Spamassassin für AMaViS unter CentOS 7.x
Grundlagen
SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam) automatisch erkannt und aussortiert werden können. Ebenso wie AMaViS ist SpamAssassin ein Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B. die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von AMaViS.
Für die Unterscheidung zwischen HAM1) und SPAM2) bedient sich SpamAssassin unterschiedlicher Techniken:
- Abfrage von RBLs3).
- Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor.
- Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails
- Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln.
Installation
Wie üblich installieren wir die benötigten Programmpakete via YUM, falls das Paket nicht gleich bei der Installation von AMaViS mitinstalliert wurde.
# yum install spamassassin -y
Programminfo
Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte rpm.
# rpm -qil spamassassin
Name : spamassassin
Version : 3.3.2
Release : 18.el7
Architecture: x86_64
Install Date: Fri 14 Nov 2014 02:10:06 PM CET
Group : Applications/Internet
Size : 3332061
License : ASL 2.0
Signature : RSA/SHA256, Fri 04 Jul 2014 07:03:21 AM CEST, Key ID 24c6a8a7f4a80eb5
Source RPM : spamassassin-3.3.2-18.el7.src.rpm
Build Date : Tue 10 Jun 2014 07:31:27 AM CEST
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://spamassassin.apache.org/
Summary : Spam filter for email which can be invoked from mail delivery agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
/etc/cron.d/sa-update
/etc/logrotate.d/sa-update
/etc/mail
/etc/mail/spamassassin
/etc/mail/spamassassin/channel.d
/etc/mail/spamassassin/channel.d/sought.conf
/etc/mail/spamassassin/channel.d/spamassassin-official.conf
/etc/mail/spamassassin/init.pre
/etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/sa-update-keys
/etc/mail/spamassassin/spamassassin-default.rc
/etc/mail/spamassassin/spamassassin-helper.sh
/etc/mail/spamassassin/spamassassin-spamc.rc
/etc/mail/spamassassin/v310.pre
/etc/mail/spamassassin/v312.pre
/etc/mail/spamassassin/v320.pre
/etc/mail/spamassassin/v330.pre
/etc/portreserve/spamd
/etc/sysconfig/sa-update
/etc/sysconfig/spamassassin
/usr/bin/sa-awl
/usr/bin/sa-check_spamd
/usr/bin/sa-compile
/usr/bin/sa-learn
/usr/bin/sa-update
/usr/bin/spamassassin
/usr/bin/spamc
/usr/bin/spamd
/usr/lib/systemd/system/spamassassin.service
/usr/share/doc/spamassassin-3.3.2
/usr/share/doc/spamassassin-3.3.2/CREDITS
/usr/share/doc/spamassassin-3.3.2/Changes
/usr/share/doc/spamassassin-3.3.2/LICENSE
/usr/share/doc/spamassassin-3.3.2/NOTICE
/usr/share/doc/spamassassin-3.3.2/README
/usr/share/doc/spamassassin-3.3.2/README.RHEL.Fedora
/usr/share/doc/spamassassin-3.3.2/TRADEMARK
/usr/share/doc/spamassassin-3.3.2/UPGRADE
/usr/share/doc/spamassassin-3.3.2/USAGE
/usr/share/doc/spamassassin-3.3.2/sample-nonspam.txt
/usr/share/doc/spamassassin-3.3.2/sample-spam.txt
/usr/share/man/man1/sa-awl.1.gz
/usr/share/man/man1/sa-compile.1.gz
/usr/share/man/man1/sa-learn.1.gz
/usr/share/man/man1/sa-update.1.gz
/usr/share/man/man1/spamassassin-run.1.gz
/usr/share/man/man1/spamassassin.1.gz
/usr/share/man/man1/spamc.1.gz
/usr/share/man/man1/spamd.1.gz
/usr/share/man/man3/Mail::SpamAssassin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz
/usr/share/man/man3/spamassassin-run.3pm.gz
/usr/share/perl5/vendor_perl/Mail
/usr/share/perl5/vendor_perl/Mail/SpamAssassin
/usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AICache.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/ArchiveIterator.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AsyncLoop.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/AutoWhitelist.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineChi.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/BDB.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/DBM.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/MySQL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/PgSQL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SDBM.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore/SQL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Client.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/LDAP.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/SQL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Constants.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/DBBasedAddrList.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locales.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Flock.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Locker/Win32.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/File.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Stderr.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Logger/Syslog.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/MailingList.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Node.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/NetSet.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgLearner.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PerMsgStatus.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PersistentAddrList.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ASN.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AWL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AccessDB.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AntiVirus.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Bayes.