我知道如果邮件中出现特定的词语,SpamAssassin 可以为该邮件分配分数。
例如邮件中包含该单词bitcoin,则将 1.0 加到总分。
但是,如果制定一条规则,当且仅当整个集合与邮件匹配时,才将一组单词标记为垃圾邮件,那会怎样呢?
比如,如果您有字词internet和banking,然后interest如果其中一个字词出现在邮件中,则不会为其分配垃圾邮件值,但包含所有字词的邮件将获得垃圾邮件分数,例如包含以下消息的邮件:
Get huge interest through internet banking。
我之所以希望 SpamAssassin 匹配整个集合而不是单个单词,是因为我收到的钓鱼邮件看起来像合法邮件,但它们确实有一个共同的主题,例如“Brobizz”(丹麦版 E-ZPass)续订失败。
由于网络钓鱼邮件看起来与合法邮件完全一样,因此阻止所有包含这些词语而没有其他标准的邮件并不是一个好主意。
但是:这些词语和单独的规则(说明发件人邮件服务器的 IP 地址无法解析)的组合足以成为将邮件标记为垃圾邮件的理由。
那么是否可以只对一组单词分配分数?
我的邮件提供商 (posteo.de) 在 HELO/EHLO 交换期间提供了一个 FQDN(例如 mout2.posteo.de)——policyd-spf(见下文)可以看到这一点——但接收服务器上的 SpamAssassin 将中继标记为提供没有 FQDN 或域:
Feb 2 06:17:10 eden policyd-spf[478301]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=185.67.36.66; helo=mout02.posteo.de; [email protected]; receiver=<UNKNOWN>
Feb 2 06:17:10 eden postfix/smtpd[478286]: 502C97F91B: client=mout02.posteo.de[185.67.36.66]
Feb 2 06:17:10 eden postfix/cleanup[478303]: 502C97F91B: message-id=<[email protected]>
Feb 2 06:17:10 eden spamd[423260]: spamd: connection from 127.0.0.1 [127.0.0.1]:60310 to port 783, fd 6
Feb 2 06:17:10 eden spamd[423260]: spamd: processing message <xxxxx> for xxx:111
Feb 2 06:17:13 eden spamd[423260]: spamd: clean message (0.8/6.0) for xxx:111 in 3.6 seconds, 1910 bytes.
Feb 2 06:17:13 eden spamd[423260]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,SPF_PASS,UNPARSEABLE_RELAY,URIBL_BLOCKED scantime=3.6,size=1910,required_score=6.0,rhost=127.0.0.1,raddr=127.0.0.1,autolearn=no autolearn_force=no
为什么 SpamAssassin 看不到明显存在的 FQDN?
谢谢,扬
我以为我会很聪明,并将 amavis/spamassassin/clamav 添加到我工作的 Postfix 安装中。我让它工作,然后做出改变。走开,喝了杯啤酒,然后发现我搞砸了。这就是现在发生的事情
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: Anonymous TLS connection established from mail-pf1-f172.google.com[209.85.210.172]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: warning: connect to private/policy: Connection refused
Oct 2 22:01:59 wilma postfix/smtpd[1048101]: warning: problem talking to server private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: warning: connect to private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: warning: problem talking to server private/policy: Connection refused
Oct 2 22:02:00 wilma postfix/smtpd[1048101]: NOQUEUE: reject: RCPT from mail-pf1-f172.google.com[209.85.210.172]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-pf1-f172.google.com>
Oct 2 22:02:02 wilma postfix/smtpd[1048101]: disconnect from mail-pf1-f172.google.com[209.85.210.172] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
我在谷歌上下搜索寻找答案,似乎“451 4.3.5”是一个通用错误。
这是master.cf ...
