Brauche dringend Hilfe mit Antivir & Postfix - Mail defe

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
mcx
Posts: 57
Joined: 2003-11-14 09:09

Brauche dringend Hilfe mit Antivir & Postfix - Mail defe

Post by mcx » 2004-03-06 12:19

Hallo,

ich versuchs also nochmal. Vielleicht hat ja jemand ein bischen Zeit um sich mit meinem Problem zu befassen. Ich bin echt am verzweifeln ! :cry:

--------------------------------------------------------------------------------
Vorgeschichte:
Ich habe Antivir installiert, um besser mit der wahnsinns Welle an Viren in den letzten Wochen klar zu kommen. Ich bekomme täglich über 50 Virenbehaftete Emails.

Nachdem ich Antivir, wie beschrieben auf dem Server installiert habe, bekam ich von Antivir selbst die Meldungen, das Viren gefunden wurden. Die "Virenmails" blieben aus.

--------------------------------------------------------------------------------
Ich habe nach intensiver Suche im Forum auch eine kleineres Problem beim Senden und Emfangen lösen können :!: :

Hach, ich glaube, ich habe es geschafft. Wie ich mir schon fast dacht, lag es am smtp_auth. Deswegen hat Postfix die antivir Mail abgewiesen.

Also fü alle, die smtp_auth einsetzen. In der master.cf muß fogendes stehen, dann klappts auch mit Mailgate:

Code:
localhost:smtp-backdoor inet n - n - - smtpd -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains


Danke an alle, die helfen wollten.
http://www.rootforum.org/forum/viewtopic ... ess+denied
----------------------------------------------------------------------------------

folgenden Ã?nderungen habe ich vorgenommen:

1. services :!:

Code: Select all

antivir         10024/tcp       #Port for avgated
smtp-backdoor   10025/tcp       #Port for Postfix Backdoor
2. /master.cf :!:

Code: Select all

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
# ==========================================================================
#smtp     inet  n       -       n       -       -       smtpd
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission     inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
smtp      unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
localhost:smtp-backdoor inet n - n - - smtpd -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#
cyrus     unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan     unix  -       n       n       -       10       pipe
  user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
relay     unix  -       -       n       -       -       smtp
proxymap  unix        -       -       n       -       -       proxymap
3. /main.cf :!:

Code: Select all

#suseconfig:
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
smtpd_sender_restrictions = hash:/etc/postfix/access
#
####### Spamlists eingetragen 29.10.2003 #############
#
# strict_rfc821_envelopes = no
# strict_rfc821_envelopes =

########################################
#smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#TLS Support
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

reject_code = 555
relay_domains_reject_code = 556
masquerade_domains = xmccomputer.net

#
######## SPAM Filter Zusatz 20.10.2003 ###########
#
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks

################ ANTIVIR ###################
content_filter = smtp:127.0.0.1:10024
#########################################

unknown_local_recipient_reject_code = 450
message_size_limit = 102400000
mailbox_size_limit = 102400000

-------------------------------------------------------------------------------------

:cry: JETZT KOMME ICH ZU DEM PROBLEM :

"Locale Mails", die vom Server generiert werden und verschickt werden sollen, werden nicht mehr akzeptiert.

dazu ersteinmal einige Beispiele:

1. Onlineshop (PHP) - kann keine Mails merh versenden (z.B. Registrierung, Bestellbestätigung etc.) :cry:

2. Mails an root werden auch abgeleht! :cry:

3. Mails von Cron (unter root@domainxxxx.de) "z.b. tägliches Backup" werden abgelehnt. :cry:
------------------------------------------------------------------------------------
:!: hier jetzt ein typischer Logeintrag für das Problem: :!:

Code: Select all

Mar  6 11:56:34 h19xx postfix/smtp[7687]: 91934941E6: to=<mailempfaenger@mydomain.com>, relay=none, delay=183286, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
Abschließend noch der Hinweis :
Die Mails, die nicht gesendet werden bleiebn in der Postifx Mail Queue, wenn ich Postfic restarte versuch postfix sofort die Mails wieder zu versenden, mit der oben angegebene Feherlmeldung im log. :idea:

noch was interessantes aus /var/log/mail:

Code: Select all

Mar  6 12:13:14 h19xx postfix/smtp[7929]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
Mar  6 12:13:14 h19xx postfix/smtp[7930]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
Mar  6 12:13:14 h19xx postfix/smtp[7932]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
Mar  6 12:13:14 h19xx postfix/smtp[7933]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)

DAS hab ich /var/log/warn gefunden:

Code: Select all

01:06:34 h19xx postfix/trivial-rewrite[7498]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_alias_domains
????? <- vielleicht ist das die Ursache ? - keine Ahnung - Hilfe !
------------------------------------------------------------------------------------
VIELEN DANK FÃ?R DIE HILFE ! :-D :-D :-D


Wenn größre Teile der main.cf oder von anderen configs benötigt werden, kann ich diese gerne posten.


