[postfix-users] Spamassassin will nicht mehr
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Mail wird zwar angenommen, aber nicht ausgeliefert.
Die Versionen sind: Postfix 2.5.4 Amavisd-New 2.5.1 Spamassassin 3.2.3
Das alles unter Opensuse 10.3.
Hier meine Konfigurationsdaten:
--------- master.cf ----------------
smtp inet n - n - - smtpd smtpd_tls_wrappermode=yes pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp loops relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil localhost:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} retry unix - - n - - error smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes tlsmgr unix - - n 1000? 1 tlsmgr
------------- main.cf ---------------------
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix mydomain = xxxxxxxxxxxxxxxxxxxxxxxxxxxx mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, unknown_local_recipient_reject_code = 550 alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop html_directory = /usr/share/doc/packages/postfix/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = regexp:/etc/postfix/user-virtual hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = mydestination = xxxxxxxxxxxxxxxxxxxxxxxxxxx virtual_alias_domains = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx defer_transports = disable_dns_lookups = no relayhost = mailbox_command = /usr/bin/procmail -f- -a "$USER" mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_sasl_authenticated, smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = no smtp_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 102400000 content_filter = smtp-amavis:[127.0.0.1]:10024
---------------- amavisd.conf -----------------------------
use strict;
# COMMONLY ADJUSTED SETTINGS:
$max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u $daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
# postfix-specific # $smtp_port = '10025'; # $localhost_name = "localhost"; # $localhost_ip = "127.0.0.1";
$mydomain = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; # a convenient default for other settings
$MYHOME = '/var/spool/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s) $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients };
filtering $interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, forward_method => 'smtp:[127.0.0.1]:10027', smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option };
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release };
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_spam_subject_tag = '***SPAM***';
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access?
['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], $virus_admin = "virusalert@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "postmaster@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam';
$MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
$myhostname = 'xxxxxxxxxxxxxxxxxxxxxxxxxx';
# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
@keep_decoded_original_maps = (new_RE( qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, $banned_filename_re = new_RE(
qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'..(pif|scr)$'i, # banned extensions - rudimentary qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i,
qr'.[^./]*[A-Za-z][^./]*.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
qr'..(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ),
{ # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0,
}, ], # end of site-wide tables });
@decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', &do_ar, 'ar'], # ['a', &do_ar, 'ar'], # unpacking .a seems an overkill ['zip', &do_unzip], ['7z', &do_7zip, ['7zr','7za','7z'] ], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], # ['doc', &do_ole, 'ripole'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], # ['sit', &do_unstuff, 'unstuff'], # broken/unsafe decoder ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], );
@av_scanners = (
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
1; # insure a defined return
----------------------------------------------------
Wo hängt es?
__________________________________________________ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com
Am/On Sat, 6 Sep 2008 00:29:00 +0000 schrieb/wrote Stefan Fricke:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Mail wird zwar angenommen, aber nicht ausgeliefert.
Die Versionen sind: Postfix 2.5.4 Amavisd-New 2.5.1 Spamassassin 3.2.3
Das alles unter Opensuse 10.3.
bei mir läuft zwar ein Mäc, das sollte aber nicht viel anders sein ....
Lief denn Deine Konfiguration schon mal oder noch gar nicht?
laufen den Amavisd und Spamassassin überhaupt? Ich hatte mal einen ähnlichen Fall, da wurde der Prozess beim Startup erst gar nicht gestartet.
Was mir unten hier aufgefallen ist:
In meiner Postfix-Konfig steht die IP des localhost, statt localhost, wie bei Dir: 127.0.0.1:10025 inet n - y - - smtpd
in meiner amavisd Konfig steht: @inet_acl = qw( 127.0.0.1 ); statt
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
bei den domains sieht das bei mir so aus: @local_domains_acl = ( ".$mydomain", ....
alternativ, wenn alles gescannt werden soll: @local_domains_acl = (1);
Du hast:
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
vielleicht hilft's ja was schönes Wochenende Matthias
Hier meine Konfigurationsdaten:
--------- master.cf ----------------
smtp inet n - n - - smtpd smtpd_tls_wrappermode=yes pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp loops relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil localhost:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m $ {extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc $ {sender} ${recipient} retry unix - - n - - error smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes tlsmgr unix - - n 1000? 1 tlsmgr
------------- main.cf ---------------------
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix mydomain = xxxxxxxxxxxxxxxxxxxxxxxxxxxx mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, unknown_local_recipient_reject_code = 550 alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop html_directory = /usr/share/doc/packages/postfix/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = regexp:/etc/postfix/user-virtual hash:/etc/postfix/ virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = mydestination = xxxxxxxxxxxxxxxxxxxxxxxxxxx virtual_alias_domains = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx defer_transports = disable_dns_lookups = no relayhost = mailbox_command = /usr/bin/procmail -f- -a "$USER" mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = permit_sasl_authenticated, smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = no smtp_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 102400000 content_filter = smtp-amavis:[127.0.0.1]:10024
---------------- amavisd.conf -----------------------------
use strict;
# COMMONLY ADJUSTED SETTINGS:
$max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u $daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
# postfix-specific # $smtp_port = '10025'; # $localhost_name = "localhost"; # $localhost_ip = "127.0.0.1";
$mydomain = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; # a convenient default for other settings
$MYHOME = '/var/spool/amavis'; # a convenient default for other
settings, -H
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if
$enable_db=1
$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-
milter
# option(s) -p overrides $inet_socket_port and
$unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s) $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients };
filtering $interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, forward_method => 'smtp:[127.0.0.1]:10027', smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS
option
};
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release };
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_spam_subject_tag = '***SPAM***';
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access?
