Inhaltsverzeichnis
AMaViS CentOS 7
AMaViS (A MAil Virus Scanner) ist ein Prüfprogramm, welches e-Mails auf SPAM und Viren untersucht und sich dabei externer Programme wie dem sehr bekannten SpamAssassin und z.B. ClamAV bedient und diese in sich selbst einbindet.
Beschreibung | Externer Link |
---|---|
Homepage | http://www.ijs.si/software/amavisd/ |
Dokumentation | http://www.ijs.si/software/amavisd/#doc |
Ab hier werden zur Ausführung nachfolgender Befehle root
-Rechte benötigt. Um der Benutzer root
zu werden, melden Sie sich bitte als root
-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer root
:
$ su - Password:
Herunterladen
Nachfolgend sollen zwei Drittanbieter-Repositories, das von EPEL, welches wie unter nachfolgendem internen Link dargestellt, eingebunden werden kann:
Das zweite benötigte Drittanbieter-Repository wird von dem von mir sehr geschätzten Michael Nausch betrieben und ist eine sichere und verlässliche Quelle für rpm-Pakete, und kann wie unter nachfolgendem internen Link dargestellt, eingebunden werden:
Installation
Nachfolgende rpm
-Pakete sind zur Installation erforderlich:
amavisd-milter
- ist immailserver.guru
-Repository des Drittanbieters mailserver.guru CentOS 7 enthalten
Die Installation von amavisd-new
, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:
# yum install amavisd-new Loaded plugins: changelog, priorities 66 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package amavisd-new.noarch 0:2.10.1-4.el7 will be installed --> Processing Dependency: perl(Net::Server) >= 2.0 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::Server) >= 0.91 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::Server) >= 0.87 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::Internet) >= 1.58 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::DKIM) >= 0.31 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Digest::MD5) >= 2.22 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Compress::Zlib) >= 1.35 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.017 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Archive::Zip) >= 1.14 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: unzoo for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: tmpwatch for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Unix::Syslog) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(URI) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Sys::Syslog) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Socket6) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Razor2::Client::Version) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(NetAddr::IP) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::Server::Multiplex) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::SSLeay) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::LibIDN) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::LDAP) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Net::DNS) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::SpamAssassin) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::SPF) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::Header) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::Field) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::DKIM::PrivateKey) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Mail::DKIM) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Words) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Parser) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Head) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Entity) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::UU) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::QuotedPrint) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::NBit) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::Gzip64) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::Binary) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Decoder::Base64) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(MIME::Body) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(IO::Stringy) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(IO::Socket::SSL) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(IO::Socket::IP) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Digest::SHA1) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Digest::SHA) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Digest::MD5) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(DBI) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(DBD::SQLite) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Crypt::OpenSSL::RSA) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Convert::UUlib) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Convert::TNEF) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Compress::Zlib) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(BerkeleyDB) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Authen::SASL) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: perl(Archive::Tar) for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: pax for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: p7zip-plugins for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: p7zip for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: nomarch for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: lzop for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: lrzip for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: freeze for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: cabextract for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: bzip2 for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: arj for package: amavisd-new-2.10.1-4.el7.noarch --> Processing Dependency: altermime for package: amavisd-new-2.10.1-4.el7.noarch --> Running transaction check ---> Package altermime.x86_64 0:0.3.10-10.el7 will be installed ---> Package arj.x86_64 0:3.10.22-22.el7 will be installed ---> Package bzip2.x86_64 0:1.0.6-12.el7 will be installed ---> Package cabextract.x86_64 0:1.5-1.el7 will be installed --> Processing Dependency: libmspack.so.0()(64bit) for package: cabextract-1.5-1.el7.x86_64 ---> Package freeze.x86_64 0:2.5.0-16.el7 will be installed ---> Package lrzip.x86_64 0:0.614-3.el7 will be installed ---> Package lzop.x86_64 0:1.03-10.el7 will be installed ---> Package nomarch.x86_64 0:1.4-11.el7 will be installed ---> Package p7zip.x86_64 0:9.20.1-5.el7 will be installed ---> Package p7zip-plugins.x86_64 0:9.20.1-5.el7 will be installed ---> Package pax.x86_64 0:3.4-19.el7 will be installed ---> Package perl-Archive-Tar.noarch 0:1.92-2.el7 will be installed --> Processing Dependency: perl(IO::Zlib) >= 1.01 for package: perl-Archive-Tar-1.92-2.el7.noarch --> Processing Dependency: perl(Package::Constants) for package: perl-Archive-Tar-1.92-2.el7.noarch --> Processing Dependency: perl(IO::Zlib) for package: perl-Archive-Tar-1.92-2.el7.noarch --> Processing Dependency: perl(Data::Dumper) for package: perl-Archive-Tar-1.92-2.el7.noarch ---> Package perl-Archive-Zip.noarch 0:1.30-11.el7 will be installed ---> Package perl-Authen-SASL.noarch 0:2.15-10.el7 will be installed --> Processing Dependency: perl(GSSAPI) for package: perl-Authen-SASL-2.15-10.el7.noarch --> Processing Dependency: perl(Digest::HMAC_MD5) for package: perl-Authen-SASL-2.15-10.el7.noarch ---> Package perl-BerkeleyDB.x86_64 0:0.51-4.el7 will be installed ---> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be installed ---> Package perl-Convert-TNEF.noarch 0:0.18-2.el7 will be installed ---> Package perl-Convert-UUlib.x86_64 2:1.4-5.el7 will be installed ---> Package perl-Crypt-OpenSSL-RSA.x86_64 0:0.28-7.el7 will be installed --> Processing Dependency: perl(Crypt::OpenSSL::Random) for package: perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64 --> Processing Dependency: perl(Crypt::OpenSSL::Bignum) for package: perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64 ---> Package perl-DBD-SQLite.x86_64 0:1.39-3.el7 will be installed ---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed --> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64 --> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64 ---> Package perl-Digest-MD5.x86_64 0:2.52-3.el7 will be installed --> Processing Dependency: perl(Digest::base) >= 1.00 for package: perl-Digest-MD5-2.52-3.el7.x86_64 ---> Package perl-Digest-SHA.x86_64 1:5.85-3.el7 will be installed ---> Package perl-Digest-SHA1.x86_64 0:2.13-9.el7 will be installed ---> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed --> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch ---> Package perl-IO-Socket-IP.noarch 0:0.21-4.el7 will be installed ---> Package perl-IO-Socket-SSL.noarch 0:1.94-3.el7 will be installed ---> Package perl-IO-stringy.noarch 0:2.110-22.el7 will be installed ---> Package perl-LDAP.noarch 1:0.56-3.el7 will be installed --> Processing Dependency: perl(Convert::ASN1) >= 0.2 for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(XML::SAX::Writer) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(XML::SAX::Base) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(Text::Soundex) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(LWP::Protocol) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(LWP::MediaTypes) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(JSON) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(HTTP::Status) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(HTTP::Response) for package: 1:perl-LDAP-0.56-3.el7.noarch --> Processing Dependency: perl(HTTP::Negotiate) for package: 1:perl-LDAP-0.56-3.el7.noarch ---> Package perl-MIME-tools.noarch 0:5.505-1.el7 will be installed --> Processing Dependency: perl(Convert::BinHex) for package: perl-MIME-tools-5.505-1.el7.noarch ---> Package perl-Mail-DKIM.noarch 0:0.39-8.el7 will be installed ---> Package perl-Mail-SPF.noarch 0:2.8.0-4.el7 will be installed --> Processing Dependency: perl(version) for package: perl-Mail-SPF-2.8.0-4.el7.noarch --> Processing Dependency: perl(Error) for package: perl-Mail-SPF-2.8.0-4.el7.noarch ---> Package perl-MailTools.noarch 0:2.12-2.el7 will be installed --> Processing Dependency: perl(Net::SMTP::SSL) for package: perl-MailTools-2.12-2.el7.noarch --> Processing Dependency: perl(Date::Parse) for package: perl-MailTools-2.12-2.el7.noarch --> Processing Dependency: perl(Date::Format) for package: perl-MailTools-2.12-2.el7.noarch ---> Package perl-Net-DNS.x86_64 0:0.72-5.el7 will be installed ---> Package perl-Net-LibIDN.x86_64 0:0.12-15.el7 will be installed ---> Package perl-Net-SSLeay.x86_64 0:1.55-3.el7 will be installed ---> Package perl-Net-Server.noarch 0:2.007-2.el7 will be installed --> Processing Dependency: perl(IO::Multiplex) >= 1.05 for package: perl-Net-Server-2.007-2.el7.noarch ---> Package perl-NetAddr-IP.x86_64 0:4.069-3.el7 will be installed ---> Package perl-Razor-Agent.x86_64 0:2.85-15.el7 will be installed ---> Package perl-Socket6.x86_64 0:0.23-15.el7 will be installed ---> Package perl-Sys-Syslog.x86_64 0:0.33-3.el7 will be installed ---> Package perl-URI.noarch 0:1.60-9.el7 will be installed --> Processing Dependency: perl(Business::ISBN) for package: perl-URI-1.60-9.el7.noarch ---> Package perl-Unix-Syslog.x86_64 0:1.1-17.el7 will be installed ---> Package spamassassin.x86_64 0:3.4.0-1.el7 will be installed --> Processing Dependency: perl-HTML-Parser >= 3.43 for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(HTML::Parser) >= 3.43 for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: procmail for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: portreserve for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(IO::Socket::INET6) for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(HTTP::Date) for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(ExtUtils::MakeMaker) for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(Encode::Detect) for package: spamassassin-3.4.0-1.el7.x86_64 --> Processing Dependency: perl(DB_File) for package: spamassassin-3.4.0-1.el7.x86_64 ---> Package tmpwatch.x86_64 0:2.11-5.el7 will be installed --> Processing Dependency: psmisc for package: tmpwatch-2.11-5.el7.x86_64 ---> Package unzoo.x86_64 0:4.4-16.el7 will be installed --> Running transaction check ---> Package libmspack.x86_64 0:0.5-0.1.alpha.el7 will be installed ---> Package perl-Business-ISBN.noarch 0:2.06-2.el7 will be installed --> Processing Dependency: perl(Business::ISBN::Data) >= 20120719.001 for package: perl-Business-ISBN-2.06-2.el7.noarch ---> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be installed ---> Package perl-Convert-ASN1.noarch 0:0.26-4.el7 will be installed ---> Package perl-Convert-BinHex.noarch 0:1.119-20.el7 will be installed ---> Package perl-Crypt-OpenSSL-Bignum.x86_64 0:0.04-18.el7 will be installed ---> Package perl-Crypt-OpenSSL-Random.x86_64 0:0.04-21.el7 will be installed ---> Package perl-DB_File.x86_64 0:1.830-6.el7 will be installed ---> Package perl-Data-Dumper.x86_64 0:2.145-3.el7 will be installed ---> Package perl-Digest.noarch 0:1.17-245.el7 will be installed ---> Package perl-Digest-HMAC.noarch 0:1.03-5.el7 will be installed ---> Package perl-Encode-Detect.x86_64 0:1.01-13.el7 will be installed ---> Package perl-Error.noarch 1:0.17020-2.el7 will be installed ---> Package perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 will be installed --> Processing Dependency: perl(Test::Harness) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Packlist) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Manifest) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Installed) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Install) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch ---> Package perl-GSSAPI.x86_64 0:0.28-9.el7 will be installed ---> Package perl-HTML-Parser.x86_64 0:3.71-4.el7 will be installed --> Processing Dependency: perl(HTML::Tagset) >= 3 for package: perl-HTML-Parser-3.71-4.el7.x86_64 ---> Package perl-HTTP-Date.noarch 0:6.02-8.el7 will be installed ---> Package perl-HTTP-Message.noarch 0:6.06-6.el7 will be installed --> Processing Dependency: perl(Encode::Locale) >= 1 for package: perl-HTTP-Message-6.06-6.el7.noarch --> Processing Dependency: perl(IO::HTML) for package: perl-HTTP-Message-6.06-6.el7.noarch ---> Package perl-HTTP-Negotiate.noarch 0:6.01-5.el7 will be installed ---> Package perl-IO-Multiplex.noarch 0:1.13-6.el7 will be installed ---> Package perl-IO-Socket-INET6.noarch 0:2.69-5.el7 will be installed ---> Package perl-IO-Zlib.noarch 1:1.10-285.el7 will be installed ---> Package perl-JSON.noarch 0:2.59-2.el7 will be installed ---> Package perl-LWP-MediaTypes.noarch 0:6.02-2.el7 will be installed --> Processing Dependency: mailcap for package: perl-LWP-MediaTypes-6.02-2.el7.noarch ---> Package perl-Net-SMTP-SSL.noarch 0:1.01-13.el7 will be installed ---> Package perl-Package-Constants.noarch 1:0.02-285.el7 will be installed ---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed --> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch --> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch --> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch ---> Package perl-Text-Soundex.x86_64 0:3.04-4.el7 will be installed --> Processing Dependency: perl(Text::Unidecode) for package: perl-Text-Soundex-3.04-4.el7.x86_64 ---> Package perl-TimeDate.noarch 1:2.30-2.el7 will be installed ---> Package perl-XML-SAX-Base.noarch 0:1.08-7.el7 will be installed ---> Package perl-XML-SAX-Writer.noarch 0:0.53-4.el7 will be installed --> Processing Dependency: perl(XML::NamespaceSupport) for package: perl-XML-SAX-Writer-0.53-4.el7.noarch --> Processing Dependency: perl(XML::Filter::BufferText) for package: perl-XML-SAX-Writer-0.53-4.el7.noarch ---> Package perl-libwww-perl.noarch 0:6.05-2.el7 will be installed --> Processing Dependency: perl(WWW::RobotRules) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch --> Processing Dependency: perl(Net::HTTP) >= 6.04 for package: perl-libwww-perl-6.05-2.el7.noarch --> Processing Dependency: perl(HTTP::Daemon) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch --> Processing Dependency: perl(HTTP::Cookies) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch --> Processing Dependency: perl(File::Listing) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch ---> Package perl-version.x86_64 3:0.99.07-2.el7 will be installed ---> Package portreserve.x86_64 0:0.0.5-10.el7 will be installed ---> Package procmail.x86_64 0:3.22-34.el7_0.1 will be installed ---> Package psmisc.x86_64 0:22.20-8.el7 will be installed --> Running transaction check ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed ---> Package perl-Business-ISBN-Data.noarch 0:20120719.001-2.el7 will be installed ---> Package perl-Encode-Locale.noarch 0:1.03-5.el7 will be installed ---> Package perl-ExtUtils-Install.noarch 0:1.58-285.el7 will be installed --> Processing Dependency: perl-devel for package: perl-ExtUtils-Install-1.58-285.el7.noarch ---> Package perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 will be installed ---> Package perl-File-Listing.noarch 0:6.04-7.el7 will be installed ---> Package perl-HTML-Tagset.noarch 0:3.20-15.el7 will be installed ---> Package perl-HTTP-Cookies.noarch 0:6.01-5.el7 will be installed ---> Package perl-HTTP-Daemon.noarch 0:6.01-5.el7 will be installed ---> Package perl-IO-HTML.noarch 0:1.00-2.el7 will be installed ---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed ---> Package perl-Net-HTTP.noarch 0:6.06-2.el7 will be installed ---> Package perl-Test-Harness.noarch 0:3.28-2.el7 will be installed ---> Package perl-Text-Unidecode.noarch 0:0.04-20.el7 will be installed ---> Package perl-WWW-RobotRules.noarch 0:6.02-5.el7 will be installed ---> Package perl-XML-Filter-BufferText.noarch 0:1.01-17.el7 will be installed ---> Package perl-XML-NamespaceSupport.noarch 0:1.11-10.el7 will be installed --> Running transaction check ---> Package perl-devel.x86_64 4:5.16.3-285.el7 will be installed --> Processing Dependency: systemtap-sdt-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64 --> Processing Dependency: perl(ExtUtils::ParseXS) for package: 4:perl-devel-5.16.3-285.el7.x86_64 --> Processing Dependency: libdb-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64 --> Processing Dependency: glibc-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64 --> Processing Dependency: gdbm-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64 --> Running transaction check ---> Package gdbm-devel.x86_64 0:1.10-8.el7 will be installed ---> Package glibc-devel.x86_64 0:2.17-78.el7 will be installed --> Processing Dependency: glibc-headers = 2.17-78.el7 for package: glibc-devel-2.17-78.el7.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.17-78.el7.x86_64 ---> Package libdb-devel.x86_64 0:5.3.21-17.el7_0.1 will be installed ---> Package perl-ExtUtils-ParseXS.noarch 1:3.18-2.el7 will be installed ---> Package systemtap-sdt-devel.x86_64 0:2.6-10.el7_1 will be installed --> Processing Dependency: pyparsing for package: systemtap-sdt-devel-2.6-10.el7_1.x86_64 --> Running transaction check ---> Package glibc-headers.x86_64 0:2.17-78.el7 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-78.el7.