Syscp & Postfix Problem with SPAM - why doesn´t work it ??

[t-eddie]

Hello Root-Forum,

I use syscp now for nearly a year and im really happy with it....but now I also want to use the the Mailfunktion on my Rootserver, and i install postfix with the syscp howto - and everything works fine.

Now I use everyday the Mailfunktion in Postfix and i have a Problem with SPAM - so i had install ClamAV and Spamassassin with the Modules for SysCP. I use this Howto http://www.syscp.de/wiki/config/Installation/de/extensionmaildrop and also this One http://www.volkerjanzen.net/syscp/spamfilter

BUT when i logon my Emailaccount with Squirellmail - there is my Inbox full of SPAM - and the rewirte Rule with the Subject doesnt work.

And i have no Idea where i have to look, to solve the Problem - can you help, what i should check - with Log-Files i have to look??
The postfix daemon works fine, but only the SPAM-Filter doesnt work

mail.warn LOG

Code: Select all

Dec 12 02:32:24 localhost postfix/smtpd[29498]: warning: smtpd_peer_init: 200.121.20.232: hostname client-200.121.20.232.speedy.net.pe verification failed: Name or service not known
Dec 12 08:37:45 localhost postfix/smtpd[14736]: warning: smtpd_peer_init: 84.238.3.12: hostname ip-nat-84-238-3-12.bnaa.dk verification failed: Name or service not known
Dec 12 10:11:14 localhost postfix/smtpd[19384]: warning: smtpd_peer_init: 129.41.78.71: hostname mail2197.email.frontlineshop.com verification failed: Name or service not known
Dec 12 13:53:07 localhost postfix/smtpd[30101]: warning: smtpd_peer_init: 85.99.160.210: hostname dsl.dynamic8599160210.ttnet.net.tr verification failed: Name or service not known
Dec 12 14:35:46 localhost postfix/smtpd[32272]: warning: smtpd_peer_init: 200.96.220.75: hostname 200-96-220-75.pvoce700-nrp4.dsl.brasiltelecom.net.br verification failed: Name or service not known

mail.info

Code: Select all

Dec 12 16:10:10 localhost postfix/pipe[4494]: 6611F7340A1: to=<matthek@vorturner.de>, relay=maildrop, delay=0, status=sent (vorturner.de)
Dec 12 16:10:10 localhost postfix/smtpd[4487]: disconnect from i214144.upc-i.chello.nl[62.195.214.144]
Dec 12 16:10:11 localhost postfix/smtp[4495]: 6611F7340A1: to=<mkreissler@kth-online.de>, orig_to=<matthek@vorturner.de>, relay=mailin.rzone.de[81.169.145.100], delay=1, status=bounced (host mailin.rzone.de[81.169.145.100] said: 550 5.0.0 your mail contains a virus (in reply to end of DATA command))
Dec 12 16:10:11 localhost postfix/cleanup[4492]: 8678E7340A7: message-id=<20061212151011.8678E7340A7@static.88-198-1-50>
Dec 12 16:10:11 localhost postfix/qmgr[3202]: 8678E7340A7: from=<>, size=11769, nrcpt=1 (queue active)
Dec 12 16:10:11 localhost postfix/qmgr[3202]: 6611F7340A1: removed
Dec 12 16:10:11 localhost postfix/smtp[4495]: 8678E7340A7: to=<ulpsxkqwzj@chello.nl>, relay=smtp.chello.nl[213.46.243.2], delay=0, status=bounced (host smtp.chello.nl[213.46.243.2] said: 550 Invalid recipient: <ulpsxkqwzj@chello.nl> (in reply to RCPT TO command))
Dec 12 16:10:11 localhost postfix/qmgr[3202]: 8678E7340A7: removed

Please help me

t-eddie

Edit:

my /etc/spamassassin/local.cf

Code: Select all

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 212.17.35.
# lock_method flock

user_scores_dsn DBI:mysql:syscp:localhost
user_scores_sql_username syscp
user_scores_sql_password <password>
user_scores_sql_custom_query SELECT preference, value FROM modules_sasettings_sa WHERE 
username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) 
ORDER BY username ASC

Edit: Ihr könnt auch ruhig in German antworten, hauptsache es kann mir irgendwer einen Tip geben - Viele Dank im voraus.

t-eddie

[taurin]

BUT when i logon my Emailaccount with Squirellmail - there is my Inbox full of SPAM - and the rewirte Rule with the Subject doesnt work.