Gruß

Markus :wink: :-D

rondal
Posts: 10
Joined: 2004-02-15 16:53
Location: Eichstätt, Bay

Re: Brauche dringend Hilfe mit Antivir & Postfix - Mail defe

Post by rondal » 2004-03-06 18:29

Gib doch mal deine avmailgate.conf rüber.

mcx
Posts: 57
Joined: 2003-11-14 09:09

Re: Brauche dringend Hilfe mit Antivir & Postfix - Mail defe

Post by mcx » 2004-03-06 19:48

Hallo, vielen Dank für die Antwort ! :-D

Hier die avmailgate.conf !

Code: Select all

# ------------------------------------------------------------------------
# Select how mail should be forwarded.
# Send mail by piping it thru sendmail (this is the default):

# ForwardTo /usr/lib/sendmail -oem -oi

# Or if you want the mail to be sent by SMTP:
ForwardTo SMTP: localhost port smtp-backdoor

# ------------------------------------------------------------------------
# MIME nesting level. Maximum recursion depth of MIME mail.

# MaxNestingLevel          20


# ------------------------------------------------------------------------
# Maximum number of attachments to scan in single MIME mail.

# MaxAttachments                   100


# ------------------------------------------------------------------------
# Stop delivery of suspicious MIME mails. Occurs when MaxNestingLevel or
# MaxAttachments has reached.

# BlockSuspiciousMime             NO


# ------------------------------------------------------------------------

# Block mails which are coded as a fragmented message.
# "Message Fragmentation and Reassembly" (RFC2046, section 5.2.2.1).

# BlockFragmentedMessage                NO


# ------------------------------------------------------------------------
# Send virus alerts to recipients.

# If ExposeRecipientAlerts is NO, no virus alerts will be sent to recipients.
# If ExposeRecipientAlerts is LOCAL, virus alerts to recipients will only be
# sent when recipient is local to your domain.
# If ExposeRecipientAlerts is YES, virus alerts will always be sent to
# recipients.

# (NO is only available in commercial mode)

# ExposeRecipientAlerts           LOCAL


# ------------------------------------------------------------------------
# Send virus alerts to sender.

# If ExposeSenderAlerts is NO, no virus alerts will be sent to sender.
# If ExposeSenderAlerts is LOCAL, virus alerts to sender will only be
# sent when sender is local to your domain.
# If ExposeSenderAlerts is YES, virus alerts will always be sent to
# sender.

# (NO is only available in commercial mode)

# ExposeSenderAlerts              LOCAL


# ------------------------------------------------------------------------
# Send virus alerts to Postmaster.

# This option is only available in commercial mode.

# ExposePostmasterAlerts            YES


# ------------------------------------------------------------------------
# User name of sender of virus alerts, if virus was found in a mail.

# VirusAlertsUser                 AvMailGate


# ------------------------------------------------------------------------
# When AddStatusInBody is NO, no  not status notification is inserted in
# the body of the emails.

# When AddStatusInBody is YES:
# For  plain  rfc822 email  (non  MIME),  just  insert the  notification
# paragraph in the begining of the body.
# For  MIME   email,  transmit   the  checked  email   as  a   new  MIME
# multipart/mixed email, with a  first text/plain section containing the
# status  notification  paragraph,  and  with  a  second  message/rfc822
# section containgin the whole  original message.  Most headers from the
# orginal are copied to the transmited message.

# AddStatusInBody                 NO


# ------------------------------------------------------------------------
# When ForwardAllEmailAsMIME  is NO, incoming  emails that are  not MIME
# emails get out as they came, non-MIME.

# When ForwardAllEmailAsMIME is YES:
# The behaviour does not change for MIME emails.
# However,   plain  rfc822   emails   are  encapsulated   into  a   MIME
# message/rfc822 section  of a  multipart/mixed email that  will inherit
# all the  headers of  the user email.   If AddStatusInBody is  YES too,
# then our  text is added into  a text/plain entity  inserted before the
# message/rfc822 entity.

# ForwardAllEmailAsMIME           NO


# ------------------------------------------------------------------------
# If ScanInArchive is NO, no files in an archive will be scanned.

# If ScanInArchives is YES, all files in archives are going to be extracted
# and scanned, depending on the resctrictions given with
# MaxFilesizeInArchive and MaxRecursionDepthInArchive.

# ScanInArchive       YES


# ------------------------------------------------------------------------
# If MaxFilesizeInArchive is 0, all files in an archive will be extracted,
# don't care of their unpacked size.