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.17-78.el7.x86_64 ---> Package pyparsing.noarch 0:1.5.6-9.el7 will be installed --> Running transaction check ---> Package kernel-headers.x86_64 0:3.10.0-229.14.1.el7 will be installed --> Finished Dependency Resolution Changes in packages about to be updated: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: amavisd-new noarch 2.10.1-4.el7 epel 847 k Installing for dependencies: altermime x86_64 0.3.10-10.el7 epel 57 k arj x86_64 3.10.22-22.el7 epel 171 k bzip2 x86_64 1.0.6-12.el7 base 52 k cabextract x86_64 1.5-1.el7 epel 43 k freeze x86_64 2.5.0-16.el7 epel 31 k gdbm-devel x86_64 1.10-8.el7 base 47 k glibc-devel x86_64 2.17-78.el7 base 1.0 M glibc-headers x86_64 2.17-78.el7 base 656 k kernel-headers x86_64 3.10.0-229.14.1.el7 updates 2.3 M libdb-devel x86_64 5.3.21-17.el7_0.1 base 38 k libmspack x86_64 0.5-0.1.alpha.el7 epel 63 k lrzip x86_64 0.614-3.el7 epel 187 k lzop x86_64 1.03-10.el7 base 54 k mailcap noarch 2.1.41-2.el7 base 31 k nomarch x86_64 1.4-11.el7 epel 20 k p7zip x86_64 9.20.1-5.el7 epel 610 k p7zip-plugins x86_64 9.20.1-5.el7 epel 871 k pax x86_64 3.4-19.el7 base 74 k perl-Archive-Tar noarch 1.92-2.el7 base 73 k perl-Archive-Zip noarch 1.30-11.el7 base 107 k perl-Authen-SASL noarch 2.15-10.el7 base 57 k perl-BerkeleyDB x86_64 0.51-4.el7 epel 148 k perl-Business-ISBN noarch 2.06-2.el7 base 25 k perl-Business-ISBN-Data noarch 20120719.001-2.el7 base 24 k perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-Convert-ASN1 noarch 0.26-4.el7 base 54 k perl-Convert-BinHex noarch 1.119-20.el7 epel 44 k perl-Convert-TNEF noarch 0.18-2.el7 epel 22 k perl-Convert-UUlib x86_64 2:1.4-5.el7 epel 213 k perl-Crypt-OpenSSL-Bignum x86_64 0.04-18.el7 base 34 k perl-Crypt-OpenSSL-RSA x86_64 0.28-7.el7 base 38 k perl-Crypt-OpenSSL-Random x86_64 0.04-21.el7 base 24 k perl-DBD-SQLite x86_64 1.39-3.el7 base 1.3 M perl-DBI x86_64 1.627-4.el7 base 802 k perl-DB_File x86_64 1.830-6.el7 base 74 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-Digest noarch 1.17-245.el7 base 23 k perl-Digest-HMAC noarch 1.03-5.el7 base 16 k perl-Digest-MD5 x86_64 2.52-3.el7 base 30 k perl-Digest-SHA x86_64 1:5.85-3.el7 base 58 k perl-Digest-SHA1 x86_64 2.13-9.el7 base 50 k perl-Encode-Detect x86_64 1.01-13.el7 base 82 k perl-Encode-Locale noarch 1.03-5.el7 base 16 k perl-Error noarch 1:0.17020-2.el7 base 32 k perl-ExtUtils-Install noarch 1.58-285.el7 base 73 k perl-ExtUtils-MakeMaker noarch 6.68-3.el7 base 275 k perl-ExtUtils-Manifest noarch 1.61-244.el7 base 31 k perl-ExtUtils-ParseXS noarch 1:3.18-2.el7 base 77 k perl-File-Listing noarch 6.04-7.el7 base 13 k perl-GSSAPI x86_64 0.28-9.el7 base 59 k perl-HTML-Parser x86_64 3.71-4.el7 base 115 k perl-HTML-Tagset noarch 3.20-15.el7 base 18 k perl-HTTP-Cookies noarch 6.01-5.el7 base 26 k perl-HTTP-Daemon noarch 6.01-5.el7 base 20 k perl-HTTP-Date noarch 6.02-8.el7 base 14 k perl-HTTP-Message noarch 6.06-6.el7 base 82 k perl-HTTP-Negotiate noarch 6.01-5.el7 base 17 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-IO-HTML noarch 1.00-2.el7 base 23 k perl-IO-Multiplex noarch 1.13-6.el7 epel 25 k perl-IO-Socket-INET6 noarch 2.69-5.el7 base 20 k perl-IO-Socket-IP noarch 0.21-4.el7 base 35 k perl-IO-Socket-SSL noarch 1.94-3.el7 base 113 k perl-IO-Zlib noarch 1:1.10-285.el7 base 50 k perl-IO-stringy noarch 2.110-22.el7 base 71 k perl-JSON noarch 2.59-2.el7 base 96 k perl-LDAP noarch 1:0.56-3.el7 base 411 k perl-LWP-MediaTypes noarch 6.02-2.el7 base 24 k perl-MIME-tools noarch 5.505-1.el7 epel 256 k perl-Mail-DKIM noarch 0.39-8.el7 base 129 k perl-Mail-SPF noarch 2.8.0-4.el7 base 140 k perl-MailTools noarch 2.12-2.el7 base 108 k perl-Net-DNS x86_64 0.72-5.el7 base 308 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-Net-HTTP noarch 6.06-2.el7 base 29 k perl-Net-LibIDN x86_64 0.12-15.el7 base 28 k perl-Net-SMTP-SSL noarch 1.01-13.el7 base 9.1 k perl-Net-SSLeay x86_64 1.55-3.el7 base 285 k perl-Net-Server noarch 2.007-2.el7 epel 208 k perl-NetAddr-IP x86_64 4.069-3.el7 base 125 k perl-Package-Constants noarch 1:0.02-285.el7 base 44 k perl-PlRPC noarch 0.2020-14.el7 base 36 k perl-Razor-Agent x86_64 2.85-15.el7 epel 121 k perl-Socket6 x86_64 0.23-15.el7 base 27 k perl-Sys-Syslog x86_64 0.33-3.el7 base 42 k perl-Test-Harness noarch 3.28-2.el7 base 302 k perl-Text-Soundex x86_64 3.04-4.el7 base 19 k perl-Text-Unidecode noarch 0.04-20.el7 base 114 k perl-TimeDate noarch 1:2.30-2.el7 base 52 k perl-URI noarch 1.60-9.el7 base 106 k perl-Unix-Syslog x86_64 1.1-17.el7 epel 29 k perl-WWW-RobotRules noarch 6.02-5.el7 base 18 k perl-XML-Filter-BufferText noarch 1.01-17.el7 base 11 k perl-XML-NamespaceSupport noarch 1.11-10.el7 base 18 k perl-XML-SAX-Base noarch 1.08-7.el7 base 32 k perl-XML-SAX-Writer noarch 0.53-4.el7 base 25 k perl-devel x86_64 4:5.16.3-285.el7 base 452 k perl-libwww-perl noarch 6.05-2.el7 base 205 k perl-version x86_64 3:0.99.07-2.el7 base 84 k portreserve x86_64 0.0.5-10.el7 base 25 k procmail x86_64 3.22-34.el7_0.1 base 171 k psmisc x86_64 22.20-8.el7 base 140 k pyparsing noarch 1.5.6-9.el7 base 94 k spamassassin x86_64 3.4.0-1.el7 base 1.2 M systemtap-sdt-devel x86_64 2.6-10.el7_1 updates 63 k tmpwatch x86_64 2.11-5.el7 base 38 k unzoo x86_64 4.4-16.el7 epel 24 k Transaction Summary ================================================================================ Install 1 Package (+108 Dependent packages) Total download size: 17 M Installed size: 44 M Is this ok [y/d/N]: y Downloading packages: (1/109): altermime-0.3.10-10.el7.x86_64.rpm | 57 kB 00:00 (2/109): amavisd-new-2.10.1-4.el7.noarch.rpm | 847 kB 00:00 (3/109): arj-3.10.22-22.el7.x86_64.rpm | 171 kB 00:00 (4/109): cabextract-1.5-1.el7.x86_64.rpm | 43 kB 00:00 (5/109): freeze-2.5.0-16.el7.x86_64.rpm | 31 kB 00:00 (6/109): bzip2-1.0.6-12.el7.x86_64.rpm | 52 kB 00:00 (7/109): gdbm-devel-1.10-8.el7.x86_64.rpm | 47 kB 00:00 (8/109): glibc-devel-2.17-78.el7.x86_64.rpm | 1.0 MB 00:00 (9/109): glibc-headers-2.17-78.el7.x86_64.rpm | 656 kB 00:00 (10/109): libdb-devel-5.3.21-17.el7_0.1.x86_64.rpm | 38 kB 00:00 (11/109): lzop-1.03-10.el7.x86_64.rpm | 54 kB 00:00 (12/109): kernel-headers-3.10.0-229.14.1.el7.x86_64.rpm | 2.3 MB 00:00 (13/109): libmspack-0.5-0.1.alpha.el7.x86_64.rpm | 63 kB 00:00 (14/109): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00 (15/109): lrzip-0.614-3.el7.x86_64.rpm | 187 kB 00:00 (16/109): nomarch-1.4-11.el7.x86_64.rpm | 20 kB 00:00 (17/109): p7zip-plugins-9.20.1-5.el7.x86_64.rpm | 871 kB 00:00 (18/109): p7zip-9.20.1-5.el7.x86_64.rpm | 610 kB 00:00 (19/109): pax-3.4-19.el7.x86_64.rpm | 74 kB 00:00 (20/109): perl-Archive-Tar-1.92-2.el7.noarch.rpm | 73 kB 00:00 (21/109): perl-Archive-Zip-1.30-11.el7.noarch.rpm | 107 kB 00:00 (22/109): perl-Authen-SASL-2.15-10.el7.noarch.rpm | 57 kB 00:00 (23/109): perl-Business-ISBN-2.06-2.el7.noarch.rpm | 25 kB 00:00 (24/109): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm | 32 kB 00:00 (25/109): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm | 57 kB 00:00 (26/109): perl-Convert-ASN1-0.26-4.el7.noarch.rpm | 54 kB 00:00 (27/109): perl-BerkeleyDB-0.51-4.el7.x86_64.rpm | 148 kB 00:00 (28/109): perl-Business-ISBN-Data-20120719.001-2.el7.noarc | 24 kB 00:00 (29/109): perl-Convert-TNEF-0.18-2.el7.noarch.rpm | 22 kB 00:00 (30/109): perl-Convert-UUlib-1.4-5.el7.x86_64.rpm | 213 kB 00:00 (31/109): perl-Convert-BinHex-1.119-20.el7.noarch.rpm | 44 kB 00:00 (32/109): perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64.rpm | 34 kB 00:00 (33/109): perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64.rpm | 24 kB 00:00 (34/109): perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64.rpm | 38 kB 00:00 (35/109): perl-DBD-SQLite-1.39-3.el7.x86_64.rpm | 1.3 MB 00:00 (36/109): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00 (37/109): perl-DB_File-1.830-6.el7.x86_64.rpm | 74 kB 00:00 (38/109): perl-Data-Dumper-2.145-3.el7.x86_64.rpm | 47 kB 00:00 (39/109): perl-Digest-1.17-245.el7.noarch.rpm | 23 kB 00:00 (40/109): perl-Digest-HMAC-1.03-5.el7.noarch.rpm | 16 kB 00:00 (41/109): perl-Digest-MD5-2.52-3.el7.x86_64.rpm | 30 kB 00:00 (42/109): perl-Digest-SHA-5.85-3.el7.x86_64.rpm | 58 kB 00:00 (43/109): perl-Digest-SHA1-2.13-9.el7.x86_64.rpm | 50 kB 00:00 (44/109): perl-Encode-Locale-1.03-5.el7.noarch.rpm | 16 kB 00:00 (45/109): perl-Encode-Detect-1.01-13.el7.x86_64.rpm | 82 kB 00:00 (46/109): perl-Error-0.17020-2.el7.noarch.rpm | 32 kB 00:00 (47/109): perl-ExtUtils-Install-1.58-285.el7.noarch.rpm | 73 kB 00:00 (48/109): perl-ExtUtils-Manifest-1.61-244.el7.noarch.rpm | 31 kB 00:00 (49/109): perl-ExtUtils-MakeMaker-6.68-3.el7.noarch.rpm | 275 kB 00:00 (50/109): perl-ExtUtils-ParseXS-3.18-2.el7.noarch.rpm | 77 kB 00:00 (51/109): perl-File-Listing-6.04-7.el7.noarch.rpm | 13 kB 00:00 (52/109): perl-GSSAPI-0.28-9.el7.x86_64.rpm | 59 kB 00:00 (53/109): perl-HTML-Parser-3.71-4.el7.x86_64.rpm | 115 kB 00:00 (54/109): perl-HTML-Tagset-3.20-15.el7.noarch.rpm | 18 kB 00:00 (55/109): perl-HTTP-Cookies-6.01-5.el7.noarch.rpm | 26 kB 00:00 (56/109): perl-HTTP-Daemon-6.01-5.el7.noarch.rpm | 20 kB 00:00 (57/109): perl-HTTP-Date-6.02-8.el7.noarch.rpm | 14 kB 00:00 (58/109): perl-HTTP-Negotiate-6.01-5.el7.noarch.rpm | 17 kB 00:00 (59/109): perl-HTTP-Message-6.06-6.el7.noarch.rpm | 82 kB 00:00 (60/109): perl-IO-Compress-2.061-2.el7.noarch.rpm | 260 kB 00:00 (61/109): perl-IO-HTML-1.00-2.el7.noarch.rpm | 23 kB 00:00 (62/109): perl-IO-Socket-INET6-2.69-5.el7.noarch.rpm | 20 kB 00:00 (63/109): perl-IO-Socket-SSL-1.94-3.el7.noarch.rpm | 113 kB 00:00 (64/109): perl-IO-Zlib-1.10-285.el7.noarch.rpm | 50 kB 00:00 (65/109): perl-IO-stringy-2.110-22.el7.noarch.rpm | 71 kB 00:00 (66/109): perl-JSON-2.59-2.el7.noarch.rpm | 96 kB 00:00 (67/109): perl-LDAP-0.56-3.el7.noarch.rpm | 411 kB 00:00 (68/109): perl-LWP-MediaTypes-6.02-2.el7.noarch.rpm | 24 kB 00:00 (69/109): perl-Mail-DKIM-0.39-8.el7.noarch.rpm | 129 kB 00:00 (70/109): perl-Mail-SPF-2.8.0-4.el7.noarch.rpm | 140 kB 00:00 (71/109): perl-MailTools-2.12-2.el7.noarch.rpm | 108 kB 00:00 (72/109): perl-Net-DNS-0.72-5.el7.x86_64.rpm | 308 kB 00:00 (73/109): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00 (74/109): perl-Net-HTTP-6.06-2.el7.noarch.rpm | 29 kB 00:00 (75/109): perl-Net-LibIDN-0.12-15.el7.x86_64.rpm | 28 kB 00:00 (76/109): perl-IO-Multiplex-1.13-6.el7.noarch.rpm | 25 kB 00:00 (77/109): perl-Net-SMTP-SSL-1.01-13.el7.noarch.rpm | 9.1 kB 00:00 (78/109): perl-IO-Socket-IP-0.21-4.el7.noarch.rpm | 35 kB 00:00 (79/109): perl-Net-SSLeay-1.55-3.el7.x86_64.rpm | 285 kB 00:00 (80/109): perl-NetAddr-IP-4.069-3.el7.x86_64.rpm | 125 kB 00:00 (81/109): perl-Package-Constants-0.02-285.el7.noarch.rpm | 44 kB 00:00 (82/109): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00 (83/109): perl-MIME-tools-5.505-1.el7.noarch.rpm | 256 kB 00:00 (84/109): perl-Razor-Agent-2.85-15.el7.x86_64.rpm | 121 kB 00:00 (85/109): perl-Net-Server-2.007-2.el7.noarch.rpm | 208 kB 00:00 (86/109): perl-Socket6-0.23-15.el7.x86_64.rpm | 27 kB 00:00 (87/109): perl-Sys-Syslog-0.33-3.el7.x86_64.rpm | 42 kB 00:00 (88/109): perl-Text-Soundex-3.04-4.el7.x86_64.rpm | 19 kB 00:00 (89/109): perl-Test-Harness-3.28-2.el7.noarch.rpm | 302 kB 00:00 (90/109): perl-Text-Unidecode-0.04-20.el7.noarch.rpm | 114 kB 00:00 (91/109): perl-TimeDate-2.30-2.el7.noarch.rpm | 52 kB 00:00 (92/109): perl-URI-1.60-9.el7.noarch.rpm | 106 kB 00:00 (93/109): perl-WWW-RobotRules-6.02-5.el7.noarch.rpm | 18 kB 00:00 (94/109): perl-XML-NamespaceSupport-1.11-10.el7.noarch.rpm | 18 kB 00:00 (95/109): perl-XML-SAX-Base-1.08-7.el7.noarch.rpm | 32 kB 00:00 (96/109): perl-XML-SAX-Writer-0.53-4.el7.noarch.rpm | 25 kB 00:00 (97/109): perl-devel-5.16.3-285.el7.x86_64.rpm | 452 kB 00:00 (98/109): perl-libwww-perl-6.05-2.el7.noarch.rpm | 205 kB 00:00 (99/109): perl-version-0.99.07-2.el7.x86_64.rpm | 84 kB 00:00 (100/109): portreserve-0.0.5-10.el7.x86_64.rpm | 25 kB 00:00 (101/109): procmail-3.22-34.el7_0.1.x86_64.rpm | 171 kB 00:00 (102/109): psmisc-22.20-8.el7.x86_64.rpm | 140 kB 00:00 (103/109): pyparsing-1.5.6-9.el7.noarch.rpm | 94 kB 00:00 (104/109): spamassassin-3.4.0-1.el7.x86_64.rpm | 1.2 MB 00:00 (105/109): perl-XML-Filter-BufferText-1.01-17.el7.noarch.r | 11 kB 00:00 (106/109): perl-Unix-Syslog-1.1-17.el7.x86_64.rpm | 29 kB 00:00 (107/109): tmpwatch-2.11-5.el7.x86_64.rpm | 38 kB 00:00 (108/109): systemtap-sdt-devel-2.6-10.el7_1.x86_64.rpm | 63 kB 00:00 (109/109): unzoo-4.4-16.el7.x86_64.rpm | 24 kB 00:00 -------------------------------------------------------------------------------- Total 4.7 MB/s | 17 MB 00:03 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : perl-Data-Dumper-2.145-3.el7.x86_64 1/109 Installing : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 2/109 Installing : perl-Sys-Syslog-0.33-3.el7.x86_64 3/109 Installing : perl-NetAddr-IP-4.069-3.el7.x86_64 4/109 Installing : perl-XML-SAX-Base-1.08-7.el7.noarch 5/109 Installing : perl-Net-LibIDN-0.12-15.el7.x86_64 6/109 Installing : perl-Socket6-0.23-15.el7.x86_64 7/109 Installing : perl-Encode-Locale-1.03-5.el7.noarch 8/109 Installing : 1:perl-TimeDate-2.30-2.el7.noarch 9/109 Installing : perl-HTTP-Date-6.02-8.el7.noarch 10/109 Installing : perl-Digest-1.17-245.el7.noarch 11/109 Installing : perl-Digest-MD5-2.52-3.el7.x86_64 12/109 Installing : 1:perl-Digest-SHA-5.85-3.el7.x86_64 13/109 Installing : perl-Digest-HMAC-1.03-5.el7.noarch 14/109 Installing : perl-Net-DNS-0.72-5.el7.x86_64 15/109 Installing : perl-Net-SSLeay-1.55-3.el7.x86_64 16/109 Installing : perl-IO-Socket-IP-0.21-4.el7.noarch 17/109 Installing : perl-IO-Socket-SSL-1.94-3.el7.noarch 18/109 Installing : perl-IO-stringy-2.110-22.el7.noarch 19/109 Installing : perl-Net-SMTP-SSL-1.01-13.el7.noarch 20/109 Installing : perl-MailTools-2.12-2.el7.noarch 21/109 Installing : perl-File-Listing-6.04-7.el7.noarch 22/109 Installing : perl-IO-Socket-INET6-2.69-5.el7.noarch 23/109 Installing : perl-XML-Filter-BufferText-1.01-17.el7.noarch 24/109 Installing : perl-Archive-Zip-1.30-11.el7.noarch 25/109 Installing : freeze-2.5.0-16.el7.x86_64 26/109 Installing : altermime-0.3.10-10.el7.x86_64 27/109 Installing : 1:perl-Error-0.17020-2.el7.noarch 28/109 Installing : perl-Test-Harness-3.28-2.el7.noarch 29/109 Installing : perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64 30/109 Installing : perl-Net-Daemon-0.48-5.el7.noarch 31/109 Installing : pax-3.4-19.el7.x86_64 32/109 Installing : pyparsing-1.5.6-9.el7.noarch 33/109 Installing : systemtap-sdt-devel-2.6-10.el7_1.x86_64 34/109 Installing : 1:perl-Package-Constants-0.02-285.el7.noarch 35/109 Installing : kernel-headers-3.10.0-229.14.1.el7.x86_64 36/109 Installing : glibc-headers-2.17-78.el7.x86_64 37/109 Installing : glibc-devel-2.17-78.el7.x86_64 38/109 Installing : 2:perl-Convert-UUlib-1.4-5.el7.x86_64 39/109 Installing : perl-Text-Unidecode-0.04-20.el7.noarch 40/109 Installing : perl-Text-Soundex-3.04-4.el7.x86_64 41/109 Installing : perl-IO-HTML-1.00-2.el7.noarch 42/109 Installing : nomarch-1.4-11.el7.x86_64 43/109 Installing : perl-Unix-Syslog-1.1-17.el7.x86_64 44/109 Installing : perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64 45/109 Installing : perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64 46/109 Installing : perl-Mail-DKIM-0.39-8.el7.noarch 47/109 Installing : lzop-1.03-10.el7.x86_64 48/109 Installing : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 49/109 Installing : perl-IO-Compress-2.061-2.el7.noarch 50/109 Installing : 1:perl-IO-Zlib-1.10-285.el7.noarch 51/109 Installing : perl-Archive-Tar-1.92-2.el7.noarch 52/109 Installing : perl-Net-HTTP-6.06-2.el7.noarch 53/109 Installing : perl-PlRPC-0.2020-14.el7.noarch 54/109 Installing : perl-DBI-1.627-4.el7.x86_64 55/109 Installing : perl-DBD-SQLite-1.39-3.el7.x86_64 56/109 Installing : perl-BerkeleyDB-0.51-4.el7.x86_64 57/109 Installing : perl-ExtUtils-Manifest-1.61-244.el7.noarch 58/109 Installing : mailcap-2.1.41-2.el7.noarch 59/109 Installing : perl-LWP-MediaTypes-6.02-2.el7.noarch 60/109 Installing : perl-JSON-2.59-2.el7.noarch 61/109 Installing : perl-Convert-ASN1-0.26-4.el7.noarch 62/109 Installing : p7zip-9.20.1-5.el7.x86_64 63/109 Installing : perl-IO-Multiplex-1.13-6.el7.noarch 64/109 Installing : perl-Net-Server-2.007-2.el7.noarch 65/109 Installing : arj-3.10.22-22.el7.x86_64 66/109 Installing : perl-DB_File-1.830-6.el7.x86_64 67/109 Installing : perl-Encode-Detect-1.01-13.el7.x86_64 68/109 Installing : procmail-3.22-34.el7_0.1.x86_64 69/109 Installing : perl-GSSAPI-0.28-9.el7.x86_64 70/109 Installing : perl-Authen-SASL-2.15-10.el7.noarch 71/109 Installing : unzoo-4.4-16.el7.x86_64 72/109 Installing : portreserve-0.0.5-10.el7.x86_64 73/109 Installing : libmspack-0.5-0.1.alpha.el7.x86_64 74/109 Installing : cabextract-1.5-1.el7.x86_64 75/109 Installing : gdbm-devel-1.10-8.el7.x86_64 76/109 Installing : 3:perl-version-0.99.07-2.el7.x86_64 77/109 Installing : perl-Convert-BinHex-1.119-20.el7.noarch 78/109 Installing : perl-MIME-tools-5.505-1.el7.noarch 79/109 Installing : perl-Convert-TNEF-0.18-2.el7.noarch 80/109 Installing : perl-HTML-Tagset-3.20-15.el7.noarch 81/109 Installing : libdb-devel-5.3.21-17.el7_0.1.x86_64 82/109 Installing : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch 83/109 Installing : perl-ExtUtils-Install-1.58-285.el7.noarch 84/109 Installing : 1:perl-ExtUtils-ParseXS-3.18-2.el7.noarch 85/109 Installing : 4:perl-devel-5.16.3-285.el7.x86_64 86/109 Installing : perl-Digest-SHA1-2.13-9.el7.x86_64 87/109 Installing : lrzip-0.614-3.el7.x86_64 88/109 Installing : perl-XML-NamespaceSupport-1.11-10.el7.noarch 89/109 Installing : perl-XML-SAX-Writer-0.53-4.el7.noarch 90/109 Installing : perl-Business-ISBN-Data-20120719.001-2.el7.noarch 91/109 Installing : perl-Business-ISBN-2.06-2.el7.noarch 92/109 Installing : perl-URI-1.60-9.el7.noarch 93/109 Installing : perl-HTTP-Message-6.06-6.el7.noarch 94/109 Installing : perl-HTML-Parser-3.71-4.el7.x86_64 95/109 Installing : perl-HTTP-Negotiate-6.01-5.el7.noarch 96/109 Installing : perl-Mail-SPF-2.8.0-4.el7.noarch 97/109 Installing : perl-HTTP-Cookies-6.01-5.el7.noarch 98/109 Installing : perl-HTTP-Daemon-6.01-5.el7.noarch 99/109 Installing : perl-Razor-Agent-2.85-15.el7.x86_64 100/109 Installing : perl-WWW-RobotRules-6.02-5.el7.noarch 101/109 Installing : perl-libwww-perl-6.05-2.el7.noarch 102/109 Installing : spamassassin-3.4.0-1.el7.x86_64 103/109 Installing : 1:perl-LDAP-0.56-3.el7.noarch 104/109 Installing : p7zip-plugins-9.20.1-5.el7.x86_64 105/109 Installing : psmisc-22.20-8.el7.x86_64 106/109 Installing : tmpwatch-2.11-5.el7.x86_64 107/109 Installing : bzip2-1.0.6-12.el7.x86_64 108/109 Installing : amavisd-new-2.10.1-4.el7.noarch 109/109 Verifying : perl-IO-stringy-2.110-22.el7.noarch 1/109 Verifying : perl-IO-Socket-IP-0.21-4.el7.noarch 2/109 Verifying : cabextract-1.5-1.el7.x86_64 3/109 Verifying : perl-XML-SAX-Writer-0.53-4.el7.noarch 4/109 Verifying : perl-LWP-MediaTypes-6.02-2.el7.noarch 5/109 Verifying : perl-Mail-SPF-2.8.0-4.el7.noarch 6/109 Verifying : bzip2-1.0.6-12.el7.x86_64 7/109 Verifying : psmisc-22.20-8.el7.x86_64 8/109 Verifying : p7zip-plugins-9.20.1-5.el7.x86_64 9/109 Verifying : perl-Sys-Syslog-0.33-3.el7.x86_64 10/109 Verifying : perl-Razor-Agent-2.85-15.el7.x86_64 11/109 Verifying : perl-Business-ISBN-Data-20120719.001-2.el7.noarch 12/109 Verifying : perl-DBI-1.627-4.el7.x86_64 13/109 Verifying : glibc-devel-2.17-78.el7.x86_64 14/109 Verifying : perl-XML-NamespaceSupport-1.11-10.el7.noarch 15/109 Verifying : amavisd-new-2.10.1-4.el7.noarch 16/109 Verifying : perl-Data-Dumper-2.145-3.el7.x86_64 17/109 Verifying : lrzip-0.614-3.el7.x86_64 18/109 Verifying : perl-Digest-SHA1-2.13-9.el7.x86_64 19/109 Verifying : 1:perl-Digest-SHA-5.85-3.el7.x86_64 20/109 Verifying : glibc-headers-2.17-78.el7.x86_64 21/109 Verifying : systemtap-sdt-devel-2.6-10.el7_1.x86_64 22/109 Verifying : perl-Net-HTTP-6.06-2.el7.noarch 23/109 Verifying : 4:perl-devel-5.16.3-285.el7.x86_64 24/109 Verifying : libdb-devel-5.3.21-17.el7_0.1.x86_64 25/109 Verifying : perl-HTML-Tagset-3.20-15.el7.noarch 26/109 Verifying : perl-Convert-BinHex-1.119-20.el7.noarch 27/109 Verifying : 3:perl-version-0.99.07-2.el7.x86_64 28/109 Verifying : perl-MailTools-2.12-2.el7.noarch 29/109 Verifying : perl-Mail-DKIM-0.39-8.el7.noarch 30/109 Verifying : spamassassin-3.4.0-1.el7.x86_64 31/109 Verifying : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch 32/109 Verifying : 1:perl-IO-Zlib-1.10-285.el7.noarch 33/109 Verifying : gdbm-devel-1.10-8.el7.x86_64 34/109 Verifying : libmspack-0.5-0.1.alpha.el7.x86_64 35/109 Verifying : portreserve-0.0.5-10.el7.x86_64 36/109 Verifying : unzoo-4.4-16.el7.x86_64 37/109 Verifying : perl-Net-SSLeay-1.55-3.el7.x86_64 38/109 Verifying : perl-Digest-HMAC-1.03-5.el7.noarch 39/109 Verifying : perl-GSSAPI-0.28-9.el7.x86_64 40/109 Verifying : procmail-3.22-34.el7_0.1.x86_64 41/109 Verifying : perl-Encode-Detect-1.01-13.el7.x86_64 42/109 Verifying : perl-Net-DNS-0.72-5.el7.x86_64 43/109 Verifying : perl-MIME-tools-5.505-1.el7.noarch 44/109 Verifying : perl-DB_File-1.830-6.el7.x86_64 45/109 Verifying : arj-3.10.22-22.el7.x86_64 46/109 Verifying : 1:perl-LDAP-0.56-3.el7.noarch 47/109 Verifying : perl-IO-Multiplex-1.13-6.el7.noarch 48/109 Verifying : perl-HTTP-Date-6.02-8.el7.noarch 49/109 Verifying : perl-IO-Socket-SSL-1.94-3.el7.noarch 50/109 Verifying : perl-Digest-1.17-245.el7.noarch 51/109 Verifying : p7zip-9.20.1-5.el7.x86_64 52/109 Verifying : perl-File-Listing-6.04-7.el7.noarch 53/109 Verifying : perl-Convert-ASN1-0.26-4.el7.noarch 54/109 Verifying : perl-JSON-2.59-2.el7.noarch 55/109 Verifying : perl-Business-ISBN-2.06-2.el7.noarch 56/109 Verifying : mailcap-2.1.41-2.el7.noarch 57/109 Verifying : perl-ExtUtils-Manifest-1.61-244.el7.noarch 58/109 Verifying : perl-DBD-SQLite-1.39-3.el7.x86_64 59/109 Verifying : perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64 60/109 Verifying : perl-BerkeleyDB-0.51-4.el7.x86_64 61/109 Verifying : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 62/109 Verifying : lzop-1.03-10.el7.x86_64 63/109 Verifying : perl-HTML-Parser-3.71-4.el7.x86_64 64/109 Verifying : perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64 65/109 Verifying : perl-WWW-RobotRules-6.02-5.el7.noarch 66/109 Verifying : perl-Digest-MD5-2.52-3.el7.x86_64 67/109 Verifying : perl-HTTP-Message-6.06-6.el7.noarch 68/109 Verifying : perl-Unix-Syslog-1.1-17.el7.x86_64 69/109 Verifying : perl-Authen-SASL-2.15-10.el7.noarch 70/109 Verifying : nomarch-1.4-11.el7.x86_64 71/109 Verifying : perl-HTTP-Cookies-6.01-5.el7.noarch 72/109 Verifying : perl-HTTP-Negotiate-6.01-5.el7.noarch 73/109 Verifying : perl-Net-SMTP-SSL-1.01-13.el7.noarch 74/109 Verifying : perl-IO-HTML-1.00-2.el7.noarch 75/109 Verifying : perl-Text-Unidecode-0.04-20.el7.noarch 76/109 Verifying : perl-PlRPC-0.2020-14.el7.noarch 77/109 Verifying : 2:perl-Convert-UUlib-1.4-5.el7.x86_64 78/109 Verifying : 1:perl-TimeDate-2.30-2.el7.noarch 79/109 Verifying : perl-IO-Socket-INET6-2.69-5.el7.noarch 80/109 Verifying : perl-Text-Soundex-3.04-4.el7.x86_64 81/109 Verifying : perl-Archive-Tar-1.92-2.el7.noarch 82/109 Verifying : perl-XML-SAX-Base-1.08-7.el7.noarch 83/109 Verifying : perl-Convert-TNEF-0.18-2.el7.noarch 84/109 Verifying : kernel-headers-3.10.0-229.14.1.el7.x86_64 85/109 Verifying : perl-IO-Compress-2.061-2.el7.noarch 86/109 Verifying : perl-NetAddr-IP-4.069-3.el7.x86_64 87/109 Verifying : 1:perl-Package-Constants-0.02-285.el7.noarch 88/109 Verifying : pyparsing-1.5.6-9.el7.noarch 89/109 Verifying : perl-Net-Server-2.007-2.el7.noarch 90/109 Verifying : pax-3.4-19.el7.x86_64 91/109 Verifying : perl-Net-Daemon-0.48-5.el7.noarch 92/109 Verifying : perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64 93/109 Verifying : perl-Test-Harness-3.28-2.el7.noarch 94/109 Verifying : tmpwatch-2.11-5.el7.x86_64 95/109 Verifying : perl-Encode-Locale-1.03-5.el7.noarch 96/109 Verifying : perl-XML-Filter-BufferText-1.01-17.el7.noarch 97/109 Verifying : perl-Socket6-0.23-15.el7.x86_64 98/109 Verifying : 1:perl-Error-0.17020-2.el7.noarch 99/109 Verifying : perl-ExtUtils-Install-1.58-285.el7.noarch 100/109 Verifying : perl-HTTP-Daemon-6.01-5.el7.noarch 101/109 Verifying : 1:perl-ExtUtils-ParseXS-3.18-2.el7.noarch 102/109 Verifying : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 103/109 Verifying : perl-libwww-perl-6.05-2.el7.noarch 104/109 Verifying : altermime-0.3.10-10.el7.x86_64 105/109 Verifying : freeze-2.5.0-16.el7.x86_64 106/109 Verifying : perl-URI-1.60-9.el7.noarch 107/109 Verifying : perl-Archive-Zip-1.30-11.el7.noarch 108/109 Verifying : perl-Net-LibIDN-0.12-15.el7.x86_64 109/109 Installed: amavisd-new.noarch 0:2.10.1-4.el7 Dependency Installed: altermime.x86_64 0:0.3.10-10.el7 arj.x86_64 0:3.10.22-22.el7 bzip2.x86_64 0:1.0.6-12.el7 cabextract.x86_64 0:1.5-1.el7 freeze.x86_64 0:2.5.0-16.el7 gdbm-devel.x86_64 0:1.10-8.el7 glibc-devel.x86_64 0:2.17-78.el7 glibc-headers.x86_64 0:2.17-78.el7 kernel-headers.x86_64 0:3.10.0-229.14.1.el7 libdb-devel.x86_64 0:5.3.21-17.el7_0.1 libmspack.x86_64 0:0.5-0.1.alpha.el7 lrzip.x86_64 0:0.614-3.el7 lzop.x86_64 0:1.03-10.el7 mailcap.noarch 0:2.1.41-2.el7 nomarch.x86_64 0:1.4-11.el7 p7zip.x86_64 0:9.20.1-5.el7 p7zip-plugins.x86_64 0:9.20.1-5.el7 pax.x86_64 0:3.4-19.el7 perl-Archive-Tar.noarch 0:1.92-2.el7 perl-Archive-Zip.noarch 0:1.30-11.el7 perl-Authen-SASL.noarch 0:2.15-10.el7 perl-BerkeleyDB.x86_64 0:0.51-4.el7 perl-Business-ISBN.noarch 0:2.06-2.el7 perl-Business-ISBN-Data.noarch 0:20120719.001-2.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-Convert-ASN1.noarch 0:0.26-4.el7 perl-Convert-BinHex.noarch 0:1.119-20.el7 perl-Convert-TNEF.noarch 0:0.18-2.el7 perl-Convert-UUlib.x86_64 2:1.4-5.el7 perl-Crypt-OpenSSL-Bignum.x86_64 0:0.04-18.el7 perl-Crypt-OpenSSL-RSA.x86_64 0:0.28-7.el7 perl-Crypt-OpenSSL-Random.x86_64 0:0.04-21.el7 perl-DBD-SQLite.x86_64 0:1.39-3.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-DB_File.x86_64 0:1.830-6.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-Digest.noarch 0:1.17-245.el7 perl-Digest-HMAC.noarch 0:1.03-5.el7 perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-Digest-SHA.x86_64 1:5.85-3.el7 perl-Digest-SHA1.x86_64 0:2.13-9.el7 perl-Encode-Detect.x86_64 0:1.01-13.el7 perl-Encode-Locale.noarch 0:1.03-5.el7 perl-Error.noarch 1:0.17020-2.el7 perl-ExtUtils-Install.noarch 0:1.58-285.el7 perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 perl-ExtUtils-ParseXS.noarch 1:3.18-2.el7 perl-File-Listing.noarch 0:6.04-7.el7 perl-GSSAPI.x86_64 0:0.28-9.el7 perl-HTML-Parser.x86_64 0:3.71-4.el7 perl-HTML-Tagset.noarch 0:3.20-15.el7 perl-HTTP-Cookies.noarch 0:6.01-5.el7 perl-HTTP-Daemon.noarch 0:6.01-5.el7 perl-HTTP-Date.noarch 0:6.02-8.el7 perl-HTTP-Message.noarch 0:6.06-6.el7 perl-HTTP-Negotiate.noarch 0:6.01-5.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-IO-HTML.noarch 0:1.00-2.el7 perl-IO-Multiplex.noarch 0:1.13-6.el7 perl-IO-Socket-INET6.noarch 0:2.69-5.el7 perl-IO-Socket-IP.noarch 0:0.21-4.el7 perl-IO-Socket-SSL.noarch 0:1.94-3.el7 perl-IO-Zlib.noarch 1:1.10-285.el7 perl-IO-stringy.noarch 0:2.110-22.el7 perl-JSON.noarch 0:2.59-2.el7 perl-LDAP.noarch 1:0.56-3.el7 perl-LWP-MediaTypes.noarch 0:6.02-2.el7 perl-MIME-tools.noarch 0:5.505-1.el7 perl-Mail-DKIM.noarch 0:0.39-8.el7 perl-Mail-SPF.noarch 0:2.8.0-4.el7 perl-MailTools.noarch 0:2.12-2.el7 perl-Net-DNS.x86_64 0:0.72-5.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-Net-HTTP.noarch 0:6.06-2.el7 perl-Net-LibIDN.x86_64 0:0.12-15.el7 perl-Net-SMTP-SSL.noarch 0:1.01-13.el7 perl-Net-SSLeay.x86_64 0:1.55-3.el7 perl-Net-Server.noarch 0:2.007-2.el7 perl-NetAddr-IP.x86_64 0:4.069-3.el7 perl-Package-Constants.noarch 1:0.02-285.el7 perl-PlRPC.noarch 0:0.2020-14.el7 perl-Razor-Agent.x86_64 0:2.85-15.el7 perl-Socket6.x86_64 0:0.23-15.el7 perl-Sys-Syslog.x86_64 0:0.33-3.el7 perl-Test-Harness.noarch 0:3.28-2.el7 perl-Text-Soundex.x86_64 0:3.04-4.el7 perl-Text-Unidecode.noarch 0:0.04-20.el7 perl-TimeDate.noarch 1:2.30-2.el7 perl-URI.noarch 0:1.60-9.el7 perl-Unix-Syslog.x86_64 0:1.1-17.el7 perl-WWW-RobotRules.noarch 0:6.02-5.el7 perl-XML-Filter-BufferText.noarch 0:1.01-17.el7 perl-XML-NamespaceSupport.noarch 0:1.11-10.el7 perl-XML-SAX-Base.noarch 0:1.08-7.el7 perl-XML-SAX-Writer.noarch 0:0.53-4.el7 perl-devel.x86_64 4:5.16.3-285.el7 perl-libwww-perl.noarch 0:6.05-2.el7 perl-version.x86_64 3:0.99.07-2.el7 portreserve.x86_64 0:0.0.5-10.el7 procmail.x86_64 0:3.22-34.el7_0.1 psmisc.x86_64 0:22.20-8.el7 pyparsing.noarch 0:1.5.6-9.el7 spamassassin.x86_64 0:3.4.0-1.el7 systemtap-sdt-devel.x86_64 0:2.6-10.el7_1 tmpwatch.x86_64 0:2.11-5.el7 unzoo.x86_64 0:4.4-16.el7 Complete!
Die Installation von amavisd-milter
, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:
# yum install amavisd-milter Loaded plugins: changelog, priorities 145 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package amavisd-milter.x86_64 0:1.6.0-6.el7.centos will be installed --> Processing Dependency: sendmail-milter for package: amavisd-milter-1.6.0-6.el7.centos.x86_64 --> Processing Dependency: libmilter.so.1.0()(64bit) for package: amavisd-milter-1.6.0-6.el7.centos.x86_64 --> Running transaction check ---> Package sendmail-milter.x86_64 0:8.14.7-4.el7 will be installed --> Finished Dependency Resolution Changes in packages about to be updated: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: amavisd-milter x86_64 1.6.0-6.el7.centos mailserver.guru-os 35 k Installing for dependencies: sendmail-milter x86_64 8.14.7-4.el7 base 70 k Transaction Summary ================================================================================ Install 1 Package (+1 Dependent package) Total download size: 104 k Installed size: 141 k Is this ok [y/d/N]: y Downloading packages: (1/2): amavisd-milter-1.6.0-6.el7.centos.x86_64.rpm | 35 kB 00:00 (2/2): sendmail-milter-8.14.7-4.el7.x86_64.rpm | 70 kB 00:00 -------------------------------------------------------------------------------- Total 255 kB/s | 104 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : sendmail-milter-8.14.7-4.el7.x86_64 1/2 Installing : amavisd-milter-1.6.0-6.el7.centos.x86_64 2/2 Verifying : amavisd-milter-1.6.0-6.el7.centos.x86_64 1/2 Verifying : sendmail-milter-8.14.7-4.el7.x86_64 2/2 Installed: amavisd-milter.x86_64 0:1.6.0-6.el7.centos Dependency Installed: sendmail-milter.x86_64 0:8.14.7-4.el7 Complete!
Die Installation von lz4
, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:
# yum install lz4 Loaded plugins: changelog, priorities 145 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package lz4.x86_64 0:r131-1.el7 will be installed --> Finished Dependency Resolution Changes in packages about to be updated: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lz4 x86_64 r131-1.el7 epel 70 k Transaction Summary ================================================================================ Install 1 Package Total download size: 70 k Installed size: 220 k Is this ok [y/d/N]: y Downloading packages: lz4-r131-1.el7.x86_64.rpm | 70 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : lz4-r131-1.el7.x86_64 1/1 Verifying : lz4-r131-1.el7.x86_64 1/1 Installed: lz4.x86_64 0:r131-1.el7 Complete!
amavisd-new
Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket amavisd-new
installiert wurden.
# rpm -qil amavisd-new Name : amavisd-new Version : 2.10.1 Release : 4.el7 Architecture: noarch Install Date: Fri 09 Oct 2015 01:27:25 PM CEST Group : Applications/System Size : 3257612 License : GPLv2+ and BSD and GFDL Signature : RSA/SHA256, Thu 14 May 2015 07:16:19 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : amavisd-new-2.10.1-4.el7.src.rpm Build Date : Thu 14 May 2015 09:20:44 AM CEST Build Host : buildhw-12.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://www.ijs.si/software/amavisd/ Summary : Email filter with virus scanner and spamassassin support Description : amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. No timing gaps exist in the design which could cause a mail loss. /etc/amavisd /etc/amavisd/amavisd.conf /etc/clamd.d/amavisd.conf /usr/bin/amavisd-agent /usr/bin/amavisd-nanny /usr/bin/amavisd-release /usr/bin/amavisd-signer /usr/bin/amavisd-submit /usr/lib/systemd/system/amavisd-clean-quarantine.service /usr/lib/systemd/system/amavisd-clean-quarantine.timer /usr/lib/systemd/system/amavisd-clean-tmp.service /usr/lib/systemd/system/amavisd-clean-tmp.timer /usr/lib/systemd/system/amavisd.service /usr/lib/tmpfiles.d/amavisd-new.conf /usr/sbin/amavisd /usr/share/doc/amavisd-new-2.10.1 /usr/share/doc/amavisd-new-2.10.1/AAAREADME.first /usr/share/doc/amavisd-new-2.10.1/INSTALL /usr/share/doc/amavisd-new-2.10.1/LDAP.ldif /usr/share/doc/amavisd-new-2.10.1/LDAP.schema /usr/share/doc/amavisd-new-2.10.1/README_FILES /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.banned /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.chroot /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.contributed /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.courier /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.courier-old /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.customize /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v3 /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v3_app /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4 /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4_app /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4_app2 /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.fedora /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.ldap /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.lookups /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.milter /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.old.scanners /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.performance /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.policy-on-notifications /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.postfix /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.postfix.html /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.protocol /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.quarantine /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail-dual /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail-dual.old /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql-mysql /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql-pg /usr/share/doc/amavisd-new-2.10.1/README_FILES/amavisd-new-docs.html /usr/share/doc/amavisd-new-2.10.1/README_FILES/images /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/blank.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/1.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/10.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/11.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/12.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/13.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/14.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/15.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/2.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/3.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/4.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/5.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/6.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/7.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/8.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/9.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/caution.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/draft.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/home.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/important.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/next.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/note.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/prev.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/tip.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-blank.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-minus.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-plus.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/up.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/images/warning.png /usr/share/doc/amavisd-new-2.10.1/README_FILES/screen.css /usr/share/doc/amavisd-new-2.10.1/RELEASE_NOTES /usr/share/doc/amavisd-new-2.10.1/TODO /usr/share/doc/amavisd-new-2.10.1/amavisd-custom.conf /usr/share/doc/amavisd-new-2.10.1/amavisd.conf-default /usr/share/doc/amavisd-new-2.10.1/test-messages /usr/share/doc/amavisd-new-2.10.1/test-messages/README /usr/share/doc/amavisd-new-2.10.1/test-messages/sample.tar.gz.compl /usr/share/licenses/amavisd-new-2.10.1 /usr/share/licenses/amavisd-new-2.10.1/LICENSE /var/run/amavisd /var/run/clamd.amavisd /var/spool/amavisd /var/spool/amavisd/db /var/spool/amavisd/quarantine /var/spool/amavisd/tmp
amavisd-milter
Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket amavisd-milter
installiert wurden.
# rpm -qil amavisd-milter Name : amavisd-milter Version : 1.6.0 Release : 6.el7.centos Architecture: x86_64 Install Date: Sat 10 Oct 2015 08:41:18 AM CEST Group : System Environment/Daemons Size : 72985 License : Petr Rehor <rx@rx.cz>. All rights reserved. Signature : RSA/SHA1, Fri 21 Nov 2014 11:43:03 AM CET, Key ID 60ecfb9e8195aea0 Source RPM : amavisd-milter-1.6.0-6.el7.centos.src.rpm Build Date : Fri 21 Nov 2014 11:42:50 AM CET Build Host : vml000200.dmz.nausch.org Relocations : (not relocatable) Packager : Django <django@nausch.org> Vendor : Amavisd-new URL : http://amavisd-milter.sourceforge.net/ Summary : Milter helper for Amavisd-new Description : amavisd-milter is a milter (mail filter) for amavisd-new 2.4.3 and above which uses the AM.PDP protocol. It has been tested to work with mail servers sendmail 8.13+ and postfix 2.9+ /etc/amavisd/amavisd-milter.conf /usr/lib/systemd/system/amavisd-milter.service /usr/sbin/amavisd-milter /usr/sbin/amavisd-milter-helper /usr/share/doc/amavisd-milter-1.6.0 /usr/share/doc/amavisd-milter-1.6.0/CHANGES /usr/share/doc/amavisd-milter-1.6.0/LICENSE /usr/share/doc/amavisd-milter-1.6.0/README /usr/share/doc/amavisd-milter-1.6.0/TODO /usr/share/man/man8/amavisd-milter.8.gz
lz4
Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket lz4
installiert wurden.
