VMware-Image mit Mailserver zum üben/verstehen

VirtualBox, VMWare, KVM, XEN, OpenVZ, Virtuozzo, etc.
fmp
Posts: 8
Joined: 2006-07-09 18:26

VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-05-20 12:03

Hi,

weiss jemand ob es ein fertiges VMware-Image mit Postfix zum üben/verstehen existiert ??

FmP

Roger Wilco
Administrator
Administrator
Posts: 6001
Joined: 2004-05-23 12:53

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by Roger Wilco » 2007-05-20 12:43

Speziell für diesen Zweck eher nicht, aber unter http://www.vmware.com/vmtn/appliances/directory/ gibt es zahlreiche Mail-Appliances, in denen auch Postfix läuft, sowie einige Standard-Installationen gängiger Linux Distributionen, in denen du Postfix recht schnell installieren kannst.

fmp
Posts: 8
Joined: 2006-07-09 18:26

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-06-17 12:53

Hi,

so, habe mittlerweile ein Vmware-Image komplett neu aufgesetzt mit Debian Etch, Apache, PHP, MySql, Postfix, courier, fetchmail, amavis, SA und squirrelmail. Funktioniert soweit ganz gut, nur SA macht noch nicht das was er soll ... Mails werden durch fetchmail geholt, durchlaufen auch Amavis, aber es steht nix von SA im Header ...

Wahrscheinlich hab ich in der Amavis-Config 15-content_filter_mode genau falschrum kommentiert nämlich aus statt ein...

Habe es jetzt probeweise mal einkommentiert (# @bypass_spam_checks ...), und jetzt erscheint im Mail.log wenn eine mail reinkommt folgendes:

Code: Select all

Jun 17 12:41:38 susi fetchmail[3859]: So 17 Jun 2007 12:41:38 CEST: schlafe 300 Sekunden lang
Jun 17 12:42:12 susi spamd[3143]: prefork: periodic ping from spamd parent
Jun 17 12:42:12 susi spamd[3144]: prefork: periodic ping from spamd parent
Jun 17 12:42:12 susi spamd[3144]: prefork: sysread(8) not ready, wait max 300 secs
Jun 17 12:42:12 susi spamd[3143]: prefork: sysread(7) not ready, wait max 300 secs
Jun 17 12:44:44 susi spamd[3143]: prefork: periodic ping from spamd parent
Jun 17 12:44:44 susi spamd[3143]: prefork: sysread(7) not ready, wait max 300 secs
Jun 17 12:44:44 susi spamd[3144]: prefork: periodic ping from spamd parent
Jun 17 12:44:44 susi spamd[3144]: prefork: sysread(8) not ready, wait max 300 secs
Jun 17 12:46:38 susi fetchmail[3859]: erweckt um So 17 Jun 2007 12:46:38 CEST
Jun 17 12:46:40 susi fetchmail[3859]: 1 Nachricht für pop22 bei mail.meinedomain.de (1150 Bytes).
Jun 17 12:46:40 susi postfix/smtpd[7907]: connect from localhost[127.0.0.1]
Jun 17 12:46:40 susi postfix/smtpd[7907]: E3C0F77F52: client=localhost[127.0.0.1]
Jun 17 12:46:40 susi postfix/cleanup[7910]: E3C0F77F52: message-id=<8GYD68.20070523033951@127.0.0.5>
Jun 17 12:46:40 susi postfix/qmgr[2359]: E3C0F77F52: from=<hmansenn@meinedomain.de>, size=1486, nrcpt=1 (queue active)
Jun 17 12:46:40 susi fetchmail[3859]: Nachricht pop22@mail.meinedomain.de:1 von 1 wird gelesen (1150 Bytes) gelöscht
Jun 17 12:46:41 susi postfix/smtp[7911]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
Jun 17 12:46:41 susi postfix/smtp[7911]: E3C0F77F52: to=<postmaster@meinedomain.de>, relay=none, delay=0.13, delays=0.11/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
Jun 17 12:46:41 susi postfix/smtpd[7907]: disconnect from localhost[127.0.0.1]
Jun 17 12:46:42 susi fetchmail[3859]: So 17 Jun 2007 12:46:42 CEST: schlafe 300 Sekunden lang
????? wenn ich per ps hax | grep spam suche, kommt :

Code: Select all

susi:/etc/init.d# ps hax | grep spam
 3142 ?        Ss     0:01 /usr/bin/perl -T -w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d -D --pidfile=/var/run/spamd.pid
 3143 ?        S      0:02 spamd child
 3144 ?        S      0:01 spamd child
 7916 pts/1    S+     0:00 grep spam
Any Ideas ??