Welche re-write rule? Du hast in Deiner spamassassin local.cf

Code: Select all

# rewrite_header Subject *****SPAM*****
# report_safe 1 

auskommentiert. Nimm das mal mit rein.
Was sagen die Header der jeweiligen Mails? Da sollte wenigstens was von Spamassassin drin stehen.

[t-eddie]

Hallo,

mhmm, wer lesen kann ist klar im vorteil.. :oops:

Ich habe die Zeilen gestern wieder mit reingenommen

Code: Select all

rewrite_header Subject *****SPAM*****
report_safe 1

und Spamassassin neugestartet, der "spamd" Prozess läuft auch - trotzdem kommen Spammail´s durch, und im Header findet sich absolut kein hinweis aus Spamassassin - was hab ich falsch gemacht???

Oder wo soll ich noch mal suchen/ nachschauen??

[taurin]

Oder wo soll ich noch mal suchen/ nachschauen??

Wie sieht Deine /etc/courier/maildroprc aus?

[t-eddie]

Mhmmm, bei mir heißt die Datei maildroprc.

Aber hier mal der Quellcode:

Code: Select all

#########################################################
#Configuration
#########################################################

# set this to 1 if you want to log the usersettings vor vscan, etc.
LOGUSERSETTINGS=0

# Full path to the maildrop log of each user
LOGFILEPATH=$HOME$DEFAULT/maildrop.log

# Setting for SysCP maildrop module
USESYSCPSETTINGS=1
# Basedir of your syscp installation
SYSCPBASEDIR="/var/www/syscp"

# Default setting for the spamfilter
SPAMFILTER=0

# use spamc instead of the direct call to spamassassin
USESPAMC=1

# Default setting for the virusscan
VSCAN=0

# include userdefined filters into maildrop
USERFILTER=0

# basedir of your userdefined filterfiles
MAILFILTERDIR="/var/kunden/mailfilter"

# Only scan mails smaller than SCANSPAMSIZE for spam
SCANSPAMSIZE="200000"

# Only scan mails smaller than VSCANSIZE for a virus
VSCANSIZE="2000000"

#########################################################
# Do NOT change anything below this line unless you know
# what you're doing!
#########################################################
#
# First check if the maildir exists and create it, if
# it doesn't exist
#
#########################################################
MAILDIR=$HOME$DEFAULT
`test -d "$MAILDIR"`                            # check if dir exist
if ($RETURNCODE != 0)
{
        `mkdir -p $MAILDIR`                     # create dirs with parents
        `rmdir $MAILDIR`                        # remove dir for init
        `/usr/bin/maildirmake $MAILDIR`         # create maildir
}

#########################################################
#
# init logfile for this user
#
#########################################################
logfile "$LOGFILEPATH"
log "========================================================================="
if ( $LOGUSERSETTINGS )
{
        log "maildir: $MAILDIR"
        log "SPAMFILTER: $SPAMFILTER - VSCAN: $VSCAN"
        log "logname: $LOGNAME"
}

#########################################################
#
# get settings for account from SysCP-Database
#
#########################################################
if ( $USESYSCPSETTINGS )
{
    `$SYSCPBASEDIR/scripts/modules/maildrop/getsettings.php "$LOGNAME"`
    if ($RETURNCODE >= 2)
    {
        VSCAN=1
        RETURNCODE=$RETURNCODE-2
    }
    if ($RETURNCODE >= 1)
    {
        SPAMFILTER=1
    }
}
if ( $LOGUSERSETTINGS )
{
        log "SPAMFILTER: $SPAMFILTER - VSCAN: $VSCAN"
}

#########################################################
#
# run virusscan
#
#########################################################
if ( $VSCAN )
{
    if( $SIZE < $VSCANSIZE )
    {
        exception {
                    xfilter "/usr/bin/clamscan.sh"
        }
    }