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 2 smtp -o syslog_name=postfix/amavis -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none
127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
main.cf 是
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
content_filter = smtp-amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
debug_peer_level = 1
debug_peer_list =
default_privs = mail
delay_warning_time = 4
header_checks = regexp:/etc/postfix/regexp_table
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/virtual
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 3221225472
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25971520
mydestination = $myhostname, localhost.$mydomain, $mydomain, lists.$mydomain
mydomain = mike-mac.gen.nz
myhostname = mail.mike-mac.gen.nz
mynetworks = 192.168.1.0/24 192.168.3.0/24 webmail.mike-mac.gen.nz localhost.localdomain localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
reject_code = 550
sample_directory = /usr/share/doc/postfix-2.0.13/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_hard_error_limit = 4
smtpd_helo_required = no
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, check_policy_service unix:private/policy, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/Email_cert/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/Email_cert/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
strict_mailbox_ownership = no
tls_random_source = dev:/dev/urandom
undisclosed_recipients_header = To: NotSayingWhoGetsThis:;
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:12
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains
virtual_mailbox_limit = 2147483648
virtual_mailbox_maps = hash:/etc/postfix/vmailbox,hash:/etc/postfix/virtual-user-map-family.kiwi.nz,hash:/etc/postfix/virtual-user-map-coders.kiwi.nz,hash:/etc/postfix/virtual-user-map-mak.co.nz,hash:/etc/postfix/virtual-user-map-lessonplans.kiwi.nz
virtual_minimum_uid = 1
virtual_transport = virtual
virtual_uid_maps = static:8`
正在运行的守护进程是
systemctl status postfix postgrey amavis spamassassin clamav-freshclam
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2021-10-02 21:58:34 NZDT; 29min ago
Process: 1047688 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 1047688 (code=exited, status=0/SUCCESS)
Oct 02 21:58:34 wilma systemd[1]: Starting Postfix Mail Transport Agent...
Oct 02 21:58:34 wilma systemd[1]: Finished Postfix Mail Transport Agent.
● postgrey.service - LSB: Start/stop the postgrey daemon
Loaded: loaded (/etc/init.d/postgrey; generated)
Active: active (running) since Sat 2021-10-02 21:58:34 NZDT; 29min ago
Docs: man:systemd-sysv-generator(8)
Process: 1047510 ExecStart=/etc/init.d/postgrey start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 17839)
Memory: 18.7M
CGroup: /system.slice/postgrey.service
└─1039871 postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 194.7.234.142/32
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 194.7.234.143/32
Oct 02 21:58:34 wilma postgrey[1047518]: whitelisted: 213.143.66.210/32
Oct 02 21:58:34 wilma postgrey[1047518]: Pid_file "/var/run/postgrey.pid" already exists. Overwriting!
Oct 02 21:58:34 wilma postgrey[1047583]: Process Backgrounded
Oct 02 21:58:34 wilma systemd[1]: Started LSB: Start/stop the postgrey daemon.
Oct 02 21:58:34 wilma postgrey[1047510]: ...done.
Oct 02 21:58:34 wilma postgrey[1047583]: 2021/10/02-21:58:34 postgrey (type Net::Server::Multiplex) starting! pid(1047583)
Oct 02 21:58:34 wilma postgrey[1047583]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Oct 02 21:58:34 wilma postgrey[1047583]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
● amavis.service - LSB: Starts amavisd-new mailfilter
Loaded: loaded (/etc/init.d/amavis; generated)
Active: active (running) since Sat 2021-10-02 21:58:35 NZDT; 29min ago
Docs: man:systemd-sysv-generator(8)
Process: 1047562 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
Tasks: 3 (limit: 17839)
Memory: 160.8M
CGroup: /system.slice/amavis.service
├─1047705 /usr/sbin/amavisd-new (master)
├─1047714 /usr/sbin/amavisd-new (virgin child)
└─1047715 /usr/sbin/amavisd-new (virgin child)
Oct 02 21:58:35 wilma amavis[1047705]: No ext program for .zoo, tried: zoo
Oct 02 21:58:35 wilma amavis[1047705]: No ext program for .doc, tried: ripole
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .F
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .doc
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .lrz
Oct 02 21:58:35 wilma amavis[1047705]: No decoder for .zoo
Oct 02 21:58:35 wilma amavis[1047562]: Starting amavisd: amavisd-new.
Oct 02 21:58:35 wilma amavis[1047705]: Using primary internal av scanner code for ClamAV-clamd
Oct 02 21:58:35 wilma systemd[1]: Started LSB: Starts amavisd-new mailfilter.
Oct 02 21:58:35 wilma amavis[1047705]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
● spamassassin.service - Perl-based spam filter using text analysis
Loaded: loaded (/lib/systemd/system/spamassassin.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-10-02 21:58:36 NZDT; 29min ago
Process: 1047534 ExecStart=/usr/sbin/spamd -d --pidfile=/run/spamd.pid $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1047641 (spamd)
Tasks: 3 (limit: 17839)
Memory: 109.2M
CGroup: /system.slice/spamassassin.service
├─1047641 /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/run/spamd.pid --create-prefs --max-children 5 --username >
├─1047711 spamd child
└─1047712 spamd child
Oct 02 21:58:33 wilma systemd[1]: Starting Perl-based spam filter using text analysis...