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DCC.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DNSEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/FreeMail.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTMLEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Hashcash.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/HeaderEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ImageInfo.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEHeader.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/PhishTag.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Pyzor.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayCountry.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/ReplaceTags.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Reuse.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Shortcircuit.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SpamCop.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Test.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/TextCat.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDetail.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/VBounce.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WLBLEval.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/WhiteListSubject.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/PluginHandler.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Reporter.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SQLBasedAddrList.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SpamdForkScaling.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/SubProcBackChannel.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Timeout.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/DependencyInfo.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/Progress.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/ScopedTimer.pm
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Util/TieOneStringHash.pm
/usr/share/perl5/vendor_perl/spamassassin-run.pod
/usr/share/spamassassin
/usr/share/spamassassin/10_default_prefs.cf
/usr/share/spamassassin/20_advance_fee.cf
/usr/share/spamassassin/20_aux_tlds.cf
/usr/share/spamassassin/20_body_tests.cf
/usr/share/spamassassin/20_compensate.cf
/usr/share/spamassassin/20_dnsbl_tests.cf
/usr/share/spamassassin/20_drugs.cf
/usr/share/spamassassin/20_dynrdns.cf
/usr/share/spamassassin/20_fake_helo_tests.cf
/usr/share/spamassassin/20_freemail.cf
/usr/share/spamassassin/20_freemail_domains.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/20_imageinfo.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_net_tests.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/20_vbounce.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_accessdb.cf
/usr/share/spamassassin/25_antivirus.cf
/usr/share/spamassassin/25_asn.cf
/usr/share/spamassassin/25_dcc.cf
/usr/share/spamassassin/25_dkim.cf
/usr/share/spamassassin/25_hashcash.cf
/usr/share/spamassassin/25_pyzor.cf
/usr/share/spamassassin/25_razor2.cf
/usr/share/spamassassin/25_replace.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/25_textcat.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/30_text_it.cf
/usr/share/spamassassin/30_text_nl.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_pt_br.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/60_adsp_override_dkim.cf
/usr/share/spamassassin/60_awl.cf
/usr/share/spamassassin/60_shortcircuit.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/60_whitelist_dkim.cf
/usr/share/spamassassin/60_whitelist_spf.cf
/usr/share/spamassassin/60_whitelist_subject.cf
/usr/share/spamassassin/72_active.cf
/usr/share/spamassassin/72_scores.cf
/usr/share/spamassassin/73_sandbox_manual_scores.cf
/usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt
/usr/share/spamassassin/languages
/usr/share/spamassassin/local.cf
/usr/share/spamassassin/regression_tests.cf
/usr/share/spamassassin/sa-update-pubkey.txt
/usr/share/spamassassin/sa-update.cron
/usr/share/spamassassin/user_prefs.template
/var/lib/spamassassin
/var/run/spamassassin
Konfiguration
spamassassin
Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis /etc/mail/spamassassin/ befindet sich die Konfigurationsdatei local.cf mit Hilfe derer lokale Anpassungen an der Installation vorgenommen werden können.
# vim /etc/mail/spamassassin/local.cf
- /etc/mail/spamassassin/local.cf
These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting # without risking lost emails. # Ab welchem Punktestand soll eine eMail als Spam betrachtet werden? required_hits 5 # Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte E-Mail markieren soll. Sofern # report_safe 0 definiert wurde, fügt Spamassassin lediglich einige X-Spam-Header ein und lässt die # E-Mail ansonsten unverändert. report_safe 0 # Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM klassifiziert wurde, zusätzlich # mit dem Hinweis "[SPAM]" in der Betreffzeile gekennzeichnet werden sollen. rewrite_header Subject [SPAM] # Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die beiden Datenbanken (Bayes- und # Autowhitelisting) vor gleichzeitigen Zugriffen zu schützen. Wenn sichergestellt ist, daß auf die beiden # Datenbanken nie über ein NFS zugegriffen wird, kann auf Unix-Plattformen erheblich an Performance # gewonnen werden, indem die Sperrmethode flock verwendet wird. lock_method flock # lokale Headerchecks # Änderungen werden aufsteigend eingetragen, d.h. die neuesten Einträge sind *immer* oben zu finden! # /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und Kleinschreibung) einschalten # /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren # Header-Checks basierend auf IP-Adressen im Mailheader (Nummerierung 1000 - 1999): # whitelisting header HEADER_RECEIVED_CHECKS_NR_1001 Received =~ /^.