Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th January 2009, 14:56
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default Mail doesn't end up i Spam folder

Hi!

I have set up my mailserver so spam from amavis/spamassassin should be delivered to the users SPAM folder via maildrop.
It worked for 3 domains, but when I was adding a new one the spam remains in the Inbox folder.

I sent the GTUBE string to my own mail and the new mail (new domain), my mail ended up in Spam (user+spam@domain.com), but not the new domain.

OS: Debian
Apps: Postfix, amavis, courier

Mailaddress that works: ok@test.com
Mailaddress that now works: not@test.com

Any idea where to start troubleshooting?
Is it amavis or postfix, which config-files?

Log:
Code:
Jan 11 14:36:03 mail amavis[17995]: (17995-02) Passed SPAMMY, LOCAL [127.0.0.1] [127.0.0.1] <ok@test.com> -> <not@test.com>,<ok@test.com>, Message-ID: <77756ed7a856f4b78c6ea0f9a18f880c@127.0.0.1>, mail_id: Rdn1sEvd3VaS, Hits: 998.921, queued_as: 65C6847ED3/8D69E47ED5, 5837 ms
Jan 11 14:36:03 mail postfix/pipe[18744]: 65C6847ED3: to=<not@test.com>, relay=maildrop, delay=0.37, delays=0.1/0.04/0/0.24, dsn=2.0.0, status=sent (delivered via maildrop service)
Jan 11 14:36:03 mail postfix/qmgr[23171]: 65C6847ED3: removed
Jan 11 14:36:03 mail postfix/smtp[18738]: B4F2A47ECB: to=<not@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.06/0.1/0.03/5.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=17995-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65C6847ED3)
Jan 11 14:36:03 mail postfix/smtp[18738]: B4F2A47ECB: to=<ok@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.06/0.1/0.03/5.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=17995-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65C6847ED3)
Jan 11 14:36:03 mail postfix/qmgr[23171]: B4F2A47ECB: removed
Jan 11 14:36:03 mail postfix/pipe[18759]: 8D69E47ED5: to=<ok+spam@test.com>, relay=maildrop, delay=0.39, delays=0.14/0.09/0/0.17, dsn=2.0.0, status=sent (delivered via maildrop service)
Jan 11 14:36:03 mail postfix/qmgr[23171]: 8D
Reply With Quote
Sponsored Links
  #2  
Old 12th January 2009, 13:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Seems to be a maildrop problem. How does your maildrop configuration look?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 12th January 2009, 14:54
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default maildroprc

Code:
# Global maildrop filter file

# Uncomment this line to make maildrop default to ~/Maildir for
# delivery- this is where courier-imap (amongst others) will look.
#DEFAULT="$HOME/Maildir"

HOME_DIR="/vmail"
logfile "/var/log/maildroprc.log"
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER="$3"
HOST="$4"
SENDER="$5"

# make the domain's mail directory if it doesn't exist
`test -e $HOME_DIR/$HOST`
if ($RETURNCODE != 0)
{
 `mkdir $HOME_DIR/$HOST`
# `chown vmail:vmail $HOME_DIR/$HOST`
# `chmod 755 $HOME_DIR/$HOST`
}

# make the user's mail directory if it doesn't exist
`test -e $HOME_DIR/$HOST/$USER`
if ($RETURNCODE != 0)
{
 `maildirmake $HOME_DIR/$HOST/$USER`
# `maildirmake $HOME_DIR/$HOST/$USER`
 `maildirmake -f Drafts $HOME_DIR/$HOST/$USER`
 `maildirmake -f Trash $HOME_DIR/$HOST/$USER`
 `maildirmake -f Sent $HOME_DIR/$HOST/$USER`
 `maildirmake -f Spam $HOME_DIR/$HOST/$USER`
 `echo INBOX >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Drafts >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Trash >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Sent >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
 `echo INBOX.Spam >> $HOME_DIR/$HOST/$USER/courierimapsubscribed`
}

if ( $EXTENSION eq "spam" )
{
   # Change 'spam' to 'Spam' since folder names are typically capitalized
   EXTENSION = "Spam"