['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], $virus_admin = "virusalert@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "postmaster@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam';
$MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
$myhostname = 'xxxxxxxxxxxxxxxxxxxxxxxxxx';
# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
@keep_decoded_original_maps = (new_RE( qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, $banned_filename_re = new_RE(
qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'..(pif|scr)$'i, # banned extensions - rudimentary qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i,
qr'.[^./]*[A-Za-z][^./]*.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[. \s]*$'i,
qr'..(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ),
{ # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0,}, ], # end of site-wide tables });
@decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', &do_ar, 'ar'], # ['a', &do_ar, 'ar'], # unpacking .a seems an overkill ['zip', &do_unzip], ['7z', &do_7zip, ['7zr','7za','7z'] ], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], # ['doc', &do_ole, 'ripole'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], # ['sit', &do_unstuff, 'unstuff'], # broken/unsafe decoder ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], );
@av_scanners = (
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
1; # insure a defined return
Wo hängt es?
Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com _______________________________________________ postfix-users mailing list postfix-users@de.postfix.org http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
Thanks and all the best
Matthias
Stefan Fricke schrieb:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
D.h. der Filter funktioniert nicht. Warum heisst der transport spamassassin? Das kommt mir spanisch vor?
Mail wird zwar angenommen, aber nicht ausgeliefert.
Jo. Kann aber nicht an den Filter weitergeleitet werden ...
kannst du denn:
per telnet, local am Server:
telnet 127.0.0.1 10025 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 hermes.linuxrocks.dyndns.org ESMTP Postfix (Debian/GNU) quit 221 2.0.0 Bye Connection closed by foreign host.
hermes:~# telnet 127.0.0.1 10024 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready
Die Versionen sind: Postfix 2.5.4 Amavisd-New 2.5.1 Spamassassin 3.2.3
Das alles unter Opensuse 10.3.
Hier meine Konfigurationsdaten:
--------- master.cf ----------------
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ==========================================================================
smtp inet n - n - - smtpd
kein chroot 3. Spalte n unten beim Filter hast du chroot ...
smtpd_tls_wrappermode=yes pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp loops relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil localhost:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} retry unix - - n - - error smtp-amavis unix - - y - 2 smtp
Da hast du chroot drin ist das Absicht bei deinem smtp oben hast du es nicht ...? Ansonsten mach da mal ein "n" in der 3. Spalte ...
-o smtp_data_done_timeout=1200 -o disable_dns_lookups=yestlsmgr unix - - n 1000? 1 tlsmgr
------------- main.cf ---------------------
mach mal postconf -n:
content_filter = smtp-amavis:[127.0.0.1]:10024 Wo hängt es?
hth MH
Stefan Fricke schrieb:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Mail wird zwar angenommen, aber nicht ausgeliefert.
Die Versionen sind: Postfix 2.5.4 Amavisd-New 2.5.1 Spamassassin 3.2.3
Das alles unter Opensuse 10.3.
---------------- amavisd.conf -----------------------------
use strict;
# COMMONLY ADJUSTED SETTINGS:
$max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u $daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
# postfix-specific # $smtp_port = '10025'; # $localhost_name = "localhost"; # $localhost_ip = "127.0.0.1";
$inet_socket_port = 10024; # listen on this local TCP port(s)
filtering $interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, forward_method => 'smtp:[127.0.0.1]:10027',
^^^^^^^^^^^^^^^^^^^^^^ Aha. Wenn ich das richtig sehe ist das falsch ;-).
Wo hängt es?
* Stefan Fricke stefan556@yahoo.de:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Du hast in master.cf keinen spamassassin Transport.
Ralf Hildebrandt wrote:
- Stefan Fricke stefan556@yahoo.de:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Du hast in master.cf keinen spamassassin Transport.
Nur so zum Verständnis: Das wären dann praktisch 2 Filter 1x Spamassassin (spamd) und 1x amavisd-new? Und nicht spamassassin über amavis integriert?
MH
* Matthias Haegele mhaegele@linuxrocks.dyndns.org:
Ralf Hildebrandt wrote:
- Stefan Fricke stefan556@yahoo.de:
Hallo, ich kriege beim Start von Postfix immer folgende Warnung:
postfix/qmgr[xxxx]: warning: connect to transport spamassassin: Connection refused
Du hast in master.cf keinen spamassassin Transport.
Nur so zum Verständnis: Das wären dann praktisch 2 Filter 1x Spamassassin (spamd) und 1x amavisd-new? Und nicht spamassassin über amavis integriert?
Naja, wie kommst Du darauf, daß der tranport "spamassassin" heissen muss?
participants (4)
-
Matthias Haegele -
Matthias Schmidt -
Ralf Hildebrandt -
Stefan Fricke