Amavis verschluckt meine Mails

[bennle]

Hallo,
Ich habe auf meinen Server Postfix + Amavis + Spamassassin am laufen.
Funktioniert auch soweit alles wie ich das will.

Allerdings verschluckt Amavis meine Mails die für Ihn als infiziert und gefunden gelten.
Ich würde gerne eine Info über Viruse erhalten, sowie die Weiterleitung von den Spammails.
Momentan werden diese in einen Ordner verschoben.

Bei den Emails die durchkommen wird leider auch kein HEADER erweitert (X-Spam:***)

Kann mir jemand sagen woran es liegt??

Mein Config von Amavis

Code: Select all

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings
#
#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html


# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

$max_servers = 3;            # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$mydomain = 'XXX.de';   # a convenient default for other settings

$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
# $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine

$X_HEADER_TAG = 'X-Virus-Scanned';

# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef

# $db_home   = "$MYHOME/db";
# $helpers_home = "$MYHOME/var";  # prefer $MYHOME clean and owned by root?
# $pid_file  = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 0;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # when using sendmail milter

$sa_tag_level_deflt  = -999; #2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 16.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 1;    # only tests which do not require internet access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
                             # for SA 3.0, cf option is 'use_auto_whitelist')

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

$virus_admin               = "virusalert@$mydomain";  # notifications recip.

$mailfrom_notify_admin     = "virusalert@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_modifies_subj = 1;  # kennzeichnet den Subject
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name


# OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = 'XXX.de';

# $notify_method  = 'smtp:[127.0.0.1]:10025';
# $forward_method = 'smtp:[126.0.0.1]:10025';  # set to undef with milter!

# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;


# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
#
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
#
# $defang_bad_header, $defang_undecipherable, $defang_spam


# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@viruses_that_fake_sender_maps = (new_RE(
# [qr'bEICARb'i => 0],            # av test pattern name
# [qr'^(WM97|OF97|Joke.)'i => 0],  # adjust names to match your AV scanner
  [qr/^/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));


# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
.........

Ich habe Suse 10.0 und verwalte meinen Server mit VHCS2 (nur so nebenbei :P )

MfG

[Roger Wilco]

Allerdings verschluckt Amavis meine Mails die für Ihn als infiziert und gefunden gelten.

Klar, du hast amavis ja auch gesagt, dass du das so haben willst:

Code: Select all

# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;

[bennle]

Allerdings verschluckt Amavis meine Mails die für Ihn als infiziert und gefunden gelten.

Klar, du hast amavis ja auch gesagt, dass du das so haben willst:

Code: Select all

# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;

Hallo,
Ok, hilfst du mir auf die Sprünge was ich einsetzen muss??
Welche Optionen gibt es? Was wird mit D_PASS umschrieben!


Ebenfalls würde mich interessieren für was ich die Variable $defang_spam einsetzen kann.

Desweiteren bleibt offen, weshalb mir der HEADER nicht verändert wird.
Vielen Dank.

MfG

[Joe User]

Du hast es selbst zitiert:

Code: Select all

#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

[bennle]

Du hast es selbst zitiert:

Code: Select all

#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

verwerfen (D_DISCARD), bouncen (D_BOUNCE), ablehnen (D_REJECT) oder unabhängig vom Inhalt zustellen (D_PASS).

Das ist doch richtig oder?

Wenn nicht dann korrigiere mal bitte!

MfG

[Joe User]

Korrekt.

[bennle]

Korrekt.

OK, dann verstehe ich es nicht! Wieso bekomme ich diese dann nicht zugestellt???

Also kann es doch nicht daran liegen.

MfG

PS: Oder stehe ich auf dem Schlauch!

[Roger Wilco]

OK, dann verstehe ich es nicht! Wieso bekomme ich diese dann nicht zugestellt???

Weil der Defaultwert für $final_virus_destiny nunmal D_DISCARD ist, wie es in den Kommentaren steht.

[bennle]

OK, dann verstehe ich es nicht! Wieso bekomme ich diese dann nicht zugestellt???

Weil der Defaultwert für $final_virus_destiny nunmal D_DISCARD ist, wie es in den Kommentaren steht.

OK, ich glaube wir reden aneinander vorbei!
Also das mit den Virusmails ist ok, das habe ich schon längst geändert!