   # Autocreate extension maildir
   #
   # See if the user exists
   `test -e $HOME_DIR/$HOST/$USER`
   #log "Testing for $HOME_DIR/$HOST/$USER subdirectory: result=$RETURNCODE"

   # Only continue if user is valid
   if ( $RETURNCODE == 0 )
   {
      # See if the spam directory already exists
      `test -e $HOME_DIR/$HOST/$USER/.$EXTENSION`
      #log "Testing for $EXTENSION subdirectory: result=$RETURNCODE"

      if ( $RETURNCODE != 0 ) # spam directory does not exist - so we create it
      {

         # Create the subdirectory
         `maildirmake -f $EXTENSION $HOME_DIR/$HOST/$USER`
         log "Ran \"maildirmake -f $EXTENSION $HOME_DIR/$HOST/$USER\""

         # Auto-subscribe the subdirectory
         `if ! grep -q INBOX.$EXTENSION $HOME_DIR/$HOST/$USER/courierimapsubscribed; then echo INBOX.$EXTENSION >> $HOME_DIR/$HOST/$USER/courierimapsubscribed; fi`
         # Set permissions on the mailbox
         `chmod -R 0700 $HOME_DIR/$HOST/$USER`
         log " Ran \"chmod -R 0700 $HOME_DIR/$HOST/$USER\""
      }

      # Deliver the message to the mailbox
      exception {
      # for those who unsubscribed themselves - subscribe them
     `if ! grep -q INBOX.$EXTENSION $HOME_DIR/$HOST/$USER/courierimapsubscribed; then echo INBOX.$EXTENSION >> $HOME_DIR/$HOST/$USER/courierimapsubscribed; fi`
      to "$HOME_DIR/$HOST/$USER/.$EXTENSION"
      }
   }
}

log "Extension: $EXTENSION"
Reply With Quote
  #4  
Old 13th January 2009, 14:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Did you compare the permissions of the Maildirs of the working and the not-working accounts?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 14th January 2009, 20:50
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Working:

mail:~# ls -l /vmail/domain.com/
total 20
drwx------ 75 vmail daemon 4096 2009-01-14 00:30 mailaccount
mail:~# ls -l /vmail/domain.com/mailaccount/
total 120
drwx------ 2 vmail vmail 32768 2009-01-14 18:58 courierimapkeywords
-rw-r--r-- 1 vmail vmail 2138 2009-01-14 00:30 courierimapsubscribed
-rw-r--r-- 1 vmail vmail 6108 2009-01-14 18:28 courierimapuiddb
drwx------ 2 vmail daemon 45056 2009-01-14 18:28 cur
drwx------ 2 vmail daemon 28672 2009-01-14 18:28 new
drwx------ 2 vmail daemon 4096 2009-01-14 20:28 tmp

NOT working:
mail:~# ls -l /vmail/domain.com/
total 8
drwx------ 10 vmail daemon 4096 2009-01-08 07:32 mailaccount
mail:~# ls -l /vmail/domain.com/mailaccount/
total 100
drwx------ 2 vmail vmail 28672 2009-01-14 15:35 courierimapkeywords
-rw-r--r-- 1 vmail vmail 178 2009-01-08 10:50 courierimapsubscribed
-rw-r--r-- 1 vmail vmail 18462 2009-01-14 16:45 courierimapuiddb
drwx------ 2 vmail daemon 40960 2009-01-14 16:54 cur
drwx------ 2 vmail daemon 4096 2009-01-14 20:31 new
drwx------ 2 vmail daemon 4096 2009-01-14 20:31 tmp
Reply With Quote
  #6  
Old 14th January 2009, 21:34
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have now set exactly the same permissions on the not working mailfolder as the one who worked. Still doesn't work.