*198.51.100/im score HEADER_RECEIVED_CHECKS_NR_1001 -5 tflags HEADER_RECEIVED_CHECKS_NR_1001 noautolearn # blacklisting header HEADER_RECEIVED_CHECKS_NR_1000 Received =~ /^.*203.0.113/im score HEADER_RECEIVED_CHECKS_NR_1000 20 tflags HEADER_RECEIVED_CHECKS_NR_1000 noautolearn # Header-Checks basierend auf "From" im Mailheader (Nummerierung 2000 - 2999): header HEADER_FROM_CHECKS_NR_2004 From =~ /^.*bild-nachrichten.net/im score HEADER_FROM_CHECKS_NR_2004 20 tflags HEADER_FROM_CHECKS_NR_2004 noautolearn header HEADER_FROM_CHECKS_NR_2003 From =~ /^Gold Ring Support.*/im score HEADER_FROM_CHECKS_NR_2003 20 tflags HEADER_FROM_CHECKS_NR_2003 noautolearn header HEADER_FROM_CHECKS_NR_2002 From =~ /^.*Ruby.*/im score HEADER_FROM_CHECKS_NR_2002 20 tflags HEADER_FROM_CHECKS_NR_2002 noautolearn header HEADER_FROM_CHECKS_NR_2001 From =~ /^.*Euro Dice Casino/im score HEADER_FROM_CHECKS_NR_2001 20 tflags HEADER_FROM_CHECKS_NR_2001 noautolearn header HEADER_FROM_CHECKS_NR_2000 From =~ /^.*belohnungs-abteilung/im score HEADER_FROM_CHECKS_NR_2000 20 tflags HEADER_FROM_CHECKS_NR_2000 noautolearn # Header-Checks basierend auf "Subject" im Mailheader (Nummerierung 3000 - 3999): header HEADER_SUBJECT_CHECKS_NR_3002 Subject =~ /.*Risk.net.*/im score HEADER_SUBJECT_CHECKS_NR_3002 20 tflags HEADER_SUBJECT_CHECKS_NR_3002 noautolearn header HEADER_SUBJECT_CHECKS_NR_3001 Subject =~ /.*Ruby Palace.*/im score HEADER_SUBJECT_CHECKS_NR_3001 20 tflags HEADER_SUBJECT_CHECKS_NR_3001 noautolearn # Header-Checks basierend auf "X-Mailer" im Mailheader (Nummerierung 4000 - 4999): header HEADER_XMAILER_CHECKS_NR_4000 X-Mailer =~ /.*\b(E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|SEKOFOXM|Blat.v3.1.1)\b/im score HEADER_XMAILER_CHECKS_NR_4000 20 tflags HEADER_XMAILER_CHECKS_NR_4000 noautolearn
amavisd
Zur Konfiguration von AMaViS haben wir bei der zugehörigen Konfigurationsdatei /etc/amavisd/amavisd.conf bei der Installation und Konfiguration von AMaViS bereits die Section SPAM POLICY angelegt.
# vim /etc/amavisd/amavisd.conf
################################################################################ ## SPAM POLICY # # Check aktivieren? # @bypass_spam_checks_maps = (1); # In Quarantäne? $spam_quarantine_to = undef; # Admin benachrichtigen? $spam_admin = undef; # Recipient-Adresse bei Release erweitern? @addr_extension_spam_maps = ('spam'); # E-Mail bei Release wrappen? $defang_spam = undef; # Wollen wir Content transportieren? $final_spam_destiny = D_REJECT; # add spam info headers if at, or above that level $sa_tag_level_deflt = -1000.0; # add 'spam detected' headers at that level $sa_tag2_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) $sa_kill_level_deflt = 6.31; # spam level beyond which a DSN is not sent $sa_dsn_cutoff_level = 10; # likewise, but for a likely valid From $sa_crediblefrom_dsn_cutoff_level = 18; # spam level beyond which quarantine is off # $sa_quarantine_cutoff_level = 25; # (no effect without a @storage_sql_dsn database) $penpals_bonus_score = 8; # don't waste time on hi spam $penpals_threshold_high = $sa_kill_level_deflt; # spam score points to add for joe-jobbed bounces $bounce_killer_score = 100; # don't waste time on SA if mail is larger $sa_mail_body_size_limit = 400*1024; # only tests which do not require internet access? $sa_local_tests_only = 0; $sa_spam_subject_tag = '***Spam*** ';
Somit müssen wir auf Seiten von AMaViS keine zusätzlichen Einstellungen vornehmen.
Programmstart
erster Systemstart
Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.
# systemctl start spamassassin
Den Status des Daemon fragen wir bei Bedarf wie folgt ab.
# systemctl status spamassassin
spamassassin.service - Spamassassin daemon Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; disabled) Active: active (running) since Wed 2014-11-19 18:52:53 CET; 2s ago Process: 12346 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid $SPAMDOPTIONS (code=exited, status=0/SUCCESS) Process: 12345 ExecStartPre=/sbin/portrelease spamd (code=exited, status=0/SUCCESS) Main PID: 12350 (/usr/bin/spamd ) CGroup: /system.slice/spamassassin.service ├─12350 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H ├─12351 spamd child └─12352 spamd child Nov 19 18:52:46 vml000067.dmz.nausch.org systemd[1]: Starting Spamassassin daemon... Nov 19 18:52:46 vml000067.dmz.nausch.org spamd[12346]: logger: removing stderr method Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2) Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server pid: 12350 Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12351 Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: spamd: server successfully spawned child process, pid 12352 Nov 19 18:52:53 vml000067.dmz.nausch.org systemd[1]: Started Spamassassin daemon. Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: IS Nov 19 18:52:53 vml000067.dmz.nausch.org spamd[12350]: prefork: child states: II
Im Maillog wird der Start des Daemon entsprechend protokolliert.