Allerdings werden meine Spammails nicht zugestellt und der

$sa_spam_subject_tag = '***SPAM*** ';

wird auch nicht angezeigt!

Ich weiß wirklich nicht mehr weiter!

MfG

[rootsvr]

mal versucht Amavis im Debug Modus zu starten?

amavisd debug
bzw.
amavisd debug-sa

Dann sagt er eigentlich recht schön was er grade macht und warum.

Prüfen ob die SA config stimmt:
spamassassin --lint debug

siehe auch
http://www.ijs.si/software/amavisd/#faq-trouble

Alternativ:
$log_level = 0; # verbosity 0..5
auf 5, amavis restarten und logfiles betrachten (da sollte ja auch jetzt schon stehen was mit der Mail geschieht.

[bennle]

Hallo,
Hab das jetzt mal länger mitgeschrieben, aber finde nix! Hab mal nen Ausschnitt beigefügt! Vielleicht könnt Ihr was deuten.

Code: Select all

Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) spam_scan: DSPAM not available, skipping it
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) calling SA parse, SA version 3.0.4
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) CALLING SA check
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) RETURNED FROM SA check, time left: 30 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after spam_scan_SA: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) spam_scan: score=-4.532 tests=[ALL_TRUSTED=-2.867,AWL=0.000,BAYES_00=-1.665]
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after spam_scan: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) enqueue: stat is not numeric: ""
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) enqueue: not deleting: 517e0f623444c42ba2cc7d374eae7130, was refreshed since
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) enqueue: stat is not numeric: ""
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup: (scalar) matches, result="17.5"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (spam_kill_level) => true,  "XXX" matches, result="17.5", matching_key="(constant:17.5)"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) header: Received: from XXX([127.0.0.1])n by localhost (XXX[127.0.0.1]) (amavisd-new, port 10024) with ESMTPn id 04483-08 for <info@XXX>; Thu, 16 Nov 2006 11:38:03 +0100 (CET)n
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup_acl(XXX) matches key ".XXX", result=1
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (local_domains) => true,  "XXX" matches, result="1", matching_key=".XXX"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) query_keys: info@XXX, info@, XXX, .XXX, .info, .
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup_hash(info@XXX), no matches
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (bypass_spam_checks) => undef, "info@XXX" does not match
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup: (scalar) matches, result="-999"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (spam_tag_level) => true,  "info@XXX" matches, result="-999", matching_key="(constant:-999)"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup: (scalar) matches, result="4"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (spam_tag2_level) => true,  "info@XXX" matches, result="4", matching_key="(constant:4)"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (spam_subject_tag) => undef, "info@XXX" does not match
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) headers CLUSTERING: NEW CLUSTER <info@XXX>: score=-4.532, tag=1, tag2=0, subj=0, subj_u=0, local=1, bl=, s=
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) header: X-Virus-Scanned: by BG System Ltdn
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) header: X-Spam-Status: No, score=-4.532 tagged_above=-999 required=4n tests=[ALL_TRUSTED=-2.867, AWL=0.000, BAYES_00=-1.665]n
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) header: X-Spam-Score: -4.532n
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) header: X-Spam-Level: n
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) headers CLUSTERING: done all 1 recips in one go
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) SPAM-TAG, <root@XXX> -> <info@XXX>, No, score=-4.532 tagged_above=-999 required=4 tests=[ALL_TRUSTED=-2.867, AWL=0.000, BAYES_00=-1.665]
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <root@XXX> -> <info@XXX>
Nov 16 11:38:03 h1054411 postfix/smtpd[4581]: connect from XXX[127.0.0.1]
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) Remote host presents itself as: XXX
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-connect: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) AUTH not needed, user='', MTA offers 'PLAIN LOGIN'
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-mail-from: remaining time = 480 s
Nov 16 11:38:03 h1054411 postfix/smtpd[4581]: BD4D36E0214: client=XXX[127.0.0.1]
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) response to RCPT TO for <info@XXX>: "250 Ok"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-rcpt-to: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) response to DATA: "354 End data with <CR><LF>.<CR><LF>"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) write_header: 0, Amavis::Out=HASH(0xa2e3980)
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-data: remaining time = 480 s
Nov 16 11:38:03 h1054411 postfix/cleanup[4913]: BD4D36E0214: message-id=<20061116103803.233A76E024C@XXX>
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-data-end: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) response to data end: "250 Ok: queued as BD4D36E0214"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after fwd-rundown-1: remaining time = 480 s
Nov 16 11:38:03 h1054411 postfix/smtpd[4581]: disconnect from XXX[127.0.0.1]
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) FWD via SMTP: <root@XXX> -> <info@XXX>, 250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after forwarding: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) one_response_for_all <root@XXX>: success, r=0,b=0,d=0, dsn_needed=0, '250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214'
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) warnsender_with_pass=0 (,,,), dsn_needed=0, cnt=, exit=0, 250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after delivery-notification: remaining time = 480 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup: (scalar) matches, result="4"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) lookup (spam_tag2_level) => true,  "info@XXX" matches, result="4", matching_key="(constant:4)"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) parse_received: by = XXX /XXX//
