Amavis X-Spam Status Header missing

BMWfan

Member
Hallo,

ich bin gerade dabei einen neuen Mail Server aufzusetzen mit Postfix, Amavis, ClamAV, Spamassassin, Kopano usw.

Ich kann problemlos Mails versenden und empfangen, jedoch scheint es mir so als würde der Spamassassin Dienst nie angesprochen.

Wene ich eine Mail erhalte, kommt nie der X-Spam Status Flag im Header hinzu:

Code:
Return-Path: <mennompfzcfxsteube@gnamx.icu>
Received: from mail.meine-domain.de ([::ffff:127.0.0.1]:50044)
    by vserver.meinserver.de (kopano-dagent) with LMTP;
    Mon, 04 Feb 2019 19:20:04 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.meine-domain.de (Postfix) with ESMTP id 0D4424A1DEB
    for <daniel@meine-domain.de>; Mon,  4 Feb 2019 19:20:04 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail.meine-domain.de
Received: from mail.meine-domain.de ([127.0.0.1])
    by localhost (mail.meine-domain.de [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id f0Ip6mFBBdxP for <daniel@meine-domain.de>;
    Mon,  4 Feb 2019 19:20:02 +0100 (CET)
Received: from disagree.gnamx.icu (unknown [185.234.183.34])
    by mail.meine-domain.de (Postfix) with ESMTP id 2D7694A1DE9
    for <daniel@meine-domain.de>; Mon,  4 Feb 2019 19:20:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=gnamx.icu;
h=Date:Message-ID:Reply-To:List-Unsubscribe:From:To:MIME-Version:Subject:Content-Type:Content-Transfer-Encoding; i=mennompfzcfxsteube@gnamx.icu;
bh=xF+txZ8UQURgeUDonGZ5VLXitF0=;
b=MjBMDkbeByu6xF5XKjAH24dgHbmyVD1DlooGVJjKNHe5xzuCzGXEOEaEcLIORaaQaXg0g3jXPF9W
   +uHYolBUJKiJ12cjzj1RR18fDA2eKHbhVS5ElA0B7S0qZyPZYAOcl0HHhRuOOAHSVcoXDG7YFG5y
   0e922GNo7iMD8rM2Pek=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=gnamx.icu;
b=EWpilJeS2STqRL+IaMSZWXX7ye3EYBCZDUknaavtEmA6Vh0FX2WMG8Bsn53FJ0hWbMxFUVvwFkVJ
   xm1ePhI7bFHq5fOA6uwKy5Kt0QN1mFsrMeFRodBDGraAF+CTCuHsg+1/HYoACslnqtG+bBU2dE5O
   DBQaCUM1N3kMUSBjp+s=;
Date: Mon, 4 Feb 2019 19:20:01 +0100
X-Report-Abuse:  <http://gnamx.icu/aa.php?a=k94ug182252082j0zca1yr01j9kqay3b3a49ia0f>
Message-ID: <fzdgxuks.wuwqtyjgnphkimaewtzji@rzpzm.gnamx.icu>
Reply-To: mennompfzcfxsteube@gnamx.icu
List-Unsubscribe:  <http://gnamx.icu/ub.php?b=k94ug182252082j0zca1yr01j9kqay3b3a49ia0f>
From: =?UTF-8?Q?Menno_Steube?= <mennompfzcfxsteube@gnamx.icu>
To:  <daniel@meine-domain.de>
MIME-Version: 1.0
Subject: =?UTF-8?Q?Hier_ist_die_chirurgische_Premium-Behandlung_zu_Schn=C3=A4ppchenpreisen....?=
Content-Type: multipart/alternative; boundary=b1_duevpnoedq4gr7zq6-fKtDZgWRB2; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Ich habe diese Werte entsprechend in der /etc/amavis/conf.d/20-debian_defaults angepasst:
Code:
$sa_tag_level_deflt = -999;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 21.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 4;    # spam level beyond which a DSN is not sent
Ich habe folgendes in der /etc/amavis/conf.d/15-content_filter_mode auskommentiert:
Code:
@bypass_virus_checks_maps = (
   %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);
 
@bypass_spam_checks_maps = (
  %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
Ich habe diesen Eintrag in der /etc/amavis/conf.d/50-user gemäß mx Record angepasst:
Code:
$myhostname = 'mail.meine-domain.de';
und natürlich auch amavis in postfix eingebunden wie folgt:
Code:
postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
am Ende der master.cf:
Code:
smtp-amavis     unix    -       -       -       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Direkt nach dem pickup transport Service in der master.cf:
Code:
         -o content_filter=
         -o receive_override_options=no_header_body_checks
Trotz alle dem funktioniert es nicht. Hat jemand einen Rat?