# less /var/log/maillog
Nov 19 18:52:32 vml000067 spamd[11411]: spamd: server killed by SIGTERM, shutting down Nov 19 18:52:46 vml000067 spamd[12346]: logger: removing stderr method Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server started on port 783/tcp (running version 3.3.2) Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server pid: 12350 Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12351 Nov 19 18:52:53 vml000067 spamd[12350]: spamd: server successfully spawned child process, pid 12352 Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: IS Nov 19 18:52:53 vml000067 spamd[12350]: prefork: child states: II
In der Prozessübersicht finden wir dazu dann auch entsprechend folgene Prozesse.
# ps auxwww | grep spam
root 12350 0.3 3.3 283472 64072 ? Ss 18:52 0:02 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H root 12351 0.0 3.2 283472 61148 ? S 18:52 0:00 spamd child root 12352 0.0 3.2 283472 61152 ? S 18:52 0:00 spamd child
Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht:
# lsof -i :783
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME /usr/bin/ 12350 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN) spamd 12351 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN) spamd 12352 root 5u IPv4 122819 0t0 TCP localhost:783 (LISTEN)
Das gleiche können wir natürlich auch via netstat abrufen.
# netstat -tulpen | grep spamd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 122819 12350/spamd.pid -d
automatisches Starten des Dienste beim Systemstart
Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
# systemctl enable spamassassin
ln -s '/usr/lib/systemd/system/spamassassin.service' '/etc/systemd/system/multi-user.target.wants/spamassassin.service'
Wollen wir überprüfen ob der Dienst automatisch startet, verwenden wir folgenden Aufruf.
# systemctl is-enabled spamassassin
enabled
Die Rückmeldung enabled zeigt an, dass der Dienst automatisch startet; ein disabled zeigt entsprechend an, dass der Dienst nicht automatisch startet.
Tests
Haben wir die Konfiguration unseres AMaViS fertiggestellt, können wir uns auch daransetzen unsere Spamassassin-Installation zu überprüfen.
HAM
Haben wir unsere AMaViS-Konfiguration abgeschlossen, schicken wir uns entweder via telnet eine Nachricht, oder nutzen das Hilfsprogramm swaks für den tippfaulen Admin.
# swaks --to django@nausch.org --from michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
=== Trying 10.0.0.87:25... === Connected to 10.0.0.87. <- 220 mx01.nausch.org ESMTP Postfix -> EHLO vml000087.dmz.nausch.org <- 250-mx01.nausch.org <- 250-PIPELINING <- 250-SIZE 52428800 <- 250-ETRN <- 250-STARTTLS <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250 DSN -> MAIL FROM:<michael@nausch.org> <- 250 2.1.0 Ok -> RCPT TO:<django@nausch.org> <- 250 2.1.5 Ok -> DATA <- 354 End data with <CR><LF>.<CR><LF> -> Date: Wed, 19 Nov 2014 19:17:33 +0100 -> To: django@nausch.org -> From: michael@nausch.org -> Subject: test Wed, 19 Nov 2014 19:17:33 +0100 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ -> X-Test: test email -> -> This is a test mailing -> -> . <- 250 2.0.0 Ok: queued as C24B9C00088 -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host.
Im Maillog des MTA4) finden wir die einträge der erfolgreichen Zustellung.
# less /var/log/maillog
Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: connect from vml000087.dmz.nausch.org[10.0.0.87] Nov 19 19:17:34 vml000087 postfix/smtpd[10464]: C24B9C00088: client=vml000087.dmz.nausch.org[10.0.0.87] Nov 19 19:17:34 vml000087 postfix/cleanup[10470]: C24B9C00088: message-id=<20141119181734.C24B9C00088@mx01.nausch.org> Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: from=<michael@nausch.org>, size=535, nrcpt=1 (queue active) Nov 19 19:17:36 vml000087 postfix/smtpd[10464]: disconnect from vml000087.dmz.nausch.org[10.0.0.87] Nov 19 19:17:36 vml000087 postfix/lmtp[10471]: C24B9C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=2.9, delays=2.7/0.02/0.03/0.13, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> 6jMkM8DebFTdFwAArK2B9Q Saved) Nov 19 19:17:36 vml000087 postfix/qmgr[8701]: C24B9C00088: removed
Auf Seiten unseres AS/AV5)-Hosts wird die Prüfung im Maillog dokumentiert.
