.org). |
| -> QUIT |
| <- 221 2.0.0 Bye |
| === Connection closed with remote host. |
| </code> |
| |
| Im Maillog des **MTA**((**M**ail **T**ransport **A**gent)) finden wir die Einträge des Zustellungsversuch. |
| # less /var/log/maillog |
| <code>Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: connect from vml000067.dmz.nausch.org[10.0.0.67] |
| Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: 195FFC00088: client=vml000067.dmz.nausch.org[10.0.0.67] |
| Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: message-id=<> |
| Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: milter-reject: END-OF-MESSAGE from vml000067.dmz.nausch.org[10.0.0.67]: 5.7.0 Reject, id=02244-01 - spam; from=<me@example.com> to=<django@nausch.org> proto=ESMTP helo=<vml000067.dmz.nausch.org> |
| Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: disconnect from vml000067.dmz.nausch.org[10.0.0.67] |
| </code> |
| |
| Mit der id **02244-01** können wir dann im Maillog des **AS/AV**((**A**nti**S**pam und **A**nti**V**irus))-Host Details zur SPAM-Bewertung herausfinden. |
| # less /var/log/maillog |
| |
| <code>Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) extra modules loaded: unicore/lib/Gc/Nd.pl |
| Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) load: 100 %, total idle 0.000 s, busy 0.557 s |
| Nov 20 09:14:37 vml000067 amavis[2244]: loaded policy bank "AM.PDP-SOCK" |
| Nov 20 09:14:37 vml000067 amavis[2244]: process_request: fileno sock=13, STDIN=0, STDOUT=1 |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: request=AM.PDP |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: queue_id=195FFC00088 |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: sender=<me@example.com> |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: recipient=<django@nausch.org> |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir=/var/spool/amavisd/afXXXXSMIW7c |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir_removed_by=client |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: mail_file=/var/spool/amavisd/afXXXXSMIW7c/email.txt |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: delivery_care_of=client |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_address=10.0.0.67 |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_name=vml000067.dmz.nausch.org |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: helo_name=vml000067.dmz.nausch.org |
| Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: policy_bank=mx01.nausch.org |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Request: AM.PDP /var/spool/amavisd/afXXXXSMIW7c: <me@example.com> -> <django@nausch.org> |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK" |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) body hash: 5e4a6c05336dff65870f1c8870955b2a |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ip_trace: 10.0.0.67 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking: vHWwCUxVEbSn AM.PDP-SOCK/MYNETS [10.0.0.67] <me@example.com> -> <django@nausch.org> |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) 2822.From: <"Euro Dice Casino">, 2821.Mail_From: <me@example.com> |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) p001 1 Content-Type: text/plain, size: 24 B, name: |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) inspect_dsn: not a bounce |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking for banned types and filenames |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) skipping banned check: all recipients bypass banned checks |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXSMIW7c/parts/p002 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n to socket /var/run/clamd.amavisd/clamd.sock |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) rw_loop read: got eof |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd): CLEAN |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd) result: clean |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis" |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) spam_scan: score=19.14 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_FROM_CHECKS_NR_2001=20,MISSING_MID=0.14] recips=0 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) blocking contents category is (6) for django@nausch.org, final_destiny -3 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth= |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) delivery method is 1, recips: django@nausch.org |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) DSN: sender is credible (orig), SA: 19.140, <me@example.com> |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating} |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.67] <me@example.com> -> <django@nausch.org>, Queue-ID: 195FFC00088, mail_id: vHWwCUxVEbSn, Hits: 19.14, size: 413, 373 ms |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) TIMING-SA total 318 ms - parse: 1.04 (0.3%), extract_message_metadata: 3 (0.8%), get_uri_detail_list: 0.25 (0.1%), tests_pri_-1000: 6 (1.9%), tests_pri_-950: 1.82 (0.6%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 0.93 (0.3%), tests_pri_0: 279 (87.8%), check_spf: 0.33 (0.1%), check_razor2: 249 (78.4%), check_pyzor: 0.34 (0.1%), tests_pri_500: 9 (2.9%), get_report: 0.88 (0.3%) |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) mail checking ended: version_server=2\nlog_id=02244-01\nsetreply=554 5.7.0 Reject,%20id=02244-01%20-%20spam\nreturn_value=reject\nexit_code=69 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) size: 413, TIMING [total 376 ms] - got data: 0.0 (0%)0, check_init: 3.7 (1%)1, digest_hdr: 1.0 (0%)1, digest_body_dkim: 0.4 (0%)1, collect_info: 1.7 (0%)2, mkdir parts: 1.5 (0%)2, mime_decode: 10 (3%)5, get-file-type1: 14 (4%)9, parts_decode: 0.1 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 8 (2%)11, spam-wb-list: 0.6 (0%)11, SA msg read: 0.6 (0%)11, SA parse: 2.7 (1%)12, SA check: 311 (82%)94, decide_mail_destiny: 8 (2%)96, notif-quar: 0.5 (0%)97, prepare-dsn: 0.7 (0%)97, report: 1.4 (0%)97, main_log_entry: 8 (2%)99, update_snmp: 1.6 (0%)100, rundown: 1.2 (0%)100 |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) extra modules loaded: unicore/lib/Gc/Nd.pl |
| Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) load: 100 %, total idle 0.000 s, busy 0.408 s |
| </code> |
| |
| Der SPAM Score von **19.14** wird hauptsächlich von Wert **HEADER_FROM_CHECKS_NR_2001=20** gespeist. Somit wissen wir auch, welche unserer Definitionen aus der Spamassassin-Konfigurationsdatei //**/etc/mail/spamassassin/local.cf**// angesprochen hat. |
| |
FIXME | |
==== SPAM (GTUBE) ==== | ==== SPAM (GTUBE) ==== |
Zum Testen des Spamassassin schicken wir uns nun eine eMail via **telnet** und schicken im Mailbody den **[[http://spamassassin.apache.org/gtube/|GTUBE]]**((**G**eneric **T**est for **U**nsolicited **B**ulk **E**mail))-Teststring von der Seite [[http://spamassassin.apache.org/gtube/gtube.txt]] bzw. von //**/usr/share/doc/spamassassin-3.3.2/sample-spam.txt**// mit. | Zum Testen des Spamassassin schicken wir uns nun eine eMail via **telnet** und schicken im Mailbody den **[[http://spamassassin.apache.org/gtube/|GTUBE]]**((**G**eneric **T**est for **U**nsolicited **B**ulk **E**mail))-Teststring von der Seite [[http://spamassassin.apache.org/gtube/gtube.txt]] bzw. von //**/usr/share/doc/spamassassin-3.3.2/sample-spam.txt**// mit. |
| |
====== Links ====== | ====== Links ====== |
FIXME | * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "ClamAV für AMaViS unter CentOS 7.x"]]** |
| * **⇐ [[centos:mail_c7:spam_7|Zurück zum Kapitel "Grundinstallation von AMaViS unter CentOS 7.x"]]** |
| * **⇒ [[centos:mail_c7:spam_9|Weiter zum Kapitel "DKIM - Domain Key Identified Mail unter CentOS 7.x"]]** |
| * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]** |
| * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]** |
| * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]** |
| |