Gruß Daniel
 

BMWfan

Member
Steht denn im /var/log/mail.log , dass Amavis den Code geladen hat?
Das steht im /var/log/mail.log nach einem Neustart von amavis:
Code:
Feb  5 16:24:23 myserver amavis[22757]: starting. /usr/sbin/amavisd-new at mail.meine-domain.de amavisd-new-2.10.1 (20141025), Unicode aware, LC_ALL="C"
Feb  5 16:24:23 myserver amavis[22765]: Net::Server: Group Not Defined.  Defaulting to EGID '122 122'
Feb  5 16:24:23 myserver amavis[22765]: Net::Server: User Not Defined.  Defaulting to EUID '115'
Feb  5 16:24:23 myserver amavis[22765]: Module Amavis::Conf        2.404
Feb  5 16:24:23 myserver amavis[22765]: Module Archive::Zip        1.59
Feb  5 16:24:23 myserver amavis[22765]: Module BerkeleyDB          0.55
Feb  5 16:24:23 myserver amavis[22765]: Module Compress::Raw::Zlib 2.069
Feb  5 16:24:23 myserver amavis[22765]: Module Compress::Zlib      2.069001
Feb  5 16:24:23 myserver amavis[22765]: Module Crypt::OpenSSL::RSA 0.28
Feb  5 16:24:23 myserver amavis[22765]: Module DB_File             1.835
Feb  5 16:24:23 myserver amavis[22765]: Module Digest::MD5         2.54
Feb  5 16:24:23 myserver amavis[22765]: Module Digest::SHA         5.95_01
Feb  5 16:24:23 myserver amavis[22765]: Module Encode              2.80_01
Feb  5 16:24:23 myserver amavis[22765]: Module File::Temp          0.2304
Feb  5 16:24:23 myserver amavis[22765]: Module IO::Socket::INET6   2.72
Feb  5 16:24:23 myserver amavis[22765]: Module IO::Socket::IP      0.37
Feb  5 16:24:23 myserver amavis[22765]: Module MIME::Entity        5.508
Feb  5 16:24:23 myserver amavis[22765]: Module MIME::Parser        5.508
Feb  5 16:24:23 myserver amavis[22765]: Module MIME::Tools         5.508
Feb  5 16:24:23 myserver amavis[22765]: Module Mail::DKIM::Verifier 0.4
Feb  5 16:24:23 myserver amavis[22765]: Module Mail::Header        2.18
Feb  5 16:24:23 myserver amavis[22765]: Module Mail::Internet      2.18
Feb  5 16:24:23 myserver amavis[22765]: Module Mail::SPF           v2.009
Feb  5 16:24:23 myserver amavis[22765]: Module Mail::SpamAssassin  3.004002
Feb  5 16:24:23 myserver amavis[22765]: Module Net::DNS            1.07
Feb  5 16:24:23 myserver amavis[22765]: Module Net::LibIDN         0.12
Feb  5 16:24:23 myserver amavis[22765]: Module Net::Patricia       1.22
Feb  5 16:24:23 myserver amavis[22765]: Module Net::Server         2.008
Feb  5 16:24:23 myserver amavis[22765]: Module NetAddr::IP         4.079
Feb  5 16:24:23 myserver amavis[22765]: Module Razor2::Client::Version 2.84
Feb  5 16:24:23 myserver amavis[22765]: Module Scalar::Util        1.4202
Feb  5 16:24:23 myserver amavis[22765]: Module Socket              2.020_03
Feb  5 16:24:23 myserver amavis[22765]: Module Socket6             0.27
Feb  5 16:24:23 myserver amavis[22765]: Module Time::HiRes         1.9733
Feb  5 16:24:23 myserver amavis[22765]: Module URI                 1.71
Feb  5 16:24:23 myserver amavis[22765]: Module Unix::Syslog        1.1
Feb  5 16:24:23 myserver amavis[22765]: Amavis::ZMQ code     NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Amavis::DB code      loaded
Feb  5 16:24:23 myserver amavis[22765]: SQL base code        NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: SQL::Log code        NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: SQL::Quarantine      NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Lookup::SQL code     NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Lookup::LDAP code    NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: AM.PDP-in proto code loaded
Feb  5 16:24:23 myserver amavis[22765]: SMTP-in proto code   loaded
Feb  5 16:24:23 myserver amavis[22765]: Courier proto code   NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: SMTP-out proto code  loaded
Feb  5 16:24:23 myserver amavis[22765]: Pipe-out proto code  NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: BSMTP-out proto code NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Local-out proto code loaded
Feb  5 16:24:23 myserver amavis[22765]: OS_Fingerprint code  NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: ANTI-VIRUS code      loaded
Feb  5 16:24:23 myserver amavis[22765]: ANTI-SPAM code       loaded
Feb  5 16:24:23 myserver amavis[22765]: ANTI-SPAM-EXT code   NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: ANTI-SPAM-C code     NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: ANTI-SPAM-SA code    loaded
Feb  5 16:24:23 myserver amavis[22765]: Unpackers code       loaded
Feb  5 16:24:23 myserver amavis[22765]: DKIM code            NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Tools code           NOT loaded
Feb  5 16:24:23 myserver amavis[22765]: Found $file            at /usr/bin/file
Feb  5 16:24:23 myserver amavis[22765]: Found $altermime       at /usr/bin/altermime
Feb  5 16:24:23 myserver amavis[22765]: Internal decoder for .mail
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .Z    at /bin/uncompress
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .gz   at /bin/gzip -d
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .bz2  at /bin/bzip2 -d
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .xz   at /usr/bin/xz -dc
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .lrz, tried: lrzip -q -k -d -o -, lrzcat -q -k
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .lzo, tried: lzop -d
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .lz4, tried: lz4c -d
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .rpm, tried: rpm2cpio.pl, rpm2cpio
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .cpio at /bin/pax
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .tar  at /bin/pax
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .deb  at /usr/bin/ar
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .rar, tried: unrar-free
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .arj  at /usr/bin/arj
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .arc  at /usr/bin/nomarch
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .zoo, tried: zoo
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .doc  at /usr/bin/ripole
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .cab  at /usr/bin/cabextract
Feb  5 16:24:23 myserver amavis[22765]: Internal decoder for .tnef
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .zip, tried: 7za, 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .kmz, tried: 7za, 7z
Feb  5 16:24:23 myserver amavis[22765]: Internal decoder for .zip
Feb  5 16:24:23 myserver amavis[22765]: Internal decoder for .kmz
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .7z, tried: 7zr, 7za, 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .jar, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .rar, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .swf, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .lha, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .iso, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: No ext program for   .rpm, tried: 7z
Feb  5 16:24:23 myserver amavis[22765]: Found decoder for    .exe  at /usr/bin/arj
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .7z
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .F
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .iso
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .jar
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .lha
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .lrz
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .lz4
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .lzo
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .rar
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .rpm
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .swf
Feb  5 16:24:23 myserver amavis[22765]: No decoder for       .zoo
Feb  5 16:24:23 myserver amavis[22765]: Using primary internal av scanner code for ClamAV-clamd
Feb  5 16:24:23 myserver amavis[22765]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Feb  5 16:24:23 myserver amavis[22765]: Deleting db files __db.001,snmp.db,__db.003,__db.002,nanny.db in /var/lib/amavis/db
Feb  5 16:24:23 myserver amavis[22765]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.55, libdb 5.3
 