# less /var/log/maillog
Nov 19 19:17:34 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
Nov 19 19:17:34 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: request=AM.PDP
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: queue_id=C24B9C00088
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXulTBQB
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXulTBQB/email.txt
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.87
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: client_name=vml000087.dmz.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: helo_name=vml000087.dmz.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Request: AM.PDP /var/spool/amavisd/afXXXXulTBQB: <michael@nausch.org> -> <django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ip_trace: 10.0.0.87
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking: rMpVKZqRt9Zi AM.PDP-SOCK/MYNETS [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) 2822.From: <michael@nausch.org>
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) p001 1 Content-Type: text/plain, size: 24 B, name:
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) inspect_dsn: not a bounce
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) Checking for banned types and filenames
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) skipping banned check: all recipients bypass banned checks
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXulTBQB/parts/p002
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXulTBQB/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) rw_loop read: got eof
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd): CLEAN
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) run_av (ClamAV-clamd) result: clean
Nov 19 19:17:34 vml000067 amavis[12129]: (12129-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam_scan: score=-1.01 autolearn=ham tests=[ALL_TRUSTED=-1,T_RP_MATCHES_RCVD=-0.01] recips=0
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) do_notify_and_quar: ccat=CleanTag (1,1) ("1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) delivery method is 1, recips: django@nausch.org
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) spam-tag, <michael@nausch.org> -> <django@nausch.org>, No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: candidate originators: From:<michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) dkim: not signing, empty signing domain, From: <michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) DSN: sender is credible (orig), SA: -1.010, <michael@nausch.org>
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) status counters: InMsgsStatus{Accepted,AcceptedInternal,AcceptedOriginating}
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) Passed CLEAN {AcceptedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.87] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: C24B9C00088, Message-ID: <20141119181734.C24B9C00088@mx01.nausch.org>, mail_id: rMpVKZqRt9Zi, Hits: -1.01, size: 497, 1923 ms
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) TIMING-SA total 1851 ms - parse: 1.30 (0.1%), extract_message_metadata: 32 (1.7%), poll_dns_idle: 12 (0.7%), get_uri_detail_list: 0.58 (0.0%), tests_pri_-1000: 3 (0.2%), tests_pri_-950: 1.71 (0.1%), tests_pri_-900: 1.23 (0.1%), tests_pri_-400: 0.94 (0.1%), tests_pri_0: 1514 (81.8%), check_dkim_adsp: 14 (0.7%), check_spf: 0.88 (0.0%), check_razor2: 1449 (78.3%), check_pyzor: 0.22 (0.0%), tests_pri_500: 3 (0.2%), learn: 274 (14.8%), get_report: 2 (0.1%)
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) mail checking ended: version_server=2\nlog_id=12129-01\nsetreply=250 2.5.0 Ok,%20id=12129-01,%20continue%20delivery\ninsheader=0 X-Spam-Status No,%20score=-1.01%20tagged_above=-1000%20required=6.31%0a%09tests=[ALL_TRUSTED=-1,%20T_RP_MATCHES_RCVD=-0.01]%20autolearn=ham\ninsheader=0 X-Spam-Level \ninsheader=0 X-Spam-Score -1.01\ninsheader=0 X-Spam-Flag NO\nreturn_value=continue\nexit_code=0
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) size: 497, TIMING [total 1927 ms] - got data: 0.1 (0%)0, check_init: 4.3 (0%)0, digest_hdr: 1.2 (0%)0, digest_body_dkim: 0.3 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.3 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 17 (1%)2, parts_decode: 0.2 (0%)2, check_header: 0.4 (0%)2, AV-scan-1: 9 (0%)2, spam-wb-list: 4.6 (0%)3, SA msg read: 0.7 (0%)3, SA parse: 3.1 (0%)3, SA check: 1839 (95%)98, decide_mail_destiny: 15 (1%)99, notif-quar: 1.1 (0%)99, prepare-dsn: 4.7 (0%)99, report: 1.4 (0%)99, main_log_entry: 9 (0%)100, update_snmp: 1.4 (0%)100, rundown: 1.3 (0%)100
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 19 19:17:36 vml000067 amavis[12129]: (12129-01) load: 100 %, total idle 0.000 s, busy 1.953 s
In der Inbox unseres MUA6)s POP3/IMAP-Servers finden wir auch die zugestellte Nachricht.
Return-Path: <michael@nausch.org> Delivered-To: django@nausch.org Received: from mx01.nausch.org ([10.0.0.87]) by imap.nausch.org (Dovecot) with LMTP id 6jMkM8DebFTdFwAArK2B9Q for <django@nausch.org>; Wed, 19 Nov 2014 19:17:36 +0100 X-Spam-Flag: NO X-Spam-Score: -1.01 X-Spam-Level: X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from vml000087.dmz.nausch.org (vml000087.dmz.nausch.org [10.0.0.87]) by mx01.nausch.org (Postfix) with ESMTP id C24B9C00088 for <django@nausch.org>; Wed, 19 Nov 2014 19:17:34 +0100 (CET) Date: Wed, 19 Nov 2014 19:17:33 +0100 To: django@nausch.org From: michael@nausch.org Subject: test Wed, 19 Nov 2014 19:17:33 +0100 X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/ X-Test: test email Message-Id: <20141119181734.C24B9C00088@mx01.nausch.org> This is a test mailing
AMavis hat gemäß unserer Einstellung entsprechende X-Spam-Header des Spamassassin-Backends im Mailheader der eMail eingetragen.
X-Spam-Flag: NO X-Spam-Score: -1.01 X-Spam-Level: X-Spam-Status: No, score=-1.01 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
SPAM (blacklist)
Haben wir unsere AMaViS-Konfiguration abgeschlossen, schicken wir uns entweder via telnet eine Nachricht, oder nutzen das Hilfsprogramm swaks für den tippfaulen Admin.