FmP

Roger Wilco
Administrator
Administrator
Posts: 6001
Joined: 2004-05-23 12:53

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by Roger Wilco » 2007-06-17 13:02

Dein Postfix will die E-Mails auf 127.0.0.1:10024 an amavisd-new weitergeben. Das scheint nicht zu laufen bzw. weist die Verbindung ab.

fmp
Posts: 8
Joined: 2006-07-09 18:26

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-06-17 16:47

Hi,

hmm, amavis war aus, hab ihn neu gestartet. Leider steht aber immernoch nix von SA im Header.

mail.log sagt:

Code: Select all

Jun 17 16:32:44 susi spamd[3143]: prefork: periodic ping from spamd parent
Jun 17 16:32:44 susi spamd[3143]: prefork: sysread(7) not ready, wait max 300 secs
Jun 17 16:32:44 susi spamd[3144]: prefork: periodic ping from spamd parent
Jun 17 16:32:44 susi spamd[3144]: prefork: sysread(8) not ready, wait max 300 secs
Jun 17 16:35:16 susi spamd[3143]: prefork: periodic ping from spamd parent
Jun 17 16:35:16 susi spamd[3144]: prefork: periodic ping from spamd parent
Jun 17 16:35:16 susi spamd[3144]: prefork: sysread(8) not ready, wait max 300 secs
Jun 17 16:35:16 susi spamd[3143]: prefork: sysread(7) not ready, wait max 300 secs
Jun 17 16:36:24 susi fetchmail[3859]: erweckt um So 17 Jun 2007 16:36:24 CEST
Jun 17 16:36:25 susi fetchmail[3859]: 3 Nachrichten für pop22 bei mail.meinedomain.de (6436 Bytes).
Jun 17 16:36:26 susi postfix/smtpd[8465]: connect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8465]: 3187777EE6: client=localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/cleanup[8468]: 3187777EE6: message-id=<01c7b0ec$d3dec170$6c822ecf@ja2z>
Jun 17 16:36:26 susi postfix/qmgr[2359]: 3187777EE6: from=<ja2z@cyberway.com.sg>, size=2667, nrcpt=1 (queue active)
Jun 17 16:36:26 susi fetchmail[3859]: Nachricht pop22@mail.meinedomain.de:1 von 3 wird gelesen (2331 Bytes) gelöscht
Jun 17 16:36:26 susi postfix/smtpd[8472]: connect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8465]: 7D25B77F2D: client=localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/cleanup[8468]: 7D25B77F2D: message-id=<405575230.29106098876994@thebat.net>
Jun 17 16:36:26 susi postfix/qmgr[2359]: 7D25B77F2D: from=<jacosta53@yahoo.com>, size=2241, nrcpt=1 (queue active)
Jun 17 16:36:26 susi fetchmail[3859]: Nachricht pop22@mail.meinedomain.de:2 von 3 wird gelesen (1904 Bytes) gelöscht
Jun 17 16:36:26 susi postfix/smtpd[8472]: 88E9977F3D: client=localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/cleanup[8468]: 88E9977F3D: message-id=<01c7b0ec$d3dec170$6c822ecf@ja2z>
Jun 17 16:36:26 susi postfix/qmgr[2359]: 88E9977F3D: from=<ja2z@cyberway.com.sg>, size=3068, nrcpt=1 (queue active)
Jun 17 16:36:26 susi amavis[8203]: (08203-08) Passed CLEAN, LOCAL [127.0.0.1] [203.117.3.8] <ja2z@cyberway.com.sg> -> <postmaster@meinedomain.de>, Message-ID: <01c7b0ec$d3dec170$6c822ecf@ja2z>, mail_id: pgx5jWiWdmnP, Hits: -, queued_as: 88E9977F3D, 384 ms
Jun 17 16:36:26 susi postfix/smtp[8470]: 3187777EE6: to=<postmaster@meinedomain.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.52, delays=0.09/0.03/0.02/0.39, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=08203-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 88E9977F3D)
Jun 17 16:36:26 susi postfix/qmgr[2359]: 3187777EE6: removed
Jun 17 16:36:26 susi postfix/smtpd[8472]: disconnect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8472]: connect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8472]: BBE4577EE6: client=localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8465]: C240477F3F: client=localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/cleanup[8473]: BBE4577EE6: message-id=<405575230.29106098876994@thebat.net>
Jun 17 16:36:26 susi postfix/qmgr[2359]: BBE4577EE6: from=<jacosta53@yahoo.com>, size=2642, nrcpt=1 (queue active)
Jun 17 16:36:26 susi postfix/cleanup[8468]: C240477F3F: message-id=<01c7b0ec$d45acf40$6c822ecf@jacquesguionnet>
Jun 17 16:36:26 susi amavis[8348]: (08348-03) Passed CLEAN, LOCAL [127.0.0.1] [66.196.97.250] <jacosta53@yahoo.com> -> <postmaster@meinedomain.de>, Message-ID: <405575230.29106098876994@thebat.net>, mail_id: EnpZspmv9ZSE, Hits: -, queued_as: BBE4577EE6, 227 ms
Jun 17 16:36:26 susi postfix/smtpd[8472]: disconnect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtp[8474]: 7D25B77F2D: to=<postmaster@meinedomain.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.05/0.05/0.02/0.23, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=08348-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as BBE4577EE6)
Jun 17 16:36:26 susi postfix/qmgr[2359]: 7D25B77F2D: removed
Jun 17 16:36:26 susi postfix/qmgr[2359]: C240477F3F: from=<jacquesguionnet@yahoo.fr>, size=2533, nrcpt=1 (queue active)
Jun 17 16:36:26 susi fetchmail[3859]: Nachricht pop22@mail.meinedomain.de:3 von 3 wird gelesen (2201 Bytes) gelöscht
Jun 17 16:36:26 susi postfix/smtpd[8472]: connect from localhost[127.0.0.1]
Jun 17 16:36:26 susi postfix/smtpd[8472]: F025A77F2D: client=localhost[127.0.0.1]
Jun 17 16:36:27 susi postfix/virtual[8481]: BBE4577EE6: to=<postmaster@meinedomain.de>, relay=virtual, delay=0.25, delays=0.05/0.18/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Jun 17 16:36:27 susi postfix/qmgr[2359]: BBE4577EE6: removed
Jun 17 16:36:27 susi postfix/virtual[8477]: 88E9977F3D: to=<postmaster@meinedomain.de>, relay=virtual, delay=0.49, delays=0.12/0.22/0/0.15, dsn=2.0.0, status=sent (delivered to maildir)
Jun 17 16:36:27 susi postfix/qmgr[2359]: 88E9977F3D: removed
Jun 17 16:36:27 susi postfix/cleanup[8473]: F025A77F2D: message-id=<01c7b0ec$d45acf40$6c822ecf@jacquesguionnet>
Jun 17 16:36:27 susi postfix/qmgr[2359]: F025A77F2D: from=<jacquesguionnet@yahoo.fr>, size=2934, nrcpt=1 (queue active)
Jun 17 16:36:27 susi postfix/smtpd[8472]: disconnect from localhost[127.0.0.1]
Jun 17 16:36:27 susi amavis[8203]: (08203-09) Passed CLEAN, LOCAL [127.0.0.1] [68.142.237.182] <jacquesguionnet@yahoo.fr> -> <postmaster@meinedomain.de>, Message-ID: <01c7b0ec$d45acf40$6c822ecf@jacquesguionnet>, mail_id: 4gf4x0QRHqL2, Hits: -, queued_as: F025A77F2D, 182 ms
Jun 17 16:36:27 susi postfix/smtp[8470]: C240477F3F: to=<postmaster@meinedomain.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.26, delays=0.07/0/0.01/0.18, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=08203-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as F025A77F2D)
Jun 17 16:36:27 susi postfix/qmgr[2359]: C240477F3F: removed
Jun 17 16:36:27 susi postfix/virtual[8481]: F025A77F2D: to=<postmaster@meinedomain.de>, relay=virtual, delay=0.09, delays=0.05/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Jun 17 16:36:27 susi postfix/qmgr[2359]: F025A77F2D: removed
Jun 17 16:36:27 susi postfix/smtpd[8465]: disconnect from localhost[127.0.0.1]
Jun 17 16:36:27 susi fetchmail[3859]: So 17 Jun 2007 16:36:27 CEST: schlafe 300 Sekunden lang
in den Mails steht dann im Header:

Code: Select all

Return-Path: <jacquesguionnet@yahoo.fr>
X-Original-To: postmaster@meinedomain.de
Delivered-To: postmaster@meinedomain.de
Received: from localhost (localhost [127.0.0.1])
     by susi.zuhause.local (Postfix) with ESMTP id F025A77F2D
     for <postmaster@meinedomain.de>; Sun, 17 Jun 2007 16:36:26 +0200 (CEST)
Received: from susi.zuhause.local ([127.0.0.1])
     by localhost (susi.zuhause.local [127.0.0.1]) (amavisd-new, port 10024)
     with ESMTP id 4gf4x0QRHqL2 for <postmaster@meinedomain.de>;
     Sun, 17 Jun 2007 16:36:26 +0200 (CEST)
Received: from susi.zuhause.local (localhost [127.0.0.1])
     by susi.zuhause.local (Postfix) with ESMTP id C240477F3F
     for <postmaster@meinedomain.de>; Sun, 17 Jun 2007 16:36:26 +0200 (CEST)
X-Original-To: hmansenn@meinedomain.de
Delivered-To: pop22@dd1x34.kasserver.com
Received: from mail.meinedomain.de [81.209.148.235]
     by susi.zuhause.local with POP3 (fetchmail-6.3.6)
     for <postmaster@meinedomain.de> (single-drop); Sun, 17 Jun 2007 16:36:26 +0200 (CEST)
Received: from mx.paradise.net.nz (unknown [89.143.135.189])
     by dd1x34.kasserver.com (Postfix) with ESMTP id 4710CF24A6
     for <hmansenn@meinedomain.de>; Sun, 17 Jun 2007 16:36:10 +0200 (CEST)
Received: from 68.142.237.182 (HELO h.mx.mail.yahoo.com)
     by meinedomain.de with esmtp (PC/?0.+996 .6Z?)
     id VME(2A-X27?HQ-M,
     for hmansenn@meinedomain.de; Sun, 17 Jun 2007 14:36:02 -0100
Message-ID: <01c7b0ec$d45acf40$6c822ecf@jacquesguionnet>
From: "Rena Barron" <jacquesguionnet@yahoo.fr>
To: <hmansenn@meinedomain.de>
Subject: Viagra and cialis for everyone!
Date: Sun, 17 Jun 2007 14:36:02 -0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_0007_01C7B0FD.97E39F40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3
Keine Spur von Amavis bzw SA ...

Wäre klasse wenn man das irgendwie hingebogen bekäme ;)

DANKE !

FmP

Roger Wilco
Administrator
Administrator
Posts: 6001
Joined: 2004-05-23 12:53

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by Roger Wilco » 2007-06-17 16:51

Mit @bypass_spam_checks wird die Überprüfung der E-Mails mit SpamAssassin abgeschaltet.

fmp
Posts: 8
Joined: 2006-07-09 18:26

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-06-17 16:59

Hi,

ja, korrekt. Deshalb hab ich das ja auch kommentiert, also in meiner 15-content_filter_mode steht jetzt:

Code: Select all

susi:/public/installs# cat /etc/amavis/conf.d/15-content_filter_mode
use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_virus_checks_maps = (
#   %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

#@bypass_spam_checks_maps = (
#   %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

1;  # insure a defined return
Sollte ja richtig sein ... genauso wie Virencheck, Habe ClamAV, BitDefender und F-Prot installiert ...

FmP

Roger Wilco
Administrator
Administrator
Posts: 6001
Joined: 2004-05-23 12:53

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by Roger Wilco » 2007-06-17 17:12

Und ab wievielen Punkten sollten die Mails laut deiner amavis-Konfiguration getagged werden?

fmp
Posts: 8
Joined: 2006-07-09 18:26

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-06-17 17:19

Hi,

hier meine 20-debian_defaults

Code: Select all

susi:/public/installs# cat /etc/amavis/conf.d/20-debian_defaults
use strict;

# ADMINSTRATORS:
# Debian suggests that any changes you need to do that should never
# be "updated" by the Debian package should be made in another file,
# overriding the settings in this file.
#
# The package will *not* overwrite your settings, but by keeping
# them separate, you will make the task of merging changes on these
# configuration files much simpler...

#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
#       a list of all variables with their defaults;
#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
#       a traditional-style commented file
#   [note: the above files were not converted to Debian settings!]
#
#   for more details see documentation in /usr/share/doc/amavisd-new
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
#$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag_level_deflt  = -999.9;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

# You should:
#   Use D_DISCARD to discard data (viruses)
#   Use D_BOUNCE to generate local bounces by amavisd-new
#   Use D_REJECT to generate local or remote bounces by the calling MTA
#   Use D_PASS to deliver the message
#
# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
# mail to your account.  Use D_BOUNCE instead, otherwise you are delegating
# the bounce work to your friendly forwarders, which might not like it at all.
#
# On dual-MTA setups, one can often D_REJECT, as this just makes your own
# MTA generate the bounce message.  Test it first.
#
# Bouncing viruses is stupid, always discard them after you are sure the AV
# is working correctly.  Bouncing real SPAM is also useless, if you cannot
# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).

$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)

$virus_admin = "postmaster@$mydomain"; # due to D_DISCARD default

# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";

# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

#
# DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER.
#
# These days, almost all viruses fake the envelope sender and mail headers.
# Therefore, "virus notifications" became nothing but undesired, aggravating
# SPAM.  This holds true even inside one's domain.  We disable them all by
# default, except for the EICAR test pattern.
#

@viruses_that_fake_sender_maps = (new_RE(
  [qr'bEICARb'i => 0],            # av test pattern name
  [qr/.*/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));


# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'.[^./]*.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll).?$'i,

  qr'{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Windows Class ID CLSID, strict

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^application/x-msmetafile$'i,      # Windows Metafile MIME type
# qr'^.wmf$',                          # Windows Metafile file(1) type

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
# [ qr'^.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
# [ qr'^.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives

  qr'..(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'..(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'..(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^.(exe-ms)$',                       # banned file(1) types
# qr'^.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});

1;  # insure a defined return
also eigentlich generell (-999.9), hab ich aus 'm Netz ...

FmP

fmp
Posts: 8
Joined: 2006-07-09 18:26

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by fmp » 2007-06-25 20:53

Moin,

so, bin wieder da aus'm Urlaub ... Leider ja bisher noch keine Antwort auf mein letztes Posting :(

Mir ist noch aufgefallen, das Postfix in der momentanen Konfiguration Mails die nicht zustellbar sind (weil Empfänger nicht existiert) bounce't (also eine eMail an den Absender schickt das der Empfänger unbekannt ist ...) :| Ist ja nicht wirklich sinnig im Sinne der Spambekämpfung gell :)

FmP

EDIT:

ein spamassassin -D --lint ergibt:

Code: Select all

susi:~# spamassassin -D --lint --progress
[4300] dbg: logger: adding facilities: all
[4300] dbg: logger: logging level is DBG
[4300] dbg: generic: SpamAssassin version 3.1.7-deb
[4300] dbg: config: score set 0 chosen.
[4300] dbg: util: running in taint mode? yes
[4300] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH
[4300] dbg: util: PATH included '/usr/local/sbin', keeping
[4300] dbg: util: PATH included '/usr/local/bin', keeping
[4300] dbg: util: PATH included '/usr/sbin', keeping
[4300] dbg: util: PATH included '/usr/bin', keeping
[4300] dbg: util: PATH included '/sbin', keeping
[4300] dbg: util: PATH included '/bin', keeping
[4300] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[4300] dbg: message: ---- MIME PARSER START ----
[4300] dbg: message: main message type: text/plain
[4300] dbg: message: parsing normal part
[4300] dbg: message: added part, type: text/plain
[4300] dbg: message: ---- MIME PARSER END ----
[4300] dbg: dns: is Net::DNS::Resolver available? no
[4300] dbg: diag: perl platform: 5.008008 linux
[4300] dbg: diag: module installed: Digest::SHA1, version 2.11
[4300] dbg: diag: module installed: HTML::Parser, version 3.55
[4300] dbg: diag: module installed: MIME::Base64, version 3.07
[4300] dbg: diag: module installed: DB_File, version 1.814
[4300] dbg: diag: module not installed: Net::DNS ('require' failed)
[4300] dbg: diag: module installed: Net::SMTP, version 2.29
[4300] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[4300] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[4300] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)
[4300] dbg: diag: module not installed: Net::Ident ('require' failed)
[4300] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[4300] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[4300] dbg: diag: module installed: Time::HiRes, version 1.86
[4300] dbg: diag: module installed: DBI, version 1.53
[4300] dbg: diag: module installed: Getopt::Long, version 2.35
[4300] dbg: diag: module installed: LWP::UserAgent, version 2.033
[4300] dbg: diag: module installed: HTTP::Date, version 1.47
[4300] dbg: diag: module installed: Archive::Tar, version 1.30
[4300] dbg: diag: module installed: IO::Zlib, version 1.04
[4300] dbg: ignore: using a test message to lint rules
[4300] dbg: config: using "/etc/spamassassin" for site rules pre files
[4300] dbg: config: read file /etc/spamassassin/init.pre
[4300] dbg: config: read file /etc/spamassassin/v310.pre
[4300] dbg: config: read file /etc/spamassassin/v312.pre
[4300] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[4300] dbg: config: using "/usr/share/spamassassin" for default rules dir
[4300] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[4300] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[4300] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[4300] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[4300] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[4300] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[4300] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
[4300] dbg: config: read file /usr/share/spamassassin/65_debian.cf
[4300] dbg: config: using "/etc/spamassassin" for site rules dir
[4300] dbg: config: read file /etc/spamassassin/local.cf
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8340e84)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e7fb3c)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8ea2ffc)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[4300] dbg: pyzor: local tests only, disabling Pyzor
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8eb97cc)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[4300] dbg: razor2: local tests only, skipping Razor
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e87dd4)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[4300] dbg: reporter: local tests only, disabling SpamCop
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8e8a6a8)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x8f12540)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8f0c03c)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x8f2d6cc)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x8f3afac)
[4300] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[4300] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8f34344)
[4300] dbg: config: adding redirector regex: /^http://chkpt.zdnet.com/chkpt/w+/(.*)$/i
[4300] dbg: config: adding redirector regex: /^http://www(?:d+)?.nate.com/r/w+/(.*)$/i
[4300] dbg: config: adding redirector regex: /^http://.+.gov/(?:.*/)?externalLink.jhtml?.*url=(.*?)(?:&.*)?$/i
[4300] dbg: config: adding redirector regex: /^http://redir.internet.com/.+?/.+?/(.*)$/i
[4300] dbg: config: adding redirector regex: /^http://(?:.*?.)?adtech.de/.*(?:;||)link=(.*?)(?:;|$)/i
[4300] dbg: config: adding redirector regex: m'^http.*?/redirect.php?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[4300] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+.)?emfd.com/r.cfm.*?&r=(.*)'i
[4300] dbg: config: adding redirector regex: m'/(?:index.php)??.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[4300] dbg: config: adding redirector regex: m'^http:/*(?:w+.)?google(?:.w{2,3}){1,2}/url?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[4300] dbg: config: adding redirector regex: m'^http:/*(?:w+.)?google(?:.w{2,3}){1,2}/search?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+s])site:(.*?)(?:$|%20|[s+&#])'i
[4300] dbg: config: adding redirector regex: m'^http:/*(?:w+.)?google(?:.w{2,3}){1,2}/search?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+s])(?:"|%22)(.*?)(?:$|%22|["s+&#])'i
[4300] dbg: config: adding redirector regex: m'^http:/*(?:w+.)?google(?:.w{2,3}){1,2}/translate?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[4300] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8f34344) implements 'finish_parsing_end'
[4300] dbg: replacetags: replacing tags
[4300] dbg: replacetags: done replacing tags
[4300] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
[4300] dbg: config: score set 0 chosen.
[4300] dbg: message: ---- MIME PARSER START ----
[4300] dbg: message: main message type: text/plain
[4300] dbg: message: parsing normal part
[4300] dbg: message: added part, type: text/plain
[4300] dbg: message: ---- MIME PARSER END ----
[4300] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
[4300] dbg: dns: is DNS available? 0
[4300] dbg: metadata: X-Spam-Relays-Trusted:
[4300] dbg: metadata: X-Spam-Relays-Untrusted:
[4300] dbg: metadata: X-Spam-Relays-Internal:
[4300] dbg: metadata: X-Spam-Relays-External:
[4300] dbg: message: no encoding detected
[4300] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8340e84) implements 'parsed_metadata'
[4300] dbg: rules: local tests only, ignoring RBL eval
[4300] dbg: check: running tests for priority: 0
[4300] dbg: rules: running header regexp tests; score so far=0
[4300] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[4300] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1182797983@lint_rules>
[4300] dbg: rules: "
[4300] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>"
[4300] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1182797983"
[4300] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org
[4300] dbg: eval: all '*To' addrs:
[4300] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[4300] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[4300] dbg: rules: running body-text per-line regexp tests; score so far=-0.001
[4300] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[4300] dbg: uri: running uri tests; score so far=-0.001
[4300] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
[4300] dbg: bayes: not scoring message, returning undef
[4300] dbg: bayes: opportunistic call attempt failed, DB not readable
[4300] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.001
[4300] dbg: rules: running full-text regexp tests; score so far=-0.001
[4300] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8340e84) implements 'check_tick'
[4300] dbg: check: running tests for priority: 500
[4300] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8340e84) implements 'check_post_dnsbl'
[4300] dbg: rules: running meta tests; score so far=-0.001
[4300] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK'
[4300] dbg: rules: running header regexp tests; score so far=1.866
[4300] dbg: rules: running body-text per-line regexp tests; score so far=1.866
[4300] dbg: uri: running uri tests; score so far=1.866
[4300] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.866
[4300] dbg: rules: running full-text regexp tests; score so far=1.866
[4300] dbg: check: running tests for priority: 1000
[4300] dbg: rules: running meta tests; score so far=1.866
[4300] dbg: rules: running header regexp tests; score so far=1.866
[4300] dbg: rules: running body-text per-line regexp tests; score so far=1.866
[4300] dbg: uri: running uri tests; score so far=1.866
[4300] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.866
[4300] dbg: rules: running full-text regexp tests; score so far=1.866
[4300] dbg: check: is spam? score=1.866 required=5
[4300] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[4300] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
Vielleicht hilft Euch das ja was ... (Ich hoffe es zumindest)

rudi-sudo
Posts: 1
Joined: 2014-07-15 11:57

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by rudi-sudo » 2014-07-15 16:20

Sieht alles sehr schön aus. Wäre ein sehr nettes template. kannst du das image hochladen? Zum Testen und probieren klingt das alles sehr schön.

User avatar
Joe User
Project Manager
Project Manager
Posts: 11583
Joined: 2003-02-27 01:00
Location: Hamburg

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by Joe User » 2014-07-15 19:25

Ein sieben Jahre altes Image? Selbst wenn es noch existieren sollte, so wäre es mitlerweile entweder völlig veraltet und wertlos, oder komplett verbastelt und ebenfalls wertlos.

Also selbst eines aufbauen und dabei lernen.
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

ddm3ve
Moderator
Moderator
Posts: 1126
Joined: 2011-07-04 10:56

Re: VMware-Image mit Mailserver zum üben/verstehen

Post by ddm3ve » 2014-07-26 14:23

Ui ein retro Image :D
02:32:12 21.12.2012 und dann sind Deine Probleme alle unwichtig.