# rpm -qil lz4 Name : lz4 Version : r131 Release : 1.el7 Architecture: x86_64 Install Date: Sat 10 Oct 2015 03:24:16 PM CEST Group : Applications/System Size : 225613 License : GPLv2+ and BSD Signature : RSA/SHA256, Wed 08 Jul 2015 03:36:34 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : lz4-r131-1.el7.src.rpm Build Date : Mon 06 Jul 2015 06:47:15 PM CEST Build Host : buildvm-03.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : https://code.google.com/p/lz4/ Summary : Extremely fast compression algorithm Description : LZ4 is an extremely fast loss-less compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-core CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. /usr/bin/lz4 /usr/bin/lz4c /usr/bin/lz4cat /usr/bin/unlz4 /usr/lib64/liblz4.so.1 /usr/lib64/liblz4.so.1.7.1 /usr/share/doc/lz4-r131 /usr/share/doc/lz4-r131/COPYING /usr/share/doc/lz4-r131/NEWS /usr/share/man/man1/lz4.1.gz /usr/share/man/man1/lz4c.1.gz /usr/share/man/man1/lz4cat.1.gz /usr/share/man/man1/unlz4.1.gz
iptables Regel
Damit der AMaViS (A MAil Virus Scanner) auch über den AMaViS - amavisd-milter
erreichbar ist und nicht das Empfangen der IP-Paket vom Paketfilter iptables
blockiert wird, muss nachfolgende Regel zum iptables
-Regelwerk hinzugefügt werden.
Um die aktuellen iptables
-Regeln erweitern zu können, sollten diese erst einmal aufgelistet werden, was mit nachfolgendem Befehl durchgeführt werden kann:
# iptables -L -nv --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination
Nachfolgende Befehle, fügen folgende iptables
-Regeln dem iptables
-Regelwerk nach der Position 4 hinzu, ohne das der Paketfilter angehalten werden muss:
-A INPUT -p tcp --dport 10014 -j ACCEPT
-A INPUT -p tcp --dport 10024 -j ACCEPT
-A INPUT -p tcp --dport 10026 -j ACCEPT
und hier der Befehl:
# iptables -I INPUT 5 -p tcp --dport 10014 -j ACCEPT # iptables -I INPUT 6 -p tcp --dport 10024 -j ACCEPT # iptables -I INPUT 6 -p tcp --dport 10026 -j ACCEPT
Ein erneute Abfrage des iptables
-Regelwerts, sollte dann nachfolgend dargestellte Ausgabe ergeben, was mit folgendem Befehl durchgeführt werden kann:
# iptables -L -nv --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10014 state NEW 6 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10024 state NEW 7 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10026 state NEW 8 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination
Die neuen Zeilen sind an Position 5 (INPUT) und Position 7 (INPUT) zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (nur relevanter Ausschnitt):
... 5 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10014 state NEW 6 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10024 state NEW 7 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10026 state NEW ...
Um diese iptables
-Regel dauerhaft, auch nach einem Neustart des Server, weiterhin im iptables
-Regelwerk zu speichern, muss nachfolgend dargestellter Befehl abschließend noch ausgeführt werden:
# /usr/sbin/iptables-save > /etc/sysconfig/iptables
Konfiguration: amavisd
Bevor mit der eigentlichen Konfiguration begonnen werden soll, kann mit nachfolgenden Befehl ein Start des AMaViS im Vordergrund und im DEBUG-Modus durchgeführt werden, um überprüfen zu können, ob die gewünschten Module geladen werden und ob für das entpacken der von Archiven die benötigten Programme zur Verfügung stehen.
Ein Start im des AMaViS im Vordergrund und im DEBUG-Modusm kann mit nachfolgendem Befehl durchgeführt werden:
# amavisd -u amavis -c /etc/amavisd/amavisd.conf debug
/etc/amavisd/amavisd.conf
Standardmäßig wird nach der Installation von AMaViS in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS hinterlegt:
/etc/amavisd/amavisd.conf
Um alle möglichen Konfigurationsparameter einsehen zu können, wird mit der Installation des AMaViS nachfolgende Default-Konfigurationsdatei in nachfolgendem Verzeichnis mit nachfolgendem Namen installiert, welche als Referenz für alle Konfigurationsdirektiven verwendet werden kann:
/usr/share/doc/amavisd-new-2.10.1/amavisd.conf-default
bzw./usr/share/doc/amavisd-new-2.11.0/amavisd.conf-default
Welche Konfigurationsparameter gesetzt werden sollten, soll in nachfolgender Beispielkonfigurationsdatei dargestellt werden.
use strict; ## AMaViS - amavsid-new configuration. ## The 'after-default' comment indicates that these variables obtain their ## default value if the config file left them undefined. It means these values ## are not yet available during processing of the configuration file, but that ## they can derive their value from other configurations variables no matter ## where in the configuration file they appear. ## GENERAL $myhostname = 'amavis.idmz.tachtler.net'; # FQDN des Servers. $mydomain = 'tachtler.net'; # Basiseinstellung. # $snmp_contact = ''; # $snmp_location = ''; $daemon_user = 'amavis'; # Benutzer, unter dem der AMaViS-Dienst gestartet wird. [-u] $daemon_group = 'amavis'; # Gruppe, unter der der AMaViS-Dienst gestartet wird. [-g] $MYHOME = '/var/spool/amavisd'; # Basiseinstellung. [-H] $TEMPBASE = "$MYHOME/tmp"; # Arbeitsverzeichnis, muss vor dem Start existieren. [-T] $db_home = "$MYHOME/db"; # Verzeichnis fuer bdb nanny/cache/snmp Datenbanken. [-D] $pid_file = "/var/run/amavisd/amavisd.pid"; # PID (Process-ID)-Datei. [-P] $lock_file = "/var/run/amavisd/amavisd.lock"; # Lock (Process-Lock)-Datei. [-L] # $daemon_chroot_dir = undef; $max_requests = 20; # Beenden eines Kind-Prozesses nach xx Aufrufen. (Speicher). $max_servers = 4; # Anzahl der maximalen gleichzeitig laufenden Kind-Prozesse. [-m] $min_servers = 1; # Anzahl der minimal gleichzeitig laufenden Kind-Prozesse. $min_spare_servers = 1; # Anzahl der minimal vorgehaltenen Kind-Prozesse. $max_spare_servers = 3; # Anzahl der maximal vorgehaltenen Kind-Prozesse. # $child_timeout = 8*60; # $localpart_is_case_sensitive = 0; $enable_db = 1; # Nutzung der BerkeleyDB/libdb (SNMP und nanny). # $enable_zmq = undef; # @zmq_sockets = ( "ipc://$MYHOME/amavisd-zmq.sock" ); # after-default $nanny_details_level = 2; # nanny - Log-Level: 0 (aus), 1 (traditionell), 2 (detailiert). # @additional_perl_modules = (); @local_domains_maps = ( [".$mydomain"] ); # Liste aller lokalen Sub/Domains. @mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 192.168.2.0/25 88.217.171.167/32 ); # Liste aller als lokal angesehenen IP-Adressen und Netze. # @mynetworks_maps = (\@mynetworks); # @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps; ## LOGGING AND DEBUGGING $log_level = 3; # Log-Level: 0..5. [-d] # $logfile = undef; $do_syslog = 1; # Syslog-Schreibung nutzen. $syslog_ident = 'amavis'; # Dienst-Identitaet bei der syslog-Scheribung. $syslog_facility = 'mail'; # Dienst-Bereichs-Identitaet bei der syslog-Schereibung. # $logline_maxlen = 980; # enable_log_capture_dump = undef; # $log_short_templ ... built-in default at the end of file amavisd # $log_verbose_templ ... built-in default at the end of file amavisd # $log_recip_templ = ... built-in default at the end of file amavisd # $log_templ = $log_short_templ; # @debug_sender_acl = (); # @debug_sender_maps = (\@debug_sender_acl); # @debug_recipient_maps = (); # $sa_debug = undef; # $allow_preserving_evidence = 1; ## DKIM VERIFICATION $enable_dkim_verification = 0; # Deaktiviert die DKIM Ueberpruefung, wegen OpenDKIM-Milter! # $reputation_factor = 0.2; # @signer_reputation_maps = (); # @author_to_policy_bank_maps = (); # $dkim_minimum_key_bits = 1024; # $myauthservid = $myhostname; # after-default (RFC 5451) # $dkim_minimum_key_bits = 1024; ## DKIM SIGNING $enable_dkim_signing = 0; # Deaktiviert das Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key. dkim_key('tachtler.net', 'main', '/etc/pki/amavis/dkim/dkim.key', h=>'sha256'); # Spezifikationen zum DKIM-Schluessel und dessen Anwendung. # %dkim_signing_keys = (); @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); # Optionen zur DKIM-Signaturerstellung. # $dkim_signing_service = undef; # # for (qw(Accept-Language Archived-At Auto-Submitted Content-Alternative # Content-Base Content-Class Content-Description Content-Disposition # Content-Duration Content-Features Content-Id Content-Language # Content-Location Content-MD5 Content-Transfer-Encoding In-Reply-To # List-Archive List-Help List-Id List-Owner List-Post List-Subscribe # List-Unsubscribe Message-Context Message-ID MIME-Version # Organisation Organization Original-Message-ID Pics-Label # Precedence Received References Reply-To Resent-Date Resent-From # Resent-Message-ID Resent-Sender Sensitivity Solicitation # User-Agent VBR-Info X-Mailer)) { $signed_header_fields{lc $_} = 1 } # for (qw(From Date Subject Content-Type)) { $signed_header_fields{lc $_} = 2 } $signed_header_fields{'received'} = 0; # Received: from-Zeile aus DKIM-Signatur-Berechnung ausnehmen. ## MTA INTERFACE - INPUT # @listen_sockets = ... $unix_socketname and $inet_socket_port are added here $unix_socketname = "/var/run/amavisd/amavisd.sock"; # Unix socket zur Nutzung des AMaViS "helper protocol". # $unix_socket_mode = undef; # sets sockets protection (numeric mode), or undef $inet_socket_port = [10024,10026]; # Akzeptiert Verbindungen via TCP auf diesen Port(s) (SMTP...). $inet_socket_bind = undef; # AMaViS NICHT an einen Socket binden, sondern @inet_acl nutzen. # $inet_socket_bind = [ '127.0.0.1', '[::1]' ]; # if both inet & inet6 avail. # $inet_socket_bind = '127.0.0.1'; # if only inet available # $inet_socket_bind = '[::1]' # if only inet6 available @inet_acl = qw( 0.0.0.0/32 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 192.168.2.0/25 88.217.171.167/32 ); # AMaViS ist nicht auf dem MTA-Host und via Netzwerk erreichbar. # $listen_queue_size = undef; # $protocol = ... defaults to 'SMTP' or 'LMTP' (autodetected) on inet and inet6 # sockets; must be configured explicitly for Unix sockets. # Possible values: 'SMTP', 'LMTP', 'AM.PDP', # and with appropriate patches applied also: 'COURIER' or 'QMQPqq' # $soft_bounce = undef; # $smtpd_timeout = 8*60; # $smtpd_recipient_limit = 1100; # $smtpd_message_size_limit = undef; # site-wide limit # @message_size_limit_maps = (); # per-recipient limits # $smtpd_greeting_banner = '${helo-name} ${protocol} ${product} service ready'; # $smtpd_quit_banner = '${helo-name} ${product} closing transmission channel'; # $auth_required_inp = undef; # $auth_required_release = 1; # @auth_mech_avail=(); # empty list disables incoming AUTH; or: qw(PLAIN LOGIN) # $smtp_connection_cache_on_demand = 1; # $smtp_connection_cache_enable = 1; # $enforce_smtpd_message_size_limit_64kb_min = 1; # @smtpd_discard_ehlo_keywords = (); # Tachtler # SEE: https://raw.githubusercontent.com/benningm/amavisd-new/master/amavisd # SEE: http://search.cpan.org/~sullr/IO-Socket-SSL-2.049/lib/IO/Socket/SSL.pod#Description_Of_Methods $tls_security_level_in = 'may'; # Opportunistische TLS Transportverschluesselung eingehend aktiviere %smtpd_tls_server_options = ( SSL_verifycn_scheme => 'smtp', SSL_session_cache => 2, SSL_cert_file => '/etc/pki/amavis/certs/CAcert-class3-wildcard.crt', SSL_key_file => '/etc/pki/amavis/private/tachtler.net.key', SSL_dh_file => '/etc/pki/amavis/private/dh_2048.pem', SSL_ca_file => '/etc/pki/tls/certs/ca-bundle.crt', SSL_version => 'SSLv23:!SSLv3:!SSLv2', SSL_cipher_list => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA', SSL_honor_cipher_order => '1', SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_passwd_cb => sub { 'example' }, ); ## MTA INTERFACE - OUTPUT ## see also $notify_method, $forward_method and $*_quarantine_method $localhost_name = 'amavis.idmz.tachtler.net'; # Eigener EHLO Name, welcher in den Received-Zeilen verwendet wird. # $local_client_bind_address = undef; # my source IP address as a SMTP client # $auth_required_out = undef; # $amavis_auth_user = undef; # for submitting notifications and quarantine # $amavis_auth_pass = undef; # $auth_reauthenticate_forwarded = undef; # our credentials for forwarding too # Tachtler # SEE: https://raw.githubusercontent.com/benningm/amavisd-new/master/amavisd # SEE: http://search.cpan.org/~sullr/IO-Socket-SSL-2.049/lib/IO/Socket/SSL.pod#Description_Of_Methods $tls_security_level_out = 'may'; # Opportunistisches TLS Transportverschluesselung ausgehend aktivieren. %smtp_tls_client_options = ( # SSL_verifycn_scheme => 'smtp', SSL_verifycn_scheme => 'none', SSL_version => 'SSLv23:!SSLv3:!SSLv2', SSL_cipher_list => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA', SSL_client_ca_file => '/etc/pki/tls/certs/ca-bundle.crt', SSL_honor_cipher_order => '1', SSL_verify_mode => 'SSL_VERIFY_PEER', ); ## MAIL FORWARDING # Tachtler # default: # $forward_method = 'smtp:[127.0.0.1]:10025'; # may be arrayref $forward_method = 'smtp:[192.168.0.60]:10025'; # Rueckgabe von gescannten Nachrichten an Postfix. undef bei NUR MILTER !!! # # or 'smtp:[::1]:10025' when INET6 is available # @forward_method_maps = ( sub { Opaque(c('forward_method')) } ); # $resend_method = undef; # falls back to $forward_method # $always_bcc = undef; $final_virus_destiny = D_REJECT; # Aktion bei Virus e-Mails. (D_PASS, D_DISCARD, D_BOUNCE ,D_REJECT) $final_banned_destiny = D_REJECT; # Aktion bei geblockten Dateianhaengen e-Mails. $final_spam_destiny = D_REJECT; # Aktion bei SPAM e-Mails. $final_bad_header_destiny = D_PASS; # Aktion bei schlechten/unfvollstaendigen Header e-Mails. ## QUARANTINE # $release_method = undef; # falls back to $notify_method # $requeue_method = 'smtp:[127.0.0.1]:25'; # # or 'smtp:[::1]:25' when INET6 is available # $release_format = 'resend'; # (dsn), (arf), attach, plain, resend # $report_format = 'arf'; # (dsn), arf, attach, plain, resend # $attachment_password = ''; # '': no pwd, undef: PIN, code ref, or static str # $attachment_email_name = 'msg-%m.eml'; # $attachment_outer_name = 'msg-%m.zip'; # $virus_quarantine_method = 'local:virus-%m'; # $spam_quarantine_method = 'local:spam-%m.gz'; # $banned_files_quarantine_method = 'local:banned-%m'; # $bad_header_quarantine_method = 'local:badh-%m'; # $clean_quarantine_method = undef; # $archive_quarantine_method = undef; # $mail_id_size_bits = 72; $QUARANTINEDIR = undef; # KEIN Quarantaene Ablageort definiert. [-Q] # $quarantine_subdir_levels = undef; # 0 or 1 (undef treated as 0) # $sql_quarantine_chunksize_max; # see SQL section $virus_quarantine_to = undef; # KEIN Quarantaene Ablageort fuer Virus e-Mails. $banned_quarantine_to = undef; # KEIN Quarantaene Ablageort fuer geblockte Dateinanhaenge e-Mails. $bad_header_quarantine_to = undef; # KEIN Quarantaene Ablageort fuer schlechten/unfvollst. Header e-Mails. $spam_quarantine_to = undef; # KEIN Quarantaene Ablageort fuer SPAM e-Mails. # $spam_quarantine_bysender_to = undef; # $clean_quarantine_to = 'clean-quarantine'; # $archive_quarantine_to = 'archive-quarantine'; # @virus_quarantine_to_maps = (\$virus_quarantine_to); # @banned_quarantine_to_maps = (\$banned_quarantine_to); # @bad_header_quarantine_to_maps = (\$bad_header_quarantine_to); # @spam_quarantine_to_maps = (\$spam_quarantine_to); # @spam_quarantine_bysender_to_maps = (\$spam_quarantine_bysender_to); # @clean_quarantine_to_maps = (\$clean_quarantine_to); # @archive_quarantine_to_maps = (\$archive_quarantine_to); # %local_delivery_aliases ... predefined, used by a delivery method 'local:' $mailfrom_to_quarantine = ''; # Quarantaene Anwtort e-Mail-Adresse, undef (Original Absender), '' (<>). ## NOTIFICATIONS (DSN, admin, recip) $notify_method = 'smtp:[192.168.0.60]:10025'; # Transport von Meldungen über gescannte Nachrichten zurueck an Postfix. # # or 'smtp:[::1]:10025' when INET6 is available # $propagate_dsn_if_possible = 1; # $terminate_dsn_on_notify_success = 0; # $newvirus_admin = undef; $virus_admin = "virusalert\@$mydomain"; # E-Mail an, falls eine Virus entdeckt wurde. # $spam_admin = undef; $banned_admin = "bannedfilealert\@$mydomain"; # E-Mail an, falls eine Dateianhang geblockt wurde. # $bad_header_admin = undef; # $dsn_bcc = undef; # @newvirus_admin_maps = (\$newvirus_admin); # @virus_admin_maps = (\%virus_admin, \$virus_admin); # @banned_admin_maps = (\$banned_admin); # @spam_admin_maps = (\%spam_admin, \$spam_admin); # @bad_header_admin_maps = (\$bad_header_admin); # $hdr_encoding = 'UTF-8'; # header field bodies charset # $bdy_encoding = 'UTF-8'; # notification body text charset # $hdr_encoding_qb = 'Q'; # quoted-printable (Q or B) # $notify_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_sender_templ = ... built-in default at the end of file amavisd # $notify_spam_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_admin_templ = ... built-in default at the end of file amavisd # $notify_spam_admin_templ = ... built-in default at the end of file amavisd $notify_virus_recips_templ = read_text('/etc/amavisd/notify_virus_recips.txt'); # $notify_spam_recips_templ = ... built-in default at the end of file amavisd # $notify_release_templ = ... built-in default at the end of file amavisd # $notify_report_templ = ... built-in default at the end of file amavisd $mailfrom_notify_admin = "mailfilter\@$mydomain"; # Absender von administrativen Benachrichtigungen. $mailfrom_notify_recip = "mailfilter\@$mydomain"; # Absender von Empfaengerbenachrichtigungen. $mailfrom_notify_spamadmin = "spamfilter\@$mydomain"; # Absender von SPAM-Filter Benachrichtigungen. ## these are after-defaults: # $hdrfrom_notify_sender = "\"Content-filter at $myhostname\" <postmaster\@$myhostname>"; # $hdrfrom_notify_recip = ... derived from $mailfrom_notify_recip # $hdrfrom_notify_admin = ... derived from $mailfrom_notify_admin # $hdrfrom_notify_spamadmin = ... derived from $mailfrom_notify_spamadmin # $hdrfrom_notify_release = $hdrfrom_notify_sender; # $hdrfrom_notify_report = $hdrfrom_notify_sender; # $warnbannedsender = undef; # $warnbadhsender = undef; # $warn_offsite = undef; # $warnvirusrecip = undef; # $warnbannedrecip = undef; # $warnbadhrecip = undef; # @warnvirusrecip_maps = (\$warnvirusrecip); # @warnbannedrecip_maps = (\$warnbannedrecip); # @warnbadhrecip_maps = (\$warnbadhrecip); ## MODIFICATIONS TO PASSED MAIL # %allowed_added_header_fields = ...; # built-in default # %prefer_our_added_header_fields = ...; # built-in default # $remove_existing_x_scanned_headers = 0; # $remove_existing_spam_headers = 1; # @remove_existing_spam_headers_maps = (\$remove_existing_spam_headers); # $allow_fixing_improper_header = 1; # all-white folding lines and long lines # $allow_fixing_improper_header_folding = 1; # $allow_fixing_long_header_lines = 1; # $prepend_header_fields_hdridx = 0; # $X_HEADER_TAG = 'X-Virus-Scanned'; # after-default # $X_HEADER_LINE = "$myproduct_name at $mydomain"; # after-default $defang_virus = 1; # Fuegt die gesamte Virus e-Mail als MIME-Container an. $defang_banned = 1; # Fuegt die gesamte geblockte Dateianhang e-Mails als MIME-Container an. $defang_spam = 1; # Fuegt die gesamte SPAM e-Mail als MIME-Container an. # $defang_bad_header = undef; $defang_undecipherable = 1; # Fuegt die nicht leserliche e-Mail als MIME-Container an. # $defang_all = undef; # mostly for testing $defang_by_ccat{CC_BADH.",3"} = 1; # <NUL> oder <CR> Zeichen im Header enthalten. $defang_by_ccat{CC_BADH.",5"} = 1; # Header Zeile ist laenger als 998 Zeichen. $defang_by_ccat{CC_BADH.",6"} = 1; # Fehlerhafter Syntax im Header. # $allow_disclaimers = undef; # $outbound_disclaimers_only = undef; # $enable_anomy_sanitizer = 0; # @anomy_sanitizer_args = (); # a config file or list of var=value pairs # **************************************************************************** # * ! DISABLE alterMIME, when using amavisd-milter, it's NOT COMPATIBLE. ! * # **************************************************************************** $altermime = '/usr/bin/altermime'; # Pfad zum Programm (binary) alterMIME @altermime_args_defang = qw(--verbose --removeall); # Verarbeitung definieren. # Definition der einzelnen Disclaimersyntax und der entsprechenden