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) parse_received: id = 233A76E024C/233A76E024C//
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) parse_received: ; = Thu, 16 Nov 2006 11:38:03 +0100 (CET)/Thu, 16 Nov 2006 11:38:03 +0100 (CET)//
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) best_try_originator_ip: 
Nov 16 11:38:03 h1054411 postfix/qmgr[29378]: BD4D36E0214: from=<root@XXX>, size=1133, nrcpt=1 (queue active)
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) Passed CLEAN, <root@XXX> -> <info@XXX>, Message-ID: <20061116103803.233A76E024C@XXX>, mail_id: Ghym5uvMVtmQ, Hits: -4.532, 716 ms
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) updating snmp variables
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) sending SMTP response: "250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214"
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) timer stopped after DATA end
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) strip_tempdir: /var/spool/amavis/tmp/amavis-20061116T112804-04483
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) rmdir_recursively: /var/spool/amavis/tmp/amavis-20061116T112804-04483/parts, excl=1
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) TIMING [total 728 ms] - SMTP EHLO: 8 (1%)1, SMTP pre-MAIL: 5 (1%)2, SMTP pre-DATA-flush: 10 (1%)3, SMTP DATA: 33 (4%)8, body_digest: 2 (0%)8, gen_mail_id: 1 (0%)8, mime_decode: 17 (2%)10, get-file-type1: 14 (2%)12, decompose_part: 2 (0%)13, parts_decode: 0 (0%)13, spam-wb-list: 27 (4%)16, SA msg read: 1 (0%)16, SA parse: 3 (0%)17, SA check: 471 (65%)82, update_cache: 5 (1%)82, fwd-connect: 21 (3%)85, fwd-mail-from: 2 (0%)85, fwd-rcpt-to: 3 (0%)86, write-header: 4 (1%)86, fwd-data: 1 (0%)87, fwd-data-end: 65 (9%)96, fwd-rundown: 3 (0%)96, main_log_entry: 22 (3%)99, update_snmp: 4 (0%)99, unlink-1-files: 3 (0%)100, rundown: 0 (0%)100
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) ESMTP> 250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) idle_proc, 6: was busy, 710.7 ms, total idle 590.627 s, busy 8.839 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) idle_proc, 5: was idle, 0.6 ms, total idle 590.628 s, busy 8.839 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) prolong_timer after reading SMTP command: remaining time = 0 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) ESMTP< QUITrn
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) ESMTP> 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) post_process_request_hook: timer stopped
Nov 16 11:38:03 h1054411 postfix/smtp[3549]: 233A76E024C: to=<info@XXX>, orig_to=<root>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 2.6.0 Ok, id=04483-08, from MTA([127.0.0.1]:10025): 250 Ok: queued as BD4D36E0214)
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) idle_proc, bye: was busy, 4.5 ms, total idle 590.628 s, busy 8.844 s
Nov 16 11:38:03 h1054411 amavis[4483]: (04483-08) load: 1 %, total idle 590.628 s, busy 8.844 s
Nov 16 11:38:03 h1054411 postfix/qmgr[29378]: 233A76E024C: removed
Nov 16 11:38:03 h1054411 postfix/local[4770]: BD4D36E0214: to=<info@XXX>, relay=local, delay=0, status=bounced (unknown user: "info")
Nov 16 11:38:03 h1054411 postfix/cleanup[4433]: DB62F6E0253: message-id=<20061116103803.DB62F6E0253@XXX>
Nov 16 11:38:03 h1054411 postfix/qmgr[29378]: DB62F6E0253: from=<>, size=2750, nrcpt=1 (queue active)
Nov 16 11:38:03 h1054411 postfix/qmgr[29378]: BD4D36E0214: removed
Nov 16 11:38:03 h1054411 postfix/local[4770]: DB62F6E0253: to=<info@XXX>, orig_to=<root@XXX>, relay=local, delay=0, status=bounced (unknown user: "info")
Nov 16 11:38:03 h1054411 postfix/qmgr[29378]: DB62F6E0253: removed
Nov 16 11:38:04 h1054411 postfix/smtpd[4931]: warning: 60.49.108.217: hostname tm.net.my verification failed: Name or service not known
Nov 16 11:38:04 h1054411 postfix/smtpd[4931]: connect from unknown[60.49.108.217]
Nov 16 11:38:05 h1054411 postfix/smtpd[4931]: 374066E0214: client=unknown[60.49.108.217]
Nov 16 11:38:05 h1054411 postfix/cleanup[4913]: 374066E0214: message-id=<01c7096b$25734350$6c822ecf@deborahrodrigo>
Nov 16 11:38:05 h1054411 postfix/qmgr[29378]: 374066E0214: from=<deborahrodrigo@calgary505.com>, size=1669, nrcpt=1 (queue active)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-04) idle_proc, hi : was idle, 82824.7 ms, total idle 302.648 s, busy 5.644 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-04) loaded base policy bank
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-04) lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-04) prolong_timer after new request - timer reset: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-04) process_request: suggested_protocol="" on TCP
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 4: was busy, 5.3 ms, total idle 302.648 s, busy 5.649 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 1.4 ms, total idle 302.650 s, busy 5.649 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) SMTP< EHLO XXXrn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250-[127.0.0.1]
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250-PIPELINING
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250-SIZE
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250-8BITMIME
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250-ENHANCEDSTATUSCODES
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250 XFORWARD NAME ADDR PROTO HELO
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 6: was busy, 4.8 ms, total idle 302.650 s, busy 5.654 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 0.6 ms, total idle 302.650 s, busy 5.654 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< XFORWARD NAME=[UNAVAILABLE] ADDR=60.49.108.217rn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250 2.5.0 Ok XFORWARD
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 6: was busy, 2.4 ms, total idle 302.650 s, busy 5.656 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 0.6 ms, total idle 302.651 s, busy 5.656 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< XFORWARD PROTO=ESMTP HELO=apo2-f33fc40b40rn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250 2.5.0 Ok XFORWARD