    # check if mail is marked as virus
    if(/^X-Virus-Status:.*INFECTED/)
    {
                exception {
                    log "identifyed as virus! -> $MAILDIR/.Virus"
                    MAILDIR = $MAILDIR.Virus/
                    SPAMFILTER=0
                    USERFILTER=0
                }
    }
}

#########################################################
#
# run spamfilter
#
#########################################################
if ( $SPAMFILTER )
{
    if( $SIZE < $SCANSPAMSIZE )
    {
                exception {
                        if ( $USESPAMC )
                        {
                        xfilter "/usr/bin/spamc -f -x -u $LOGNAME"
                        }
                        else
                        {
                        xfilter "/usr/bin/spamassassin -x"
                        }
                }
    }

    # check if mail is marked as spam
    if(/^X-Spam-Flag: *YES/)
    {
                exception {
                    log "identifyed as spam! -> $MAILDIR/.Spam"
                    MAILDIR = $MAILDIR.Spam/
                    VSCAN=0
                    USERFILTER=0
                }
    }
}

#########################################################
#
# include userdefined mailfilter
#
#########################################################
if ( $USERFILTER )
{
        exception {
                include $MAILFILTERDIR/$LOGNAME
        }
}

#########################################################
#
# create needed sub-directory, if it doesn't exist
#
#########################################################
`test -d "$MAILDIR"`
if( $RETURNCODE == 1 )
{
        `mkdir -p $MAILDIR`
        `rmdir $MAILDIR`
        `/usr/bin/maildirmake "$MAILDIR"`
}

#########################################################
#
# deliver mail to maildir
#
#########################################################
exception {
    log "filtering done, deliver to $MAILDIR"
    to "$MAILDIR"
}

Aber wenn maildrop nicht laufen würde, könnte ich doch keine Mails empfangen und versenden, oder ??

Kann ich das irgendwie testen, oder in den Logs sehen - ob Maildrop die Mails überhaupt annimmt und durch die Scanner schickt ???

[taurin]

Hm, hast Du mal in die main.cf von postfix geschaut, ob da alles passt? Läuft der transport über maildrop und ist der in der master.cf auch korrekt gesetzt?

Irgendwie scheint ja der Mailfilter gegen Viren zu funktionieren, sonst würde die eMail in Deinem Log ja nicht zurückgewiesen. Allerdings sieht mir das nicht nach maildrop aus, weil lauft config die Virenmails ja nicht zurückgewiesen, sondern in ein Verzeichnis verschoben werden.

Poste mal die main.cf und die master.cf. Und warum muss es dann maildir sein? amavisd-new ist doch viel geiler mit Postfix :)

[t-eddie]

Also hier die main.cf

Code: Select all

# daemon configuration
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
myhostname = static.88-IP
mydomain = clients.your-server.de
mydestination = $myhostname $mydomain localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
alias_maps = $alias_database
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

virtual_mailbox_base = /var/www/kunden/mail/
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uid_maps.cf
#virtual_uid_maps = static:2000
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gid_maps.cf
#virtual_gid_maps = static:2000
#ohne Maildrop
#virtual_transport = virtual:
#mit Maildrop
virtual_transport = maildrop

#Maildrop-Options
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# TLS Mode for SMTP-service
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /path/to/smtpd.pem
smtpd_tls_cert_file = /path/to/smtpd.pem
smtpd_tls_CAFile = /path/to/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

maps_rbl_domains = relays.ordb.org
smtp_recipient_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining
smtp_client_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining
smtp_sender_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unknown_client, reject_non_fqdn_hostname

Und die master.cf

Code: Select all

# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n      -       -       -       -       smtpd
#       -o smtpd_etrn_restrictions=reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
#smtps    inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587      inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

Mhmm, warum Maildir....ehrlich gesagt, es wurde empfohlen - von einigen die auch syscp einsetzten.

Was ist denn amavisd-new ??? Gib´s irgendwo nen gutes howto?

Ich hoffe wir finden hier irgendwo einen Ansatz, wo ich weiter suchen kann....Danke schon mal im voraus..

t-eddie