Am Donnerstag, 20. Mai 2004 21:05 schrieb Al Bogner:
# postconf -n
# postconf -n alias_maps = hash:/etc/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix
content_filter = vscan:
Das ist so eine Unschönheit von Suse. Trag hier: content_filter=smtp:[127.0.0.1]:10024 ein.
daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no inet_interfaces = 127.0.0.1 ::1 mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain myhostname = gw.local newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450
# grep -v ^# /etc/postfix/master.cf
# grep -v ^# /etc/postfix/master.cf
smtp inet n - n - 2 smtpd -o content_filter=smtp:[localhost]:10024
Hier dann den filter rausnehmen: smtp inet n - n - 2 smtpd
pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil localhost:10025 inet n - n - - smtpd -o content_filter= maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient vscan unix - n n - 10 pipe user=vscan argv=/usr/sbin/amavis ${sender} ${recipient} procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
Und natürlich prüfen ob amavisd läuft: # rcamavis status Ansonsten: # rcamavis start # insserv amavis
Bis jetzt gehe ich den Weg über .forward: "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"
Das würde ich nicht mehr machen.
Wie dann?
amavisd als Daemon starten und direkt von Postfix aus benutzen.
Im Header sehe ich: Received: from unknown by localhost (amavisd-new, unix socket)
Sowohl f-prot als auch antvir erkennen den Eicar bei manuellem Scan.
In amavisd.conf habe ich nichts geändert und es sieht so aus:
Ein Eicar kommt per Mail problemlos durch, also ist noch irgendwo etwas nicht richtig konfiguriert.
Starte amavis mal mit:
# amavisd debug
# amavisd debug May 20 21:02:59 gw amavisd[12224]: starting. amavisd at gw amavisd-new-20030616-p9, Unicode aware, LC_CTYPE=de_DE.UTF-8 May 20 21:03:00 gw amavisd[12224]: Perl version 5.008003 May 20 21:03:00 gw amavisd[12224]: Module Amavis::Conf 1.15 May 20 21:03:00 gw amavisd[12224]: Module Archive::Tar 1.08 May 20 21:03:00 gw amavisd[12224]: Module Archive::Zip 1.09 May 20 21:03:00 gw amavisd[12224]: Module Compress::Zlib 1.33 May 20 21:03:00 gw amavisd[12224]: Module Convert::TNEF 0.17 May 20 21:03:00 gw amavisd[12224]: Module Convert::UUlib 1.0 May 20 21:03:00 gw amavisd[12224]: Module DB_File 1.808 May 20 21:03:00 gw amavisd[12224]: Module MIME::Entity 5.404 May 20 21:03:00 gw amavisd[12224]: Module MIME::Parser 5.406 May 20 21:03:00 gw amavisd[12224]: Module MIME::Tools 5.411 May 20 21:03:00 gw amavisd[12224]: Module Mail::Header 1.60 May 20 21:03:00 gw amavisd[12224]: Module Mail::Internet 1.60 May 20 21:03:00 gw amavisd[12224]: Module Mail::SpamAssassin 2.63 May 20 21:03:00 gw amavisd[12224]: Module Net::Cmd 2.24 May 20 21:03:00 gw amavisd[12224]: Module Net::DNS 0.46 May 20 21:03:00 gw amavisd[12224]: Module Net::SMTP 2.26 May 20 21:03:00 gw amavisd[12224]: Module Net::Server 0.87 May 20 21:03:00 gw amavisd[12224]: Module Time::HiRes 1.52 May 20 21:03:00 gw amavisd[12224]: Module Unix::Syslog 0.100 May 20 21:03:00 gw amavisd[12224]: Found myself: /usr/sbin/amavisd -c /etc/amavisd.conf May 20 21:03:00 gw amavisd[12224]: Lookup::SQL code NOT loaded May 20 21:03:00 gw amavisd[12224]: Lookup::LDAP code NOT loaded May 20 21:03:00 gw amavisd[12224]: AMCL-in protocol code loaded May 20 21:03:00 gw amavisd[12224]: SMTP-in protocol code loaded May 20 21:03:00 gw amavisd[12224]: ANTI-VIRUS code NOT loaded May 20 21:03:00 gw amavisd[12224]: ANTI-SPAM code loaded May 20 21:03:00 gw amavisd[12224]: Net::Server: 2004/05/20-21:03:00 Pid_file already exists for running process (4684)... aborting\n\n at line 229 in file /usr/lib/perl5/vendor_perl/5.8.3/Net/Server.pm May 20 21:03:00 gw amavisd[12224]: Net::Server: 2004/05/20-21:03:00 Server closing!
Woran könnte es liegen, dass "ANTI-VIRUS code" nicht geladen wird.
Suse hat, weiss der Geier warum, die Virenscanner global ausgeschaltet. Such mal in der /etc/amavisd.conf nach "bypass_virus_checks_acl", das ist glaube ich eingeschaltet, kommentier das mal aus und probier den aufruf nochmal. -- Andreas