Oct 02 21:58:36 wilma systemd[1]: Started Perl-based spam filter using text analysis.
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-10-02 16:08:46 NZDT; 6h ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 990816 (freshclam)
Tasks: 1 (limit: 17839)
Memory: 227.4M
CGroup: /system.slice/clamav-freshclam.service
└─990816 /usr/bin/freshclam -d --foreground=true
Oct 02 21:09:46 wilma freshclam[990816]: Sat Oct 2 21:09:46 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, >
Oct 02 21:09:46 wilma freshclam[990816]: Sat Oct 2 21:09:46 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, >
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> Received signal: wake up
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ClamAV update process started at Sat Oct 2 22:09:46 2021
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ^Your ClamAV installation is OUTDATED!
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> ^Local version: 0.103.2 Recommended version: 0.103.3
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading->
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> daily.cvd database is up-to-date (version: 26309, sigs: 19380>
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, >
Oct 02 22:09:46 wilma freshclam[990816]: Sat Oct 2 22:09:46 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92,
我意识到我最大的错误是愚蠢,我应该在开始之前备份 main 和 master.cf 文件。话虽如此,任何人都可以看到我看不到的东西吗?
postconf -n
access_map_reject_code = 550
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
content_filter = smtp-amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
debug_peer_level = 1
debug_peer_list =
default_privs = mail
delay_warning_time = 4
header_checks = regexp:/etc/postfix/regexp_table
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/virtual
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 3221225472
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25971520
mydestination = $myhostname, localhost.$mydomain, $mydomain, lists.$mydomain
mydomain = mike-mac.gen.nz
myhostname = mail.mike-mac.gen.nz
mynetworks = 192.168.1.0/24 192.168.3.0/24 webmail.mike-mac.gen.nz localhost.localdomain localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
reject_code = 550
sample_directory = /usr/share/doc/postfix-2.0.13/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_hard_error_limit = 4
smtpd_helo_required = no
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, check_policy_service unix:private/policy, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/Email_cert/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/Email_cert/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
strict_mailbox_ownership = no
tls_random_source = dev:/dev/urandom
undisclosed_recipients_header = To: NotSayingWhoGetsThis:;
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:12
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = hash:/etc/postfix/vmaildomains
virtual_mailbox_limit = 2147483648
virtual_mailbox_maps = hash:/etc/postfix/vmailbox,hash:/etc/postfix/virtual-user-map-family.kiwi.nz,hash:/etc/postfix/virtual-user-map-coders.kiwi.nz,hash:/etc/postfix/virtual-user-map-mak.co.nz,hash:/etc/postfix/virtual-user-map-lessonplans.kiwi.nz
virtual_minimum_uid = 1
virtual_transport = virtual
virtual_uid_maps = static:8
postconf -M
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 2 smtp -o syslog_name=postfix/amavis -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none
127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
我安装了 iRedMail,它将安装 amavis 和 spamassassin。当我测试发送和接收电子邮件时,我有一个错误/var/log/mail.log,我看到这行错误:
postfix/amavis/smtp[14582]: 连接到 127.0.0.1[127.0.0.1]:10026: 连接被拒绝
当我运行这一行时:
$sudo amavisd-new debug
我在输出的末尾看到:
文件位于 config 目录中。\nv320.pre 至少会加载所需的 Check 插件。6 月 12 日 11:58:25.764 mail.example.com /usr/sbin/amavisd-new[20040]: sd_notify (no socket): STOPPING=1\nSTATUS=TROUBLE in pre_loop_hook: Timeout::_run: check: no loaded plugin实现“check_main”:无法扫描!\n检查必要的“.pre”文件是否在配置目录中。\nv320.pre 至少会加载所需的检查插件。6 月 12 日 11:58:25.764 mail.example.com /usr/sbin/amavisd-new[20040]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: Timeout::_run: check: no loaded plugin implements 'check_main' : 无法扫描!\n检查必要的“.pre”文件是否在配置目录中。\nv320.pre 至少会加载所需的检查插件。pre_loop_hook 中的 Suicide () TROUBLE: Timeout::_run: 检查:没有加载的插件实现'check_main':无法扫描!检查必要的“.pre”文件是否在配置目录中。v320.pre 至少会加载所需的 Check 插件。
这也是 的输出$spamassassin --lint -D:
Timeout::_run: check: no loaded plugin implements 'check_main': 无法扫描!检查必要的“.pre”文件是否在配置目录中。v320.pre 至少会加载所需的 Check 插件
我在目录中查找,在其中/etc/mail/spamassassin看不到任何“.pre”文件。我还使用这个搜索v320.pre文件:
$sudo find / -iname v320.pre没有结果。
如果我使用以下命令禁用 amavis:
$sudo nano /etc/amavis/conf.d/50-user
并更改这两行:
@bypass_virus_checks_maps = (1);
@bypass_spam_checks_maps = (1);
然后重新启动服务:
$sudo systemctl restart amavis
然后处理邮件队列:
$postqueue -f
邮件服务器可以正常工作!所以很明显我应该在/etc/mail/spamassassin目录中放一些'.pre'文件。我发现这个网址中有一些“.pre”文件:
https ://apache.googlesource.com/spamassassin/+/trunk/rules
我的问题是:下载这些文件并将它们放在我的目录中是否安全? 或者一般我在哪里可以找到“.pre”文件或生成它们?
我住在日本。最近有很多来自中国的垃圾邮件,都是用中文写的。由于 spamassassin 不包含针对中文的规则,因此大多数这些电子邮件都以低分通过。
我想确定电子邮件何时仅用中文编写。由于大多数日语汉字都包含在中文范围内(U+E400 到 U+E9FF),因此识别日语的一种方法是查看平假名(U+3040 到 U+309F)和片假名(U+30A0 到 U +30FF)。如果它包含平假名或片假名,我可以安全地假设是日语,否则是中文。
如果我测试单个字符,例如:あ或者ア它们正确匹配,但是当我使用范围时它不起作用。这是我们尝试过的:
body CHINESE /[\xe4-\xe9]/ <--- this form seems to work fine
body JAPANESE /[\x30-\x31]/ <--- not sure what is actually matching
body JAPANESE /(あ|え)/ <---- this matches single character just fine
body JAPANESE /[あ-ん]/ <--- doesn't work
body JAPANESE /[U+3040-U+30FF]/ <--- doesn't work
body JAPANESE /[\xe3\x81\x81-\xe3\x82\x96]/ <--- doesn't work
body JAPANESE /[\x{3040}-\x{30FF}]/ <--- doesn't work
我真的不知道我在做什么了。我知道上面的一些没有意义......
指定这些范围的正确方法是什么?
将 DNS 服务器设置为 127.0.0.1 不会阻止我的系统实际解析远程主机吗?
我的企业电子邮件服务器将 DNS 设置为给定 DNS 服务器的 ISP。我的 Spamassassin 正在传达信息URIBL_BLOCKED。这里给出的解决方案表明我应该将 DNS 服务器设置为 127.0.0.1 的本地主机,另一个类似的解决方案是这里。
这不会阻止我的系统解析其他远程主机吗?在基本的 linux (centos 7) 安装中是否有任何东西实际上能够解析该系统可能需要到达的任何远程主机?
编辑:尝试过之后,当我进行更改时,它似乎有点坏了(从它发送的电子邮件没有到达时),所以如果有人可以向我填写缺失的细节,我会非常感激。
当使用https://dkimvalidator.com/之类的工具来验证 DKIM、SPF、DMARC 等的配置以从 Web 服务器发送邮件时,我收到如下警告:
0.0 SPF_HELO_NONE SPF:HELO 不发布 SPF 记录
即使分数没有受到真正的影响,这似乎是一个不好的信号。我该如何摆脱它?
我已经安装了 SpamAssassin 并将其配置为从 sql 读取首选项。我意识到它没有读取用户的首选项,并检查了我看到spamc客户端发送的所有请求都作为 spamd 用户执行的日志。
这是 spamc 客户端如何按照master.cf文件中的配置执行(后缀):
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
我添加-u ${recipient}到 spamc,并在日志中看到它有效,现在用户的首选项已正确获取。
但是,这种方式会破坏我对别名的传递。
考虑[email protected]成为[email protected]和 to的后缀别名[email protected]。添加上述内容-u会spamc导致电子邮件无法发送到别名。
当它不发送电子邮件时,这里有很多后缀:
Feb 14 21:12:36 mail postfix/qmgr[51620]: 6EFD11003F5: from=<[email protected]>, size=2588, nrcpt=2 (queue active)
Feb 14 21:12:37 mail postfix/pipe[51637]: 6EFD11003F5: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=1.3, delays=0.03/0/0/1.3, dsn=2.0.0, status=sent (delivered via spamassassin service (X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,SPF_HELO_PASS autolearn=ha))
Feb 14 21:12:37 mail postfix/pipe[51637]: 6EFD11003F5: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=1.3, delays=0.03/0/0/1.3, dsn=2.0.0, status=sent (delivered via spamassassin service (X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,SPF_HELO_PASS autolearn=ha))
Feb 14 21:12:37 mail postfix/qmgr[51620]: 6EFD11003F5: removed
我删除了-u ${recipient}, 事情又可以工作了,但我无法从以下日志中找到太多帮助:
Feb 14 21:14:36 mail postfix/master[51877]: daemon started -- version 3.4.13, configuration /etc/postfix
Feb 14 21:15:26 mail postfix/qmgr[51880]: B9C531003F5: from=<[email protected]>, size=2580, nrcpt=2 (queue active)
Feb 14 21:15:27 mail postfix/pipe[51932]: B9C531003F5: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=1.2, delays=0.04/0.01/0/1.1, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 14 21:15:27 mail postfix/pipe[51932]: B9C531003F5: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=1.2, delays=0.04/0.01/0/1.1, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 14 21:15:27 mail postfix/qmgr[51880]: B9C531003F5: removed
Feb 14 21:15:27 mail postfix/qmgr[51880]: E19B7106C31: from=<[email protected]>, size=2969, nrcpt=2 (queue active)
Feb 14 21:15:28 mail postfix/qmgr[51880]: 01875106C30: from=<[email protected]>, size=3336, nrcpt=1 (queue active)
spamassassin 日志,当它不起作用时,是这些:
Sun Feb 14 21:12:36 2021 [50514] info: spamd: processing message <[email protected]> for [email protected]:5000
Sun Feb 14 21:12:36 2021 [50514] info: dns: no callback for id 21026/IN/A/bluetreehotels.com.br.dbl.spamhaus.org, ignored, packet on next debug line
Sun Feb 14 21:12:36 2021 [50514] info: dns: no likely matching queries for id 21026
Sun Feb 14 21:12:37 2021 [51696] info: util: setuid: ruid=5000 euid=5000 rgid=5000 5000 5000 egid=5000 5000 5000
Sun Feb 14 21:12:37 2021 [50514] info: spamd: clean message (-1.9/3.0) for [email protected]:5000 in 1.3 seconds, 2502 bytes.
Sun Feb 14 21:12:37 2021 [50514] info: spamd: result: . -1 - BAYES_00,SPF_HELO_PASS scantime=1.3,size=2502,[email protected],uid=5000,required_score=3.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=43164,mid=<[email protected]>,bayes=0.000000,autolearn=ham autolearn_force=no
Sun Feb 14 21:12:37 2021 [50512] info: prefork: child states: II
当它工作正常时,如下所示:
Sun Feb 14 21:15:26 2021 [50514] info: spamd: connection from 127.0.0.1 [127.0.0.1]:43402 to port 783, fd 5
Sun Feb 14 21:15:26 2021 [50514] info: spamd: processing message <[email protected]> for spamd:5000
Sun Feb 14 21:15:26 2021 [51934] info: util: setuid: ruid=5000 euid=5000 rgid=5000 5000 5000 egid=5000 5000 5000
Sun Feb 14 21:15:27 2021 [50514] info: spamd: clean message (-0.0/5.0) for spamd:5000 in 1.1 seconds, 2494 bytes.
Sun Feb 14 21:15:27 2021 [50514] info: spamd: result: . 0 - SPF_HELO_PASS scantime=1.1,size=2494,user=spamd,uid=5000,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=43402,mid=<[email protected]>,autolearn=ham autolearn_force=no
关于为什么会发生这种情况的任何线索?这里明显的区别是,在 spamassassin 日志上,当它不起作用时,我们看到它spamc是由用户调用的[email protected](而不是 with[email protected]和 not with [email protected])。别名所代表的收件人都没有收到电子邮件。在第二次尝试时,没有-u参数,然后 spamc 被执行而不发送用户名(失败进入默认spamd用户),并且邮件被传递给用户a和b.
可以sendmail吗?
最好的,
弗朗西斯
尽管我已经找到了两个 答案,但我无法弄清楚如何实际实施它们,并且至少其中一个并没有真正回答这个问题。因此,如果有人有任何经验可以分享,我将非常感激。
我有一台运行 Postfix 的服务器(Ubuntu 18.04)。我已经使用 postfwd 对 SASL 发件人进行速率限制,并使用 Amavis 和其他东西来扫描来自本地机器/网络(例如来自 Web 服务器)的传出邮件。没关系,在 main.cf 中看起来像这样:
smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/internal_clients_filter,
permit_mynetworks,
reject_unknown_sender_domain
在 master.cf 中
senderCheck unix - n n - 15 spawn
user=nobody argv=/opt/policyd/src/policyd.pl max_idle=30 max_use=50 daemon_timeout=50
127.0.0.1:10025 inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o local_header_rewrite_clients=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
如何以与本地发件人相同的方式将 SASL 发件人(根据定义不在我的网络上)通过垃圾邮件和恶意软件扫描?
我有一个带有 posfix、amavis 和 spamassassin 的 Debian 10 服务器。
我管理的另一台服务器每天都会发送一封邮件,其中不包含任何内容,只有一个 gif 作为附件。我已将 spamassassin 的 local.cf 中的发件人地址列入白名单。
收到的邮件的标头包含以下内容:
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ~~~.~~~.net
X-Spam-Level:
X-Spam-Status: No, score=-93.2 required=5.0 tests=ALL_TRUSTED,BAYES_50,
DC_GIF_UNO_LARGO,DC_IMAGE_SPAM_TEXT,MISSING_HEADERS,PYZOR_CHECK,
SB_GIF_AND_NO_URIS,TVD_SPACE_RATIO,USER_IN_WHITELIST autolearn=no
autolearn_force=no version=3.4.2
这表示邮件不被视为垃圾邮件,因为发件人地址在白名单中。
问题是主题字段包含[SPAM]哪个是垃圾邮件标记。这个垃圾邮件标记在我的 spamassassin local.cf 和 amavis 中定义。我还不知道两者中的哪一个正在添加此垃圾邮件标记。
根据amavis的配置,不应该放垃圾标签,因为我在配置里有这个
$sa_tag2_level_deflt = 5.0; #add spam tag to subject for score greater than this value
$sa_spam_subject_tag = '[SPAM]';
如我们所见,分数较低。amavis 不应添加此垃圾邮件标签。
那么如何在主题行中获取垃圾邮件标签?
我确定问题出在我的邮件服务器上,因为当我将该邮件发送到另一个地址时,我没有收到垃圾邮件标签。
另一个奇怪的事情是,当我从桌面发送具有相同发件人地址的完全相同的邮件时,它没有收到垃圾邮件标签。
编辑:我有另外两封邮件的 amavis 行为不一致。
通过一封邮件,我有这个:
Received: from localhost by xxx.xxx.net
with SpamAssassin (version 3.4.2);
Wed, 11 Nov 2020 17:08:01 +0100
From: huixin0010 <[email protected]>
Subject: [*SPAM*] [~SPAM~]Re: Leather bags manufacturer with 14 years experience
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on xxx.xxx.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.3 required=5.0 tests=BAYES_50,DEAR_SOMETHING,
FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,PYZOR_CHECK,
RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE,T_SPF_HELO_PERMERROR
autolearn=no autolearn_force=no version=3.4.2
[*SPAM*]spamassassin 添加[~SPAM~]的垃圾邮件标签和 amavis 添加的垃圾邮件标签在哪里。
规则设置为 amavis 在分数高于 5 时添加垃圾邮件标签。
出乎意料的是下面这封邮件,即使分数高于 5,amavis 也没有在主题中添加垃圾邮件标签。
Received: from localhost by xxx.xxx.net
with SpamAssassin (version 3.4.2);
Wed, 11 Nov 2020 18:08:24 +0100
From: liyulan029 <[email protected]>
To: xxx <[email protected]>
Subject: [*SPAM*] Re: new design eyeglasses frame and sunglasses
Date: Thu, 12 Nov 2020 01:10:33 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on xxx.xxx.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.2 required=5.0 tests=BAYES_50,DEAR_SOMETHING,
FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RCVD_IN_RP_RNBL,
RDNS_NONE autolearn=no autolearn_force=no version=3.4.2
这两个邮件之间的服务器上没有任何变化。