Disclaimerdateien fuer die einzelnen Benutzer. @altermime_args_disclaimer = qw(--disclaimer=/etc/amavisd/altermime/_OPTION_.text --disclaimer-html=/etc/amavisd/altermime/_OPTION_.html); @disclaimer_options_bysender_maps = ( { 'root@tachtler.net' => 'disclaimer-root', 'postmaster@tachtler.net' => 'disclaimer-postmaster', 'klaus@tachtler.net' => 'disclaimer-klaus', '.' => 'disclaimer-default' }, ); # Definition der einzelnen Disclaimer. $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ]; # Anhaengen der Disclaimer beim verarbeiten der e-Mails. # $undecipherable_subject_tag = '***UNCHECKED*** '; $sa_spam_subject_tag = '***SPAM*** '; # Kennzeichnung im Betreff von als SPAM deklarierten Nachrichten. # $sa_spam_level_char = '*'; # @spam_subject_tag_maps = (\$sa_spam_subject_tag1); # N.B.: inconsistent name # @spam_subject_tag2_maps = (\$sa_spam_subject_tag); # N.B.: inconsistent name # @spam_subject_tag3_maps = (); ## ADDING ADDRESS EXTENSIONS TO RECIPIENTS - 'plus addressing' $recipient_delimiter = '+'; # Adresszusatz fuer Nachrichten mit 'Adress-Delimeter'. # $replace_existing_extension = 1; # $addr_extension_virus = undef; # $addr_extension_banned = undef; # $addr_extension_spam = undef; # $addr_extension_bad_header = undef; @addr_extension_virus_maps = ('virus'); # Adresszusatz fuer Viren Nachrichten. @addr_extension_banned_maps = ('banned'); # Adresszusatz fuer geblockte Dateianhaenge Nachrichten. @addr_extension_spam_maps = ('spam'); # Adresszusatz fuer SPAM Nachrichten. @addr_extension_bad_header_maps = ('badh'); # Adresszusatz fuer schlechten/unfvollstaendigen Header Nachrichten. ## MAIL DECODING # $bypass_decode_parts = undef; # $keep_decoded_original_re = undef; @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # let virus scanner see full original message qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); # $map_full_type_to_short_type_re = ... predefined regexp lookup table # @map_full_type_to_short_type_maps = (\$map_full_type_to_short_type_re); $MAXLEVELS = 14; # Verzeichnistiefe bei zu pruefenden e-Mail-Anhaengen. $MAXFILES = 3000; # Maximale Anzahl an Dateien bei zu pruefenden e-Mail-Anhaengen. $MIN_EXPANSION_QUOTA = 100*1024; # Minimale Groesse von Dateianhaengen, damit diese entpackt werden. $MAX_EXPANSION_QUOTA = 500*1024*1024; # Maximale Groesse von Dateianhaengen, bis zu der diese entpackt werden. # $MIN_EXPANSION_FACTOR = 5; # times original mail size # $MAX_EXPANSION_FACTOR = 500; # times original mail size $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # Suchpfadangaben fuer Zusatzprogramme. # $file = 'file'; # For backward compatibility the @decoders list defaults to use of legacy # variables $gzip, $bzip2, $lzop, ... It is cleaner to explicitly assign # a list to @decoders in amavisd.conf and directly specify program paths, # without indirections through legacy variables $gzip, etc. # # $gzip = $bzip2 = $lzop = $rpm2cpio = undef; # $uncompress = $unfreeze = $arc = $unarj = $unrar = undef; # $zoo = $lha = $pax = $cpio = $cabextract = undef; @decoders = ( ['mail', \&do_mime_decode], [[qw(asc uue hqx ync)], \&do_ascii], # not safe ['F', \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ], ['Z', \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ], ['gz', \&do_uncompress, 'gzip -d'], ['gz', \&do_gunzip], ['bz2', \&do_uncompress, 'bzip2 -d'], ['xz', \&do_uncompress, ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ], ['lzma', \&do_uncompress, ['lzmadec', 'xz -dc --format=lzma', 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], ['lrz', \&do_uncompress, ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], ['lzo', \&do_uncompress, 'lzop -d'], ['lz4', \&do_uncompress, ['lz4c -d'] ], ['rpm', \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ], [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ], # ['/usr/local/heirloom/usr/5bin/pax', 'pax', 'gcpio', 'cpio'] ['deb', \&do_ar, 'ar'], # ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill # Tachtler # default: ['rar', \&do_unrar, ['unrar', 'rar'] ], ['rar', \&do_unrar, ['7za', '7z'] ], ['arj', \&do_unarj, ['unarj', 'arj'] ], ['arc', \&do_arc, ['nomarch', 'arc'] ], ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], # ['doc', \&do_ole, 'ripole'], # no ripole package so far ['cab', \&do_cabextract, 'cabextract'], # ['tnef', \&do_tnef_ext, 'tnef'], # use internal do_tnef() instead ['tnef', \&do_tnef], # Tachtler # default: # ['lha', \&do_lha, 'lha'], # not safe, use 7z instead ['lha', \&do_lha, ['7za', '7z'] ], # not safe, use 7z instead # ['sit', \&do_unstuff, 'unstuff'], # not safe [['zip','kmz'], \&do_7zip, ['7za', '7z'] ], [['zip','kmz'], \&do_unzip], ['7z', \&do_7zip, ['7zr', '7za', '7z'] ], [[qw(gz bz2 Z tar)], \&do_7zip, ['7za', '7z'] ], [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)], \&do_7zip, '7z' ], # Tachtler # default: ['exe', \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ], ['exe', \&do_executable, ['7za','7z'], 'lha', ['unarj','arj'] ], ); ## ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS @av_scanners = ( ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # NOTE: run clamd under the same user as amavisd - or run it under its own # uid such as clamav, add user clamav to the amavis group, and then add # AllowSupplementaryGroups to clamd.conf; # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # this entry; when running chrooted one may prefer a socket under $MYHOME. ); @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ); # $first_infected_stops_scan = undef; # $virus_scanners_failure_is_fatal = undef; # $viruses_that_fake_sender_re = undef; # @viruses_that_fake_sender_maps = (\$viruses_that_fake_sender_re, 1); # @virus_name_to_policy_bank_maps = (); # # @virus_name_to_spam_score_maps = # (new_RE( # the order matters, first match wins # [ qr'^Structured\.(SSN|CreditCardNumber)\b' => 0.1 ], # [ qr'^(Heuristics\.)?Phishing\.' => 0.1 ], # [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ], # [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected # [ qr'^Sanesecurity\.Foxhole\.' => undef ],# keep as infected # [ qr'^Sanesecurity\.' => 0.1 ], # [ qr'^Sanesecurity_PhishBar_' => 0 ], # [ qr'^Sanesecurity.TestSig_' => 0 ], # [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ], # [ qr'^Email\.Spammail\b' => 0.1 ], # [ qr'^MSRBL-(Images|SPAM)\b' => 0.1 ], # [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ], # [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ], # [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ], # [ qr'^Safebrowsing\.' => 0.1 ], # [ qr'^winnow\.(phish|spam)\.' => 0.1 ], # [ qr'^INetMsg\.SpamDomain' => 0.1 ], # [ qr'^Doppelstern\.(Spam|Scam|Phishing|Junk|Lott|Loan)'=> 0.1 ], # [ qr'^Bofhland\.Phishing' => 0.1 ], # [ qr'^ScamNailer\.' => 0.1 ], # [ qr'^HTML/Bankish' => 0.1 ], # F-Prot # [ qr'^PORCUPINE_JUNK' => 0.1 ], # [ qr'^PORCUPINE_PHISHING' => 0.1 ], # [ qr'^Porcupine\.Junk' => 0.1 ], # [ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected # [ qr'^MBL_NA\.UNOFFICIAL' => 0.1 ], # false positives # [ qr'^MBL_' => undef ], # keep as infected # )); # @banned_filename_maps = ( 'DEFAULT' ); # %banned_rules = ( 'DEFAULT' => $banned_filename_re); # after-default $banned_filename_re = new_RE( ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'^\.(exe|lha|cab|dll)$', # banned file(1) types ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'.\.(pif|scr)$'i, # banned extensions - rudimentary # qr'^\.zip$', # block zip type ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type # qr'^\.wmf$', # Windows Metafile file(1) type # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, # qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose # qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic # qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi| msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd| wmf|wsc|wsf|wsh)$'ix, # banned extensions - long qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i, # consider also qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename qr'^\.ani$', # banned animated cursor file(1) type qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. # Tachtler - Word # qr'.\.(doc|docx)$'i, # block word files # qr'^application/vnd.ms-word$'i, # block word MIME types # Tachtler - Excel # qr'.\.(xls|xlsx)$'i, # block excel files # qr'^application/vnd.ms-excel$'i, # block excel MIME types # Tachtler - PowerPoint # qr'.\.(ppt|pptx)$'i, # block powerpoint files # qr'^application/vnd.ms-powerpoint$'i, # block powerpoint MIME types ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and http://www.cknow.com/vtutor/vtextensions.htm # $banned_namepath_re = undef; # regexp-style # @bypass_virus_checks_maps = (\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # @bypass_banned_checks_maps = (\%bypass_banned_checks, \@bypass_banned_checks_acl, \$bypass_banned_checks_re); # @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re); # @virus_lovers_maps = (\%virus_lovers, \@virus_lovers_acl, \$virus_lovers_re); # @banned_files_lovers_maps = (\%banned_files_lovers, \@banned_files_lovers_acl, \$banned_files_lovers_re); # @bad_header_lovers_maps = (\%bad_header_lovers, \@bad_header_lovers_acl, \$bad_header_lovers_re); # @unchecked_lovers_maps = (); # Tachtler - new - # $allowed_header_tests{$_} = 1 for qw(other mime 8bit control empty long # syntax missing multiple); $allowed_header_tests{'8bit'} = 0; ## ANTI-Spam CONTROLS $ENV{TMPDIR} = $TEMPBASE; # Umgebungsvariable temporaeres Verzeichnis fuer SpamAssassin. # @spam_scanners = ( ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'] ); # $helpers_home = $MYHOME; # after-default # $sa_configpath = undef; # $sa_siteconfigpath = undef; # $sa_num_instances = 1; # @sa_userconf_maps = (); # @sa_username_maps = (); $sa_mail_body_size_limit = 400*1024; # SpamAssassin einbinden, NUR bei e-Mail Groesse, bei <= Wert. $sa_local_tests_only = 0; # NUR Test ausfuehren, die OHNE Internetverbinden auskommen deaktivieren. # $sa_spawned = 0; # $dspam = undef; # $sa_timeout = 30; # @bypass_spam_checks_maps = (\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); # @spam_lovers_maps = (\%spam_lovers, \@spam_lovers_acl, \$spam_lovers_re); $sa_tag_level_deflt = '-1000.0'; # Hinzufuegen von SPAM-Header Informationen, bei >= Wert. $sa_tag2_level_deflt = 6.31; # Hinzufuegen von SPAM-Erkannt Informationen, bei >= Wert. # $sa_tag3_level_deflt = undef; $sa_kill_level_deflt = 6.31; # Aktion ausloesen bei SPAM-Nachrichten, bei >= Wert. $sa_dsn_cutoff_level = 10; # SPAM-Level, ab dem keine DSN-Benachrichtigung gesendet wird. $sa_crediblefrom_dsn_cutoff_level = 18; # SPAM-Level, ab dem keine DNS-From-Benachrichtigung gesendet wird. # $sa_quarantine_cutoff_level = 25; # SPAM-Level, ab dem keine Quarantaene Enlieferung erfolgt. # @spam_tag_level_maps = (\$sa_tag_level_deflt); # @spam_tag2_level_maps = (\$sa_tag2_level_deflt); # @spam_tag3_level_maps = (\$sa_tag3_level_deflt); # @spam_kill_level_maps = (\$sa_kill_level_deflt); # @spam_quarantine_cutoff_level_maps = (\$sa_quarantine_cutoff_level); # @spam_notifyadmin_cutoff_level_maps = (); # @spam_dsn_cutoff_level_maps = (\$sa_dsn_cutoff_level); # @spam_dsn_cutoff_level_bysender_maps = (\$sa_dsn_cutoff_level); # @spam_crediblefrom_dsn_cutoff_level_maps = # (\$sa_crediblefrom_dsn_cutoff_level); # @spam_crediblefrom_dsn_cutoff_level_bysender_maps = # (\$sa_crediblefrom_dsn_cutoff_level); $bounce_killer_score = 100; # SPAM-Punkte, fuer "joe-job" Rufschaedigung BOUNCE gelten, bei >= Wert. $penpals_bonus_score = 8; # NUR bei Einsatz von @storage_sql_dsn Datenbanken. # $penpals_halflife = 7*24*60*60; # $penpals_threshold_low = 1.0; $penpals_threshold_high = $sa_kill_level_deflt; # SPAM mit hohen Widererkennungswert, Punkte-Ueberschreitung, bei >= Wert. # $reputation_factor = 0.2; # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], # 'user3@example.com' => [{'.ebay.com' => -3.0}], # 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), # read_hash("/var/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); # @signer_reputation_maps = (); # @blacklist_sender_maps = (\%blacklist_sender, \@blacklist_sender_acl, \$blacklist_sender_re); # @whitelist_sender_maps = (\%whitelist_sender, \@whitelist_sender_acl, \$whitelist_sender_re); # $per_recip_blacklist_sender_lookup_tables = undef; # $per_recip_whitelist_sender_lookup_tables = undef; # deprecated # $os_fingerprint_method = undef; # $os_fingerprint_dst_ip_and_port = undef; ## SQL, LDAP, Redis # $database_sessions_persistent = 1; # $trim_trailing_space_in_lookup_result_fields = 0; # $lookup_maps_imply_sql_and_ldap = 1; # @storage_redis_dsn = (); # Redis server(s) for pen pals, IP reput, JSON log # $storage_redis_ttl = 16*24*60*60; # $enable_ip_repu = 1; # @ip_repu_ignore_networks = (); # @ip_repu_ignore_maps = (\@ip_repu_ignore_networks); # $redis_logging_key = undef; # $redis_logging_queue_size_limit = undef; # @lookup_sql_dsn = (); # SQL data source name for lookups, or empty # @storage_sql_dsn = (); # SQL data source name for log/quarantine, or empty # $sql_store_info_for_all_msgs = 1; # $sql_schema_version = $myversion_id_numeric; # $timestamp_fmt_mysql = undef; # $sql_partition_tag = undef; # $sql_allow_8bit_address = 0; # VARCHAR (0), VARBINARY/BYTEA (1) # $sql_lookups_no_at_means_domain = 0; # $sql_quarantine_chunksize_max = 16384; # $sql_select_policy = # 'SELECT *,users.id'. # ' FROM users LEFT JOIN policy ON users.policy_id=policy.id'. # ' WHERE users.email IN (%k) ORDER BY users.priority DESC'; # $sql_select_white_black_list = # 'SELECT wb'. # ' FROM wblist JOIN mailaddr ON wblist.sid=mailaddr.id'. # ' WHERE wblist.rid=? AND mailaddr.email IN (%k)'. # ' ORDER BY mailaddr.priority DESC'; # %sql_clause = ( # 'sel_policy' => \$sql_select_policy, # 'sel_wblist' => \$sql_select_white_black_list, # 'sel_adr' => # 'SELECT id FROM maddr WHERE partition_tag=? AND email=?', # 'ins_adr' => # 'INSERT INTO maddr (partition_tag, email, domain) VALUES (?,?,?)', # 'ins_msg' => # 'INSERT INTO msgs (partition_tag, mail_id, secret_id, am_id,'. # ' time_num, time_iso, sid, policy, client_addr, size, host)'. # ' VALUES (?,?,?,?,?,?,?,?,?,?,?)', # 'upd_msg' => # 'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'. # ' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?,'. # ' originating=?'. # ' WHERE partition_tag=? AND mail_id=?', # 'ins_rcp' => # 'INSERT INTO msgrcpt (partition_tag, mail_id, rseqnum, rid, is_local,'. # ' content, ds, rs, bl, wl, bspam_level, smtp_resp)'. # ' VALUES (?,?,?,?,?,?,?,?,?,?,?,?)', # 'ins_quar' => # 'INSERT INTO quarantine (partition_tag, mail_id, chunk_ind, mail_text)'. # ' VALUES (?,?,?,?)', # 'sel_msg' => # obtains partition_tag if missing in a release request # 'SELECT partition_tag FROM msgs WHERE mail_id=?', # 'sel_quar' => # 'SELECT mail_text FROM quarantine'. # ' WHERE partition_tag=? AND mail_id=?'. # ' ORDER BY chunk_ind', # 'sel_penpals' => # no message-id references list # "SELECT msgs.time_num, msgs.mail_id, subject". # " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)". # " WHERE sid=? AND rid=? AND msgs.content!='V' AND ds='P'". # " ORDER BY msgs.time_num DESC", # LIMIT 1 # 'sel_penpals_msgid' => # with a nonempty list of message-id references # "SELECT msgs.time_num, msgs.mail_id, subject, message_id, rid". # " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)". # " WHERE sid=? AND msgs.content!='V' AND ds='P' AND message_id IN (%m)". # " AND rid!=sid". # " ORDER BY rid=? DESC, msgs.time_num DESC", # LIMIT 1 # ); ## LDAP, Please see file README.lookups for more info. # $enable_ldap = 0; # $ldap_lookups_no_at_means_domain = 0; # # $default_ldap = { # hostname => 'localhost', # localaddr => undef, # port => undef, # 389 or 636, default provided by Net::LDAP # scheme => undef, # 'ldaps' or 'ldap', depending on hostname # inet6 => $have_inet6 ? 1 : 0, # version => 3, # timeout => 120, # deref => 'find', # bind_dn => undef, # bind_password => undef, # tls => 0, # verify => 'none', # sslversion => 'tlsv1', # clientcert => undef, # clientkey => undef, # cafile => undef, # capath => undef, # sasl => 0, # sasl_mech => undef, # space-separated list of mech names # sasl_auth_id => undef, # }; ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value ## MAPPING A CONTENTS CATEGORY TO A SETTING CHOSEN # %final_destiny_maps_by_ccat = ( # # value is normally a list of by-recipient lookup tables, but for compa- # # tibility with old %final_destiny_by_ccat a value may also be a scalar # CC_VIRUS, sub { c('final_virus_destiny') }, # CC_BANNED, sub { c('final_banned_destiny') }, # CC_UNCHECKED, sub { c('final_unchecked_destiny') }, # CC_SPAM, sub { c('final_spam_destiny') }, # CC_BADH, sub { c('final_bad_header_destiny') }, # CC_MTA.',1', D_TEMPFAIL, # MTA response was 4xx # CC_MTA.',2', D_REJECT, # MTA response was 5xx # CC_MTA, D_TEMPFAIL, # CC_OVERSIZED, D_BOUNCE, # CC_CATCHALL, D_PASS, # ); # %forward_method_maps_by_ccat = ( # CC_CATCHALL, sub { ca('forward_method_maps') }, # ); # %smtp_reason_by_ccat = ( # # currently only used for blocked messages only, status 5xx # # a multiline message will produce a valid multiline SMTP response # CC_VIRUS, 'id=%n - INFECTED: %V', # CC_BANNED, 'id=%n - BANNED: %F', # CC_UNCHECKED.',1', 'id=%n - UNCHECKED: encrypted', # CC_UNCHECKED.',2', 'id=%n - UNCHECKED: over limits', # CC_UNCHECKED, 'id=%n - UNCHECKED', # CC_SPAM, 'id=%n - spam', # CC_SPAMMY.',1', 'id=%n - spammy (tag3)', # CC_SPAMMY, 'id=%n - spammy', # CC_BADH.',1', 'id=%n - BAD HEADER: MIME error', # CC_BADH.',2', 'id=%n - BAD HEADER: nonencoded 8-bit character', # CC_BADH.',3', 'id=%n - BAD HEADER: contains invalid control character', # CC_BADH.',4', 'id=%n - BAD HEADER: line made up entirely of whitespace', # CC_BADH.',5', 'id=%n - BAD HEADER: line longer than RFC 5322 limit', # CC_BADH.',6', 'id=%n - BAD HEADER: syntax error', # CC_BADH.',7', 'id=%n - BAD HEADER: missing required header field', # CC_BADH.',8', 'id=%n - BAD HEADER: duplicate header field', # CC_BADH, 'id=%n - BAD HEADER', # CC_OVERSIZED, 'id=%n - Message size exceeds recipient\'s size limit', # CC_MTA.',1', 'id=%n - Temporary MTA failure on relaying', # CC_MTA.',2', 'id=%n - Rejected by next-hop MTA on relaying', # CC_MTA, 'id=%n - Unable to relay message back to MTA', # CC_CLEAN, 'id=%n - CLEAN', # CC_CATCHALL, 'id=%n - OTHER', # should not happen # ); # %lovers_maps_by_ccat = ( # CC_VIRUS, sub { ca('virus_lovers_maps') }, # CC_BANNED, sub { ca('banned_files_lovers_maps') }, # CC_UNCHECKED, sub { ca('unchecked_lovers_maps') }, # CC_SPAM, sub { ca('spam_lovers_maps') }, # CC_SPAMMY, sub { ca('spam_lovers_maps') }, # CC_BADH, sub { ca('bad_header_lovers_maps') }, # ); # %defang_maps_by_ccat = ( # # compatible with legacy %defang_by_ccat: value may be a scalar # CC_VIRUS, sub { c('defang_virus') }, # CC_BANNED, sub { c('defang_banned') }, # CC_UNCHECKED, sub { c('defang_undecipherable') }, # CC_SPAM, sub { c('defang_spam') }, # CC_SPAMMY, sub { c('defang_spam') }, # # CC_BADH.',3', 1, # NUL or CR character in header section # # CC_BADH.',5', 1, # header line longer than 998 characters # # CC_BADH.',6', 1, # header field syntax error # CC_BADH, sub { c('defang_bad_header') }, # ); # %subject_tag_maps_by_ccat = ( # CC_VIRUS, [ '***INFECTED*** ' ], # CC_BANNED, undef, # CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] }, # not by-recip # CC_SPAM, undef, # CC_SPAMMY.',1', sub { ca('spam_subject_tag3_maps') }, # CC_SPAMMY, sub { ca('spam_subject_tag2_maps') }, # CC_CLEAN.',1', sub { ca('spam_subject_tag_maps') }, # ); # %quarantine_method_by_ccat = ( # CC_VIRUS, sub { c('virus_quarantine_method') }, # CC_BANNED, sub { c('banned_files_quarantine_method') }, # CC_UNCHECKED, sub { c('unchecked_quarantine_method') }, # CC_SPAM, sub { c('spam_quarantine_method') }, # CC_BADH, sub { c('bad_header_quarantine_method') }, # CC_CLEAN, sub { c('clean_quarantine_method') }, # ); # %quarantine_to_maps_by_ccat = ( # CC_VIRUS, sub { ca('virus_quarantine_to_maps') }, # CC_BANNED, sub { ca('banned_quarantine_to_maps') }, # CC_UNCHECKED, sub { ca('unchecked_quarantine_to_maps') }, # CC_SPAM, sub { ca('spam_quarantine_to_maps') }, # CC_BADH, sub { ca('bad_header_quarantine_to_maps') }, # CC_CLEAN, sub { ca('clean_quarantine_to_maps') }, # ); # Tachtler - new - # Disable notifications about ***UNCHECKED*** messages. %admin_maps_by_ccat = ( CC_VIRUS, sub { ca('virus_admin_maps') }, CC_BANNED, sub { ca('banned_admin_maps') }, # CC_UNCHECKED, sub { ca('virus_admin_maps') }, CC_SPAM, sub { ca('spam_admin_maps') }, CC_BADH, sub { ca('bad_header_admin_maps') }, ); # %always_bcc_by_ccat = ( # CC_CATCHALL, sub { c('always_bcc') }, # ); # %dsn_bcc_by_ccat = ( # CC_CATCHALL, sub { c('dsn_bcc') }, # ); # %mailfrom_notify_admin_by_ccat = ( # CC_SPAM, sub { c('mailfrom_notify_spamadmin') }, # CC_CATCHALL, sub { c('mailfrom_notify_admin') }, # ); # %hdrfrom_notify_admin_by_ccat = ( # CC_SPAM, sub { c('hdrfrom_notify_spamadmin') }, # CC_CATCHALL, sub { c('hdrfrom_notify_admin') }, # ); # %mailfrom_notify_recip_by_ccat = ( # CC_CATCHALL, sub { c('mailfrom_notify_recip') }, # ); # %hdrfrom_notify_recip_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_recip') }, # ); # %hdrfrom_notify_sender_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_sender') }, # ); # %hdrfrom_notify_release_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_release') }, # ); # %hdrfrom_notify_report_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_report') }, # ); # %notify_admin_templ_by_ccat = ( # CC_SPAM, sub { cr('notify_spam_admin_templ') }, # CC_CATCHALL, sub { cr('notify_virus_admin_templ') }, # ); # %notify_recips_templ_by_ccat = ( # CC_SPAM, sub { cr('notify_spam_recips_templ') }, #usually empty # CC_CATCHALL, sub { cr('notify_virus_recips_templ') }, # ); # %notify_sender_templ_by_ccat = ( # bounce templates # CC_VIRUS, sub { cr('notify_virus_sender_templ') }, # CC_BANNED, sub { cr('notify_virus_sender_templ') }, #historical reason # CC_SPAM, sub { cr('notify_spam_sender_templ') }, # CC_CATCHALL, sub { cr('notify_sender_templ') }, # ); # %notify_release_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_release_templ') }, # ); # %notify_report_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_report_templ') }, # ); # %notify_autoresp_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_autoresp_templ') }, # ); # %warnsender_by_ccat = ( # deprecated use, except perhaps for CC_BADH # CC_VIRUS, undef, # CC_BANNED, sub { c('warnbannedsender') }, # CC_SPAM, undef, # CC_BADH, sub { c('warnbadhsender') }, # ); # %warnrecip_maps_by_ccat = ( # CC_VIRUS, sub { ca('warnvirusrecip_maps') }, # CC_BANNED, sub { ca('warnbannedrecip_maps') }, # CC_SPAM, undef, # CC_BADH, sub { ca('warnbadhrecip_maps') }, # ); # %addr_extension_maps_by_ccat = ( # CC_VIRUS, sub { ca('addr_extension_virus_maps') }, # CC_BANNED, sub { ca('addr_extension_banned_maps') }, # CC_SPAM, sub { ca('addr_extension_spam_maps') }, # CC_SPAMMY, sub { ca('addr_extension_spam_maps') }, # CC_BADH, sub { ca('addr_extension_bad_header_maps') }, # # CC_OVERSIZED, 'oversized'; # ); # %addr_rewrite_maps_by_ccat = ( ); ## POLICY BANKS $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname $interface_policy{'10026'} = 'ORIGINATING'; # %interface_policy = (); # maps input interface/port to policy bank name $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit allow_disclaimers => 1, # enables disclaimer insertion if available os_fingerprint_method => undef, # don't query p0f for internal clients }; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["mailfilter\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service back to postfix forward_method => 'smtp:[192.168.0.60]:10027', # notify to a smtpd service back to postfix notify_method => 'smtp:[192.168.0.60]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; # $policy_bank{''} = { ...predefined... }; ## the built-in policy bank (empty name) is predefined, and includes ## references to most other variables listed above (the dynamic config ## variables), which are accessed only indirectly through the currently ## installed policy bank. Overlaying a policy bank with another policy ## bank may bring-in references to entirely different variables, ## possibly unnamed. Here is a list of configuration variables ## referenced from the built-in policy bank by keys of the same name ## (e.g. { log_level => \$log_level, inet_acl => \@inet_acl, ...} ) ## ## $child_timeout $smtpd_timeout ## $policy_bank_name $protocol @inet_acl ## $myhostname $myauthservid $snmp_contact $snmp_location ## $myprogram_name $syslog_ident $syslog_facility ## $log_level $log_templ $log_recip_templ $enable_log_capture_dump ## $forward_method $notify_method $resend_method $report_format ## $release_method $requeue_method $release_format ## $attachment_password $attachment_email_name $attachment_outer_name ## $os_fingerprint_method $os_fingerprint_dst_ip_and_port ## $originating @smtpd_discard_ehlo_keywords $soft_bounce ## $propagate_dsn_if_possible $terminate_dsn_on_notify_success ## $amavis_auth_user $amavis_auth_pass $auth_reauthenticate_forwarded ## $auth_required_out $auth_required_inp $auth_required_release ## @auth_mech_avail $tls_security_level_in $tls_security_level_out ## $local_client_bind_address $smtpd_message_size_limit ## $localhost_name $smtpd_greeting_banner $smtpd_quit_banner ## $mailfrom_to_quarantine $warn_offsite $bypass_decode_parts @decoders ## @av_scanners @av_scanners_backup @spam_scanners ## $first_infected_stops_scan $virus_scanners_failure_is_fatal ## $sa_spam_level_char $sa_mail_body_size_limit ## $penpals_bonus_score $penpals_halflife $bounce_killer_score ## $reputation_factor ## $undecipherable_subject_tag $localpart_is_case_sensitive ## $recipient_delimiter $replace_existing_extension ## $hdr_encoding $bdy_encoding $hdr_encoding_qb ## $allow_disclaimers $outbound_disclaimers_only ## $prepend_header_fields_hdridx ## $allow_fixing_improper_header ## $allow_fixing_improper_header_folding $allow_fixing_long_header_lines ## %allowed_added_header_fields %prefer_our_added_header_fields ## %allowed_header_tests ## $X_HEADER_TAG $X_HEADER_LINE ## $remove_existing_x_scanned_headers $remove_existing_spam_headers ## %sql_clause $partition_tag ## %local_delivery_aliases $banned_namepath_re ## $per_recip_whitelist_sender_lookup_tables ## $per_recip_blacklist_sender_lookup_tables ## @anomy_sanitizer_args @altermime_args_defang ## @altermime_args_disclaimer @disclaimer_options_bysender_maps ## %signed_header_fields @dkim_signature_options_bysender_maps ## $enable_dkim_verification $enable_dkim_signing $dkim_signing_service ## $dkim_minimum_key_bits $enable_ldap $enable_ip_repu $redis_logging_key ## ## @local_domains_maps ## @mynetworks_maps @client_ipaddr_policy @ip_repu_ignore_maps ## @forward_method_maps @newvirus_admin_maps @banned_filename_maps ## @spam_quarantine_bysender_to_maps ## @spam_tag_level_maps @spam_tag2_level_maps @spam_tag3_level_maps ## @spam_kill_level_maps ## @spam_subject_tag_maps @spam_subject_tag2_maps @spam_subject_tag3_maps ## @spam_dsn_cutoff_level_maps @spam_dsn_cutoff_level_bysender_maps ## @spam_crediblefrom_dsn_cutoff_level_maps ## @spam_crediblefrom_dsn_cutoff_level_bysender_maps ## @spam_quarantine_cutoff_level_maps @spam_notifyadmin_cutoff_level_maps ## @whitelist_sender_maps @blacklist_sender_maps @score_sender_maps ## @author_to_policy_bank_maps @signer_reputation_maps ## @message_size_limit_maps @debug_sender_maps @debug_recipient_maps ## @bypass_virus_checks_maps @bypass_spam_checks_maps ## @bypass_banned_checks_maps @bypass_header_checks_maps ## @viruses_that_fake_sender_maps ## @virus_name_to_spam_score_maps @virus_name_to_policy_bank_maps ## @remove_existing_spam_headers_maps ## @sa_userconf_maps @sa_username_maps ## ## %final_destiny_maps_by_ccat %forward_method_maps_by_ccat ## %lovers_maps_by_ccat %defang_maps_by_ccat %subject_tag_maps_by_ccat ## %quarantine_method_by_ccat %quarantine_to_maps_by_ccat ## %notify_admin_templ_by_ccat %notify_recips_templ_by_ccat ## %notify_sender_templ_by_ccat %notify_autoresp_templ_by_ccat ## %notify_release_templ_by_ccat %notify_report_templ_by_ccat ## %warnsender_by_ccat ## %hdrfrom_notify_admin_by_ccat %mailfrom_notify_admin_by_ccat ## %hdrfrom_notify_recip_by_ccat %mailfrom_notify_recip_by_ccat ## %hdrfrom_notify_sender_by_ccat ## %hdrfrom_notify_release_by_ccat %hdrfrom_notify_report_by_ccat ## %admin_maps_by_ccat %warnrecip_maps_by_ccat ## %always_bcc_by_ccat %dsn_bcc_by_ccat ## %addr_extension_maps_by_ccat %addr_rewrite_maps_by_ccat ## %smtp_reason_by_ccat ## legacy dynamic configuration variables: ## $final_virus_destiny $final_banned_destiny $final_unchecked_destiny ## $final_spam_destiny $final_bad_header_destiny ## @virus_lovers_maps @spam_lovers_maps @unchecked_lovers_maps ## @banned_files_lovers_maps @bad_header_lovers_maps ## $always_bcc $dsn_bcc ## $mailfrom_notify_sender $mailfrom_notify_recip ## $mailfrom_notify_admin $mailfrom_notify_spamadmin ## $hdrfrom_notify_sender $hdrfrom_notify_recip ## $hdrfrom_notify_admin $hdrfrom_notify_spamadmin ## $hdrfrom_notify_release $hdrfrom_notify_report ## $notify_virus_admin_templ $notify_spam_admin_templ ## $notify_virus_recips_templ $notify_spam_recips_templ ## $notify_virus_sender_templ $notify_spam_sender_templ ## $notify_sender_templ $notify_release_templ ## $notify_report_templ $notify_autoresp_templ ## $warnbannedsender $warnbadhsender ## $defang_virus $defang_banned $defang_spam ## $defang_bad_header $defang_undecipherable $defang_all ## $virus_quarantine_method $banned_files_quarantine_method ## $unchecked_quarantine_method $spam_quarantine_method ## $bad_header_quarantine_method $clean_quarantine_method ## $archive_quarantine_method ## @virus_quarantine_to_maps @banned_quarantine_to_maps ## @unchecked_quarantine_to_maps @spam_quarantine_to_maps ## @bad_header_quarantine_to_maps @clean_quarantine_to_maps ## @archive_quarantine_to_maps ## @virus_admin_maps @banned_admin_maps ## @spam_admin_maps @bad_header_admin_maps @spam_modifies_subj_maps ## @warnvirusrecip_maps @warnbannedrecip_maps @warnbadhrecip_maps ## @addr_extension_virus_maps @addr_extension_spam_maps ## @addr_extension_banned_maps @addr_extension_bad_header_maps 1; # insure a defined return value
Dienst/Daemon-Start einrichten: amavisd
Um einen AMaViS, welcher als Dienst/Daemon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:
# systemctl enable amavisd.service ln -s '/usr/lib/systemd/system/amavisd.service' '/etc/systemd/system/multi-user.target.wants/amavisd.service'
Eine Überprüfung, ob beim Neustart des Server der 'amavisd
-Dienst/Daemon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
# systemctl list-unit-files --type=service | grep -e amavisd.service amavisd.service enabled
bzw.
# systemctl is-enabled amavisd.service enabled
Erster Start: amavisd
Um den AMaViS zu starten, kann nachfolgender Befehl angewandt werden:
# systemctl start amavisd
Eine Überprüfung ob der Start des AMaViS erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:
# systemctl status amavisd amavisd.service - Amavisd-new is an interface between MTA and content checkers. Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled) Active: active (running) since Tue 2015-10-13 23:50:32 CEST; 13s ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 6169 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS) Main PID: 6189 (/usr/sbin/amavi) CGroup: /system.slice/amavisd.service ├─6189 /usr/sbin/amavisd (master) ├─6204 /usr/sbin/amavisd (virgin child) ├─6205 /usr/sbin/amavisd (virgin child) ├─6206 /usr/sbin/amavisd (virgin child) └─6207 /usr/sbin/amavisd (virgin child) Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Found decoder for ... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Using primary inter... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Found secondary av ... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Deleting db files _... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Creating db in /var... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: initializing Mail::... Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: SpamAssassin debug ... Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: SpamAssassin loaded... Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: SpamControl: init_p... Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: extra modules loade... Hint: Some lines were ellipsized, use -l to show in full.
bzw. mit nachfolgendem Befehl, ob der Dienst/Daemon in der Prozessliste erscheint:
# ps aux | grep amavisd amavis 6189 2.9 5.0 360600 102612 ? Ss 23:50 0:01 /usr/sbin/amavisd (master) amavis 6204 0.0 4.9 362144 101508 ? S 23:50 0:00 /usr/sbin/amavisd (virgin child) amavis 6205 0.0 4.9 362144 101512 ? S 23:50 0:00 /usr/sbin/amavisd (virgin child) amavis 6206 0.0 4.9 362144 101492 ? S 23:50 0:00 /usr/sbin/amavisd (virgin child) amavis 6207 0.0 4.9 362144 101492 ? S 23:50 0:00 /usr/sbin/amavisd (virgin child) root 6210 0.0 0.0 112640 924 pts/0 S+ 23:51 0:00 grep --color=auto amavisd
bzw. ob dieser auch über die definierte IP-Adresse und den definierten Port erreichbar ist:
# netstat -tulpen | grep amavisd tcp 0 0 0.0.0.0:10024 0.0.0.0:* LISTEN 399 52815 6189/amavisd (maste tcp 0 0 0.0.0.0:10026 0.0.0.0:* LISTEN 399 52815 6189/amavisd (maste
Konfiguration: amavisd-milter
(Bis Version 1.6.x) - /etc/amavisd/amavisd-milter.conf
BIS Version 1.6.x
Standardmäßig wird nach der Installation von AMaViS - amavsid-milter
in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS - amavisd-milter
hinterlegt:
/etc/amavisd/amavisd-milter.conf
Nachfolgende Änderungen sind an der Konfigurationsdatei /etc/amavisd/amavisd-milter.conf
durchzuführen:
(Komplette Konfigurationsdatei)
# User to run under (must be same as amavisd daemon) AMAVIS_USER=amavis # Set working directory (default /var/amavis). WORKING_DIRECTORY=/var/spool/amavisd/tmp # Communication socket between sendmail and amavisd-milter (default # /var/amavis/amavisd-milter.sock). The protocol spoken over this # socket is MILTER (Mail FILTER). It must agree with the # INPUT_MAIL_FILTER entry in sendmail.mc # The socket should be in "proto:address" format: # o {unix|local}:/path/to/file - A named pipe. # o inet:port@{hostname|ip-address} - An IPV4 socket. # o inet6:port@{hostname|ip-address} - An IPV6 socket. # Tachtler # default: SOCKET=/var/run/amavisd/amavisd-milter.sock SOCKET=inet:10014@192.168.0.70 # Communication socket between amavisd-milter and amavisd-new # (default /var/amavis/amavisd.sock). It must agree with the # $unix_socketname entry in amavisd.conf # The socket should be in "proto:address" format: # o {unix|local}:/path/to/file - A named pipe. # o inet:port@{hostname|ip-address} - An IPV4 socket. # o inet6:port@{hostname|ip-address} - An IPV6 socket. # Tachtler # default: AMAVISD_SOCKET=/var/spool/amavisd/amavisd.sock AMAVISD_SOCKET=/var/run/amavisd/amavisd.sock # Use this pid file (default /var/amavis/amavisd-milter.pid). # Better to create /var/run/amavis and put it there #PID_FILE=/var/run/amavisd/amavisd-milter.pid # Maximum concurrent amavisd connections (default 0 - unlimited # number of connections). It must agree with the $max_servers # entry in amavisd.conf. # Tachtler # default: MAX_CONNECTIONS=2 MAX_CONNECTIONS=4 # Maximum wait for connection to amavisd in seconds (default 300 = # 5 minutes). It must be less then sending MTA timeout for a # response to the final "." that terminates a message on sending # MTA. sendmail has default value 1 hour, postfix 10 minutes and # qmail 20 minutes. We suggest to use less than 10 minutes. MAX_WAIT=300 # sendmail connection timeout in seconds (default 600 = 10 min- # utes). It must agree with the INPUT_MAIL_FILTER entry in send- # mail.mc and must be greater than or equal to the amavisd-new con- # nection timeout. When you use other milters (especially time- # consuming), the timeout must be sufficient to process message in # all milters. MAILDAEMON_TIMEOUT=600 # amavisd-new connection timeout in seconds (default 600 = 10 min- # utes). This timeout must be sufficient for message processing in # amavisd-new. It's usually a good idea to adjust them to the same # value as sendmail connection timeout. AMAVISD_TIMEOUT=600
Nachfolgende Änderungen sollten vorgenommen werden:
SOCKET=inet:10014@192.168.0.70
Socket über den mit dem AMaViS - amavisd-milter
über die IP-Adresse: 192.168.0.70
und den Port: 10014
kommuniziert werden kann.
AMAVISD_SOCKET=/var/run/amavisd/amavisd.sock
Socket über den der AMaViS - amavisd-milter
mit dem AMaViS kommunizieren kann.
MAX_CONNECTIONS=4
Anzahl der maximalen gleichzeitigen Verbindungen zwischen Postfix und AMaViS - amavisd-milter
.
WICHTIG - Dies muss mit der Angabe in der AMaViS Konfigurationsdatei
/etc/amavisd/amavisd.conf
und dem Parameter
$max_servers = 4
übereinstimmen!
(Ab Version 1.7.x) /etc/sysconfig/amavisd-milter
AB Version 1.7.x
HINWEIS - Nachfolgender Befehl muss ausgeführt werden, falls ein Update von Version 1.6.x auf 1.7.x erfolgt!
systemctl daemon-reload
Standardmäßig wird nach der Installation von AMaViS - amavsid-milter
in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS - amavisd-milter
hinterlegt:
/etc/sysconfig/amavisd-milter
Nachfolgende Änderungen sind an der Konfigurationsdatei /etc/sysconfig/amavisd-milter
durchzuführen:
(Komplette Konfigurationsdatei)
# Communication socket between sendmail and amavisd-milter (default # /var/amavis/amavisd-milter.sock). The protocol spoken over this # socket is MILTER (Mail FILTER). It must agree with the # INPUT_MAIL_FILTER entry in sendmail.mc # The socket should be in "proto:address" format: # o {unix|local}:/path/to/file - A named pipe. # o inet:port@{hostname|ip-address} - An IPV4 socket. # o inet6:port@{hostname|ip-address} - An IPV6 socket. # Tachtler # default: SOCKET=/var/run/amavisd/amavisd-milter.sock SOCKET=inet:10014@192.168.0.70 # Use this pid file (default /var/amavis/amavisd-milter.pid). # Better to create /var/run/amavis and put it there #PID_FILE=/var/run/amavisd/amavisd-milter.pid # Maximum concurrent amavisd connections (default 0 - unlimited # number of connections). It must agree with the $max_servers # entry in amavisd.conf. # Tachtler # default: MAX_CONNECTIONS=2 MAX_CONNECTIONS=4 # Maximum wait for connection to amavisd in seconds (default 300 = # 5 minutes). It must be less then sending MTA timeout for a # response to the final "." that terminates a message on sending # MTA. sendmail has default value 1 hour, postfix 10 minutes and # qmail 20 minutes. We suggest to use less than 10 minutes. MAX_WAIT=300 # sendmail connection timeout in seconds (default 600 = 10 min- # utes). It must agree with the INPUT_MAIL_FILTER entry in send- # mail.mc and must be greater than or equal to the amavisd-new con- # nection timeout. When you use other milters (especially time- # consuming), the timeout must be sufficient to process message in # all milters. MAILDAEMON_TIMEOUT=600 # amavisd-new connection timeout in seconds (default 600 = 10 min- # utes). This timeout must be sufficient for message processing in # amavisd-new. It's usually a good idea to adjust them to the same # value as sendmail connection timeout. AMAVISD_TIMEOUT=600
Nachfolgende Änderungen sollten vorgenommen werden:
SOCKET=inet:10014@192.168.0.70
Socket über den mit dem AMaViS - amavisd-milter
über die IP-Adresse: 192.168.0.70
und den Port: 10014
kommuniziert werden kann.
MAX_CONNECTIONS=4
Anzahl der maximalen gleichzeitigen Verbindungen zwischen Postfix und AMaViS - amavisd-milter
.
WICHTIG - Dies muss mit der Angabe in der AMaViS Konfigurationsdatei
/etc/sysconfig/amavisd-milter
und dem Parameter
$max_servers = 4
übereinstimmen!
