[gelöst]amavisd konfigurieren (mit SpamAssassin und clamAV)!

v1:~ # telnet 127.0.0.1 10024
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

v1:~ # telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.

smtp      inet  n       -       n       -       -       smtpd 
#-o content_filter=smtp-amavis:[127.0.0.1]:10024
#smtps	  inet  n	-	n	-	-	smtpd -o content_filter=procmail:spamfilter
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
	-o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#localhost:10025 inet	n	-	n	-	-	smtpd -o content_filter=
scache	  unix	-	-	n	-	1	scache

cyrus	  unix	-	n	n	-	-	pipe
  flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp	  unix	-	n	n	-	-	pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
#
# amavisd-new:
smtp-amavis unix -	-	n	-	2	smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes

127.0.0.1:10025 inet n	-	n	-	-	smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0/8
  -o strict_rfc821_envelopes=yes

$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'firma.local';
$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp";
$ENV{TMPDIR} = $TEMPBASE;
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
@addr_extension_virus_maps      = undef;
@addr_extension_spam_maps       = undef;
@addr_extension_banned_maps     = undef;
@addr_extension_bad_header_maps = undef;
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = 'smtp:127.0.0.1:10025';

#alle anderen sind von mir auskommentiert!!!
@av_scanners = (
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

#alle anderen sind von mir auskommentiert!!!
@av_scanners_backup = (
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

v1:~# /usr/sbin/amavisd debug
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: starting.  /usr/sbin/amavisd at v1.tultec.local amavisd-new-2.3.3 (20050822), Unicode aware, LC_CTYPE=de_DE.UTF-8, LANG=POSIX
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: user=, EUID: 0 (0);  group=, EGID: 0 0 (0 0)
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: Perl version               5.008008
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: INFO: no optional modules: Sys::Hostname::Long Mail::SPF::Query Razor2::Client::Agent Net::CIDR::Lite Mail::SpamAssassin::Plugin::DomainKeys Mail::DomainKeys::Header Mail::DomainKeys::Message Mail::DomainKeys::Policy Mail::DomainKeys::Signature Mail::DomainKeys::Key Mail::DomainKeys::Key::Public Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::_new auto::Crypt::OpenSSL::RSA::DESTROY auto::Crypt::OpenSSL::RSA::load_public_key auto::Crypt::OpenSSL::RSA::new_public_key IP::Country::Fast
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: Net::Server: 2006/11/17-12:18:40 Amavis (type Net::Server::PreForkSimple) starting! pid(14740)
Nov 17 12:18:40 v1.firmalocal /usr/sbin/amavisd[14740]: Net::Server: Binding to UNIX socket file /var/spool/amavis/amavisd.sock using SOCK_STREAM
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: Net::Server: 2006/11/17-12:18:40 No such group "amavis"\n\n  at line 447 in file /usr/lib/perl5/vendor_perl/5.8.8/Net/Server.pm
Nov 17 12:18:40 v1.firma.local /usr/sbin/amavisd[14740]: Net::Server: 2006/11/17-12:18:40 Server closing!

$daemon_user = 'vscan';
$daemon_group = 'vscan';

Nov 17 14:00:08 v1.tultec.local /usr/sbin/amavisd[28606]: starting.  /usr/sbin/amavisd at v1.tultec.local amavisd-new-2.3.3 (20050822), Unicode aware, LC_CTYPE=de_DE.UTF-8, LANG=POSIX
Nov 17 14:00:08 v1.tultec.local /usr/sbin/amavisd[28606]: user=, EUID: 0 (0);  group=, EGID: 0 0 (0 0)
Nov 17 14:00:08 v1.tultec.local /usr/sbin/amavisd[28606]: Perl version               5.008008
Nov 17 14:00:08 v1.firma.local /usr/sbin/amavisd[28606]: INFO: no optional modules: Sys::Hostname::Long Mail::SPF::Query Razor2::Client::Agent Net::CIDR::Lite Mail::SpamAssassin::Plugin::DomainKeys Mail::DomainKeys::Header Mail::DomainKeys::Message Mail::DomainKeys::Policy Mail::DomainKeys::Signature Mail::DomainKeys::Key Mail::DomainKeys::Key::Public Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::_new auto::Crypt::OpenSSL::RSA::DESTROY auto::Crypt::OpenSSL::RSA::load_public_key auto::Crypt::OpenSSL::RSA::new_public_key IP::Country::Fast
Pid_file already exists for running process (28558)... aborting
Nov 17 14:00:08 v1.firma.local /usr/sbin/amavisd[28606]: Net::Server: 2006/11/17-14:00:08 Pid_file already exists for running process (28558)... aborting\n\n  at line 261 in file /usr/lib/perl5/vendor_perl/5.8.8/Net/Server.pm
Nov 17 14:00:08 v1.firma.local /usr/sbin/amavisd[28606]: Net::Server: 2006/11/17-14:00:08 Server closing!

Nov 11 21:46:59 lifebook amavisd[3750]:
Net::Server: 2003/11/11-21:46:59 CONNECT
TCP Peer: "127.0.0.1:32797" Local: "127.0.0.1:10024"
Nov 11 21:46:59 lifebook amavisd[3750]:
lookup_ip_acl: key="127.0.0.1" matches "127.0.0.1", result=1
Nov 11 21:46:59 lifebook amavisd[3750]:
prolong_timer after new request - timer reset: remaining time = 300 s
Nov 11 21:46:59 lifebook amavisd[3750]:
SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready

Nov 17 14:56:54 v1 postfix/smtpd[28915]: connect from localhost[127.0.0.1]
Nov 17 14:56:54 v1 postfix/smtpd[28915]: fatal: bad net/mask pattern: "127.0.0/8"
Nov 17 14:56:55 v1 postfix/master[12290]: warning: process /usr/lib/postfix/smtpd pid 28915 exit status 1
Nov 17 14:56:55 v1 postfix/master[12290]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

mynetworks=127.0.0.0/8 10.0.0.0/16

Nov 20 07:43:07 v1 amavis[4026]: (04026-02) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
Nov 20 07:43:13 v1 amavis[4026]: (04026-02) ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 56) line 266.
Nov 20 07:43:13 v1 amavis[4026]: (04026-02) WARN: all primary virus scanners failed, considering backups
Nov 20 07:43:16 v1 postfix/smtpd[4805]: fatal: bad net/mask pattern: "127.0.0/8"
Nov 20 07:43:17 v1 amavis[4026]: (04026-02) FWD via SMTP: <extern@web.de> -> <musterfrau@firma.local>, 450 4.4.1 Can't connect to 127.0.0.1 port 10025,  (Bad file descriptor) at /usr/sbin/amavisd line 4323, <GEN6> line 89., MTA([127.0.0.1]:10025), id=04026-02
Nov 20 07:43:17 v1 postfix/master[3720]: warning: process /usr/lib/postfix/smtpd pid 4805 exit status 1
Nov 20 07:43:17 v1 postfix/master[3720]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

127.0.0.1:10025 inet n	-	n	-	n	smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.1/8
#  -o strict_rfc821_envelopes=yes
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

v1:/ # rcclamd status
Checking for Clam AntiVirus daemon                                    unused
v1:/ # rcclamd start
Starting Clam AntiVirus daemon startproc:  exit status of parent of /usr/sbin/clamd: 1
                                                                      failed
v1:/ # rcclamd reload
Reloading Clam AntiVirus daemon                                       missing
v1:/ #

Nov 20 14:03:19 v1 clamd[16137]: Daemon started.
Nov 20 14:03:19 v1 clamd[16137]: clamd daemon 0.88.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Nov 20 14:03:19 v1 clamd[16137]: Log file size limited to 1048576 bytes.
Nov 20 14:03:19 v1 clamd[16137]: Two modes (local & TCP) selected.

LogFile /var/log/clamd
LogSyslog
LogFacility LOG_MAIL
PidFile /var/lib/clamav/clamd.pid
LocalSocket /var/lib/clamav/clamd-socket
FixStaleSocket
TCPSocket 3310
TCPAddr 127.0.0.1

Nov 21 10:57:36 v1 postfix/smtpd[9552]: connect from localhost[127.0.0.1]
Nov 21 10:57:36 v1 postfix/smtpd[9552]: EDA921FE2D: client=localhost[127.0.0.1]
Nov 21 10:57:37 v1 postfix/cleanup[9555]: EDA921FE2D: message-id=<50459587@web.de>
Nov 21 10:57:37 v1 postfix/qmgr[9041]: EDA921FE2D: from=<extern@web.de>, size=1907, nrcpt=1 (queue active)
Nov 21 10:57:37 v1 amavis[9476]: (09476-02) ESMTP::10024 /var/spool/amavis/tmp/amavis-20061121T104245-09476: <extern@web.de> -> <musterfrau@firma.local> Received: SIZE=1907 BODY=8BITMIME from v1 ([127.0.0.1]) by localhost (v1.firma.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09476-02 for <musterfrau@firma.local>; Tue, 21 Nov 2006 10:57:37 +0100 (CET)
Nov 21 10:57:37 v1 amavis[9476]: (09476-02) Checking: wGb7WV0TlVQq [127.0.0.1] <extern@web.de> -> <musterfrau@firma.local>
Nov 21 10:57:37 v1 amavis[9476]: (09476-02) p001 1 Content-Type: text/plain, size: 298 B, name: 
Nov 21 10:57:37 v1 postfix/smtpd[9552]: disconnect from localhost[127.0.0.1]
Nov 21 10:57:42 v1 postfix/smtpd[9559]: connect from localhost[127.0.0.1]
Nov 21 10:57:42 v1 postfix/smtpd[9559]: C47641FE0D: client=localhost[127.0.0.1]
Nov 21 10:57:42 v1 postfix/cleanup[9555]: C47641FE0D: message-id=<50459587@web.de>
Nov 21 10:57:42 v1 postfix/qmgr[9041]: C47641FE0D: from=<extern@web.de>, size=2317, nrcpt=1 (queue active)
Nov 21 10:57:42 v1 amavis[9476]: (09476-02) FWD via SMTP: <extern@web.de> -> <musterfrau@firma.local>, BODY=8BITMIME, 250 2.6.0 Ok, id=09476-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as C47641FE0D
Nov 21 10:57:42 v1 postfix/smtpd[9559]: disconnect from localhost[127.0.0.1]
Nov 21 10:57:42 v1 amavis[9476]: (09476-02) Passed CLEAN, LOCAL [127.0.0.1] [84.180.91.165] <extern@web.de> -> <musterfrau@firma.local>, Message-ID: <50459587@web.de>, mail_id: wGb7WV0TlVQq, Hits: 1.822, 5859 ms
Nov 21 10:57:42 v1 amavis[9476]: (09476-02) TIMING [total 5866 ms] - SMTP EHLO: 3 (0%)0, SMTP pre-MAIL: 2 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 39 (1%)1, body_digest: 1 (0%)1, gen_mail_id: 1 (0%)1, mime_decode: 14 (0%)1, get-file-type1: 19 (0%)1, parts_decode: 1 (0%)1, AV-scan-1: 9 (0%)2, spam-wb-list: 3 (0%)2, SA msg read: 1 (0%)2, SA parse: 3 (0%)2, SA check: 5599 (95%)97, update_cache: 2 (0%)97, fwd-connect: 25 (0%)98, fwd-mail-from: 2 (0%)98, fwd-rcpt-to: 3 (0%)98, write-header: 2 (0%)98, fwd-data: 1 (0%)98, fwd-data-end: 112 (2%)100, fwd-rundown: 2 (0%)100, main_log_entry: 14 (0%)100, update_snmp: 2 (0%)100, unlink-1-files: 2 (0%)100, rundown: 1 (0%)100
Nov 21 10:57:42 v1 postfix/smtp[9556]: EDA921FE2D: to=<musterfrau@firma.local>, orig_to=<m.musterfrau@firma.de>, relay=127.0.0.1[127.0.0.1], delay=6, status=sent (250 2.6.0 Ok, id=09476-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as C47641FE0D)
Nov 21 10:57:42 v1 postfix/qmgr[9041]: EDA921FE2D: removed
Nov 21 10:57:43 v1 postfix/pipe[9560]: C47641FE0D: to=<musterfrau@firma.local>, relay=cyrus, delay=1, status=sent (tultec.local)
Nov 21 10:57:43 v1 postfix/qmgr[9041]: C47641FE0D: removed

v1:/ # telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
mail from: mustermann
250 2.1.0 Sender mustermann OK
rcpt to: musterfrau
250 2.1.5 Recipient musterfrau OK
data
354 End data with <CR><LF>.<CR><LF>
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.7.1 Ok, discarded, id=17186-01 - VIRUS: Eicar-Test-Signature
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

Nov 21 14:09:22 v1 amavis[17401]: (17401-04) Blocked INFECTED (Eicar-Test-Signature), LOCAL [127.0.0.1] [84.180.91.165] <?@p54b45ba5.dip.t-dialin.net> -> <mustermann@firma.local>, quarantine: virus-4Jr1IXHbgFOx, Message-ID: <50900510@web.de>, mail_id: 4Jr1IXHbgFOx, Hits: -, 1908 ms
Nov 21 14:09:22 v1 postfix/smtp[17598]: DEEE31FE8A: to=<mustermann@firma.local>, orig_to=<m.mustermann@firma.de>, relay=127.0.0.1[127.0.0.1], delay=3, status=sent (250 2.7.1 Ok, discarded, id=17401-04 - VIRUS: Eicar-Test-Signature)

User vscan

$daemon_user = 'vscan';
$daemon_group = 'vscan';