Diese Website existiert nur weil wir Werbung mit AdSense ausliefern.
Bitte den AdBlocker daher auf dieser Website ausschalten! Danke.

Nach konfig. von Amavisd gehen alle mails nach draußen

Alles rund um das Internet, Internet-Anwendungen (E-Mail, Surfen, Cloud usw.) und das Einrichten von Netzwerken einschl. VPN unter Linux

Moderator: Moderatoren

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Nach konfig. von Amavisd gehen alle mails nach draußen

Beitrag von Xware » 11. Jan 2005, 14:38

Hallo,

nach dem mir ja schon gestern mir dem Postfixproblem, bei dem alle mails nach draußen geleitet wurden, geholfen wurde hab ich jetzt nach der Installation von AMAVISD-NEW das nächste Problem.

ich habe jetzt das gleiche Problem wieder... aber das mail-log sieht ein wenig anders aus. und irgendwie irritiert mich das folgende Zeile im Log-File:

Code: Alles auswählen


Jan 11 15:27:23 server postfix/smtp[4835]: connect to localhost[::1]: Connection refused (port 10024)
das der amavisd dafür zuständig ist, ist mir klar, aber warum kommt es zum Connection refused - welcher Teil von amavis ist dafür zuständig?

Ich hänge mal die configs mit dran, in der Hoffnung, daß ihr mir helfen könnt.

MfG, Frank

auszug aus der /var/log/mail

Code: Alles auswählen

Jan 11 15:27:23 server postfix/smtpd[4833]: connect from frank.heimnetz.loc[192.168.1.10]
Jan 11 15:27:23 server postfix/smtpd[4833]: 04A791AF1: client=frank.heimnetz.loc[192.168.1.10]
Jan 11 15:27:23 server postfix/cleanup[4467]: 04A791AF1: message-id=<1105449413.7478.14.camel@frank.heimnetz.loc>
Jan 11 15:27:23 server postfix/smtpd[4833]: disconnect from frank.heimnetz.loc[192.168.1.10]
Jan 11 15:27:23 server postfix/qmgr[4451]: 04A791AF1: from=<frank@echte_domain.de>, size=523, nrcpt=1 (queue active)
Jan 11 15:27:23 server postfix/smtp[4835]: connect to localhost[::1]: Connection refused (port 10024)
Jan 11 14:27:33 server postfix/smtpd[4839]: connect from unknown[127.0.0.1]
Jan 11 14:27:33 server postfix/smtpd[4839]: 18E6A1AF9: client=unknown[127.0.0.1]
Jan 11 15:27:33 server postfix/cleanup[4467]: 18E6A1AF9: message-id=<1105449413.7478.14.camel@frank.heimnetz.loc>
Jan 11 14:27:33 server postfix/smtpd[4839]: disconnect from unknown[127.0.0.1]
Jan 11 15:27:33 server postfix/qmgr[4451]: 18E6A1AF9: from=<frank@echte_domain.de>, size=936, nrcpt=1 (queue active)
Jan 11 15:27:33 server amavis[4661]: (04661-01) Passed CLEAN, [192.168.1.10] <frank@echte_domain.de> -> <annett@echte_domain.de>, Message-ID: <1105449413.7478.14.camel@frank.heimnetz.loc>, Hits: -2.82
Jan 11 15:27:33 server postfix/smtp[4835]: 04A791AF1: to=<annett@echte_domain.de>, orig_to=<ann@heimnetz.loc>, relay=localhost[127.0.0.1], delay=10, status=sent (250 2.6.0 Ok, id=04661-01, from MTA: 250 Ok: queued as 18E6A1AF9)
Jan 11 15:27:33 server postfix/qmgr[4451]: 04A791AF1: removed
die master.cf

Code: Alles auswählen

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       50      smtpd -o content_filter=smtp:[localhost]:10024
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       n       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil



localhost:10025     inet     n     -     y     -     -     smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.1/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000

smtp-amavis    unix     -     -     n     -     3     lmtp
    -o smtp_data_done_timeout=1800
    -o disable_dns_loockups=yes
    -o smtp_send_xforward_command=yes



# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus	  unix	-	n	n	-	-	pipe
  flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp	  unix	-	n	n	-	-	pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
die main.cf

Code: Alles auswählen

biff = no
command_directory = /usr/sbin
debug_peer_level = 2
html_directory = /usr/share/doc/packages/postfix/html

manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/packages/postfix/README_FILES
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
unknown_local_recipient_reject_code = 550

relayhost = smtprelay.t-online.de
program_directory = /usr/lib/postfix
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
mailq_path = /usr/bin/mailq
default_privs = nobody
mail_spool_directory = /var/mail
mailbox_command = /usr/lib/cyrus/bin/deliver
mailbox_transport = lmtp:unix:public/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
default_peer_level = 2
mynetworks = 192.168.1.0/24, 127.0.0.0/8
myhostname = smtp.heimnetz.loc
mydomain = heimnetz.loc
myorigin = $mydomain
mail_owner = postfix
default_transport = smtp
canonical_maps = hash:/etc/postfix/canonical
smtpd_banner = $myhostname ESMTP
alias_maps = hash:/etc/aliases
setgid_group = maildrop
luser_relay = $root@smtp.heimnetz.loc
mydestination = $myhostname, $mydomain, localhost.$mydomain
die canonical

Code: Alles auswählen

fra@heimnetz.loc	frank@echte_domain.de
ann@heimnetz.loc	annett@echte_domain.de
ix@heimnetz.loc		support@echte_domain.de
und die amavisd.conf

Code: Alles auswählen

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings
#
#   (see amavisd.conf-default for a list of all variables with their defaults)
#   (see amavisd.conf-sample for a traditional-style commented file)


# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

$max_servers = 2;            # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$mydomain = 'heimnetz.loc';

$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';

# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef

# $db_home   = "$MYHOME/db";
# $helpers_home = "$MYHOME/var";  # prefer $MYHOME clean and owned by root?
# $pid_file  = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 0;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # when using sendmail milter

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
                             # for SA 3.0, cf option is 'use_auto_whitelist')

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );

$virus_admin               = "virusalert\@$mydomain";  # notifications recip.

$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file   = 'file';   # file(1) utility; use recent versions
$gzip   = 'gzip';
$bzip2  = 'bzip2';
$lzop   = 'lzop';
$rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];
$unrar      = ['rar', 'unrar'];
$zoo    = 'zoo';
$lha    = 'lha';
$cpio   = ['gcpio','cpio'];
$dspam  = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name


# OTHER MORE COMMON SETTINGS (defaults may suffice):

# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!


$forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!
$notify_method  = 'smtp:[127.0.0.1]:10025';

$LOGFILE = "/var/log/amavis.log";

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;


# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
#
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
#
# $defang_bad_header, $defang_undecipherable, $defang_spam


$warnvirusrecip = 1;
$warnbannedrecip = 1;
# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@viruses_that_fake_sender_maps = (new_RE(
  [qr'\bEICAR\b'i => 0],            # av test pattern name
  [qr'^(WM97|OF97|Joke\.)'i => 0],  # adjust names to match your AV scanner
  [qr/.*/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));


# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)\.?$'i,

# qr'[{}]',      # curly braces in names (serve as Class ID extensions - CLSID)

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any type in Unix-compressed
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any type in Unix archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any type within such archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
#        jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shb|shs|vb|
#        vbe|vbs|wsc|wsf|wsh|
#        app|fxp|prg|mdw|mdt|ops)$'ix,    # banned extension - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types
# qr'^\.(exe|lha|tnef|cab)$',             # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'bugtraq@securityfocus.com'              => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});


@av_scanners = (

# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],

# ### http://www.clamav.net/
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd-socket"],
#   qr/\bOK$/, qr/\bFOUND$/,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd;  match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

# ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],

# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/
# ['AVG Anti-Virus',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
#   qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],

# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
#   \&ask_daemon,
#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
#      '127.0.0.1:10203','127.0.0.1:10204'] ],
#   qr/(?i)<summary[^>]*>clean<\/summary>/,
#   qr/(?i)<summary[^>]*>infected<\/summary>/,
#   qr/(?i)<name>(.+)<\/name>/ ],

# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
#   [pack('N',1).  # DRWEBD_SCAN_CMD
#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
#    pack('N',     # path length
#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
#    '{}/*'.       # path
#    pack('N',0).  # content size
#    pack('N',0),
#    '/var/drweb/run/drwebd.sock',
#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
#  # '127.0.0.1:3000',                    # or over an inet socket
#   ],
#   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
#   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
# ],
# # NOTE: If using amavis-milter, change length to:
# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").

  ### http://www.kaspersky.com/  (in the 'file server version')
  ['KasperskyLab AVP - aveclient',
    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
     '/opt/kav/bin/aveclient','aveclient'],
    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
    qr/(?:INFECTED|SUSPICION) (.+)/,
  ],

  ### http://www.kaspersky.com/
  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
    qr/infected: (.+)/,
    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
  ### products and replaced by aveserver and aveclient
  ['KasperskyLab AVPDaemonClient',
    [ '/opt/AVP/kavdaemon',       'kavdaemon',
      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
      '/opt/AVP/avpdc', 'avpdc' ],
    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
    # change the startup-script in /etc/init.d/kavd to:
    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
    # adjusting /var/amavis above to match your $TEMPBASE.
    # The '-f=/var/amavis' is needed if not running it as root, so it
    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
    #   directory $TEMPBASE specifies) in the 'Names=' section.
    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
    # cp AvpDaemonClient /opt/AVP/
    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"

  ### http://www.hbedv.com/ or http://www.centralcommand.com/
  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
    ['antivir','vexira'],
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    # NOTE: if you only have a demo version, remove -z and add 214, as in:
    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,

  ### http://www.commandsoftware.com/
  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/Infection: (.+)/ ],

  ### http://www.symantec.com/
  ['Symantec CarrierScan via Symantec CommandLineScanner',
    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],

  ### http://www.symantec.com/
  ['Symantec AntiVirus Scan Engine',
    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
    [0], qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],
    # NOTE: check options and patterns to see which entry better applies

  ### http://www.f-secure.com/products/anti-virus/
  ['F-Secure Antivirus', 'fsav',
    '--dumb --mime --archive {}', [0], [3,8],
    qr/(?:infection|Infected|Suspected): (.+)/ ],

  ['CAI InoculateIT', 'inocucmd',  # retired product
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/ ],
  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html

  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
  ['CAI eTrust Antivirus', 'etrust-wrapper',
    '-arc -nex -spm h {}', [0], [101],
    qr/is infected by virus: (.+)/ ],
    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783

  ### http://mks.com.pl/english.html
  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/ ], 

  ### http://mks.com.pl/english.html
  ['MkS_Vir daemon', 'mksscan',
    '-s -q {}', [0], [1..7],
    qr/^... (\S+)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32', 'nod32',
    '-all -subdir+ {}', [0], [1,2],
    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],

  ### http://www.nod32.com/
  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
    '-a -r -d recurse --heur standard {}', [0], [10,11],
    qr/^\S+\s+infected:\s+(.+)/ ],

# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
# ['ESET Software NOD32 Client/Server (NOD32SS)',
#   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
#   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
#   qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],

  ### http://www.norman.com/products_nvc.shtml
  ['Norman Virus Control v5 / Linux', 'nvcc',
    '-c -l:0 -s -u {}', [0], [1],
    qr/(?i).* virus in .* -> \'(.+)\'/ ],

  ### http://www.pandasoftware.com/
  ['Panda Antivirus for Linux', ['pavcl'],
    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
    qr/Number of files infected[ .]*: 0+(?!\d)/,
    qr/Number of files infected[ .]*: 0*[1-9]/,
    qr/Found virus :\s*(\S+)/ ],

# ### http://www.pandasoftware.com/
# ['Panda Antivirus for Linux', ['pavcl'],
#   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
#   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
#   qr/Found virus :\s*(\S+)/ ],

# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
# # NOTE: the command line switches changed with scan engine 8.5 !
# # (btw, assigning stdin to /dev/null causes RAV to fail)

  ### http://www.nai.com/
  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure -rv --mime --summary --noboot - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
        :\ (.+)\ NOT\ a\ virus)/,
  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
  # sub {delete $ENV{LD_PRELOAD}},
  ],
  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
  # and then clear it when finished to avoid confusing anything else.
  # NOTE2: to treat encrypted files as viruses replace the [13] with:
  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/

  ### http://www.virusbuster.hu/en/
  ['VirusBuster', ['vbuster', 'vbengcl'],
    # VirusBuster Ltd. does not support the daemon version for the workstation 
    # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
    # binaries, some parameters AND return codes have changed (from 3 to 1).
    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
    qr/: '(.*)' - Virus/ ],

# ### http://www.virusbuster.hu/en/
# ['VirusBuster (Client + Daemon)', 'vbengd',
#   # HINT: for an infected file it always returns 3,
#   # although the man-page tells a different story
#   '-f -log scandir {}', [0], [3],
#   qr/Virus found = (.*);/ ],

  ### http://www.cyber.com/
  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
  ],

  ### http://www.ikarus-software.com/
  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/ ],

  ### http://www.bitdefender.com/
  ['BitDefender', 'bdc',
    '--all --arc --mail {}', qr/^Infected files *:0+(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

);


@av_scanners_backup = (

  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ### http://www.f-prot.com/   - backs up F-Prot Daemon
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],
    qr/Infection: (.+)/ ],

  ### http://www.trendmicro.com/   - backs up Trophie
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],

  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
  ['drweb - DrWeb Antivirus',
    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
    '-path={} -al -go -ot -cn -upn -ok-',
    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],

  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
    '-i1 -xp {}', [0,10,15], [5,20,21,25],
    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],

# Commented out because the name 'sweep' clashes with Debian and FreeBSD
# package/port of an audio editor. Make sure the correct 'sweep' is found
# in the path when enabling.
#
# ### http://www.sophos.com/   - backs up Sophie or SAVI-Perl
# ['Sophos Anti Virus (sweep)', 'sweep',
#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
#   [0,2], qr/Virus .*? found/,
#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
# ],
# # other options to consider: -mime -oe -idedir=/usr/local/sav

# always succeeds (uncomment to consider mail clean if all other scanners fail)
# ['always-clean', sub {0}],

);


1;  # insure a defined return

Werbung:
carsten
Guru
Guru
Beiträge: 1632
Registriert: 27. Jan 2004, 13:27
Wohnort: Mittelhessen

Beitrag von carsten » 11. Jan 2005, 18:25

main.cf:
content_filter = smtp:[127.0.0.1]:10024

und den mailbox_command rausnehmen
Reload nicht vergessen.

Grüße
Intel DB65ALB3, Chipsatz B65, Celeron G540, 4GB, 1x1TB System, 2x 2TB SATA RAID1, SuSE 13.2 (noch)

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 19:12

Hi Carsten,

danke erst mal, aber das hat leider nicht wirklich geholfen. Zwischendurch hab ich auch noch das Logging im Amavis mal auf 5 gestellt. Im Logfile steht jetzt folgendes:

Code: Alles auswählen

Jan 11 19:54:22 server postfix/master[4435]: reload configuration
Jan 11 19:55:20 server postfix/smtpd[5820]: connect from frank.heimnetz.loc[192.168.1.10]
Jan 11 19:55:20 server postfix/smtpd[5820]: 4956F1AF4: client=frank.heimnetz.loc[192.168.1.10]
Jan 11 19:55:20 server postfix/cleanup[5823]: 4956F1AF4: message-id=<1105465489.7478.32.camel@frank.heimnetz.loc>
Jan 11 19:55:20 server postfix/smtpd[5820]: disconnect from frank.heimnetz.loc[192.168.1.10]
Jan 11 19:55:20 server postfix/qmgr[5817]: 4956F1AF4: from=<frank@echte_domain.de>, size=519, nrcpt=1 (queue active)
Jan 11 19:55:20 server postfix/smtp[5824]: connect to localhost[::1]: Connection refused (port 10024)
Jan 11 19:55:20 server amavis[5649]: (05649-01) ESMTP::10024 /var/spool/amavis/tmp/amavis-20050111T195520-05649: <frank@echte_domain.de> -> <support@echte_domain.de> Received: SIZE=519 from smtp.heimnetz.loc ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05649-01 for <support@echte_domain.de>; Tue, 11 Jan 2005 19:55:20 +0100 (CET)
Jan 11 19:55:20 server amavis[5649]: (05649-01) Checking: <frank@echte_domain.de> -> <support@echte_domain.de>
Jan 11 19:55:29 server amavis[5649]: (05649-01) FWD via SMTP: [127.0.0.1]:10025 <frank@echte_domain.de> -> <support@echte_domain.de>
Jan 11 19:55:29 server postfix/smtpd[5828]: connect from unknown[127.0.0.1]
Jan 11 18:55:29 server postfix/smtpd[5828]: 915571EBB: client=unknown[127.0.0.1]
Jan 11 19:55:29 server postfix/cleanup[5823]: 915571EBB: message-id=<1105465489.7478.32.camel@frank.heimnetz.loc>
Jan 11 18:55:29 server postfix/smtpd[5828]: disconnect from unknown[127.0.0.1]
Jan 11 19:55:29 server postfix/qmgr[5817]: 915571EBB: from=<frank@echte_domain.de>, size=936, nrcpt=1 (queue active)
Jan 11 19:55:29 server amavis[5649]: (05649-01) Passed CLEAN, [192.168.1.10] <frank@echte_domain.de> -> <support@echte_domain.de>, Message-ID: <1105465489.7478.32.camel@frank.heimnetz.loc>, Hits: -2.805
Jan 11 19:55:29 server amavis[5649]: (05649-01) TIMING [total 9399 ms] - SMTP EHLO: 41 (0%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 1 (0%), create email.txt: 2 (0%), SMTP pre-DATA-flush: 9 (0%), SMTP DATA: 35 (0%), body_hash: 11 (0%), mkdir parts: 3 (0%), mime_decode: 36 (0%), get-file-type1: 21 (0%), decompose_part: 2 (0%), parts_decode: 0 (0%), AV-scan-1: 555 (6%),AV-scan-2: 1219 (13%), spam-wb-list: 6 (0%), SA msg read: 2 (0%), SA parse: 6 (0%), SA check: 7124 (76%), update_cache: 5 (0%), fwd-connect: 41 (0%), fwd-mail-from: 4 (0%), fwd-rcpt-to: 7 (0%), write-header: 7 (0%), fwd-data: 1 (0%), fwd-data-end: 139 (1%), fwd-rundown: 6 (0%), main_log_entry: 61 (1%), update_snmp: 38 (0%), unlink-1-files: 13 (0%), rundown: 1 (0%)
Jan 11 19:55:29 server postfix/smtp[5824]: 4956F1AF4: to=<support@echte_domain.de>, orig_to=<ix@heimnetz.loc>, relay=localhost[127.0.0.1], delay=9, status=sent (250 2.6.0 Ok, id=05649-01, from MTA: 250 Ok: queued as 915571EBB)
Jan 11 19:55:29 server postfix/qmgr[5817]: 4956F1AF4: removed
Jan 11 19:55:30 server postfix/smtp[5829]: 915571EBB: to=<support@echte_domain.de>, relay=smtprelay.t-online.de[194.25.134.99], delay=1, status=sent (250 Message accepted.)
Jan 11 19:55:30 server postfix/qmgr[5817]: 915571EBB: removed

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 19:50

vielleicht noch ne Info:

wenn ich per Telnet auf den server gehe, dann bekomme ich folgende Reaktion:

Code: Alles auswählen

$ telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

eigentlich sollte ja noch das hier erscheinen - tut's aber nicht.

220 [127.0.0.1] ESMTP amavisd-new service ready


[/code]

Benutzeravatar
oc2pus
Ultimate Guru
Ultimate Guru
Beiträge: 6506
Registriert: 21. Jun 2004, 13:01

Beitrag von oc2pus » 11. Jan 2005, 20:05

Jan 11 19:55:20 server postfix/smtp[5824]: connect to localhost[::1]: Connection refused (port 10024)
da läuft kein daemon auf diesm Port, deshlab bekommst du auch kein telnet hin...

netstat -lntp eingeben und checken ob es einen Listener gibt für 10024
netstat -lntp ==>
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 29026/perl
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 1770/master
master.cf:

Code: Alles auswählen

smtp      inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
smtp-amavis unix -      -       n       -       3       lmtp
    -o smtp_data_done_timeout=1800
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n  -       n       -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o mynetworks_style=host
    -o strict_rfc821_envelopes=yes
main.cf:

Code: Alles auswählen

#####################################
# Tell Postfix to start forwarding all mail it receives to amavisd-new for content inspection.
#####################################
content_filter = smtp-amavis:[127.0.0.1]:10024
max_use = 10
amavis.conf:

Code: Alles auswählen

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!
tell people what you want to do, and they'll probably help you to do it.
PackMan
LinWiki : Das Wiki für Linux User

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 21:05

Hallo oc2pus,
oc2pus hat geschrieben:
Jan 11 19:55:20 server postfix/smtp[5824]: connect to localhost[::1]: Connection refused (port 10024)
da läuft kein daemon auf diesm Port, deshlab bekommst du auch kein telnet hin...

netstat -lntp eingeben und checken ob es einen Listener gibt für 10024
hab ich mal gemacht, mit folgendem Ergebnis:

Code: Alles auswählen

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:611             0.0.0.0:*               LISTEN      4246/ypserv         
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      6095/amavisd (maste 
tcp        0      0 0.0.0.0:5801            0.0.0.0:*               LISTEN      4535/xinetd         
tcp        0      0 0.0.0.0:32777           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      4435/master         
...stuff deleted...
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4435/master         
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      4315/smbd           
tcp        0      0 ::1:10025               :::*                    LISTEN      4435/master         
nach änderung der master.cf bekam ich beim internen Mailversand folgende Log-Einträge:

Code: Alles auswählen

Jan 11 22:00:20 server postfix/master[4435]: reload configuration
Jan 11 22:00:49 server postfix/smtpd[6408]: connect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:00:49 server postfix/smtpd[6408]: 8CED41AF7: client=frank.heimnetz.loc[192.168.1.10]
Jan 11 22:00:49 server postfix/cleanup[6411]: 8CED41AF7: message-id=<1105473017.7478.44.camel@frank.heimnetz.loc>
Jan 11 22:00:49 server postfix/smtpd[6408]: disconnect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:00:49 server postfix/qmgr[6405]: 8CED41AF7: from=<>, size=514, nrcpt=1 (queue active)
Jan 11 22:00:49 server postfix/smtp[6412]: connect to localhost[::1]: Connection refused (port 10024)
Jan 11 22:00:54 server postfix/smtp[6412]: 8CED41AF7: to=<support@echte_domain.de>, orig_to=<ix@heimnetz.loc>, relay=localhost[127.0.0.1], delay=5, status=deferred (host localhost[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, Connection refused at /usr/sbin/amavisd line 3763, <GEN7> line 107., id=06097-02 (in reply to end of DATA command))

mehr nicht, nach einem erneuten rcpostfix reload wurden die meisten Einträge noch einmal ins Log geschrieben
Zuletzt geändert von Xware am 28. Nov 2005, 07:35, insgesamt 1-mal geändert.

Benutzeravatar
oc2pus
Ultimate Guru
Ultimate Guru
Beiträge: 6506
Registriert: 21. Jun 2004, 13:01

Beitrag von oc2pus » 11. Jan 2005, 21:10

localhost[::1]: Connection refused (port 10024)
das ist eine ipv6 Adresse für localhost, wo zauberst du die her?
welchen Postfix verwendest du ?

check mal deine /etc/hosts oder deinen Nameserver ...
tell people what you want to do, and they'll probably help you to do it.
PackMan
LinWiki : Das Wiki für Linux User

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 21:28

oc2pus hat geschrieben:
localhost[::1]: Connection refused (port 10024)
das ist eine ipv6 Adresse für localhost, wo zauberst du die her?
welchen Postfix verwendest du ?
2.1.5 (die Version, die bei der SuSE 9.2 dabei ist)
check mal deine /etc/hosts oder deinen Nameserver ...
kein Nameserver nur DNSMASQ - reicht mir hier ;)

aber die hosts könnte es sein - bisher gab es damit eigentlich keine Probleme aber lustiger weise sieht die standart-hosts-Datei von SuSE so aus:

Code: Alles auswählen

#
# hosts         This file describes a number of hostname-to-address
#               mappings for the TCP/IP subsystem.  It is mostly
#               used at boot time, when no name servers are running.
#               On small systems, this file can be used instead of a
#               "named" name server.
# Syntax:
#    
# IP-Address  Full-Qualified-Hostname  Short-Hostname
#

127.0.0.1       localhost

# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback

fe00::0         ipv6-localnet

ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
ich habe natürlich noch ne Menge v4-Adressen drin aber die stören ja nicht. Ich habe mal die ganzen v6-Adressen rausgenommen, aber es hat sich nichts geändert außer daß das "Connection refused" nicht mehr da ist - die Mails bleiben trotzdem noch hängen (siehe log im letzten Posting)

Benutzeravatar
oc2pus
Ultimate Guru
Ultimate Guru
Beiträge: 6506
Registriert: 21. Jun 2004, 13:01

Beitrag von oc2pus » 11. Jan 2005, 21:41

nach Änderung an der hosts den postfix und amavis neugestartet ?
tell people what you want to do, and they'll probably help you to do it.
PackMan
LinWiki : Das Wiki für Linux User

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 21:50

oc2pus hat geschrieben:nach Änderung an der hosts den postfix und amavis neugestartet ?
:roll: natürlich nicht - hab ich aber gleich nachgeholt. Die mails gehen jetzt wieder raus, aber so wie vorher nur nach extern :(

hier mal das log:

Code: Alles auswählen

Jan 11 22:50:57 server postfix/smtpd[6810]: connect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:50:57 server postfix/smtpd[6810]: 47F3E1C02: client=frank.heimnetz.loc[192.168.1.10]
Jan 11 22:50:57 server postfix/cleanup[6812]: 47F3E1C02: message-id=<1105476025.7478.49.camel@frank.heimnetz.loc>
Jan 11 22:50:57 server postfix/smtpd[6810]: disconnect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:50:57 server postfix/qmgr[6767]: 47F3E1C02: from=<frank@echte_domain.de>, size=516, nrcpt=1 (queue active)
Jan 11 22:51:02 server postfix/smtpd[6817]: connect from localhost[127.0.0.1]
Jan 11 22:51:02 server postfix/smtpd[6817]: 54B1E1C1A: client=localhost[127.0.0.1]
Jan 11 22:51:02 server postfix/cleanup[6812]: 54B1E1C1A: message-id=<1105476025.7478.49.camel@frank.heimnetz.loc>
Jan 11 22:51:02 server postfix/smtpd[6817]: disconnect from localhost[127.0.0.1]
Jan 11 22:51:02 server postfix/qmgr[6767]: 54B1E1C1A: from=<frank@echte_domain.de>, size=935, nrcpt=1 (queue active)
Jan 11 22:51:02 server postfix/smtp[6813]: 47F3E1C02: to=<support@echte_domain.de>, orig_to=<ix@heimnetz.loc>, relay=localhost[127.0.0.1], delay=5, status=sent (250 2.6.0 Ok, id=06682-02, from MTA: 250 Ok: queued as 54B1E1C1A)
Jan 11 22:51:02 server postfix/qmgr[6767]: 47F3E1C02: removed
Jan 11 22:51:03 server postfix/smtp[6818]: 54B1E1C1A: to=<support@echte_domain.de>, relay=smtprelay.t-online.de[194.25.134.95], delay=1, status=sent (250 Message accepted.)
Jan 11 22:51:03 server postfix/qmgr[6767]: 54B1E1C1A: removed


dermichel
Advanced Hacker
Advanced Hacker
Beiträge: 1169
Registriert: 20. Apr 2004, 22:36
Wohnort: Neuweiler / Saarland
Kontaktdaten:

Beitrag von dermichel » 11. Jan 2005, 21:56

Jan 11 22:00:54 server postfix/smtp[6412]: 8CED41AF7: to=<support@echte_domain.de>, orig_to=<ix@heimnetz.loc>, relay=localhost[127.0.0.1], delay=5, status=deferred (host localhost[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, Connection refused at /usr/sbin/amavisd line 3763, <GEN7> line 107., id=06097-02 (in reply to end of DATA command))
weil:
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
passt nicht so wirklich :-)

entweder host oder subnet.... du definierst ein subnet, keinen host!



desweiteren muss amavis von localhost mails annehmen:

Code: Alles auswählen

@inet_acl = qw( 127.0.0.1 ::1 );  # allow SMTP access only from localhost IP
Mr. Postfix - /* Ubuntu- und SuSE-Linux /*

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 22:12

dermichel hat geschrieben:
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
passt nicht so wirklich :-)

entweder host oder subnet.... du definierst ein subnet, keinen host!
hmm - was denn nun, oc2pus sagt rein - Du wieder raus :roll:


desweiteren muss amavis von localhost mails annehmen:

Code: Alles auswählen

@inet_acl = qw( 127.0.0.1 ::1 );  # allow SMTP access only from localhost IP

der Eintrag ist in der Config drin... hab wohl ein bischen zu viel rausgelöscht um es hier einzustellen

vielleicht hilft ja mal eine mail so wie ich sie dann über den externen Server empfange - eigentlich sollte diese mail ja intern ausgeliefert werden.

Code: Alles auswählen

Return-Path: <frank@echte_domain.de>
Delivered-To: support@echte_domain.de
Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com
        [194.25.134.17]) by webbox.echte_domain.de (Postfix) with ESMTP id
        6BA62A85E3 for <support@echte_domain.de>; Tue, 11 Jan 2005 17:43:36 +0100 (CET)
Received: from fwd11.aul.t-online.de  by mailout02.sul.t-online.com with
        smtp  id 1CoP7I-00036s-01; Tue, 11 Jan 2005 17:43:36 +0100
Received: from smtp.heimnetz.loc
        (bKAKb6ZOZejf8Co0BPLR4ZQ1onFqC1OYL6xf7cChVeZE0-gz6zDdg2@[217.232.116.56])
        by fmrl11.sul.t-online.com with esmtp id 1CoP70-1TMMRU0; Tue, 11 Jan 2005
        17:43:18 +0100
Received: from localhost (unknown [127.0.0.1]) by smtp.heimnetz.loc
        (Postfix) with ESMTP id CF9881EB8 for <support@echte_domain.de>; Tue, 11 Jan 2005
        17:48:38 +0000 (UTC)
Received: from smtp.heimnetz.loc ([127.0.0.1]) by localhost (server
        [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05648-01 for
        <support@echte_domain.de>; Tue, 11 Jan 2005 18:48:33 +0100 (CET)
Received: from frank.heimnetz.loc (frank.heimnetz.loc [192.168.1.10]) by
        smtp.heimnetz.loc (Postfix) with ESMTP id A33DD1AF4 for <ix@heimnetz.loc>;
        Tue, 11 Jan 2005 18:48:33 +0100 (CET)
Subject: sdfg
From: Frank echte_domain <frank@echte_domain.de>
To: support@echte_domain.de
Content-Type: text/plain
Date: Tue, 11 Jan 2005 17:38:03 +0100
Message-Id: <1105461483.7478.30.camel@frank.heimnetz.loc>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.0 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at heimnetz.loc
X-ID: bKAKb6ZOZejf8Co0BPLR4ZQ1onFqC1OYL6xf7cChVeZE0-gz6zDdg2@t-dialin.net
X-TOI-MSGID: f2dc8a5b-a759-468a-81d5-509411fd9f7b
X-UIDL: "1`"!O4c"!MXX!!O/a!!
X-Evolution-Source: pop://web544p1@mail.echte_domain.de

asdfgs
-- 
Frank echte_domain <fra@heimnetz.loc>

Benutzeravatar
oc2pus
Ultimate Guru
Ultimate Guru
Beiträge: 6506
Registriert: 21. Jun 2004, 13:01

Beitrag von oc2pus » 11. Jan 2005, 22:25

meine config-schnipsel sind aus meiner aktuellen live-Konfiguration.

aber im Zweifelsfall hat Mr.Postfix (derMichel) recht ;)
tell people what you want to do, and they'll probably help you to do it.
PackMan
LinWiki : Das Wiki für Linux User

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 22:28

oc2pus hat geschrieben:meine config-schnipsel sind aus meiner aktuellen live-Konfiguration.

aber im Zweifelsfall hat Mr.Postfix (derMichel) recht ;)
:D :D :D

aber trotzdem funktioniert es blöderweise noch nicht richtig - ich krieg hier bald ne Kriese...

dermichel
Advanced Hacker
Advanced Hacker
Beiträge: 1169
Registriert: 20. Apr 2004, 22:36
Wohnort: Neuweiler / Saarland
Kontaktdaten:

Beitrag von dermichel » 11. Jan 2005, 22:39

der header bringt da garnix!
nochmal senden und das maillog posten...
Mr. Postfix - /* Ubuntu- und SuSE-Linux /*

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 22:52

dermichel hat geschrieben: nochmal senden und das maillog posten...
bitte schön:

Code: Alles auswählen

Jan 11 22:46:01 server postfix/smtpd[7267]: connect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:46:01 server postfix/smtpd[7267]: 33BF81C02: client=frank.heimnetz.loc[192.168.1.10]
Jan 11 22:46:01 server postfix/cleanup[7270]: 33BF81C02: message-id=<1105479653.7478.52.camel@frank.heimnetz.loc>
Jan 11 22:46:01 server postfix/smtpd[7267]: disconnect from frank.heimnetz.loc[192.168.1.10]
Jan 11 22:46:01 server postfix/qmgr[7153]: 33BF81C02: from=<frank@echte_domain.de>, size=516, nrcpt=1 (queue active)
Jan 11 22:46:14 server postfix/smtpd[7275]: connect from localhost[127.0.0.1]
Jan 11 22:46:14 server postfix/smtpd[7275]: E21641C49: client=localhost[127.0.0.1]
Jan 11 22:46:14 server postfix/cleanup[7270]: E21641C49: message-id=<1105479653.7478.52.camel@frank.heimnetz.loc>
Jan 11 22:46:15 server postfix/smtpd[7275]: disconnect from localhost[127.0.0.1]
Jan 11 22:46:15 server postfix/qmgr[7153]: E21641C49: from=<frank@echte_domain.de>, size=935, nrcpt=1 (queue active)
Jan 11 22:46:15 server postfix/smtp[7271]: 33BF81C02: to=<support@echte_domain.de>, orig_to=<ix@heimnetz.loc>, relay=localhost[127.0.0.1], delay=14, status=sent (250 2.6.0 Ok, id=06682-03, from MTA: 250 Ok: queued as E21641C49)
Jan 11 22:46:15 server postfix/qmgr[7153]: 33BF81C02: removed
Jan 11 22:46:18 server postfix/smtp[7276]: E21641C49: to=<support@echte_domain.de>, relay=smtprelay.t-online.de[194.25.134.28], delay=4, status=sent (250 Message accepted.)
Jan 11 22:46:18 server postfix/qmgr[7153]: E21641C49: removed
wenn es Dir was hilft, würde ich Dir auch die kompletten Configs per mail zuschicken...

dermichel
Advanced Hacker
Advanced Hacker
Beiträge: 1169
Registriert: 20. Apr 2004, 22:36
Wohnort: Neuweiler / Saarland
Kontaktdaten:

Beitrag von dermichel » 11. Jan 2005, 22:58

mydomain = heimnetz.loc

mydestination = $myhostname, $mydomain, localhost.$mydomain




aehem - dein server ist fuer "echte_domain.de" nicht zustaendig.


aender das ueber die virtual oder mydestination.
Mr. Postfix - /* Ubuntu- und SuSE-Linux /*

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 23:18

dermichel hat geschrieben:mydomain = heimnetz.loc

mydestination = $myhostname, $mydomain, localhost.$mydomain
steht so in der main.cf drin


dermichel hat geschrieben: aehem - dein server ist fuer "echte_domain.de" nicht zustaendig.

aender das ueber die virtual oder mydestination.
"echte_domain.de" ist nur ein Platzhalter (es müssen ja nicht alle mailadressen hier im Forum veröffentlicht werden) und die damit ersetzten domains stehen auch nur in der canonical drin - sonst nirgends.

ich habe folgende Situation:

Domains bei einem ISP:
echte_domain1
echte_domain2

lokale Domain:
heimnetz.loc

lokal sind folgende user eingerichtet

fra@heimnetz.loc
ann@heimnetz.loc
ix@heimnetz.loc

noch mal der inhalt der canonical:
fra@heimnetz.loc frank@echte_domain1.de
ann@heimnetz.loc annett@echte_domain1.de
ix@heimnetz.loc support@echte_domain2.de


also, mails die von ix@heimnetz.loc kommen, sollen sowohl lokal zustellbar sein, als auch nach draußen zB an doof@winzigweich.com geschickt werden können. Abholen von Mails ist im Moment noch nicht das Thema, ich möchte sie erst einmal nur richtig verschicken können. Alles was nach draußen geschickt werden soll wird mittels Amavis gescannt und rausgeschickt, dabei werden auch die Adressen richtig ausgetauscht. Was nicht funktioniert ist das interne versenden. Die obigen Logs sind von Versuchen die Mails intern zuzustellen. Also von fra@heimnetz.loc zu ix@heimnetz.loc. Dabei werden, seit Amavis in die Postfix-Config eingebaut ist, aber alle Mails (auch die nur intern zugestellt werden sollen) in die große weite Welt geschickt, und daher bin ich jetzt langsam am verzweifeln
:(

dermichel
Advanced Hacker
Advanced Hacker
Beiträge: 1169
Registriert: 20. Apr 2004, 22:36
Wohnort: Neuweiler / Saarland
Kontaktdaten:

Beitrag von dermichel » 11. Jan 2005, 23:21

das rewrite klappt ja auch wunderbar! bringt dir aber nix, wenn du das an der falschen stelle ansetzt!

zwei loesungswege:

1) recipient / sender canonical (nicht canonical) setzen

2) deinem postfix sagen das er fuer "deine:_domain.de" zustaendig ist! dann wird die mail auch nach dem allgemeinen rewrite lokal zugestellt, und nur mails ausserhalb deiner lokalen und eigenen domain werden ueber den relayserver zugestellt.


wir machen da morgen weiter.... n'acht...

.
Mr. Postfix - /* Ubuntu- und SuSE-Linux /*

Xware
Newbie
Newbie
Beiträge: 29
Registriert: 10. Jan 2005, 23:52

Beitrag von Xware » 11. Jan 2005, 23:31

dermichel hat geschrieben: zwei loesungswege:

1) recipient / sender canonical (nicht canonical) setzen

2) deinem postfix sagen das er fuer "deine:_domain.de" zustaendig ist! dann wird die mail auch nach dem allgemeinen rewrite lokal zugestellt, und nur mails ausserhalb deiner lokalen und eigenen domain werden ueber den relayserver zugestellt.
ersteres kann ich ja schon mal ausprobieren - da ich diese Woche Urlaub habe bin ich so gegen 9 Uhr wach, dann kann es weitergehen :D :D :D


Nachtrag:

ich habe gerade noch mal die recipient_canonical und die sender_canonical in die main.cf eingetragen, die "cononical" entfernt und die beiden neuen dateien konfiguriert - schnell noch ein postmap drauf und postfix restart.
Aber nach einem Mailversand gab es die Ernüchterung: keine Änderung :( :( :( alle mails gehen nach draußen. wenigstens hab ich die config für die neuen dateien richtig gemacht, denn das umschreiben der Adressen funktioniert genauso wie mit der alten canonical

Gesperrt

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 5 Gäste