Dienst/Daemon-Start einrichten: amavisd-milter
Um einen AMaViS - amavisd-milter
, welcher als Dienst/Daemon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:
# systemctl enable amavisd-milter.service ln -s '/usr/lib/systemd/system/amavisd-milter.service' '/etc/systemd/system/multi-user.target.wants/amavisd-milter.service'
Eine Überprüfung, ob beim Neustart des Server der 'amavisd-milter
-Dienst/Daemon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
# systemctl list-unit-files --type=service | grep -e amavisd-milter.service amavisd-milter.service enabled
bzw.
# systemctl is-enabled amavisd-milter.service enabled
Erster Start: amavisd-milter
Um den AMaViS - amavisd-milter
zur Kommunikation mit dem AMaViS zu starten, kann nachfolgender Befehl angewandt werden:
# systemctl start amavisd-milter
Eine Überprüfung ob der Start des AMaViS - amavisd-milter
erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:
# systemctl status amavisd-milter amavisd-milter.service - amavisd-milter is a milter (mailfilter) for amavisd-new which uses the AM.PDP protocol. Loaded: loaded (/usr/lib/systemd/system/amavisd-milter.service; enabled) Active: active (running) since Tue 2015-10-13 23:39:01 CEST; 22s ago Docs: http://amavisd-milter.sourceforge.net/ Process: 6135 ExecStart=/usr/sbin/amavisd-milter-helper (code=exited, status=0/SUCCESS) Main PID: 6137 (amavisd-milter) CGroup: /system.slice/amavisd-milter.service └─6137 /usr/sbin/amavisd-milter -B -w /var/spool/amavisd/tmp -s i... Oct 13 23:39:01 server70.idmz.tachtler.net systemd[1]: Starting amavisd-milt... Oct 13 23:39:01 server70.idmz.tachtler.net amavisd-milter[6137]: starting am... Oct 13 23:39:01 server70.idmz.tachtler.net systemd[1]: Started amavisd-milte... Hint: Some lines were ellipsized, use -l to show in full.
bzw. mit nachfolgendem Befehl, ob der Dienst/Daemon in der Prozessliste erscheint:
# ps aux | grep amavisd-milter amavis 6137 0.0 0.0 18880 672 ? Ssl 23:39 0:00 /usr/sbin/amavisd-milter -B -w /var/spool/amavisd/tmp -s inet:10014@192.168.0.70 -S /var/run/amavisd/amavisd.sock -p /var/run/amavisd/amavisd-milter.pid -m 4 -M 300 -t 600 -T 600 root 6144 0.0 0.0 112640 932 pts/0 S+ 23:40 0:00 grep --color=auto amavisd-milter
bzw. ob dieser auch über die definierte IP-Adresse und den definierten Port erreichbar ist:
# netstat -tulpen | grep amavisd-milter tcp 0 0 192.168.0.70:10014 0.0.0.0:* LISTEN 399 51272 6137/amavisd-milter
Konfiguration: RAM-Disk
Eine sehr gute Möglichkeit die Performance für AMaViS zu steigern, ist eine RAM-Disk anzulegen. Dabei sollte natürlich auf die Hardware des Servers geachtete werden, aber auch auf die Gegebenheiten von AMaViS.
Um die benötigte Größe einer RAM-Disk berechnen zu können, was jedoch eher eine theoretische Größe ist, kann folgende Formel herangezogen werden:
max. AMaViS-Instanzen * (max. e-Mailgröße + (max. e-Mailgröße * Auspackfaktor))
Hier ein Beispiel:
Für 20 AMaViS-Instanzen bei einer max. e-Mailgröße von 30 MB und einem Auspackfaktor von 1,5 ergibt das eine RAM-Disk mit der Größe von 1,5 GB!
Dies ist aber wie schon erwähnt, nur ein theoretischer Wert, da nicht jede e-Mail die max. Größe hat und es auch vom Netzwerkverkehr - sprich der Physik der Netzwerkkarte - nicht möglich sein dürfte, so viel Daten in kürzester Zeit (bis AMaViS-Instanzen wieder zur Verfügung stehen) zu transferieren!
Für einen kleinen privaten e-Mail-Server wird sicherlich auch eine kleinere Größe an RAM-Disk völlig ausreichend sein!
Deshalb kann mit folgenden Größen für einen kleinen privaten e-Mail-Server durchaus gerechnet werden:
Für 4 AMaViS-Instanzen bei einer max. e-Mailgröße von 10 MB und einem Auspackfaktor von 1,5 ergibt das eine RAM-Disk mit der Größe von 100 MB!
/etc/fstab
Unter CentOS Version 7.x kann mit folgendem Eintrag in der /etc/fstab
kann eine RAM-Disk in der Größe von 96 MB angelegt werden (nur relevanter Ausschnitt):
... tmpfs /var/spool/amavisd/tmp tmpfs defaults,size=96m,mode=755,uid=399,gid=399 0 0
Zum Mounten nach dem Eintrag in der /etc/fstab
kann folgender Befehl ausgeführt werden:
# mount /var/spool/amavisd/tmp
WICHTIG - Falls gewünscht kann die soeben angelegte RAM-Disk auch für andere Programme lesbar gemacht werden, z.B. für Überwachungs- und Auswertungs-Tools. Dafür sollte folgender Befehl für die entsprechenden Zugriffsrechte auf das Verzeichnis /var/spool/amavisd/tmp
und dessen übergeordnetem Verzeichnis /var/spool/amavisd
sorgen:
# chmod 755 /var/spool/amavisd
Zur Überprüfung, ob die Verarbeitung wirklich schneller von statten geht, hier zwei Auszüge aus der LOG-Datei /var/log/maillog
, der gleichen e-Mail, einmal ohne und anschließend mit RAM-Disk:
... Jan 5 23:59:40 nss amavis[10206]: (10206-01) TIMING [total 1993 ms]... ... Jan 6 00:12:52 nss amavis[10987]: (10987-01) TIMING [total 853 ms]... ...
Konfiguration: DKIM
DKIM - DomainKeys ist ein Identifikationsprotokoll zur Sicherstellung der Authentizität von E-Mail-Absendern, das von Yahoo entwickelt wurde und seit Ende 2004 in Erprobung ist. Es wurde konzipiert, um bei der Eindämmung von unerwünschter E-Mail wie Spam oder Phishing zu helfen.
Genauere und Detailliertere Informationen können unter folgendem Link nachgelesen werden - DomainKeys. Wie auch in anderen Bereichen, wenn es um Verschlüsselung und Signierung geht z.B. (ssh, gnupg, s_mime) ist es auch logischerweise beim Einsatz von DKIM erforderlich, ein Schlüsselpaar, bestehend aus einem
- öffentlichen Schlüssel
- privaten Schlüssel
zu erstellen.
Vor der eigentlichen Erstellung des Schlüsselpaares, ist es jedoch zwingend erforderlich ein Verzeichnis und ein Unterverzeichnis zu erstellen, in dem AMaViS später den privaten Schlüssel finden kann. Dies könnte z.B. im Verzeichnis
/etc/pki/
mit nachfolgenden Befehlen durchgeführt werden:
Erstellung eines Verzeichnisses und Unterverzeichnisses /etc/pki/amavis/dkim
# mkdir -p /etc/pki/amavis/dkim
Schlüssel erstellen
Mit nachfolgendem Befehl wird das Schlüsselpaar jetzt
- im Verzeichnis
/etc/pki/amavis/dkim
- als
dkim.key
-Datei im PEM-Dateiformat
erstellt:
# amavisd genrsa /etc/pki/amavis/dkim/dkim.key Private RSA key successfully written to file "/etc/pki/amavis/dkim/dkim.key" (1024 bits, PEM format)
bzw. mit einer höheren bit Anzahl:
# amavisd genrsa /etc/pki/amavis/dkim/dkim.key 4096 Private RSA key successfully written to file "/etc/pki/amavis/dkim/dkim.key" (4096 bits, PEM format)
WICHTIG - Damit AMaViS auf die private Schlüssel-Datei auch Zugriff hat, ist es erforderlich die Besitz- und Dateirechte wie folgt mit nachfolgenden Befehlen anzupassen:
# chown amavis.amavis /etc/pki/amavis/dkim/dkim.key
# chmod 600 /etc/pki/amavis/dkim/dkim.key
Die Verzeichnisstruktur und deren Inhalt sollte danach in etwa wie folgt aussehen und kann mit nachfolgenden Befehlen angezeigt werden (nur relevanter Ausschnitt):
# ll /etc/pki/ total 44 drwxr-xr-x 3 root root 4096 Jul 17 10:29 amavis ... # ll /etc/pki/amavis/ total 4 drwxr-xr-x 2 root root 4096 Jul 17 10:41 dkim # ll /etc/pki/amavis/* total 4 -rw------- 1 amavis amavis 887 Jul 17 10:41 dkim.key
Der Inhalt der privaten Schlüssel-Datei kann mit nachfolgendem Befehl angezeigt werden und sollte in etwa wie folgt aussehen:
# cat /etc/pki/amavis/dkim/dkim.key -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDWypzomx/COZmYML/9j/MRNH9Chw652qzbHjM4RdzpeWzainKC +kyYP+VuoJWMtUX2KSo+kTuWaH4AUgwWSxKq4IBq34MgWsDi3h/mFekOqtnIHTZM 16CLtzQUHAEwCUZqouQkDzQUHAEwCUZq2F9qbRFRB4WWJyuCF6GNQLX9jQIDAQAB AoGAFgSC/R0ZrlE1O3KT26wr4HGfMfSiP874tSVtXrFaqdw2mlhi0KZTv6+dFzAC 5H+YgllJ6Uv97bccY3AFqStc6FMuEnbZBzQUHAEwCUZqMUvln1Hm+pt9nKmc2T1d 4NZFpm9wdghEolGgdQUJtqaKiClSJGAW28qne4TxQ/4s8skCQQDx07HAUveFk7dN zHdO+LYDyXGW/Z4/Hd/+N1ckI$twIRkl1chNeFAULeSAU+/Gyi8P8TTpIIeCFhao /R0euJY/AkEA42FJITBi3W8D4i1ifVZUnCFdBUHiZx2wpWNmkFHbMBGSddmLq1SD o0FkSK2yUUSQr+y2C6ksJ2ULbGyI+imndrRwmd63qPdmvd+84GD5dfsddDfgg7dx 5Kcimm3a1RXTenwsD1lvVM46tmfa83vIKzgM2oI8SnZijjXqOEbMfudf1QJBAIG8 E261XeN8IRoezRA4fsQqoRmL0vME1LI4+d8kZUyS6h8FxhQ2f3lZqS9ys8h8yqzN guSfl3OAyWCTvWXwyFMCQFb0t7soo/mHoS5EP+Q7/TRyjdzUzRrVZO5sO0HUMyhL SPfoF9go3M+8jZ2ac/kbs6iUlQT/zS4/T4DVScoPgCs= -----END RSA PRIVATE KEY-----
/etc/amavisd/amavisd.conf
Der erstellte private Schlüssel muss nun noch mit nachfolgenden Anpassungen der Konfigurationsdatei
/etc/amavsid/amavisd.conf
in AMaViS eingebunden werden.
(Nur relevanter Ausschnitt):
... ## DKIM SIGNING # Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key. $enable_dkim_signing = 0; # Spezifikationen zum DKIM-Schluessel und dessen Anwendung. dkim_key('tachtler.net', 'main', '/etc/pki/amavis/dkim/dkim.key', h=>'sha256'); # Optionen zur DKIM-Signaturerstellung. @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); ...
Erklärung:
Variablenname | Wert | Erklärung |
---|---|---|
$enable_dkim_signing | 0 | HINWEIS Deaktiviert bis die DNS-Einträge durchgeführt wurden ! |
dkim_key | 'tachtler.net' | Domainname zum DKIM-Schlüssel |
'main' | Selector der mit der Kennung _domainkey und dem Domainnamen benutzt wird, um über eine TXT-Record Abfrage an den DNS-Server den verwendeten öffentlichen Schlüssel zu erfragen. Hier: main._domainkey.tachtler.net | |
'/etc/pki/amavis/dkim/dkim.key' | Privater Schlüssel, mit Pfadangabe und Dateinamen | |
h⇒'sha256' | Über diese Optionen kann Einfluss auf die Signatur genommen werden | |
@dkim_signature_options_bysender_maps | '.' | Sender abhängige Angabe, auf die die nachfolgenden Parameter angewandt werden sollen. Hier: alle |
ttl ⇒ 21*24*3600 | TTL (Time To Live) | |
c ⇒ 'relaxed/simple' | Message canonicalization (plain-text; OPTIONAL, Standard ist „simple/simple“). |
Um weitere Informationen zu den oben genannten Parameter zu erhalten, können nachfolgende externe Links genutzt werden:
HINWEIS - Aktuell wäre es möglich die „Verifizierung“ von e-Mails bereits zu aktivieren, OHNE selbst bereits e-Mails zu signieren!
Die notwendigen Einstellungen dafür können mit folgender Anpassung der Konfigurationsdatei
/etc/amavisd/amavisd.conf
durchgeführt werden
(Nur relevanter Ausschnitt):
... $enable_dkim_verification = 1; ...
DNS-Eintrag
WICHTIG - Um selbst e-Mails signieren zu können, ist es erforderlich, dass der öffentliche Schlüssel via DNS abfragbar ist, was durchaus die Mithilfe des Providers erfordern kann!
Dazu ist es erforderlich erst einmal den öffentlichen Schlüssel mit der Hilfe von AMaViS aus der Schlüsseldatei /etc/pki/amavis/dkim/dkim.pem
zu erhalten, was mit nachfolgendem Befehl erreicht werden kann:
# amavisd -c /etc/amavisd/amavisd.conf showkeys tachtler.net ; key#1 1024 bits, i=main, d=tachtler.net, /etc/pki/amavis/dkim/dkim.key main._domainkey.tachtler.net. 3600 TXT ( "v=DKIM1; h=sha256; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJR" "RxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+ln" "Sp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkY" "iJw8V1oSoafME1WklQIDAQAB")
Welcher aber in nachfolgender Form in den DNS-Record eingetragen werden muss (ohne „-Zeichen und <leer>-Zeichen):
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB
Nachfolgende DNS-Einträge müssen zum DNS hinzugefügt werden, um den öffentlichen Schlüssel via DNS abfragbar zu machen (nur relevanter Ausschnitt):
... main._domainkey.tachtler.net. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB" ...
HINWEIS - Es ist nicht erforderlich, dass die neue Sub-Domain - main._domainkey.tachtler.net
auf eine gültige IP-Adresse auflöst, noch irgendwelche MX-Einträge besitzt!
WICHTIG - Nach dieser Änderung am DNS, ist ein Neustart des jeweiligen DNS-Servers notwendig!
Zum testen, ob AMaViS den öffentlichen Schlüssel richtig erreichen und abfragen kann, sind z.B. nachfolgende Befehle hilfreich:
AMaViS-Test
# amavisd -c /etc/amavisd/amavisd.conf testkeys tachtler.net TESTING#1 tachtler.net: main._domainkey.tachtler.net => pass
DNS-Abfrage (beim eigenen DNS-Server)
# dig main._domainkey.tachtler.net TXT ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> main._domainkey.tachtler.net TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1477 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;main._domainkey.tachtler.net. IN TXT ;; ANSWER SECTION: main._domainkey.tachtler.net. 10800 IN TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB" ;; AUTHORITY SECTION: tachtler.net. 10800 IN NS ns1.idmz.tachtler.net. ;; ADDITIONAL SECTION: ns1.idmz.tachtler.net. 10800 IN A 192.168.0.20 ;; Query time: 1 msec ;; SERVER: 192.168.0.20#53(10.7.0.20) ;; WHEN: Thu Oct 15 13:36:12 CEST 2015 ;; MSG SIZE rcvd: 336
DNS-Abfrage (beim externen DNS-Server)
# dig @62.146.28.82 main._domainkey.tachtler.net TXT ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> @62.146.28.82 main._domainkey.tachtler.net TXT ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16137 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;main._domainkey.tachtler.net. IN TXT ;; ANSWER SECTION: main._domainkey.tachtler.net. 1048576 IN TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB" ;; Query time: 36 msec ;; SERVER: 62.146.28.82#53(62.146.28.82) ;; WHEN: Thu Oct 15 13:38:17 CEST 2015 ;; MSG SIZE rcvd: 286
DKIM aktivieren
Jetzt ist der Zeitpunkt für die Aktivierung von DKIM mit AMaViS gekommen.
Nachdem nun die DNS-Einträge verfügbar sind, kann abschließend das Signieren von e-Mails aktiviert werden, in dem in der Konfigurationsdatei
/etc/amavisd/amavisd.conf
nachfolgende Konfiguration durchgeführt wird:
(Nur relevanter Ausschnitt):
... ## DKIM SIGNING # Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key. $enable_dkim_signing = 1; ...
Received-Zeilen ausnehmen
Laut RFC 4871 können auch die
Received: from
-Zeilen
zur Signierung der e-Mail mit herangezogen werden.
Dies hat jedoch den Nachteil, dass bei einer Veränderung der Received: from
-Zeilen im Nachhinein, wie es z.B. bei der Einlieferung durch Postfix via smtpd_proxy_filter
(Pre-Queue) bei AMaViS der Fall sein könnte, die DKIM-Sigantur sprichwörtlich „kaputt“ geht. Siehe nachfolgenden Auszug aus den Header-Zeilen (nur relevanter Ausschnitt):
... Authentication-Results: viruswall.idmz.tachtler.net (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=tachtler.net ...
Dies kann durch hinzufügen von nachfolgender Konfigurationszeile in die
/etc/amavisd.conf
$signed_header_fields{'received'} = 0; # turn off signing of Received
verhindert werden, indem die Received: from
-Zeilen nicht mehr mit in die Berechnung der DKIM-Signatur mit einfließen.
DKIM-Test: AMaViS
Mit nachfolgendem Befehl, kann eine Test des Gültigkeit der DKIM-Signatur unter Zuhilfenahme von AMaViS durchgeführt werden:
# amavisd testkeys TESTING#1: main._domainkey.tachtler.net => pass
DKIM-Test: DNS
Mit nachfolgenden Befehlen, kann eine entsprechende DNS-Abfrage durchgeführt werden, um zu testen, ob der entsprechende Schlüssel im DNS korrekt eingebunden ist:
# host -t TXT main._domainkey.tachtler.net main._domainkey.tachtler.net descriptive text "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"
oder
# dig @8.8.8.8 main._domainkey.tachtler.net TXT ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> @8.8.8.8 main._domainkey.tachtler.net TXT ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23205 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;main._domainkey.tachtler.net. IN TXT ;; ANSWER SECTION: main._domainkey.tachtler.net. 21599 IN TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB" ;; Query time: 204 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 15 18:06:04 CEST 2015 ;; MSG SIZE rcvd: 297
* Anfrage z.B. an den Google DNS-Servers !
DKIM-Test: e-Mail
Folgender Text-Auszug sollte nun beim e-Mail-Verkehr im Quelltext im Header einer e-Mail erscheinen (nur relevanter Ausschnitt):
... DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tachtler.net; h= user-agent:content-transfer-encoding:content-disposition :content-type:content-type:mime-version:subject:subject:from :from:date:date:message-id:received:received:received; s=main; t=1247825666; x=1249640066; bh=zkfBNgBkKqRSYHugI+0qnNCPdrpy1OCX 05xaRMuDqHM=; b=k6+oUVv686bTSWNp+3MDpJRKWzf9oEipgx6z8TGgG/KlET0X NiydYWN+PMJSEobjAPta9GpUvG5k+VCLyT26mrk5/I9ApBHGQpmdb0cB/j6kXqAA KenY0BIV4rLgWIjqkdCFeW40IgxNj3ur5WNxHPxJWGdpLGtP+SPJYBRM/EM= ...
Der empfangende Mailserver ist mit Hilfe des Authentication-Results:-Header in der Lage festzustellen, ob die eMail unverändert angekommen und somit nicht manipuliert wurde:
Authentication-Results: viruswall.dmz.tachtler.net (amavisd-new); dkim=pass (1024-bit key) header.d=tachtler.net
Wurde die Nachricht hingegen verändert, so schlägt die Überprüfung fehl:
Authentication-Results: viruswall.dmz.tachtler.net (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=tachtler.net
Konfiguration: alterMIME
WICHTIG - Beim Einsatz von amavisd-milter zur Verbindung zwischen Postfix und AMaViS kann alterMIME innerhalb von AMaViS nicht eingesetzt werden !!! |
---|
Die OpenSource-Variante von alterMIME kann zu folgenden Aktionen in Bezug auf e-Mail's genutzt werden:
- Einfügen von sog. „Disclaimern“ - e-Mail Fußzeilen bei ein- und ausgehenden e-Mails
- Einfügen von frei wählbaren „X-Header“-Angaben im e-Mail-Header
- Verändern eines oder mehreren bereits in e-Mail-Header vorhandenen „X-Header“
- Entfernen von Dateianhängen basierend auf Dateinamen, oder Dateihalten
- Austausch von Dateianhängen basierend auf Dateinamen
Bevor mit der eigentlichen Konfiguration zur Integration von alterMIME in AMaViS begonnen werden soll, ist es empfehlenswert, um die Übersicht nicht zu verlieren, folgendes Verzeichnis mit nachfolgendem Befehl anzulegen:
# mkdir /etc/amavisd/altermime
WICHTIG - Da benutzereigene „Disclaimer“ verwenden werden sollen, muss für jede e-Mail-Adresse in der Konfigurationsdatei /etc/amavisd/amavisd.conf
- jeweils auch eine „Disclaimer-Datei“ für PLAIN-Text und HTML-Code nach z.B. folgendem Schema angelegt werden:
disclaimer_<Benutzername>.text
disclaimer_<Benutzername>.html
Die Dateien können mit folgenden Befehlen angelegt werden:
# touch /etc/amavisd/altermime/disclaimer_postmaster.text # touch /etc/amavisd/altermime/disclaimer_postmaster.html
und
Abschließend muss noch der Inhalt der jeweiligen benutzereigenen „Disclaimer“-Datei entsprechend angepasst werden. Hier ein Beispiel für
/etc/amavsid/altermime/disclaimer_postmaster.text
--------------------- Disclaimer postmaster ---------------------
/etc/amavisd/amavisd.conf
Um alterMIME in AMaViS zu integrieren, sind nachfolgende Konfigurationseinstellungen in der AMaViS-Konfigurationsdatei /etc/amavisd/amavisd.conf
notwendig.