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 6: was busy, 2.3 ms, total idle 302.651 s, busy 5.658 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 0.5 ms, total idle 302.651 s, busy 5.658 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< MAIL FROM:<deborahrodrigo@calgary505.com> SIZE=1669rn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after MAIL FROM received - timer reset: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) check_mail_begin_task: task_count=5
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (debug_sender) => undef, "deborahrodrigo@calgary505.com" does not match
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250 2.1.0 Sender deborahrodrigo@calgary505.com OK
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 6: was busy, 4.4 ms, total idle 302.651 s, busy 5.663 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 0.6 ms, total idle 302.652 s, busy 5.663 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< RCPT TO:<info@XXX>rn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 250 2.1.5 Recipient info@XXX OK
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 6: was busy, 2.4 ms, total idle 302.652 s, busy 5.665 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) idle_proc, 5: was idle, 0.5 ms, total idle 302.652 s, busy 5.665 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after reading SMTP command: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< DATArn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after DATA received - timer reset: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP::10024 /var/spool/amavis/tmp/amavis-20061116T113257-04814: <deborahrodrigo@calgary505.com> -> <info@XXX> Received: SIZE=1669 from XXX ([127.0.0.1]) by localhost (XXX [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04814-05 for <info@XXX>; Thu, 16 Nov 2006 11:38:05 +0100 (CET)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP> 354 End data with <CR><LF>.<CR><LF>
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) ESMTP< .rn
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Actual message size 1666 B, declared 1669 B
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) setting body type: 7BIT (0,0)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) body hash: 448e8179675dcb32e821feb323937496
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Original mail size: 1666; quota set to: 833000 bytes
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Checking: 9ZPm1QK1Xdaq [60.49.108.217] <deborahrodrigo@calgary505.com> -> <info@XXX>
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) cached 448e8179675dcb32e821feb323937496 from <deborahrodrigo@calgary505.com> (1,1)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) cache entry age: . c=20061116T103642 a=20061116T103642
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) query_keys: info@XXX, info@, XXX, .XXX, .com, .
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup_hash(info@XXX), no matches
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (bypass_virus_checks) => undef, "info@XXX" does not match
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Extracting mime components
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Issued a new file name: p001
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Charging 748 bytes to remaining quota 833000 (out of 833000, (0%)) - by mime_decode
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) p001 1 Content-Type: text/plain, size: 748 B, name: 
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after mime_decode-1: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) decode_parts: level=1, #parts=1 : p001
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) run_command: [4960] /usr/bin/file p001 </dev/null 2>&1
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) result line from file(1): p001: ASCII English text
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup_re("ASCII English text") matches key "(?i-xsm:^(ASCII|text)b)", result="asc"
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (map_full_type_to_short_type) => true,  "ASCII English text" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\b)"
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) File-type of p001: ASCII English text; (asc)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) do_ascii: Decoding part p001
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) do_ascii: Decoding part p001 (0 items), uulib V0.5pl20
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) decompose_part: p001 - atomic
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) prolong_timer after parts_decode: remaining time = 480 s
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) query_keys: info@XXX, info@, XXX, .XXX, .com, .
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup_hash(info@XXX), no matches
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (bypass_header_checks) => undef, "info@XXX" does not match
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) check_header: OK
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) Checking for banned types and filenames
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) query_keys: info@XXX, info@, XXX, .XXX, .com, .
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup_hash(info@XXX), no matches
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (bypass_banned_checks) => undef, "info@XXX" does not match
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup: (scalar) matches, result="DEFAULT"
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (banned_filename), 1 matches for "XXX", results: "(constant:DEFAULT)"=>"DEFAULT"
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) collect banned table[0]: info@XXX, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8517c1c)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) starting banned checks - traversing message structure tree
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) check_for_banned (p001) text/plain,.asc
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) doing banned check for info@XXX on text/plain,.asc
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup_re(["text/plain",".asc"]), no matches
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) lookup (check_bann:info@XXX) => undef, ["text/plain",".asc"] does not match
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) p.path info@XXX: "P=p001,L=1,M=text/plain,T=asc"
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) banned check: any=0, all=N (1)
Nov 16 11:38:05 h1054411 amavis[4814]: (04814-05) virus_presence cached, skipping virus_scan