Last edited:

mr_brain

Registered User
Läuft eigentlich korrekt:

Feb 5 16:24:23 myserver amavis[22765]: ANTI-SPAM code loaded
...
Feb 5 16:24:23 myserver amavis[22765]: ANTI-SPAM-SA code loaded
 

BMWfan

Member
Was sagen denn die Log-Dateien, wenn eine Mail reinkommt?
Das hier:
Code:
Feb  6 19:49:15 myserver postfix/smtpd[6373]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Feb  6 19:49:15 myserver postfix/smtpd[6373]: connect from tools.wormly.com[96.126.113.160]
Feb  6 19:49:16 myserver postfix/smtpd[6373]: 0D48A4A1DF7: client=tools.wormly.com[96.126.113.160]
Feb  6 19:49:16 myserver postfix/cleanup[6376]: 0D48A4A1DF7: message-id=<c80e70a63afa2f793b498c2a63f146a8@blog.wormly.com>
Feb  6 19:49:16 myserver postfix/qmgr[10562]: 0D48A4A1DF7: from=<test@tools.wormly.com>, size=632, nrcpt=1 (queue active)
Feb  6 19:49:16 myserver postfix/smtpd[6373]: disconnect from tools.wormly.com[96.126.113.160] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb  6 19:49:18 myserver postfix/smtpd[6381]: connect from mail.meinserver.de[127.0.0.1]
Feb  6 19:49:18 myserver postfix/smtpd[6381]: 12A1B4A1DF9: client=mail.meinserver.de[127.0.0.1]
Feb  6 19:49:18 myserver postfix/cleanup[6376]: 12A1B4A1DF9: message-id=<c80e70a63afa2f793b498c2a63f146a8@blog.wormly.com>
Feb  6 19:49:18 myserver postfix/qmgr[10562]: 12A1B4A1DF9: from=<test@tools.wormly.com>, size=1070, nrcpt=1 (queue active)
Feb  6 19:49:18 myserver amavis[6160]: (06160-01) Passed CLEAN {RelayedOpenRelay}, [96.126.113.160]:34140 [96.126.113.160] <test@tools.wormly.com> -> <daniel@meinserver.de>, Queue-ID: 0D48A4A1DF7, Message-ID: <c80e70a63afa2f793b498c2a63f146a8@blog.wormly.com>, mail_id: jm0YQ2ca-CoG, Hits: 0, size: 632, queued_as: 12A1B4A1DF9, 1623 ms
Feb  6 19:49:18 myserver postfix/smtp[6377]: 0D48A4A1DF7: to=<daniel@meinserver.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.69/0.01/0.01/1.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 12A1B4A1DF9)
Feb  6 19:49:18 myserver postfix/qmgr[10562]: 0D48A4A1DF7: removed
Feb  6 19:49:18 myserver postfix/lmtp[6382]: 12A1B4A1DF9: to=<daniel@meinserver.de>, relay=127.0.0.1[127.0.0.1]:2003, delay=0.32, delays=0.01/0.01/0.06/0.24, dsn=2.1.5, status=sent (250 2.1.5 daniel@meinserver.de Ok)
Feb  6 19:49:18 myserver postfix/qmgr[10562]: 12A1B4A1DF9: removed
 