# swaks --to django@nausch.org --from me@example.com --server 10.0.0.87 --header "From: Euro Dice Casino"
=== Trying 10.0.0.87:25...
=== Connected to 10.0.0.87.
<- 220 mx01.nausch.org ESMTP Postfix
-> EHLO vml000067.dmz.nausch.org
<- 250-mx01.nausch.org
<- 250-PIPELINING
<- 250-SIZE 52428800
<- 250-ETRN
<- 250-STARTTLS
<- 250-ENHANCEDSTATUSCODES
<- 250-8BITMIME
<- 250 DSN
-> MAIL FROM:<me@example.com>
<- 250 2.1.0 Ok
-> RCPT TO:<django@nausch.org>
<- 250 2.1.5 Ok
-> DATA
<- 354 End data with <CR><LF>.<CR><LF>
-> Date: Thu, 20 Nov 2014 09:14:37 +0100
-> To: django@nausch.org
-> From: Euro Dice Casino
-> Subject: test Thu, 20 Nov 2014 09:14:37 +0100
-> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
-> .
<** 554 5.7.0 Reject, id=02244-01 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 20 09:14:37), client (10.0.0.67) and server (mx01.nausch.org).
-> QUIT
<- 221 2.0.0 Bye
=== Connection closed with remote host.
Im Maillog des MTA7) finden wir die Einträge des Zustellungsversuch.
# less /var/log/maillog
Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: connect from vml000067.dmz.nausch.org[10.0.0.67] Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: 195FFC00088: client=vml000067.dmz.nausch.org[10.0.0.67] Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: message-id=<> Nov 20 09:14:37 vml000087 postfix/cleanup[11337]: 195FFC00088: milter-reject: END-OF-MESSAGE from vml000067.dmz.nausch.org[10.0.0.67]: 5.7.0 Reject, id=02244-01 - spam; from=<me@example.com> to=<django@nausch.org> proto=ESMTP helo=<vml000067.dmz.nausch.org> Nov 20 09:14:37 vml000087 postfix/smtpd[11331]: disconnect from vml000067.dmz.nausch.org[10.0.0.67]
Mit der id 02244-01 können wir dann im Maillog des AS/AV8)-Host Details zur SPAM-Bewertung herausfinden.
# less /var/log/maillog
Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 20 09:14:19 vml000067 amavis[2243]: (02243-01) load: 100 %, total idle 0.000 s, busy 0.557 s
Nov 20 09:14:37 vml000067 amavis[2244]: loaded policy bank "AM.PDP-SOCK"
Nov 20 09:14:37 vml000067 amavis[2244]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: request=AM.PDP
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: queue_id=195FFC00088
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: sender=<me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: recipient=<django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir=/var/spool/amavisd/afXXXXSMIW7c
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: tempdir_removed_by=client
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: mail_file=/var/spool/amavisd/afXXXXSMIW7c/email.txt
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: delivery_care_of=client
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_address=10.0.0.67
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: client_name=vml000067.dmz.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: helo_name=vml000067.dmz.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: policy protocol: policy_bank=mx01.nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Request: AM.PDP /var/spool/amavisd/afXXXXSMIW7c: <me@example.com> -> <django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) body hash: 5e4a6c05336dff65870f1c8870955b2a
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ip_trace: 10.0.0.67
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking: vHWwCUxVEbSn AM.PDP-SOCK/MYNETS [10.0.0.67] <me@example.com> -> <django@nausch.org>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) 2822.From: <"Euro Dice Casino">, 2821.Mail_From: <me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) p001 1 Content-Type: text/plain, size: 24 B, name:
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) inspect_dsn: not a bounce
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Checking for banned types and filenames
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) skipping banned check: all recipients bypass banned checks
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) presenting full original message to scanners as /var/spool/amavisd/afXXXXSMIW7c/parts/p002
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXSMIW7c/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) rw_loop read: got eof
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd): CLEAN
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) run_av (ClamAV-clamd) result: clean
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) spam_scan: score=19.14 autolearn=no tests=[ALL_TRUSTED=-1,HEADER_FROM_CHECKS_NR_2001=20,MISSING_MID=0.14] recips=0
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) blocking contents category is (6) for django@nausch.org, final_destiny -3
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) delivery method is 1, recips: django@nausch.org
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) DSN: sender is credible (orig), SA: 19.140, <me@example.com>
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.67] <me@example.com> -> <django@nausch.org>, Queue-ID: 195FFC00088, mail_id: vHWwCUxVEbSn, Hits: 19.14, size: 413, 373 ms
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) TIMING-SA total 318 ms - parse: 1.04 (0.3%), extract_message_metadata: 3 (0.8%), get_uri_detail_list: 0.25 (0.1%), tests_pri_-1000: 6 (1.9%), tests_pri_-950: 1.82 (0.6%), tests_pri_-900: 1.19 (0.4%), tests_pri_-400: 0.93 (0.3%), tests_pri_0: 279 (87.8%), check_spf: 0.33 (0.1%), check_razor2: 249 (78.4%), check_pyzor: 0.34 (0.1%), tests_pri_500: 9 (2.9%), get_report: 0.88 (0.3%)
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) mail checking ended: version_server=2\nlog_id=02244-01\nsetreply=554 5.7.0 Reject,%20id=02244-01%20-%20spam\nreturn_value=reject\nexit_code=69
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) size: 413, TIMING [total 376 ms] - got data: 0.0 (0%)0, check_init: 3.7 (1%)1, digest_hdr: 1.0 (0%)1, digest_body_dkim: 0.4 (0%)1, collect_info: 1.7 (0%)2, mkdir parts: 1.5 (0%)2, mime_decode: 10 (3%)5, get-file-type1: 14 (4%)9, parts_decode: 0.1 (0%)9, check_header: 0.4 (0%)9, AV-scan-1: 8 (2%)11, spam-wb-list: 0.6 (0%)11, SA msg read: 0.6 (0%)11, SA parse: 2.7 (1%)12, SA check: 311 (82%)94, decide_mail_destiny: 8 (2%)96, notif-quar: 0.5 (0%)97, prepare-dsn: 0.7 (0%)97, report: 1.4 (0%)97, main_log_entry: 8 (2%)99, update_snmp: 1.6 (0%)100, rundown: 1.2 (0%)100
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) extra modules loaded: unicore/lib/Gc/Nd.pl
Nov 20 09:14:37 vml000067 amavis[2244]: (02244-01) load: 100 %, total idle 0.000 s, busy 0.408 s
Der SPAM Score von 19.14 wird hauptsächlich von Wert HEADER_FROM_CHECKS_NR_2001=20 gespeist. Somit wissen wir auch, welche unserer Definitionen aus der Spamassassin-Konfigurationsdatei /etc/mail/spamassassin/local.cf angesprochen hat.
SPAM (GTUBE)
Zum Testen des Spamassassin schicken wir uns nun eine eMail via telnet und schicken im Mailbody den GTUBE9)-Teststring von der Seite http://spamassassin.apache.org/gtube/gtube.txt bzw. von /usr/share/doc/spamassassin-3.3.2/sample-spam.txt mit.
$ telnet 10.0.0.87 25
Trying 10.0.0.87...
Connected to 10.0.0.87.
Escape character is '^]'.
220 mx01.nausch.org ESMTP Postfix
helo pml010049
250 mx01.nausch.org
mail from:<michael@nausch.org>
250 2.1.0 Ok
rcpt to:<django@nausch.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 19 Nov 2014 20:04:38 +0000
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
.
554 5.7.0 Reject, id=12129-03 - spam. Contact your postmaster/admin for technical assistance. He can achieve our postmaster via email: postmaster@nausch.org or via fax: +49 8121 883179. In any case, please provide the following information in your problem report: This error message, time (Nov 19 22:53:37), client (10.0.0.20) and server (mx01.nausch.org).
quit
221 2.0.0 Bye
Connection closed by foreign host.
Dem einliefernden SMTP-Client wird also die eMail nicht abgenommen und mit einem Fehlercode 554 5.7.0 Reject, id=12129-03 - spam. abgewiesen; d.h. der Sender erfährt also auch direkt sofort, dass ihm die Nachricht nicht abgenommen wurde.
Im Maillog unseres MTAs finden wir nun wiederum einen Hinweis, warum die Nachricht mit dem Fehlercode 554 5.7.0 Reject, id=12129-03 - spam. abgewiesen wurde.
# less /var/log/maillog
Nov 19 22:52:17 vml000087 postfix/smtpd[10708]: connect from vml000020.dmz.nausch.org[10.0.0.20] Nov 19 22:52:43 vml000087 postfix/smtpd[10708]: 48FF5C00088: client=vml000020.dmz.nausch.org[10.0.0.20] Nov 19 22:53:36 vml000087 postfix/cleanup[10714]: 48FF5C00088: message-id=<GTUBE1.1010101@example.net> Nov 19 22:53:37 vml000087 postfix/cleanup[10714]: 48FF5C00088: milter-reject: END-OF-MESSAGE from vml000020.dmz.nausch.org[10.0.0.20]: 5.7.0 Reject, id=12129-03 - spam; from=<michael@nausch.org> to=<django@nausch.org> proto=SMTP helo=<pml010049> Nov 19 22:53:42 vml000087 postfix/smtpd[10708]: disconnect from vml000020.dmz.nausch.org[10.0.0.20]
Im Maillog unseres AS/AV-Host können wir dann den Zustellversuch und die Bewertungen dazu einsehen.
# less /var/log/maillog
Nov 19 22:45:02 vml000067 amavis[12130]: (12130-02) load: 0 %, total idle 555.690 s, busy 2.718 s
Nov 19 22:53:36 vml000067 amavis[12129]: loaded policy bank "AM.PDP-SOCK"
Nov 19 22:53:36 vml000067 amavis[12129]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: request=AM.PDP
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: queue_id=48FF5C00088
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: sender=<michael@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: recipient=<django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir=/var/spool/amavisd/afXXXXPaVp4C
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: tempdir_removed_by=client
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: mail_file=/var/spool/amavisd/afXXXXPaVp4C/email.txt
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: delivery_care_of=client
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_address=10.0.0.20
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: client_name=vml000020.dmz.nausch.org
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: helo_name=pml010049
Nov 19 22:53:36 vml000067 amavis[12129]: policy protocol: policy_bank=mx01.nausch.org
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Request: AM.PDP /var/spool/amavisd/afXXXXPaVp4C: <michael@nausch.org> -> <django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) loaded policy bank "MYNETS" over "AM.PDP-SOCK"
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) body hash: 51d53ffa32db4873fdf05a6e976eb0c7
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ip_trace: 10.0.0.20
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking: nCETkk_ruRal AM.PDP-SOCK/MYNETS [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) 2822.From: <sender@example.net>, 2821.Mail_From: <michael@nausch.org>
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) p001 1 Content-Type: text/plain, size: 540 B, name:
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) inspect_dsn: not a bounce
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) Checking for banned types and filenames
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) skipping banned check: all recipients bypass banned checks
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) presenting full original message to scanners as /var/spool/amavisd/afXXXXPaVp4C/parts/p002
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av Using (ClamAV-clamd): (code) CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Connecting to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) new socket by IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout 10
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/afXXXXPaVp4C/parts\n to socket /var/run/clamd.amavisd/clamd.sock
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) rw_loop read: got eof
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd): CLEAN
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) run_av (ClamAV-clamd) result: clean
Nov 19 22:53:36 vml000067 amavis[12129]: (12129-03) calling SA parse (0), SA vers 3.3.2, 3.003002, data as STRING, recips_ind [0], user: "amavis"
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) blocking contents category is (6) for django@nausch.org, final_destiny -3
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) do_notify_and_quar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), qar_mth=
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) delivery method is 1, recips: django@nausch.org
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) DSN: sender is credible (orig), SA: 998.990, <michael@nausch.org>
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) status counters: InMsgsStatus{Rejected,RejectedInternal,RejectedOriginating}
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK/MYNETS LOCAL [10.0.0.20] <michael@nausch.org> -> <django@nausch.org>, Queue-ID: 48FF5C00088, Message-ID: <GTUBE1.1010101@example.net>, mail_id: nCETkk_ruRal, Hits: 998.99, size: 1043, 1565 ms
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) TIMING-SA total 1498 ms - parse: 1.78 (0.1%), extract_message_metadata: 4 (0.3%), get_uri_detail_list: 0.92 (0.1%), tests_pri_-1000: 8 (0.5%), tests_pri_-950: 1.67 (0.1%), tests_pri_-900: 1.18 (0.1%), tests_pri_-400: 2 (0.1%), tests_pri_0: 1457 (97.3%), check_dkim_adsp: 269 (18.0%), check_spf: 0.34 (0.0%), check_razor2: 1119 (74.7%), check_pyzor: 0.20 (0.0%), tests_pri_500: 3 (0.2%), get_report: 1.53 (0.1%)
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) mail checking ended: version_server=2\nlog_id=12129-03\nsetreply=554 5.7.0 Reject,%20id=12129-03%20-%20spam\nreturn_value=reject\nexit_code=69
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) size: 1043, TIMING [total 1571 ms] - got data: 0.0 (0%)0, check_init: 2.9 (0%)0, digest_hdr: 1.0 (0%)0, digest_body_dkim: 0.2 (0%)0, collect_info: 1.6 (0%)0, mkdir parts: 1.1 (0%)0, mime_decode: 10 (1%)1, get-file-type1: 24 (2%)3, parts_decode: 0.2 (0%)3, check_header: 0.6 (0%)3, AV-scan-1: 15 (1%)4, spam-wb-list: 0.8 (0%)4, SA msg read: 0.9 (0%)4, SA parse: 2.5 (0%)4, SA check: 1489 (95%)99, decide_mail_destiny: 9 (1%)99, notif-quar: 0.5 (0%)99, prepare-dsn: 0.6 (0%)99, report: 1.4 (0%)99, main_log_entry: 4.0 (0%)100, update_snmp: 5.0 (0%)100, rundown: 1.0 (0%)100
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) load: 0 %, total idle 12954.550 s, busy 8.537 s
Hier suche wir dann nach besagter ID 12129-03 und erfahren den eigentlichen Grund, warum die Annahme der Nachricht verweigert wurde.
Nov 19 22:53:37 vml000067 amavis[12129]: (12129-03) spam_scan: score=998.99 autolearn=no tests=[ALL_TRUSTED=-1,GTUBE=1000,T_RP_MATCHES_RCVD=-0.01] recips=0
Der SPAM-Score liegt mit 998.99 geringfügig über unserem Schwellwert von 6.31, was natürlich die Annahmeverweigerung entsprechend begründet.