Achso, ist es möglich den Spamfilter in Amavis zu deaktiveren und wie gewohnt das über Procmail zu machen? Wenn ja, wie?

MfG

[rootsvr]

Dein Problem dürfte folgende Zeile sein:
Nov 16 11:38:03 h1054411 postfix/local[4770]: BD4D36E0214: to=<info@XXX>, relay=local, delay=0, status=bounced (unknown user: "info")

da scheint er versuchen was an den falschen zu liefern.

Ich weiß nciht ob man im amavisd den sa ausschalten kann hab auf die schnelle nichts gefunden..

[Joe User]

Code: Select all

grep -ni spam amavisd.conf

Sollte die passenden Zeilen liefern...

[bennle]

Also der Befehl liefert folgendes

Code: Select all

14:# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code
57:$sa_tag_level_deflt  = -1; #2.0;  # add spam info headers if at, or above that level
59:$sa_kill_level_deflt = 17.5; # triggers spam evasive actions
60:$sa_dsn_cutoff_level = 19;    # spam level beyond which a DSN is not sent
61:# $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off
78:$mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender
82:@addr_extension_spam_maps       = ('spam');
89:# $dspam = 'dspam';
96:$sa_spam_modifies_subj = 1;  # kennzeichnet den Subject
97:$sa_spam_subject_tag = 'SPAM';
100:$defang_spam   = 1;
113:$final_spam_destiny =  D_PASS;
122:# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
125:# @virus_lovers_maps, @spam_lovers_maps,
131:# $bad_header_quarantine_to, $spam_quarantine_to,
133:# $defang_bad_header, $defang_undecipherable, $defang_spam

das sieht für mich gut aus!

Nov 16 11:38:03 h1054411 postfix/local[4770]: BD4D36E0214: to=<info@XXX>, relay=local, delay=0, status=bounced (unknown user: "info")

da scheint er versuchen was an den falschen zu liefern.

Kann das mit den Catchall zusammenhängen? Was bedeutet das genau?

MfG

PS @Joe User was genau wolltest du mir mit dem Befehl mitteilen?