Amavisd-new nemeni hlavicku pri rozpoznani spamu
Daniel Prynych
Daniel.Prynych na buzuluk.cz
Pondělí Březen 22 07:19:55 CET 2004
Dobre rano.
Rad bych pozadal odborniky na amavisd-new o radu.
Protoze jsem chtel prejit z AVP 4 na AVP 5 zamenil jsem amavisd za amavid-new.
(amavisd nepodporuje AVP ve verzi 5).
Mam vsak problemy s jeho antispam casti. Amavisd-new spam rozpozna ale nezmeni
hlavicku ani subject mailu.
Pokud pustim amavis v debug rezimu dostanu nasledujici hlaseni, kde je videt
ze spam byl rozpoznan. Bohuzel v hlavice nic a ani subject neni zmenen.
V logu je take hlaseni o zmene hlavicky.
Prikladam vynatek z amavid.conf jestli nekoho neco nenapadne.
Ja jsem opravdu prohledal internet a nic jsem nenasel, nebo alespon to co jsem
nasel nebyl muj pripad
Daniel Prynych
--------------------------amavisd debug ------------------------------
debug: unlock: 20648 unlink /var/amavis/.spamassassin/auto-whitelist.lock
debug: is spam? score=909.183 required=5
tests=AWL,BAYES_44,DATE_IN_PAST_96_XX,DCC_CHECK,GTUBE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,USER_IN_WHITELIST
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) RETURNED FROM
NoMailAudit::check, time left: 0 s
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) prolong_timer
after spam_scan_SA: remaining time = 300 s
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) spam_scan:
hits=909.183
tests=AWL,BAYES_44,DATE_IN_PAST_96_XX,DCC_CHECK,GTUBE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,USER_IN_WHITELIST
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) prolong_timer
after spam_scan: remaining time = 300 s
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) lookup:
(scalar) matches, result="6.3"
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) lookup:
(scalar) matches, result="3"
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) lookup:
(scalar) matches, result="6.3"
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) lookup:
(scalar) matches, result="6.3"
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) do_spam:
looking for a quarantine address
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) SPAM,
<root na tisk.buzuluk.cz> -> <dan na buzuluk.cz>, Yes, hits=909.2 tag1=3.0 tag2=6.3
kill=6.3 tests=AWL, BAYES_44, DATE_IN_PAST_96_XX, DCC_CHECK, GTUBE,
RAZOR2_CF_RANGE_51_100, RAZOR2_CHECK, USER_IN_WHITELIST
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) Skip
spam_admin notification for <root na tisk.buzuluk.cz>, no admin specified
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) DO_SPAM DONE
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) prolong_timer
after spam quar+notif: remaining time = 300 s
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654)
one_response_for_all <root na tisk.buzuluk.cz>: success, dsn_needed=0, '250
2.5.0 Ok, id=i2JINg6r020654, continue delivery'
-----------------mail.log-----------------------------------------------
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) prolong_timer after
spam_scan: remaining time = 300 s
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) lookup: (scalar) matches,
result="3"
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) lookup: (scalar) matches,
result="6.3"
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) do_spam: looking for a
quarantine address
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) lookup: (scalar) matches,
result="spam-quarantine"
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: X-Quarantine-id:
<spam-f2a5ac43451ba302155db49f0d
1092f6-20040319-181332-i2JHDHxt016980>\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: X-Spam-Status:
Yes, hits=10.9 tag1=3.0 tag2=6.3 k
ill=0.0 tests=BILL_1618,\n BIZ_TLD, CANNOT_BE_SPAM, EXCUSE_3,
FURTHER_TRANSMISSIONS, HTML_30_40,\n HTML_FONT_B
IG, HTML_MESSAGE, LINES_OF_YELLING, LINES_OF_YELLING_2,\n LINK_TO_NO_SCHEME,
MIME_HTML_NO_CHARSET, NO_COST, SA
VE_UP_TO, SECTION_301,\n SENT_IN_COMPLIANCE\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: X-Spam-Level:
**********\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: X-Envelope-From:
<DiscountBiz-List na Targetware.com
>\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: X-Envelope-To:
<info na buzuluk.cz>\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) DO_QUARANTINE, sender:
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) local delivery: <> ->
<spam-quarantine>, mbx=/var/virusma
ils/spam-f2a5ac43451ba302155db49f0d1092f6-20040319-181332-i2JHDHxt016980.gz
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: Delivered-To:
spam-quarantine\n
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) header: Return-Path: <>\n
Mar 19 18:13:32 tisk sm-mta[17022]: i2JHDVxt017022:
from=<pilot.owner na pandora.cz>, size=3126, class=0, nrcpts=
1, msgid=<2004-03-34544 na pandora.cz>, bodytype=8BITMIME, proto=ESMTP,
daemon=MTA, relay=root na firewall.buzuluk.c
z [192.168.254.254]
Mar 19 18:13:32 tisk amavis[16843]: (i2JHDHxt016980) one_response_for_all <>:
success, dsn_needed=0, '250 2.6.
0 Ok, delivered to
/var/virusmails/spam-f2a5ac43451ba302155db49f0d1092f6-20040319-181332-i2JHDHxt016980.gz,
id
=
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654)
warnsender_with_pass=(1,1,,), dsn_needed=0, exit=0, 250 2.5.0 Ok,
id=i2JINg6r020654, continue delivery
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) Passed,
<root na tisk.buzuluk.cz> -> <dan na buzuluk.cz>, quarantine
spam-fbfaa7ae2ce107ec1ee6598c72d0e04f-20040319-192344-i2JINg6r020654,
Message-ID: <GTUBE1.1010101 na example.net>, Hits: 909.183
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) tempdir being
removed: /var/amavis/amavis-milter-i2JINg6r020654
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654)
rmdir_recursively: /var/amavis/amavis-milter-i2JINg6r020654, excl=
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654)
rmdir_recursively: /var/amavis/amavis-milter-i2JINg6r020654/parts, excl=0
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) mail checking
ended: exit_code=0 (250 2.5.0 Ok, id=i2JINg6r020654, continue delivery)
Mar 19 19:23:44 tisk.buzuluk.cz amavisd[20648]: (i2JINg6r020654) TIMING [total
2319 ms] - got data: 5 (0%), body hash: 2 (0%), mkdir parts: 3 (0%),
mime_decode: 22 (1%), get-file-type: 16 (1%), decompose_part: 8 (0%), parts:
0 (0%), AV-scan-1: 26 (1%), SA msg read: 4 (0%), SA parse: 2 (0%), SA check:
2190 (94%), unlink-1-files: 19 (1%), rmdir: 0 (0%), unlink-1-files: 0 (0%),
rmdir: 0 (0%), rundown: 22 (1%)
Mar 19 19:24:05 tisk.buzuluk.cz amavisd[20645]: Net::Server:
2004/03/19-19:24:05 Server closing!
------------------------------amavid.conf---------------------------------------
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
# SpamAssassin settings
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
#
$sa_local_tests_only = 0; # (default: false)
$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_timeout = 30; # timeout in seconds for a call to SpamAssassin
# (default is 30 seconds, undef disables it)
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is
larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
#$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
-------------------------------------------------
Další informace o konferenci Linux