# If MaxFilesizeInArchive is >0, all files up to the adjusted size will be
# extracted (in bytes).

# MaxFilesizeInArchive       0


# ------------------------------------------------------------------------
# If MaxRecursionDepthInArchive is 0, recursive archives are going to be
# unpacked with an unlimited recursion depth.

# If MaxRecursionDepthInArchive is >0, recursive archives are going to be
# unpacked up to the adjusted recursion depth.

# MaxRecursionDepthInArchive       5


# ------------------------------------------------------------------------
# If BlockSuspiciousArchive is NO, don't stop delivery of mails
# containing archives with a suspicious recursion depth.

# If BlockSuspiciousArchive is YES, stop delivery of mails
# containing archives if MaxRecursionDepthInArchive has been reached.

# BlockSuspiciousArchive          NO


# ------------------------------------------------------------------------
# If BlockEncryptedArchive is NO, don't stop delivery of mails
# containing encrypted files in archives.

# If BlockEncryptedArchive is YES, stop delivery of mails
# containing encrypted files in an archive.

# BlockEncryptedArchive           NO


# ------------------------------------------------------------------------
# PollPeriod specifies  the periodicity,  in seconds, of  the queue
# scanning done by avgatefwd.

# PollPeriod                      60


# ------------------------------------------------------------------------
# User name of sender of error messages, if a mail couldn't be delivered via
# MTA (bounce messages).

# BounceMessageUser               MAILER-DAEMON


# ------------------------------------------------------------------------
# If AddXHeaderInfo is YES, information about scanning status is added
# to the header of checked mail. E.g.: "X-AntiVirus: Checked by ..."
# This option is only available in commercial mode.

# AddXHeader                    YES


# ------------------------------------------------------------------------
# If AddReceivedByHeaderInfo is YES, a "Received by:" stamp is added to
# the header of mail.

# AddReceivedByHeader           YES


# ------------------------------------------------------------------------
# ScanTimeout specifies the scan time of mail, in seconds, when to stop
# scanning of mails.

# ScanTimeout                   300


# ------------------------------------------------------------------------
# Call external program or script if virus was found. The argument is the id of
# rejected message.

# ExternalProgram             /dir/my_own_script


# ------------------------------------------------------------------------
# Send notification mail every day 10 days before license will expire.
# 0 means no notification mail.

# NotifyEndOfLicense                    10


# ------------------------------------------------------------------------
# If AddPrecedenceHeader is YES, a line (Precedence: junk) is added to the
# header of a notice-mail. This causes some E-Mail-autoresponders to NOT respond
# to the received notice-mail. This option is only available in commercial mode.

# AddPrecedenceHeader           NO


#########################
##  That's all folks!  ##
#########################

Wie du siehst hab ich da NICHTS verändert.
Ich hab zwar keine Ahnung, aber ich vermute den fehler bei Postfix (entweder in der main.cf oder in der master.cf).

Vielleicht hat es auch mit der Warnung in der /var/log/warn zu tun ?

Wenn du noch eine Idee hast, lass es mich wissen. :-D

Gruß

Markus

mcx
Posts: 57
Joined: 2003-11-14 09:09

Re: Brauche dringend Hilfe mit Antivir & Postfix - Mail defe

Post by mcx » 2004-03-06 20:23

:-D :-D :-D :-D :-D :-D JAJAJAJAJA :-D :-D :-D :-D :-D

Ich habs Leute, verdammt was ein ..... !

Ich habs hier gefunden :
http://lists.suse.com/archive/suse-imap ... /0069.html

Das ist der Entscheidende Punkt - der Eintrag in der "services" klappt nicht !

Code: Select all

> Robert, 
> 
> The mails are still waiting --> command mailq gives them. 
> 
> Connection refused on port 10024 on localhost? 
> Is this avmailgate? This is indeed avmailgate ! 
> 
> In the postfic/main.cf i have the following entry : 
> #Antivirus 
> content_filter = smtp:127.0.0.1:10024 
> 
> What should be in the avmailgate.conf ? I have the follwing entries that are 
> not commented out (#) : 
> ListenAddress localhost port antivir 
> ForwardTo SMTP: localhost port smtp-backdoor 


Seems that port 'antivir' is not listed in /etc/services 
Try 


ListenAddress localhost port 10024 
ForwardTo SMTP: localhost port 10025 


restart avmailgate and ALWAYS reply to the mailing list! 



Regards, 


  Robert Simai 


  SuSE Linux AG - Support Services 
  Deutschherrnstr. 15-19, 90429 Nürnberg, Germany 


Ich hoffe ich kann hiermit einigen Leuten noch viel Ã?rger ersparen.

Man sieht das Rootforum hilft nicht immer, aber immer öfter :wink: