Installation und Konfiguration von Spamassassin

Transcription

Installation und Konfiguration von Spamassassin
22.12.2016 13:32.
1/22
Installation und Konfiguration von Spamassassin
Installation und Konfiguration von
Spamassassin
Grundlagen
SpamAssassin ist ein weitverbreitetes Filterprogramm, mit dem unerwünschte eMails (Spam)
automatisch erkannt und aussortiert werden können. Ebenso wie AMaViS ist SpamAssassin ein
Perl-Programm, mit der eine inhaltliche Bewertung einer eMail erfolgt. SpamAssassin selbst ermittelt
und berechnet einen Scoring-Wert einer jeden eMail und übergibt diesen Wert an AMaVis. AMaViS
selbst kann nun an Hand des übermittelten Scoringwertes eine eMail durchlassen, taggen (also z.B.
die Betreffzeile manipulieren) oder ablehnen. SpamAssassin ist also nur ein Backendsystem von
AMaViS.
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
Für die Unterscheidung zwischen HAM1) und SPAM2) bedient sich SpamAssassin unterschiedlicher
Techniken:
Abfrage von RBLs3).
Abfrage von Prüfsummenbasierten Filtern wie DCC, Pyzor und Razor.
Nutzung regulärer Ausdrücke zum statischen Bewerten der eMails
Nutzung interner Bayesscher Filter, die auf Grund der Einteilung der bisher empfangenen eMails
statistisch die Wahrscheinlichkeit von HAM zu SPAM ermitteln.
Installation
Wie üblich installieren wir die benötigten Programmpakete via YUM.
# yum install spamassassin -y
Programminfo
Was uns das Paket alle bei der Installation mitgebracht hat, zeigt uns ein Blick in das installierte rpm.
# rpm -qil spamassassin
Name
: spamassassin
Relocations: (not relocatable)
Version
: 3.3.1
Vendor: CentOS
Release
: 2.el6
Build Date: Mon 23 Aug 2010
04:28:38 AM CEST
Install Date: Sun 10 Jun 2012 12:35:02 PM CEST
Build Host:
c6b2.bsys.dev.centos.org
Group
: Applications/Internet
Source RPM:
spamassassin-3.3.1-2.el6.src.rpm
Size
: 3253352
License: ASL 2.0
Signature
: RSA/8, Sun 03 Jul 2011 07:02:17 AM CEST, Key ID
0946fca2c105b9de
Packager
: CentOS BuildSystem <http://bugs.centos.org>
URL
: http://spamassassin.apache.org/
Summary
: Spam filter for email which can be invoked from mail delivery
agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
3/22
Installation und Konfiguration von Spamassassin
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
/etc/cron.d/sa-update
/etc/logrotate.d/sa-update
/etc/mail/spamassassin
/etc/mail/spamassassin/channel.d
/etc/mail/spamassassin/channel.d/sought.conf
/etc/mail/spamassassin/channel.d/spamassassin-official.conf
/etc/mail/spamassassin/init.pre
/etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/sa-update-keys
/etc/mail/spamassassin/spamassassin-default.rc
/etc/mail/spamassassin/spamassassin-helper.sh
/etc/mail/spamassassin/spamassassin-spamc.rc
/etc/mail/spamassassin/v310.pre
/etc/mail/spamassassin/v312.pre
/etc/mail/spamassassin/v320.pre
/etc/mail/spamassassin/v330.pre
/etc/portreserve/spamd
/etc/rc.d/init.d/spamassassin
/etc/sysconfig/sa-update
/etc/sysconfig/spamassassin
/usr/bin/sa-awl
/usr/bin/sa-check_spamd
/usr/bin/sa-compile
/usr/bin/sa-learn
/usr/bin/sa-update
/usr/bin/spamassassin
/usr/bin/spamc
/usr/bin/spamd
/usr/share/doc/spamassassin-3.3.1
/usr/share/doc/spamassassin-3.3.1/CREDITS
/usr/share/doc/spamassassin-3.3.1/Changes
/usr/share/doc/spamassassin-3.3.1/LICENSE
/usr/share/doc/spamassassin-3.3.1/NOTICE
/usr/share/doc/spamassassin-3.3.1/README
/usr/share/doc/spamassassin-3.3.1/README.RHEL.Fedora
/usr/share/doc/spamassassin-3.3.1/TRADEMARK
/usr/share/doc/spamassassin-3.3.1/UPGRADE
/usr/share/doc/spamassassin-3.3.1/USAGE
/usr/share/doc/spamassassin-3.3.1/sample-nonspam.txt
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
/usr/share/man/man1/sa-compile.1.gz
/usr/share/man/man1/sa-learn.1.gz
/usr/share/man/man1/sa-update.1.gz
/usr/share/man/man1/spamassassin-run.1.gz
/usr/share/man/man1/spamassassin.1.gz
/usr/share/man/man1/spamc.1.gz
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
/usr/share/man/man1/spamd.1.gz
/usr/share/man/man3/Mail::SpamAssassin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AICache.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Client.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::File.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3pm.gz
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
5/22
Installation und Konfiguration von Spamassassin
/usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Timeout.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3pm.gz
/usr/share/man/man3/Mail::SpamAssassin::Util::RegistrarBoundaries.3pm.gz
/usr/share/man/man3/spamassassin-run.3pm.gz
/usr/share/perl5/Mail
/usr/share/perl5/Mail/SpamAssassin
/usr/share/perl5/Mail/SpamAssassin.pm
/usr/share/perl5/Mail/SpamAssassin/AICache.pm
/usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm
/usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm
/usr/share/perl5/Mail/SpamAssassin/AutoWhitelist.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes
/usr/share/perl5/Mail/SpamAssassin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineChi.pm
/usr/share/perl5/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore
/usr/share/perl5/Mail/SpamAssassin/BayesStore.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/BDB.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/MySQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/PgSQL.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SDBM.pm
/usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Client.pm
/usr/share/perl5/Mail/SpamAssassin/Conf
/usr/share/perl5/Mail/SpamAssassin/Conf.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/LDAP.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm
/usr/share/perl5/Mail/SpamAssassin/Conf/SQL.pm
/usr/share/perl5/Mail/SpamAssassin/Constants.pm
/usr/share/perl5/Mail/SpamAssassin/DBBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Dns.pm
/usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm
/usr/share/perl5/Mail/SpamAssassin/HTML.pm
/usr/share/perl5/Mail/SpamAssassin/Locales.pm
/usr/share/perl5/Mail/SpamAssassin/Locker
/usr/share/perl5/Mail/SpamAssassin/Locker.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/Flock.pm
/usr/share/perl5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
/usr/share/perl5/Mail/SpamAssassin/Locker/Win32.pm
/usr/share/perl5/Mail/SpamAssassin/Logger
/usr/share/perl5/Mail/SpamAssassin/Logger.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/File.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Stderr.pm
/usr/share/perl5/Mail/SpamAssassin/Logger/Syslog.pm
/usr/share/perl5/Mail/SpamAssassin/MailingList.pm
/usr/share/perl5/Mail/SpamAssassin/Message
/usr/share/perl5/Mail/SpamAssassin/Message.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm
/usr/share/perl5/Mail/SpamAssassin/Message/Node.pm
/usr/share/perl5/Mail/SpamAssassin/NetSet.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgLearner.pm
/usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm
/usr/share/perl5/Mail/SpamAssassin/PersistentAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin
/usr/share/perl5/Mail/SpamAssassin/Plugin.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ASN.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AWL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AccessDB.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AntiVirus.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Check.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DCC.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DKIM.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/FreeMail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTMLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Hashcash.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/HeaderEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ImageInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/MIMEHeader.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/PhishTag.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayCountry.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/RelayEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/ReplaceTags.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Reuse.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/Shortcircuit.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
7/22
Installation und Konfiguration von Spamassassin
/usr/share/perl5/Mail/SpamAssassin/Plugin/Test.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/TextCat.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDNSBL.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIDetail.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/URIEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/VBounce.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WLBLEval.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm
/usr/share/perl5/Mail/SpamAssassin/PluginHandler.pm
/usr/share/perl5/Mail/SpamAssassin/Reporter.pm
/usr/share/perl5/Mail/SpamAssassin/SQLBasedAddrList.pm
/usr/share/perl5/Mail/SpamAssassin/SpamdForkScaling.pm
/usr/share/perl5/Mail/SpamAssassin/SubProcBackChannel.pm
/usr/share/perl5/Mail/SpamAssassin/Timeout.pm
/usr/share/perl5/Mail/SpamAssassin/Util
/usr/share/perl5/Mail/SpamAssassin/Util.pm
/usr/share/perl5/Mail/SpamAssassin/Util/DependencyInfo.pm
/usr/share/perl5/Mail/SpamAssassin/Util/Progress.pm
/usr/share/perl5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
/usr/share/perl5/Mail/SpamAssassin/Util/ScopedTimer.pm
/usr/share/perl5/Mail/SpamAssassin/Util/TieOneStringHash.pm
/usr/share/perl5/spamassassin-run.pod
/usr/share/spamassassin
/usr/share/spamassassin/10_default_prefs.cf
/usr/share/spamassassin/20_advance_fee.cf
/usr/share/spamassassin/20_aux_tlds.cf
/usr/share/spamassassin/20_body_tests.cf
/usr/share/spamassassin/20_compensate.cf
/usr/share/spamassassin/20_dnsbl_tests.cf
/usr/share/spamassassin/20_drugs.cf
/usr/share/spamassassin/20_dynrdns.cf
/usr/share/spamassassin/20_fake_helo_tests.cf
/usr/share/spamassassin/20_freemail.cf
/usr/share/spamassassin/20_freemail_domains.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/20_imageinfo.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_net_tests.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/20_vbounce.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_accessdb.cf
/usr/share/spamassassin/25_antivirus.cf
/usr/share/spamassassin/25_asn.cf
/usr/share/spamassassin/25_dcc.cf
/usr/share/spamassassin/25_dkim.cf
/usr/share/spamassassin/25_hashcash.cf
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
/usr/share/spamassassin/25_pyzor.cf
/usr/share/spamassassin/25_razor2.cf
/usr/share/spamassassin/25_replace.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/25_textcat.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/30_text_it.cf
/usr/share/spamassassin/30_text_nl.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_pt_br.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/60_adsp_override_dkim.cf
/usr/share/spamassassin/60_awl.cf
/usr/share/spamassassin/60_shortcircuit.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/60_whitelist_dkim.cf
/usr/share/spamassassin/60_whitelist_spf.cf
/usr/share/spamassassin/60_whitelist_subject.cf
/usr/share/spamassassin/72_active.cf
/usr/share/spamassassin/72_scores.cf
/usr/share/spamassassin/STATISTICS-set0-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set1-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set2-72_scores.cf.txt
/usr/share/spamassassin/STATISTICS-set3-72_scores.cf.txt
/usr/share/spamassassin/languages
/usr/share/spamassassin/local.cf
/usr/share/spamassassin/regression_tests.cf
/usr/share/spamassassin/sa-update-pubkey.txt
/usr/share/spamassassin/sa-update.cron
/usr/share/spamassassin/user_prefs.template
/var/lib/spamassassin
/var/run/spamassassin
Konfiguration
spamassassin
Eine besondere Konfiguration von SpamAssassin ist eigentlich nicht notwendig. Im Verzeichnis
/etc/mail/spamassassin/ befindet sich die Konfigurationsdatei local.cf mit Hilfe derer lokale
Anpassungen an der Installation vorgenommen werden können.
# vim /etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/local.cf
# These values can be overridden by editing
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
9/22
Installation und Konfiguration von Spamassassin
~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
# Ab welchem Punktestand soll eine eMail als Spam betrachtet werden?
required_hits 5
# Diese Option legt fest, wie SpamAssassin eine als Spam eingestufte EMail markieren soll.
# Wenn report_safe 0 angegeben ist, fügt Spamassassin lediglich einige
X-Spam-Header ein
# und lässt die E-Mail ansonsten unverändert.
report_safe
# Mit dieser Option wird definiert, daß eine Nachricht, welche als SPAM
klassifiziert wurde,
# zusätzlich mit dem Hinweis "**** SPAM ****" in der Betreffzeile
gekennzeichnet werden sollen.
rewrite_header Subject [SPAM]
# Django : 2012-05-21
# Diese Direktive bestimmt, welche Sperrmethode verwendet wird, um die
beiden Datenbanken (
# Bayes- und Autowhitelisting) vor gleichzeitigem Zugriffen zu
schützen. Wenn sichergestellt
# ist, daß auf die beiden Datenbanken nie über ein NFS zugegriffen
wird, kann auf Unix-Plattformen
# erheblich an Performance gewonnen werden, indem die Sperrmethode
flock verwendet wird.
lock_method flock
# Django : 2009-08-19
# Headercheck-Filterliste für die Absicherung des Postfix-Mailservers
Information aus einer
# vorhandenen Postfixdatei /etc/postfix/header_checks übernommen, da es
unter gewissen Umständen
# zu Backscatter-Problemen kommen könnte (Stand. 10-07-2009 AMaViS
Version
# amavisd-new-2.5.4-1.el5.rf.src.rpm Version 0.02 / 2009-08-19
#
# /i = i Case-Insensitivity (die Nichtbeachtung von Groß- und
Kleinschreibung) einschalten
# /m = m Multiline-Faehigkeit - Zeilenumbrueche ignorieren
#
# Header-Checks "From" (Nummerierung 1000 ...)
#
header
HEADER_FROM_CHECKS_NR_1001
From =~ /^.*Euro Dice
Casino/im
score
HEADER_FROM_CHECKS_NR_1001
20
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
tflags
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
HEADER_FROM_CHECKS_NR_1001
noautolearn
# Header-Checks "From" (Nummerierung 1000 ...)
header
drei.de/im
score
tflags
HEADER_FROM_CHECKS_NR1002
From =~ /^.*ic-
HEADER_FROM_CHECKS_NR1002
HEADER_FROM_CHECKS_NR1002
20
noautolearn
header
score
tflags
HEADER_FROM_CHECKS_NR1001
HEADER_FROM_CHECKS_NR1001
HEADER_FROM_CHECKS_NR1001
From =~ /^.*Lottery/im
20
noautolearn
amavisd
Da wir weder SPAM, noch Viren noch unerwünschte Dateianhänge annehmen, noch speichern (wir
haben die eMail ja gar nicht angenommen und mit einem 250er bestätigt und dem Endnutzer
zustellen können, tragen wir in der Konfigurstionsdatei unseres AMaViS-Servers folgende Zeilen ein.
# vim /etc/amavisd.conf
...
# Django : 2012-05-21
# default: $sa_tag2_level_deflt
$sa_tag2_level_deflt = 6.31; #
# Django : 2012-05-21
# default: $sa_kill_level_deflt
$sa_kill_level_deflt = 6.31; #
mail)
= 6.2;
add 'spam detected' headers at that level
= 6.9;
triggers spam evasive actions (e.g. blocks
...
...
# Django : 2012-05-21
# default: unset
$final_virus_destiny
= D_REJECT;
# Django : 2012-05-21
# default: unset
$final_banned_destiny
= D_REJECT;
# Django : 2012-05-21
# default: unset
$final_spam_destiny
= D_REJECT;
# $final_bad_header_destiny = D_PASS;
# $bad_header_quarantine_method = undef;
# Django : 2012-05-21
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
11/22
Installation und Konfiguration von Spamassassin
# default: unset
$virus_quarantine_to = undef;
# Django : 2012-05-21
# default: unset
$banned_quarantine_to = undef;
# Django : 2012-05-21
# default: unset
$spam_quarantine_to = undef;
...
Zum Aktivieren der Änderungen starten wir den Daemon einmal durch.
# service amavisd restart
Shutting down Mail Virus Scanner (amavisd):
Starting Mail Virus Scanner (amavisd):
[
[
OK
OK
]
]
[
OK
]
Programmstart
erster Systemstart
Nun können wir unseren Anti-SMAP-Daemon das erste mal starten.
# service spamassassin start
Starting spamd:
Im Maillog wird der Start des Daemon entsprechend protokolliert.
# less /var/log/maillog
Jun 10 22:44:30 vml000060 spamd[14620]: logger: removing stderr method
Jun 10 22:44:34 vml000060 spamd[14625]: rules: meta test FROM_41_FREEMAIL
has dependency 'NSL_RCVD_FROM_41' with a zero score
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server started on port
783/tcp (running version 3.3.1)
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server pid: 14625
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned
child process, pid 14636
Jun 10 22:44:34 vml000060 spamd[14625]: spamd: server successfully spawned
child process, pid 14638
Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: IS
Jun 10 22:44:34 vml000060 spamd[14625]: prefork: child states: II
Mit folgendem Befehl kann überprüft werden, auf welchem Port unser SpamAssassin horcht:
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
# lsof -i :783
COMMAND
PID USER
spamd
14625 root
spamd
14636 root
spamd
14638 root
FD
5u
5u
5u
TYPE DEVICE SIZE/OFF NODE NAME
IPv4 59884
0t0 TCP localhost:783 (LISTEN)
IPv4 59884
0t0 TCP localhost:783 (LISTEN)
IPv4 59884
0t0 TCP localhost:783 (LISTEN)
Eine ähnliche Abfrage kann man natürlich auch mit Hilfe von netstat -tulpen erreichen.
# netstat -tulpen | grep spam
tcp
LISTEN
0
0
0 127.0.0.1:783
0.0.0.0:*
59884
14625/spamd.pid
automatisches Starten des Dienste beim Systemstart
Damit nun unser AMaViS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende
Konfigurationsschritte vor.
# chkconfig spamassassin on
Anschließend überprüfen wir noch unsere Änderung:
# chkconfig --list | grep spamassassin
spamassassin
0:off
1:off
2:on
3:on
4:on
5:on
6:off
Tests
HAM
Als erstes schicken wir eine Testnachricht via telnet an einen User.
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
DATA
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
13/22
Installation und Konfiguration von Spamassassin
354 End data with <CR><LF>.<CR><LF>
From: <[email protected]>
To: <[email protected]>
Date: 2012-06-11 13:45
Subject: Testnachricht
Test
.
250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as
4709153
quit
221 2.0.0 Bye
Connection closed by foreign host.
Im Maillog des Postfix-servers wir die erfolgreiche Annahme der Nachricht entsprechend quittiert.
# less /var/log/maillog
Jun 11 14:09:22 vml000080 postfix/smtpd[26920]: connect from
localhost[127.0.0.1]
Jun 11 14:09:37 vml000080 postfix/smtpd[26920]: NOQUEUE:
client=localhost[127.0.0.1]
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: connect from
vml000060.dmz.nausch.org[10.0.0.60]
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: 4709153:
client=localhost[127.0.0.1]
Jun 11 14:09:52 vml000080 postfix/cleanup[26923]: 4709153: messageid=<[email protected]>
Jun 11 14:09:52 vml000080 postfix/qmgr[24754]: 4709153:
from=<[email protected]>, size=777, nrcpt=1 (queue active)
Jun 11 14:09:52 vml000080 postfix/smtpd[26908]: disconnect from
vml000060.dmz.nausch.org[10.0.0.60]
Im Maillog auf unserem AMaVis-Host sind die Ausgaben im Moment, dank des loglevel = 3, doch
recht aussagekräftig.
# less /var/log/maillog
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-01) process_request: fileno
sock=11, STDIN=0, STDOUT=1
Jun 11 14:09:37 vml000060 amavis[18855]: (18855-02) loaded policy bank
"MYNETS"
Jun 11 14:09:39 vml000060 amavis[18855]: (18855-02) ESMTP:[10.0.0.60]:10024
/var/amavis/tmp/amavis-20120611T135937-18855: <[email protected]> ->
<[email protected]> Received: from mx1.nausch.org ([10.0.0.80]) by localhost
(amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for
<[email protected]>; Mon, 11 Jun 2012 14:09:37 +0200 (CEST)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache,
dt: 578.4, state: 1
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) smtp connection cache,
dt: 578.4 -> disabling
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) body hash:
2205e48de5f93c784733ffcca841d2b5
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking: 8GFFkUKKobVo
MYNETS [127.0.0.1] <[email protected]> -> <[email protected]>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) 2822.From:
<[email protected]>
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Cached virus check
expired, TTL = 180 s
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) cached
2205e48de5f93c784733ffcca841d2b5 from <[email protected]> (0,0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p001 1 Content-Type:
text/plain, size: 5 B, name:
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) inspect_dsn: not a
bounce
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) Checking for banned
types and filenames
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) collect banned table[0]:
[email protected], tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x20db1a0)
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) p.path
[email protected]: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) presenting full original
message to scanners as
/var/amavis/tmp/amavis-20120611T135937-18855/parts/p002
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ask_av Using (ClamAVclamd): CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Connecting
to socket /var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) ClamAV-clamd: Sending
CONTSCAN /var/amavis/tmp/amavis-20120611T135937-18855/parts\n to UNIX socket
/var/run/clamav/clamd.sock
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd):
CLEAN
Jun 11 14:09:51 vml000060 amavis[18855]: (18855-02) run_av (ClamAV-clamd)
result: clean
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) spam_scan: score=-0.427
autolearn=no
tests=[ALL_TRUSTED=-1,INVALID_DATE=0.432,MISSING_MID=0.14,TVD_SPACE_RATIO=0.
001]
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) do_notify_and_quar:
ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp session reuse, 1
transactions so far
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> NOOP
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to NOOP (idle
593.5 s): 421 4.4.2 mx1.nausch.org Error: timeout exceeded
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02)
Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp creating socket by
IO::Socket::INET6 to [mail.dmz.nausch.org]:10025
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to greeting:
220 mx1.nausch.org ESMTP Postfix
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
15/22
Installation und Konfiguration von Spamassassin
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> EHLO localhost
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to EHLO: 250
mx1.nausch.org\nPIPELINING\nSIZE 52428800\nETRN\nSTARTTLS\nXFORWARD NAME
ADDR PROTO HELO SOURCE PORT\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> XFORWARD
ADDR=127.0.0.1 NAME=localhost PORT=42232 PROTO=SMTP
HELO=vml00080.dmz.nausch.org SOURCE=LOCAL
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to XFORWARD:
250 2.0.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) AUTH not needed,
user='', MTA offers ''
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> MAIL
FROM:<[email protected]> BODY=7BIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> RCPT
TO:<[email protected]>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> DATA
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to MAIL (pip):
250 2.1.0 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to RCPT (pip)
(<[email protected]>): 250 2.1.5 Ok
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to DATA: 354
End data with <CR><LF>.<CR><LF>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp cmd> QUIT
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) smtp resp to data-dot
(<[email protected]>): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02)
Amavis::Out::SMTP::Session close, disconnecting
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) FWD via SMTP:
<[email protected]> -> <[email protected]>,BODY=7BIT 250 2.0.0 from
MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as 4709153
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) DSN: sender is credible
(orig), SA: -0.427, <[email protected]>
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) Passed CLEAN, MYNETS
LOCAL [127.0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>,
mail_id: 8GFFkUKKobVo, Hits: -0.427, size: 280, queued_as: 4709153, 15120 ms
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING-SA total 435 ms parse: 2 (0.6%), extract_message_metadata: 308 (70.9%), poll_dns_idle: 291
(67.0%), get_uri_detail_list: 0.43 (0.1%), tests_pri_-1000: 7 (1.7%),
tests_pri_-950: 2 (0.5%), tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.23
(0.3%), tests_pri_0: 89 (20.6%), check_dkim_adsp: 13 (3.0%), check_spf: 0.48
(0.1%), check_pyzor: 0.42 (0.1%), tests_pri_500: 5 (1.1%), get_report: 1.09
(0.3%)
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) sending SMTP response:
"250 2.0.0 from MTA([mail.dmz.nausch.org]:10025): 250 2.0.0 Ok: queued as
4709153"
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) TIMING [total 15125 ms]
- SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP
pre-DATA-flush: 2718 (18%)18, SMTP DATA: 11840 (78%)96, check_init: 1
(0%)96, digest_hdr: 1 (0%)96, digest_body_dkim: 1 (0%)96, gen_mail_id: 1
(0%)96, mime_decode: 10 (0%)96, get-file-type1: 15 (0%)96, decompose_part: 1
(0%)96, parts_decode: 0 (0%)96, check_header: 2 (0%)96, AV-scan-1: 8 (0%)97,
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
spam-wb-list: 2 (0%)97, SA parse: 5 (0%)97, SA check: 429 (3%)99,
update_cache: 6 (0%)99, decide_mail_destiny: 1 (0%)99, fwd-connect: 12
(0%)100, fwd-xforward: 1 (0%)100, fwd-mail-pip: 12 (0%)100, fwd-rcpt-pip: 0
(0%)100, fwd-data-chkpnt: 0 (0%)100, write-header: 1 (0%)100, fwd-datacontents: 0 (0%)100, fwd-end-chkpnt: 39 (0%)100, prepare-dsn: 1 (0%)100,
main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0
(0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1
(0%)100
Jun 11 14:09:52 vml000060 amavis[18855]: (18855-02) load: 5 %, total idle
583.913 s, busy 30.553 s
SPAM (Blacklist)
Als nächstes schicken wir nun eine Testmessage an einen unserer User, die in der Betreffzeile einen
verbotenen Ausdruck beinhaltet, z.B. gevoegelt:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: <[email protected]>
To: <[email protected]>
Date: 2012-06-11 13:45
Subject: Hast Du Sie heute schon gevoegelt?
Spamnachricht mit verbotenem Ausdruck im Betreff.
.
554 5.7.0 Reject, id=19055-01 - SPAM
quit
221 2.0.0 Bye
Connection closed by foreign host.
Die Testmessage wird natürlich nicht angenommen und direkt und nur einmal rejected.
554 5.7.0 Reject, id=19055-01 - SPAM
Im Maillog unseres AMaViS-Frontendsystems können wir dann den genauen Ablehnungsgrund, an
Hand des übermitteltet AMaViS-Codes 19055-01 ermitteln. (Voraussetzung ist hierzu das der
Loglevel in der /etc/amavisd.conf mindestens auf dem Wert 2 steht!):
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
17/22
Installation und Konfiguration von Spamassassin
Jun 11 14:27:36 vml000060 amavis[19055]: process_request: fileno sock=11,
STDIN=0, STDOUT=1
Jun 11 14:27:36 vml000060 amavis[19055]: (19055-01) loaded policy bank
"MYNETS"
Jun 11 14:27:38 vml000060 amavis[19055]: (19055-01) ESMTP:[10.0.0.60]:10024
/var/amavis/tmp/amavis-20120611T142736-19055: <[email protected]> ->
<[email protected]> Received: from mx1.nausch.org ([10.0.0.80]) by localhost
(amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for
<[email protected]>; Mon, 11 Jun 2012 14:27:36 +0200 (CEST)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) body hash:
a49713537d48347c846b5432811446b3
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking: B0eSk4whQh6x
MYNETS [127.0.0.1] <[email protected]> -> <[email protected]>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) 2822.From:
<[email protected]>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p001 1 Content-Type:
text/plain, size: 50 B, name:
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) inspect_dsn: not a
bounce
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Checking for banned
types and filenames
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) collect banned table[0]:
[email protected], tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) p.path
[email protected]: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) presenting full original
message to scanners as
/var/amavis/tmp/amavis-20120611T142736-19055/parts/p002
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ask_av Using (ClamAVclamd): CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Connecting
to socket /var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) ClamAV-clamd: Sending
CONTSCAN /var/amavis/tmp/amavis-20120611T142736-19055/parts\n to UNIX socket
/var/run/clamav/clamd.sock
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd):
CLEAN
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) run_av (ClamAV-clamd)
result: clean
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) spam_scan: score=19.572
autolearn=no
tests=[ALL_TRUSTED=-1,HEADER_SUBJECT_CHECKS_NR2041=20,INVALID_DATE=0.432,MIS
SING_MID=0.14]
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) blocking contents
category is (6) for [email protected]
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) do_notify_and_quar:
ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean,
"0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) SPAM,
<[email protected]> -> <[email protected]>, Yes, score=19.572 tag=2
tag2=6.31 kill=6.31 tests=[ALL_TRUSTED=-1, HEADER_SUBJECT_CHECKS_NR2041=20,
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
INVALID_DATE=0.432, MISSING_MID=0.14] autolearn=no
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) DSN: sender is credible
(orig), SA: 19.572, <[email protected]>
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) Blocked SPAM, MYNETS
LOCAL [127.0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>,
mail_id: B0eSk4whQh6x, Hits: 19.572, size: 346, 16258 ms
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING-SA total 143 ms parse: 3 (1.8%), extract_message_metadata: 5 (3.5%), get_uri_detail_list:
0.50 (0.3%), tests_pri_-1000: 10 (7.0%), tests_pri_-950: 3 (1.9%),
tests_pri_-900: 1.92 (1.3%), tests_pri_-400: 1.30 (0.9%), tests_pri_0: 94
(66.1%), check_dkim_adsp: 15 (10.4%), check_spf: 0.48 (0.3%), check_pyzor:
0.34 (0.2%), tests_pri_500: 4 (2.8%), get_report: 1.44 (1.0%)
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) sending SMTP response:
"554 5.7.0 Reject, id=19055-01 - SPAM"
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) TIMING [total 16262 ms]
- SMTP greeting: 12 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir
tempdir: 1 (0%)0, create email.txt: 1 (0%)0, SMTP pre-DATA-flush: 2361
(15%)15, SMTP DATA: 13667 (84%)99, check_init: 1 (0%)99, digest_hdr: 2
(0%)99, digest_body_dkim: 1 (0%)99, gen_mail_id: 2 (0%)99, mkdir parts: 2
(0%)99, mime_decode: 11 (0%)99, get-file-type1: 16 (0%)99, decompose_part: 2
(0%)99, parts_decode: 0 (0%)99, check_header: 2 (0%)99, AV-scan-1: 9 (0%)99,
spam-wb-list: 2 (0%)99, SA parse: 7 (0%)99, SA check: 136 (1%)100,
update_cache: 7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 4
(0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP preresponse: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100,
rundown: 1 (0%)100
Jun 11 14:27:52 vml000060 amavis[19055]: (19055-01) load: 86 %, total idle
2.356 s, busy 13.912 s
Die Regel HEADER_SUBJECT_CHECKS_NR2041=20 hat also zugeschlagen - so könnten wir bei
einem etwaigen FalsePositiv die Ursache einer Ablehnung ergründen.
# grep HEADER_SUBJECT_CHECKS_NR2041 /etc/mail/spamassassin/local.cf
header
HEADER_SUBJECT_CHECKS_NR2041
/.*gevoegelt.*/im
score
HEADER_SUBJECT_CHECKS_NR2041
tflags
HEADER_SUBJECT_CHECKS_NR2041
Subject =~
20
noautolearn
SPAM (GTUBE)
Im Dokumentationspfad ( /usr/share/doc/spamassassin-3.3.1 ) unserer SpamAssassinInstallation finden wird unter anderem das GTUBE Testfile.
Generic
Test for
Unsolicited
Bulk
Email
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
19/22
Installation und Konfiguration von Spamassassin
# less /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
Subject: Test spam mail (GTUBE)
Message-ID: <[email protected]>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <[email protected]>
To: Recipient <[email protected]>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting
incoming
spam. You can send yourself a test mail containing the following string
of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
Wir verbinden uns nun auf Port 25 auf unserem Postfix-server und laden dort den Inhalt dieser Datei
als eMail ab.
$ telnet mail.dmz.nausch.org 25
Trying 10.0.0.80...
Connected to mail.dmz.nausch.org.
Escape character is '^]'.
220 mx1.nausch.org ESMTP Postfix
helo vml00080.dmz.nausch.org
250 mx1.nausch.org
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
Subject: Test spam mail (GTUBE)
Message-ID: <[email protected]>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <[email protected]>
To: Recipient <[email protected]>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
.
554 5.7.0 Reject, id=19056-02 - SPAM
quit
221 2.0.0 Bye
Connection closed by foreign host.
Im Maillog unseres AMaViS-Servers finden wir nun wiederum einen Hinweis. warum die Nachricht mit
dem Fehlercode 554 5.7.0 Reject, id=19056-02 - SPAM abgewiesen wurde.
# less /var/log/maillog
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-01) process_request: fileno
sock=11, STDIN=0, STDOUT=1
Jun 11 14:55:45 vml000060 amavis[19056]: (19056-02) loaded policy bank
"MYNETS"
Jun 11 14:55:47 vml000060 amavis[19056]: (19056-02) ESMTP:[10.0.0.60]:10024
/var/amavis/tmp/amavis-20120611T145223-19056: <[email protected]> ->
<[email protected]> Received: from mx1.nausch.org ([10.0.0.80]) by localhost
(amavis.dmz.nausch.org [10.0.0.60]) (amavisd-new, port 10024) with ESMTP for
<[email protected]>; Mon, 11 Jun 2012 14:55:45 +0200 (CEST)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache,
dt: 201.8, state: 1
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) smtp connection cache,
dt: 201.8 -> disabling
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) body hash:
a2740fd1baff60a1aa0bfb88a79036d6
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.
22.12.2016 13:32.
21/22
Installation und Konfiguration von Spamassassin
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking: juTHROjwPrnV
MYNETS [127.0.0.1] <[email protected]> -> <[email protected]>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) 2822.From:
<[email protected]>, 2821.Mail_From: <[email protected]>
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p001 1 Content-Type:
text/plain, size: 504 B, name:
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) inspect_dsn: not a
bounce
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) Checking for banned
types and filenames
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) collect banned table[0]:
[email protected], tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x3be71a0)
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) p.path
[email protected]: "P=p001,L=1,M=text/plain,T=asc"
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) presenting full original
message to scanners as
/var/amavis/tmp/amavis-20120611T145223-19056/parts/p002
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ask_av Using (ClamAVclamd): CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Connecting
to socket /var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) ClamAV-clamd: Sending
CONTSCAN /var/amavis/tmp/amavis-20120611T145223-19056/parts\n to UNIX socket
/var/run/clamav/clamd.sock
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd):
CLEAN
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) run_av (ClamAV-clamd)
result: clean
Jun 11 14:56:11 vml000060 amavis[19056]: (19056-02) wbl: soft-blacklisted
(3) sender <[email protected]> => <[email protected]>, recip_key="."
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan: score=1001.07
autolearn=no tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) blocking contents
category is (6) for [email protected]
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) do_notify_and_quar:
ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean,
"0":CatchAll) ccat_block=(6), qar_mth=
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) SPAM,
<[email protected]> -> <[email protected]>, Yes, score=1001.07+3 tag=2
tag2=6.31 kill=6.31 tests=[AM:BOOST=3, ALL_TRUSTED=-1,
DATE_IN_PAST_96_XX=2.07, GTUBE=1000] autolearn=no
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) DSN: sender is credible
(orig), SA: 1001.070, <[email protected]>
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) Blocked SPAM, MYNETS
LOCAL [127.0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>,
Message-ID: <[email protected]>, mail_id: juTHROjwPrnV, Hits:
1004.07, size: 993, 26905 ms
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING-SA total 492 ms parse: 3 (0.6%), extract_message_metadata: 5 (1.1%), get_uri_detail_list:
0.94 (0.2%), tests_pri_-1000: 8 (1.7%), tests_pri_-950: 3 (0.5%),
tests_pri_-900: 1.75 (0.4%), tests_pri_-400: 1.35 (0.3%), tests_pri_0: 316
Linux - Wissensdatenbank - https://dokuwiki.nausch.org/
Last update: 19.11.2014 19:08.
centos:mail_c6:spam_5 https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
(64.2%), check_dkim_adsp: 204 (41.4%), check_spf: 0.56 (0.1%), check_pyzor:
0.44 (0.1%), tests_pri_500: 134 (27.2%), poll_dns_idle: 128 (26.0%),
get_report: 1.88 (0.4%)
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) sending SMTP response:
"554 5.7.0 Reject, id=19056-02 - SPAM"
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) TIMING [total 26909 ms]
- SMTP greeting: 4 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP
pre-DATA-flush: 2179 (8%)8, SMTP DATA: 24165 (90%)98, check_init: 1 (0%)98,
digest_hdr: 2 (0%)98, digest_body_dkim: 1 (0%)98, gen_mail_id: 1 (0%)98,
mime_decode: 10 (0%)98, get-file-type1: 16 (0%)98, decompose_part: 2 (0%)98,
parts_decode: 0 (0%)98, check_header: 2 (0%)98, AV-scan-1: 9 (0%)98, spamwb-list: 3 (0%)98, SA parse: 5 (0%)98, SA check: 485 (2%)100, update_cache:
7 (0%)100, decide_mail_destiny: 3 (0%)100, prepare-dsn: 3 (0%)100,
main_log_entry: 7 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0
(0%)100, SMTP response: 1 (0%)100, unlink-2-files: 0 (0%)100, rundown: 1
(0%)100
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) load: 11 %, total idle
204.011 s, busy 25.318 s
In der Zeile:
Jun 11 14:56:12 vml000060 amavis[19056]: (19056-02) spam_scan:
score=1001.07 autolearn=no
tests=[ALL_TRUSTED=-1,DATE_IN_PAST_96_XX=2.07,GTUBE=1000]
wird der eMail ein SPAM-Score von 1001,07 bescheinigt, der - nun sagen wir mal geringfügig - über
den 6.31, die wir in der /etc/amavisd.conf definiert hatten. Die Annahme der eMail wird also mit
einem 500er-Fehlercode verweigert.
Links
Zurück zum Kapitel >>Mailserverinstallation unter CentOS 6<<
Zurück zu >>Projekte und Themenkapitel<<
Zurück zur Startseite
1)
erwünschten Nachrichten
unerwünschten Nachrichten
3)
Real Blackhole Lists
2)
From:
https://dokuwiki.nausch.org/ - Linux - Wissensdatenbank
Permanent link:
https://dokuwiki.nausch.org/doku.php/centos:mail_c6:spam_5
Last update: 19.11.2014 19:08.
https://dokuwiki.nausch.org/
Printed on 22.12.2016 13:32.