#1  
Old 22nd July 2007, 21:43
4integration 4integration is offline
Member
 
Join Date: Dec 2006
Posts: 44
Thanks: 0
Thanked 2 Times in 1 Post
Default amavis + spamassassin

Hello,

I can not get amavis + spamassassin to work. Using Postfix and Dovecot. Some headers in mails are missing, I have:
X-Virus-Scanned: Debian amavisd-new at mail.mydomain.com
but no "X-Spam-Checker-Version", "X-Spam-Level", "X-Spam-Status".
I also mis "X-Virus-Status"

Postfix master.cf have the following at the bottom:
Code:
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
and main.cf
Code:
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
The file /etc/amavis/conf.d/15-content_filter_mode looks:
Code:
use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return
and the file: vi /etc/amavis/conf.d/20-debian_defaults

Code:
use strict;

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

# You should:
#   Use D_DISCARD to discard data (viruses)
#   Use D_BOUNCE to generate local bounces by amavisd-new
#   Use D_REJECT to generate local or remote bounces by the calling MTA
#   Use D_PASS to deliver the message
#
# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
# mail to your account.  Use D_BOUNCE instead, otherwise you are delegating
# the bounce work to your friendly forwarders, which might not like it at all.
#
# On dual-MTA setups, one can often D_REJECT, as this just makes your own
# MTA generate the bounce message.  Test it first.
#
# Bouncing viruses is stupid, always discard them after you are sure the AV
# is working correctly.  Bouncing real SPAM is also useless, if you cannot
# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).

$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
Any idea what's wrong??
__________________
Best Regards
4 Integration
Reply With Quote
Sponsored Links
  #2  
Old 23rd July 2007, 13:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

Can you restart amavisd and take a look at the mail log? amavisd logs which modules it loads; is SpamAssassin listed there? Any errors in the log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd July 2007, 21:34
4integration 4integration is offline
Member
 
Join Date: Dec 2006
Posts: 44
Thanks: 0
Thanked 2 Times in 1 Post
Default

Below is the output from mail.log which shows spamassassin. I have also changed the parameter for "$sa_tag_level_deflt" to -1000 to always add headers (in /etc/amavis/conf.d/20-debian_defaults).

Right after I restarted the amavisd I saw something interesting in mail.log:
Quote:
Jul 23 21:11:34 frodo amavis[21741]: (21741-01) Blocked SPAM, [68.37.52.145] [80.73.128.38] <xmake.org@mail.mydomain.com> -> <annelie@mydomain.com>, quarantine: spam-VDkx7IsgQE6X.gz, Message-ID: <01c7cd5d$0cb9bc20$6c822ecf@akstcvanreekummnsdgs >, mail_id: VDkx7IsgQE6X, Hits: 21.167, 2422 ms
Jul 23 21:11:34 frodo postfix/smtp[22200]: 8C30AF1821A: to=<annelie@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.99/0.01/0.01/2.4, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=21741-01, BOUNCE)
Jul 23 21:11:34 frodo postfix/qmgr[5728]: 8C30AF1821A: removed
If I send a non-spam test message from my gmail account, the spam-related headers are not added. Why? It's seems to partly work but exactly as I want it.

Is there any good "send-test-spam-online-service" that are reliable?