danton

Debian User
Ich nutze Amavis mittlerweile nur noch, um die Mails an Sophos vorbeizuführen und hänge den Spamassassin an anderer Stelle rein. Aber ein ähnliches Problem hatte ich auch mal. Habe gerade noch mal in alten Notizen gesucht, es lag bei mir damals an der auch in der Amavis FAQ genannten Ursache, dass @local_domains_acl nicht korrekt gesetzt war. Laut Log läuft der Spamcheck (Hits: 0 in der Zeile vom Amavis). Meine alte Konfig habe ich aber leider nicht mehr - aber vielleicht hilft es ja schon, wenn du
Code:
@local_domains_acl = ( "." );
in /etc/amavis/conf.d/50-user setzt (sicherstellen, dass Amavis nur eingehende Mails scannt!).
 

BMWfan

Member
Ich nutze Amavis mittlerweile nur noch, um die Mails an Sophos vorbeizuführen und hänge den Spamassassin an anderer Stelle rein. Aber ein ähnliches Problem hatte ich auch mal. Habe gerade noch mal in alten Notizen gesucht, es lag bei mir damals an der auch in der Amavis FAQ genannten Ursache, dass @local_domains_acl nicht korrekt gesetzt war. Laut Log läuft der Spamcheck (Hits: 0 in der Zeile vom Amavis). Meine alte Konfig habe ich aber leider nicht mehr - aber vielleicht hilft es ja schon, wenn du
Code:
@local_domains_acl = ( "." );
in /etc/amavis/conf.d/50-user setzt (sicherstellen, dass Amavis nur eingehende Mails scannt!).
Vielen Dank. Das löste das Problem. Jedoch eine Frage hätte ich noch. Ich habe bayes aktiv, jedoch sehe ich immer autolearn=no im Header, woran liegt das?
 

danton

Debian User
Du musst du mal in deine local.cf der Spamassassin-Konfiguration schauen, was da für bayer_auto_learn und die bayes_auto_learn_threshold_* Werte eingestellt ist - die sollten eigentlich auch bei der Integration in Amavis ziehen.
Bei Verwendung von Bayes solltest du aber auch einen Mechanismus implementieren, um false-positives und false-negatives umlernen zu können. Falls du dovecot einsetzt, würde ich das Antispam-Plugin anbieten.
 

BMWfan

Member
Du musst du mal in deine local.cf der Spamassassin-Konfiguration schauen, was da für bayer_auto_learn und die bayes_auto_learn_threshold_* Werte eingestellt ist - die sollten eigentlich auch bei der Integration in Amavis ziehen.
Bei Verwendung von Bayes solltest du aber auch einen Mechanismus implementieren, um false-positives und false-negatives umlernen zu können. Falls du dovecot einsetzt, würde ich das Antispam-Plugin anbieten.
Danke das löste das Problem. Kannst du mir sagen wie ich heraus finden kann ob die Database welche bereits folgende Werte aufweißt
Code:
sa-learn --dbpath /var/lib/amavis/.spamassassin/ --dump magic
0.000          0          3          0  non-token data: bayes db version
0.000          0       2183          0  non-token data: nspam
0.000          0        152          0  non-token data: nham
0.000          0     131615          0  non-token data: ntokens
0.000          0 1549231646          0  non-token data: oldest atime
0.000          0 1549985875          0  non-token data: newest atime
0.000          0          0          0  non-token data: last journal sync atime
0.000          0 1549931073          0  non-token data: last expiry atime
0.000          0     691200          0  non-token data: last expire atime delta
0.000          0       7507          0  non-token data: last expire reduction count
auch wirklich genutzt wird?
 

Top