Die relevanten Änderungen gegenüber der Standard-Konfiguration sollen durch nachfolgende Anpassungen vorhandener Einstellungen in /etc/amavsid/amavisd.conf
durchgeführt werden:
(Nur relevanter Ausschnitt):
... # Tachtler $altermime = '/usr/bin/altermime'; # a path to the program @altermime_args_defang = qw(--verbose --removeall); @altermime_args_disclaimer = qw(--disclaimer=/etc/amavsid/altermime/_OPTION_.text --disclaimer-html=/etc/amavisd/altermime/_OPTION_.html); @disclaimer_options_bysender_maps = ( { 'postmaster@tachtler.net' => 'disclaimer-postmaster', { 'abuse@tachtler.net' => 'disclaimer-abuse', '.' => 'disclaimer-default' }, ); $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ]; ... ... ... @mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/24 192.168.1.0/24 192.168.2.0/2488.217.171.167/32 ); ...
WICHTIG - Falls e-Mails durch einen lokalen kleinen MUA Mail User Agent wie z.B. mutt
direkt in ein Postfach einfach auf die Festplatte geschrieben werden, ist es erforderlich auch die IP-Adresse - 0.0.0.0/32
in die Liste von
@mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/24 192.168.1.0/24 192.168.2.0/2488.217.171.167/32 );
mit aufzunehmen!
WICHTIG ist auch, das Einfügen folgender Zeile
allow_disclaimers => 1, # enables disclaimer insertion if available
in den policy_banks
: MYNETS
bzw. ORGINATING
, da sonst der „Disclaimer“ nicht eingefügt wird!
Konfiguration: TLS
WICHTIG - Nachfolgende Punkte sind bei der TLS Transport Verschlüsselung zu beachten:
- Zu AMaViS kann TLS nur bei
content_filter
genutzt werden - Zu AMaViS kann TLS NICHT mit
smtpd_proxy_filter
genutzt werden
Um auch beim AMaViS TLS Transport Verschlüsselung einsetzen zu können, ist es aktuell erforderlich einen patch einzusetzen, da sonst nachfolgende Warnmeldung in der LOG-Datei /var/log/maillog
bei der Aktivierung der TLS Transport Verschlüsselung zu sehen ist:
_WARN: *******************************************************************\n Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client\n is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER\n together with SSL_ca_file|SSL_ca_path for verification.\n If you really don't want to verify the certificate and keep the\n connection open to Man-In-The-Middle attacks please set\n SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.\n*******************************************************************\n at /usr/sbin/amavisd line 8392.
WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!
Nachfolgender patch basierend auf einem patch von Markus Benning mit einigen Ergänzungen von Klaus Tachtler, welcher in den AMaViS integriert werden muss, damit
- nachfolgende Optionen
SSL_cipher_list
SSL_version
SSL_CAfile
SSL_honor_cipher_order
- und von Klaus Tachtler -
SSL_verify_mode
bestimmt werden können.
HINWEIS - Die Definition von SSL_verify_mode
behebt übrigens die Warnmeldung!
Bis AMaViSd-new 2.10.x - TLS-patch
WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!
Nachfolgender patch muss in den AMaViS integriert werden, damit TLS Transport Verschlüsselung entsprechend genutzt werden kann:
--- /usr/sbin/amavisd.orig 2014-10-26 01:06:00.000000000 +0200 +++ /usr/sbin/amavisd 2015-10-26 10:09:45.868759224 +0100 @@ -388,6 +388,8 @@ $smtp_connection_cache_on_demand $smtp_connection_cache_enable $smtpd_recipient_limit $smtpd_tls_cert_file $smtpd_tls_key_file + $smtpd_tls_cipher_list $smtpd_tls_version $smtpd_tls_verify_mode + $smtpd_tls_CAfile $smtpd_tls_honor_cipher_order $smtpd_dh_params_file $enforce_smtpd_message_size_limit_64kb_min $MAXLEVELS $MAXFILES $MIN_EXPANSION_QUOTA $MIN_EXPANSION_FACTOR @@ -407,6 +409,7 @@ @dkim_signing_keys_list @dkim_signing_keys_storage $file $altermime $enable_anomy_sanitizer )], + 'tls_client' => [qw( $smtp_tls_cipher_list $smtp_tls_version $smtp_tls_verify_mode $smtp_tls_CAfile)], 'sa' => # global SpamAssassin settings [qw( $spamcontrol_obj $sa_num_instances @@ -512,7 +515,7 @@ )], ); Exporter::export_tags qw(dynamic_confvars confvars sa platform - hidden_confvars legacy_dynamic_confvars legacy_confvars); + hidden_confvars legacy_dynamic_confvars legacy_confvars tls_client); 1; } # BEGIN @@ -1013,6 +1016,19 @@ $smtpd_tls_cert_file = undef; # e.g. "$MYHOME/cert/amavisd-cert.pem" $smtpd_tls_key_file = undef; # e.g. "$MYHOME/cert/amavisd-key.pem" + # see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version + $smtpd_tls_cipher_list = undef; # SSL_cipher_list + $smtpd_tls_version = undef; # SSL_version + $smtpd_tls_CAfile = undef; # SSL_ca_file + $smtpd_tls_verify_mode = undef; # SSL_verify_mode + $smtpd_tls_honor_cipher_order = undef; # SSL_honor_cipher_order + $smtpd_dh_params_file = undef; # SSL_dh_file + + $smtp_tls_cipher_list = undef; # SSL_cipher_list + $smtp_tls_version = undef; # SSL_version + $smtp_tls_CAfile = undef; # SSL_client_ca_file + $smtp_tls_verify_mode = undef; # SSL_verify_mode + $dkim_minimum_key_bits = 1024; # min acceptable DKIM key size (in bits) # for whitelisting @@ -7934,7 +7950,7 @@ use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION); $VERSION = '2.404'; @ISA = qw(Exporter); - import Amavis::Conf qw(:platform); + import Amavis::Conf qw(:platform :tls_client); import Amavis::Util qw(ll do_log min max minmax idn_to_ascii); } @@ -8389,6 +8405,14 @@ IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache, SSL_error_trap => sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) }, + defined $smtp_tls_verify_mode ? + ( SSL_verify_mode => $smtp_tls_verify_mode ) : (), + defined $smtp_tls_version ? + ( SSL_version => $smtp_tls_version ) : (), + defined $smtp_tls_cipher_list ? + ( SSL_cipher_list => $smtp_tls_cipher_list ) : (), + defined $smtp_tls_CAfile ? + ( SSL_client_ca_file => $smtp_tls_CAfile ) : (), %params, ) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr(); $self->{last_event} = 'ssl-upgrade'; @@ -21943,6 +21967,18 @@ SSL_passwd_cb => sub { 'example' }, SSL_key_file => $smtpd_tls_key_file, SSL_cert_file => $smtpd_tls_cert_file, + defined $smtpd_tls_verify_mode ? + ( SSL_verify_mode => $smtpd_tls_verify_mode ) : (), + defined $smtpd_tls_version ? + ( SSL_version => $smtpd_tls_version ) : (), + defined $smtpd_tls_cipher_list ? + ( SSL_cipher_list => $smtpd_tls_cipher_list ) : (), + defined $smtpd_tls_CAfile ? + ( SSL_ca_file => $smtpd_tls_CAfile ) : (), + defined $smtpd_tls_honor_cipher_order ? + ( SSL_honor_cipher_order => $smtpd_tls_honor_cipher_order ) : (), + defined $smtpd_dh_params_file ? + ( SSL_dh_file => $smtpd_dh_params_file ) : (), ) or die "Error upgrading socket to SSL: ". IO::Socket::SSL::errstr(); if ($self->{smtp_inpbuf} ne '') {
/etc/amavisd/amavisd.conf
WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!
WICHTIG - Nachfolgende Konfiguration ist bis Version 2.10.x von AMaViS notwendig
Nachfolgende Konfigurationsdirektiven (alte und neue) müssen nun gesetzt werden, um eine TLS Transport Verschlüsselung von und zu AMaViS nutzen zu können.
Bis Version 2.10.x von AMaViS - Eingehende Verbindungen:
(Nur relevanter Ausschnitt)
... # Opportunistische TLS Transportverschluesselung eingehend aktivieren $tls_security_level_in = 'may'; $smtpd_tls_cert_file = '/etc/pki/amavis/certs/tachtler.net.crt'; # Pfad zum TLS Zertifikat. $smtpd_tls_key_file = '/etc/pki/amavis/private/tachtler.net.key'; # Pfad zum TLS Schluessel. ... ... ... # Tachtler - # Add patch from Markus Benning and Klaus Tachtler to enable right use of TLS. # see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version $smtpd_tls_cipher_list = 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA :!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA :!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA :!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA'; $smtpd_tls_version = 'SSLv23:!SSLv3:!SSLv2'; # SSL_version $smtpd_tls_CAfile = '/etc/pki/tls/certs/ca-bundle.crt'; # SSL_ca_file $smtpd_tls_verify_mode = 'SSL_VERIFY_PEER'; # SSL_verify_mode $smtpd_tls_honor_cipher_order = 1; # SSL_honor_cipher_order $smtpd_dh_params_file = '/etc/pki/postfix/private/dh_2048.pem'; # SSL_dh_file ...
* Bitte keine Zeilenumbrüche bei $smtpd_tls_cipher_list
durchführen!
Ab Version 2.11.x von AMaViS - Eingehende Verbindungen:
(Nur relevanter Ausschnitt)
... $tls_security_level_in = 'may'; # Opportunistische TLS Transportverschluesselung eingehend aktiviere %smtpd_tls_server_options = ( # SSL_verifycn_scheme => 'smtp', SSL_verifycn_scheme => 'none', SSL_session_cache => 2, SSL_cert_file => '/etc/pki/amavis/certs/CAcert-class3-wildcard.crt', SSL_key_file => '/etc/pki/amavis/private/tachtler.net.key', SSL_dh_file => '/etc/pki/postfix/private/dh_2048.pem', SSL_ca_file => '/etc/pki/tls/certs/ca-bundle.crt', SSL_version => 'SSLv23:!SSLv3:!SSLv2', SSL_cipher_list => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE- RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE- RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA', SSL_honor_cipher_order => '1', SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_passwd_cb => sub { 'example' }, ); ...
Bis Version 2.10.x von AMaViS - Ausgehende Verbindungen:
(Nur relevanter Ausschnitt)
... # Opportunistisches TLS Transportverschluesselung ausgehend aktivieren. $tls_security_level_out = 'may'; # Tachtler - # Add patch from Markus Benning and Klaus Tachtler to enable right use of TLS. # see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version $smtp_tls_cipher_list = 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA :!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA :!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA :!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA'; $smtp_tls_version = 'SSLv23:!SSLv3:!SSLv2'; # SSL_version $smtp_tls_CAfile = '/etc/pki/tls/certs/ca-bundle.crt'; # SSL_ca_file $smtp_tls_verify_mode = 'SSL_VERIFY_PEER'; # SSL_verify_mode ...
* Bitte keine Zeilenumbrüche bei $smtp_tls_cipher_list
durchführen!
Ab Version 2.11.x von AMaViS - Eingehende Verbindungen:
(Nur relevanter Ausschnitt)
... $tls_security_level_out = 'may'; # Opportunistisches TLS Transportverschluesselung ausgehend aktivieren. %smtp_tls_client_options = ( # SSL_verifycn_scheme => 'smtp', SSL_verifycn_scheme => 'none', SSL_version => 'SSLv23:!SSLv3:!SSLv2', SSL_cipher_list => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE- RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE- RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA', SSL_client_ca_file => '/etc/pki/tls/certs/ca-bundle.crt', SSL_honor_cipher_order => '1', SSL_verify_mode => 'SSL_VERIFY_PEER', ); ...
HINWEIS - Falls ein Wildcard-Zertifikat zum Einsatz kommt (z.B. *.tachtler.net
) und der Hostname nicht darauf angewendet werden kann (z.B. amavis.idmz.tachtler.net
), dann muss der Parameter:
SSL_verifycn_scheme ⇒ 'none',
gesetzt werden!
/etc/postfix/master.cf
Nachfolgende Konfigurationen der Konfigurationsdatei von Postfix - /etc/postfix/master.cf
erhält jeweils einen Zusatz, um eine TLS Transport Verschlüsselte Verbindung in gewissen Konstellationen bzw. Bereichen der Kommunikation mit AMaViS zu ermöglichen:
- Einlieferung via
submission
und Weitergabe an AMaViS viacontent_filter
via LMTP (Local Mail Transfer Protocol) - Einlieferung via
pickup
(lokal) und und Weitergabe an AMaViS viacontent_filter
via LMTP (Local Mail Transfer Protocol)
(Nur relevanter Ausschnitt):
... submission inet n - n - - smtpd -o syslog_name=postfix/submission -o content_filter=lmtp:[192.168.0.70]:10026 -o lmtp_use_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING ... ... ... pickup unix n - n 60 1 pickup -o content_filter=lmtp:[192.168.0.70]:10024 -o lmtp_use_tls=yes ...
Erklärung zu den relevanten Ergänzungen:
lmtp_use_tls=yes
Übergabe der e-Mail von Postfix an AMaViS und dabei TLS Transport Verschlüsselung nutzen, als Vorgabe einstellen.
Neustart: amavisd
Um den AMaViS neu zu starten, kann nachfolgender Befehl angewandt werden:
# systemctl restart amavisd
Eine Überprüfung ob der Start des AMaViS erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:
# systemctl status amavisd amavisd.service - Amavisd-new is an interface between MTA and content checkers. Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled) Active: active (running) since Thu 2015-10-15 13:49:07 CEST; 9s ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 4061 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS) Main PID: 4078 (/usr/sbin/amavi) CGroup: /system.slice/amavisd.service ├─4078 /usr/sbin/amavisd (master) ├─4093 /usr/sbin/amavisd (virgin child) ├─4094 /usr/sbin/amavisd (virgin child) ├─4095 /usr/sbin/amavisd (virgin child) └─4096 /usr/sbin/amavisd (virgin child) Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Found decoder for ... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Using primary inter... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Found secondary av ... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Deleting db files _... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Creating db in /var... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: initializing Mail::... Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: SpamAssassin debug ... Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: SpamAssassin loaded... Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: SpamControl: init_p... Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: extra modules loade... Hint: Some lines were ellipsized, use -l to show in full.
Fehlerbehebung
spf: lookup failed: addr is not a string
Falls beim einliefern von e-Mails an AMaViS (A MAil Virus Scanner) nachfolgende LOG-Einträge in
/var/log/maillog
erscheinen sollten
Oct 14 00:33:42 server70 amavis[6206]: (06206-02) _WARN: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662. Oct 14 00:33:42 server70 amavis[6206]: (06206-02) _WARN: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.
liegt dies an einem Fehler im rpm
-Pakets - perl-Socket
unter CentOS in der Version 7.x.
Unter nachfolgendem externen Link
kann dies nachgelesen werden.
Abhilfe kann ein Update des rpm
-Paket - perl-Socket
, welches unter nachfolgendem externen Link mit ebenfalls nachfolgendem Befehl in z.B. das Verzeichnis /tmp
heruntergeladen werden:
# wget -P /tmp http://people.redhat.com/ppisar/perl-Socket-2.010-4.el7/perl-Socket- 2.010-4.el7_1.x86_64.rpm --2015-10-14 11:22:55-- http://people.redhat.com/ppisar/perl-Socket-2.010-4.el7/perl-Socket- 2.010-4.el7_1.x86_64.rpm Resolving people.redhat.com (people.redhat.com)... 209.132.183.19 Connecting to people.redhat.com (people.redhat.com)|209.132.183.19|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 48756 (48K) [application/x-rpm] Saving to: ‘/tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm’ 100%[=====================================>] 48,756 81.4KB/s in 0.6s 2015-10-14 11:22:55 (81.4 KB/s) - ‘/tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm’ saved [48756/48756] FINISHED --2015-10-14 11:22:55-- Total wall clock time: 1.0s Downloaded: 1 files, 48K in 0.6s (81.4 KB/s)
Die Update-Installation von /perl-Socket
, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:
# yum localinstall /tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm Loaded plugins: changelog, priorities Examining perl-Socket-2.010-4.el7_1.x86_64.rpm: perl-Socket-2.010-4.el7_1.x86_64 Marking perl-Socket-2.010-4.el7_1.x86_64.rpm as an update to perl-Socket- 2.010-3.el7.x86_64 Resolving Dependencies --> Running transaction check ---> Package perl-Socket.x86_64 0:2.010-3.el7 will be updated ---> Package perl-Socket.x86_64 0:2.010-4.el7_1 will be an update --> Finished Dependency Resolution Changes in packages about to be updated: ChangeLog for: perl-Socket-2.010-4.el7_1.x86_64 * Mon Apr 20 14:00:00 2015 Petr Pisar <ppisar@redhat.com> - 2.010-4 - Allow to call getnameinfo() on tainted value (bug #1200167) Dependencies Resolved =============================================================================== Package Arch Version Repository Size =============================================================================== Updating: perl-Socket x86_64 2.010-4.el7_1 /perl-Socket-2.010-4.el7_1.x86_64 112 k Transaction Summary =============================================================================== Upgrade 1 Package Total size: 112 k Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : perl-Socket-2.010-4.el7_1.x86_64 1/2 Cleanup : perl-Socket-2.010-3.el7.x86_64 2/2 Verifying : perl-Socket-2.010-4.el7_1.x86_64 1/2 Verifying : perl-Socket-2.010-3.el7.x86_64 2/2 Updated: perl-Socket.x86_64 0:2.010-4.el7_1 Complete!
TEST: ClamAV
Um einen Test durchführen zu können, ob AMaViS durhc Aufruf des Konfigurierten Virenscanners auch tatsächlich einen Virus erkennt, kann nachfolgender Test per telnet
erfolgen, welcher eine e-Mail beim Postfix einliefert, welcher diese dann am AMaViS ebenfalls einliefert um diese nach Viren und SPAM überprüfen zu lassen
# telnet mx1.tachtler.net 25 Trying 192.168.0.60... Connected to mx1.tachtler.net. Escape character is '^]'. 220 mx1.tachtler.net ESMTP Postfix ehlo mx1.tachtler.net 250-mx1.tachtler.net 250-PIPELINING 250-SIZE 20480000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: <postmaster@tachtler.net> 250 2.1.0 Ok rcpt to: <klaus@tachtler.net> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> From: postmaster@tachtler.net To: klaus@tachtler.net Subject: Test eicar-Test Virus X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 554 5.7.0 Reject, id=11746-01 - INFECTED: Eicar-Test-Signature. (smtpd) For assistance, contact YOUR postmaster or administrator. He can achieve OUR postmaster via email: <postmaster@tachtler.net>. In any case, please provide the following information in your problem report: This error message, time (Oct 28 13:19:05), client (192.168.0.60), port (44084) and server (mx1.tachtler.net). quit 221 2.0.0 Bye Connection closed by foreign host.
Nachfolgende Eingaben sind ein einer telnet
-Sitzung dazu erforderlich:
telnet mx1.tachtler.net 25
telnet
-Verbindung zum Postfix, welcher die e-Mail dann zu AMaViS weitergibt, herstellen.
ehlo mx1.tachtler.net
Identifikation des einliefernden e-Mail-Servers mit dem EHLO/HELO
-Kommando.
mail from: <postmaster@tachtler.net>
Absender.
rcpt to: <klaus@tachtler.net>
Empfänger.
data
Data-Kommando, welches die Header-Daten und Body-Daten nach sich zieht.
From: postmaster@tachtler.net To: klaus@tachtler.net Subject: Test eicar-Test Virus X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Header-Daten und die Body-Daten mit dem EICAR-Test Virus Pattern.
.
Abschluss des Data-Kommandos mit einem einfache . (Punkt) am Anfang einer neuen Zeile, ohne weiteren Inhalt.
quit
Beenden der telnet
-Sitzung mit dem QUIT-Kommando.
TEST: SpamAssassin
Um einen Test durchführen zu können, ob AMaViS durhc Aufruf des Konfigurierten SPAM-Filters auch tatsächlich eine SPAM-e-Mail erkennt, kann nachfolgender Test per telnet
erfolgen, welcher eine e-Mail beim Postfix einliefert, welcher diese dann am AMaViS ebenfalls einliefert um diese nach Viren und SPAM überprüfen zu lassen
# telnet mx1.tachtler.net 25 Trying 192.168.0.60... Connected to mx1.tachtler.net. Escape character is '^]'. 220 mx1.tachtler.net ESMTP Postfix ehlo mx1.tachtler.net 250-mx1.tachtler.net 250-PIPELINING 250-SIZE 20480000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: <postmaster@tachtler.net> 250 2.1.0 Ok rcpt to: <klaus@tachtler.net> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> From: postmaster@tachtler.net To: klaus@tachtler.net Subject: Test GTUBE-Test SPAM XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X . 554 5.7.0 Reject, id=11744-02 - spam. (smtpd) For assistance, contact YOUR postmaster or administrator. He can achieve OUR postmaster via email: <postmaster@tachtler.net>. In any case, please provide the following information in your problem report: This error message, time (Oct 28 13:33:02), client (192.168.0.60), port (44089) and server (mx1.tachtler.net). quit 221 2.0.0 Bye Connection closed by foreign host.
Nachfolgende Eingaben sind ein einer telnet
-Sitzung dazu erforderlich:
telnet mx1.tachtler.net 25
telnet
-Verbindung zum Postfix, welcher die e-Mail dann zu AMaViS weitergibt, herstellen.
ehlo mx1.tachtler.net
Identifikation des einliefernden e-Mail-Servers mit dem EHLO/HELO
-Kommando.
mail from: <postmaster@tachtler.net>
Absender.
rcpt to: <klaus@tachtler.net>
Empfänger.
data
Data-Kommando, welches die Header-Daten und Body-Daten nach sich zieht.
From: postmaster@tachtler.net To: klaus@tachtler.net Subject: Test GTUBE-Test SPAM XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Header-Daten und die Body-Daten mit dem GTUBE-Test SPAM Pattern.
.
Abschluss des Data-Kommandos mit einem einfache . (Punkt) am Anfang einer neuen Zeile, ohne weiteren Inhalt.
quit
Beenden der telnet
-Sitzung mit dem QUIT-Kommando.