mail.log when restarting amavisd:
Code:
Jul 23 21:09:24 frodo amavis[21734]: starting.  /usr/sbin/amavisd-new at frodo.jarkeborn.se amavisd-new-2.4.2 (20060627), Unicode aware, LANG=en_US.UTF-8
Jul 23 21:09:24 frodo amavis[21734]: Perl version               5.008008
Jul 23 21:09:26 frodo amavis[21739]: Module Amavis::Conf        2.068
Jul 23 21:09:26 frodo amavis[21739]: Module Archive::Tar        1.30
Jul 23 21:09:26 frodo amavis[21739]: Module Archive::Zip        1.16
Jul 23 21:09:26 frodo amavis[21739]: Module BerkeleyDB          0.31
Jul 23 21:09:26 frodo amavis[21739]: Module Compress::Zlib      1.42
Jul 23 21:09:26 frodo amavis[21739]: Module Convert::TNEF       0.17
Jul 23 21:09:26 frodo amavis[21739]: Module Convert::UUlib      1.06
Jul 23 21:09:26 frodo amavis[21739]: Module DBD::mysql          3.0008
Jul 23 21:09:26 frodo amavis[21739]: Module DBI                 1.53
Jul 23 21:09:26 frodo amavis[21739]: Module DB_File             1.814
Jul 23 21:09:26 frodo amavis[21739]: Module Digest::MD5         2.36
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Entity        5.420
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Parser        5.420
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Tools         5.420
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::Header        1.74
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::Internet      1.74
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::SPF::Query    1.999001
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::SpamAssassin  3.001007
Jul 23 21:09:26 frodo amavis[21739]: Module Net::Cmd            2.26
Jul 23 21:09:26 frodo amavis[21739]: Module Net::DNS            0.59
Jul 23 21:09:26 frodo amavis[21739]: Module Net::SMTP           2.29
Jul 23 21:09:26 frodo amavis[21739]: Module Net::Server         0.94
Jul 23 21:09:26 frodo amavis[21739]: Module Razor2::Client::Version 2.81
Jul 23 21:09:26 frodo amavis[21739]: Module Time::HiRes         1.86
Jul 23 21:09:26 frodo amavis[21739]: Module Unix::Syslog        0.100
Jul 23 21:09:26 frodo amavis[21739]: Amavis::DB code      loaded
Jul 23 21:09:26 frodo amavis[21739]: Amavis::Cache code   loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL base code        NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL::Log code        NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL::Quarantine      NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Lookup::SQL code     NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Lookup::LDAP code    NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: AM.PDP-in proto code loaded
Jul 23 21:09:26 frodo amavis[21739]: SMTP-in proto code   loaded
Jul 23 21:09:26 frodo amavis[21739]: Courier proto code   NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SMTP-out proto code  loaded
Jul 23 21:09:26 frodo amavis[21739]: Pipe-out proto code  NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: BSMTP-out proto code NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Local-out proto code loaded
Jul 23 21:09:26 frodo amavis[21739]: OS_Fingerprint code  NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-VIRUS code      loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-SPAM code       loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-SPAM-SA code    loaded
Jul 23 21:09:26 frodo amavis[21739]: Unpackers code       loaded
Jul 23 21:09:26 frodo amavis[21739]: Found $file            at /usr/bin/file
Jul 23 21:09:26 frodo amavis[21739]: No $dspam,             not using it
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .mail
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .asc
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .uue
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .hqx
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .ync
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .Z    at /bin/uncompress
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .gz
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .bz2  at /bin/bzip2 -d
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .lzo  at /usr/bin/lzop -d
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .cpio at /usr/bin/pax
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .tar  at /usr/bin/pax
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .deb  at /usr/bin/ar
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .zip
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .rar  at /usr/bin/rar
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .arj  at /usr/bin/arj
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .arc  at /usr/bin/nomarch
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .zoo  at /usr/bin/zoo
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .lha  tried: lha
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .doc  tried: ripole
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .cab  at /usr/bin/cabextract
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .tnef
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .tnef
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .exe  at /usr/bin/rar; /usr/bin/arj
Jul 23 21:09:26 frodo amavis[21739]: Using internal av scanner code for (primary) ClamAV-clamd
Jul 23 21:09:26 frodo amavis[21739]: Using internal av scanner code for (primary) check-jpeg
Jul 23 21:09:26 frodo amavis[21739]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jul 23 21:09:26 frodo amavis[21739]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
The file /etc/spamassassin/local.cf contains:
Code:
# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
dcc_add_header 1
dcc_dccifd_path /usr/sbin/dccifd

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
__________________
Best Regards
4 Integration
Reply With Quote
  #4  
Old 24th July 2007, 10:51
4integration 4integration is offline
Member
 
Join Date: Dec 2006
Posts: 44
Thanks: 0
Thanked 2 Times in 1 Post
Default

I think I found something...

From http://workaround.org/articles/ispma...am-and-viruses I found the quote below and added the similar in my config /etc/amavis/conf.d/50-user

so it looks like:
Code:
$pax='pax';

@lookup_sql_dsn = (
    ['DBI:mysql:database=mail;host=127.0.0.1;port=3306',
     'mailuser',
     'mailuserpassword']);

$sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)';
What's the purpose of "pax"?

It seems that the added lines make things to work and headers contains:
Code:
X-Virus-Scanned: Debian amavisd-new at mail.jarkeborn.se
X-Spam-Score: 1.178
X-Spam-Level: *
X-Spam-Status: No, score=1.178 required=6.31 tests=[AWL=-0.496,
	DRUGS_ERECTILE=0.1, HTML_10_20=0.945, HTML_MESSAGE=0.001,
	HTML_SHORT_LENGTH=0.629, SPF_PASS=-0.001]
Quote:
And another issue to take care of: AMaViS tries to find out whether a certain email is incoming (sent from the internet to your domains) or outgoing (sent from your system to the internet) by looking at the @acl_local_domains setting. You need to tell AMaVis where to check if a certain domain is one of your destination domains. Edit the /etc/amavis/conf.d/50-user file and before the "1;" enter these lines:

Code:
@lookup_sql_dsn = (
    ['DBI:mysql:database=mailserver;host=127.0.0.1;port=3306',
     'mailuser',
     'mailuser2007']);

$sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name) IN (%k)';
The @lookup_sql_dsn defines how AMaVis can access your database. And the $sql_select_policy sets the SQL query that is run when AMaVis wants to determine if the destination domain of the currently scanned email is one of your virtual domains. The %k is a list of strings that AMaVis expects to find. The actual query will look like this:

Code:
SELECT name
FROM virtual_domains
WHERE CONCAT("@",name)
IN (
    'john@example.com',
    'john',
    '@example.com',
    '@.example.com',
    '@.com',
    '@.')
This may look a bit weird. But in the end the string '@example.com' is searched for.
__________________
Best Regards
4 Integration
Reply With Quote
  #5  
Old 13th September 2007, 15:02
jimavis jimavis is offline
Junior Member
 
Join Date: Sep 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
@lookup_sql_dsn = (
['DBI:mysql:database=mailserver;host=127.0.0.1;port =3306',
'mailuser',
'mailuser2007']);

$sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name) IN (%k)';
I did the howto forge tutor "postfix and amavis-new for etch with spamassassassing"

I tried the following sql query.

@lookup_sql_dsn = (
['DBI:mysql:database=mail;host=127.0.0.1;port=3306' ,
'mail_admin',
'mail_admin_password']);

$sql_select_policy = 'SELECT domain FROM domains WHERE CONCAT("@",domain) IN (%k)';

I receive emails, now with spam scan into the haeder!

X-Spam-Score: 0.963
X-Spam-Level:
X-Spam-Status: No, score=0.963 tagged_above=2.0 required=6

Last edited by jimavis; 13th September 2007 at 15:10.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamassassin v3.1.7 and OpenProtect sa-update channel problem ganick Server Operation 3 27th April 2007 14:50
Question on Clamscan and SpamAssassin AZMel Installation/Configuration 3 11th January 2007 19:56
Mail issue with Postfix + Amavis + Spamassassin mhxy594 Server Operation 3 21st August 2006 06:50
config spamassassin hotchilli Server Operation 1 8th July 2006 12:03
Postfix + Amavis + SpamAssassin + ClamAV michele HOWTO-Related Questions 4 1st July 2006 14:36


All times are GMT +2. The time now is 17:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.