But heres the log:
Both are passed SPAMMY, but one postfix/pipe doesn't put "+spam" on the not working.
Code:
Jan 14 21:20:25 mail amavis[2459]: (02459-07) Passed SPAMMY, [84.17.192.138] [84.17.192.138] <marius.eriksrud@telecomputing.no> -> <not@domain.com>, Message-ID: <AFDBE539A2CA8244B45DBECF9336A62B0155ED32310E@E12AR1CE1VS1.e12.tconet.net>, mail_id: a234XXY29Gm3, Hits: 998.869, queued_as: 887E947ED5, 4895 ms
Jan 14 21:20:25 mail postfix/smtp[6253]: A7F7F47E03: to=<not@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.4, delays=0.47/0.04/0.02/4.9, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=02459-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 887E947ED5)
Jan 14 21:20:25 mail postfix/pipe[6261]: 887E947ED5: to=<not@domain.com>, relay=maildrop, delay=0.36, delays=0.14/0.1/0/0.13, dsn=2.0.0, status=sent (delivered via maildrop service)

Jan 14 21:20:26 mail amavis[3220]: (03220-07) Passed SPAMMY, [84.17.192.138] [84.17.192.138] <marius.eriksrud@telecomputing.no> -> <ok@domain.com>, Message-ID: <AFDBE539A2CA8244B45DBECF9336A62B0155ED32310E@E12AR1CE1VS1.e12.tconet.net>, mail_id: 9w3OXzjq2Ej2, Hits: 998.868, queued_as: 9874647E03, 5285 ms
Jan 14 21:20:26 mail postfix/smtp[6254]: DA22947ED3: to=<ok@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.9, delays=0.13/0.07/0.41/5.3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=03220-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9874647E03)
Jan 14 21:20:27 mail postfix/pipe[6261]: 9874647E03: to=<ok+spam@domain.com>, relay=maildrop, delay=0.5, delays=0.11/0.07/0/0.32, dsn=2.0.0, status=sent (delivered via maildrop service)
Reply With Quote
  #7  
Old 14th January 2009, 23:34
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default amavis

I have found out that it is the amavis process that doesn't mark it as spam.

I have not put anything in spam_lovers or whitelist/blacklist...
I have followed one of the howtoforge tutorials...

Mail to:
user@ok.com is marked as spam
user@not.org is not marked as spam

/etc/amavis/conf.d/15-content_filter_mode
Code:
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
/etc/amavis/conf.d/20-debian_defaults
Code:
use strict;

# ADMINSTRATORS:
# Debian suggests that any changes you need to do that should never
# be "updated" by the Debian package should be made in another file,
# overriding the settings in this file.
#
# The package will *not* overwrite your settings, but by keeping
# them separate, you will make the task of merging changes on these
# configuration files much simpler...

#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
#       a list of all variables with their defaults;
#   see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
#       a traditional-style commented file
#   [note: the above files were not converted to Debian settings!]
#
#   for more details see documentation in /usr/share/doc/amavisd-new
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$LOGFILE = "/var/log/amavis.log";
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

#$X_HEADER_TAG = 'X-Virus-Scanned';
#$X_HEADER_LINE = "Konsept-IT SPAM gateway";

$recipient_delimiter = '+';
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$addr_extension_spam   = 'spam';

#$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 1024; # triggers spam evasive actions
$sa_dsn_cutoff_level = 1024;   # spam level beyond which a DSN is not sent
$final_spam_destiny = D_PASS;
$final_virus_destiny = D_PASS;

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

# You should:
#   Use D_DISCARD to discard data (viruses)
"/etc/amavis/conf.d/20-debian_defaults" 223 lines, 9803 characters
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});

1;  # insure a defined return
Any ideas?
Debug of amavis (the two emails) is attached as .txt
Attached Files
File Type: txt amavis_debug.txt (87.4 KB, 219 views)
Reply With Quote
  #8  
Old 14th January 2009, 23:43
marra87 marra87 is offline
Member
 
Join Date: Sep 2006
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

it seems that it only check my server's hostname (domain.com)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
just the last step...and it works. Postfix...need help config. ubuntusr Installation/Configuration 1 5th January 2009 09:50
Problem with dcc-client installation (Postfix) swap-as Installation/Configuration 9 18th September 2008 20:47
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
Postfix reject connections gabrix Server Operation 27 25th January 2007 08:37
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 04:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.