Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:amavis_centos_7

AMaViS CentOS 7

AMaViS (A MAil Virus Scanner) ist ein Prüfprogramm, welches e-Mails auf SPAM und Viren untersucht und sich dabei externer Programme wie dem sehr bekannten SpamAssassin und z.B. ClamAV bedient und diese in sich selbst einbindet.

Beschreibung Externer Link
Homepage http://www.ijs.si/software/amavisd/
Dokumentation http://www.ijs.si/software/amavisd/#doc

Ab hier werden zur Ausführung nachfolgender Befehle root-Rechte benötigt. Um der Benutzer root zu werden, melden Sie sich bitte als root-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer root:

$ su -
Password:

Herunterladen

Nachfolgend sollen zwei Drittanbieter-Repositories, das von EPEL, welches wie unter nachfolgendem internen Link dargestellt, eingebunden werden kann:

Das zweite benötigte Drittanbieter-Repository wird von dem von mir sehr geschätzten Michael Nausch betrieben und ist eine sichere und verlässliche Quelle für rpm-Pakete, und kann wie unter nachfolgendem internen Link dargestellt, eingebunden werden:

Installation

Nachfolgende rpm-Pakete sind zur Installation erforderlich:

  • amavisd-new - ist im epel-Repository des Drittanbieters EPEL enthalten
  • amavisd-milter - ist im mailserver.guru-Repository des Drittanbieters mailserver.guru CentOS 7 enthalten
  • lz4 - ist im epel-Repository des Drittanbieters EPEL enthalten

Die Installation von amavisd-new, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:

# yum install amavisd-new
Loaded plugins: changelog, priorities
66 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package amavisd-new.noarch 0:2.10.1-4.el7 will be installed
--> Processing Dependency: perl(Net::Server) >= 2.0 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::Server) >= 0.91 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::Server) >= 0.87 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::Internet) >= 1.58 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::DKIM) >= 0.31 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Digest::MD5) >= 2.22 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Compress::Zlib) >= 1.35 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.017 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Archive::Zip) >= 1.14 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: unzoo for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: tmpwatch for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Unix::Syslog) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(URI) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Sys::Syslog) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Socket6) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Razor2::Client::Version) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(NetAddr::IP) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::Server::Multiplex) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::SSLeay) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::LibIDN) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::LDAP) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Net::DNS) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::SpamAssassin) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::SPF) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::Header) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::Field) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::DKIM::PrivateKey) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Mail::DKIM) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Words) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Parser) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Head) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Entity) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::UU) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::QuotedPrint) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::NBit) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::Gzip64) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::Binary) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Decoder::Base64) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(MIME::Body) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(IO::Stringy) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(IO::Socket::SSL) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(IO::Socket::IP) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Digest::SHA1) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Digest::SHA) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Digest::MD5) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(DBI) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(DBD::SQLite) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Crypt::OpenSSL::RSA) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Convert::UUlib) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Convert::TNEF) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Compress::Zlib) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(BerkeleyDB) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Authen::SASL) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: perl(Archive::Tar) for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: pax for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: p7zip-plugins for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: p7zip for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: nomarch for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: lzop for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: lrzip for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: freeze for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: cabextract for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: bzip2 for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: arj for package: amavisd-new-2.10.1-4.el7.noarch
--> Processing Dependency: altermime for package: amavisd-new-2.10.1-4.el7.noarch
--> Running transaction check
---> Package altermime.x86_64 0:0.3.10-10.el7 will be installed
---> Package arj.x86_64 0:3.10.22-22.el7 will be installed
---> Package bzip2.x86_64 0:1.0.6-12.el7 will be installed
---> Package cabextract.x86_64 0:1.5-1.el7 will be installed
--> Processing Dependency: libmspack.so.0()(64bit) for package: cabextract-1.5-1.el7.x86_64
---> Package freeze.x86_64 0:2.5.0-16.el7 will be installed
---> Package lrzip.x86_64 0:0.614-3.el7 will be installed
---> Package lzop.x86_64 0:1.03-10.el7 will be installed
---> Package nomarch.x86_64 0:1.4-11.el7 will be installed
---> Package p7zip.x86_64 0:9.20.1-5.el7 will be installed
---> Package p7zip-plugins.x86_64 0:9.20.1-5.el7 will be installed
---> Package pax.x86_64 0:3.4-19.el7 will be installed
---> Package perl-Archive-Tar.noarch 0:1.92-2.el7 will be installed
--> Processing Dependency: perl(IO::Zlib) >= 1.01 for package: perl-Archive-Tar-1.92-2.el7.noarch
--> Processing Dependency: perl(Package::Constants) for package: perl-Archive-Tar-1.92-2.el7.noarch
--> Processing Dependency: perl(IO::Zlib) for package: perl-Archive-Tar-1.92-2.el7.noarch
--> Processing Dependency: perl(Data::Dumper) for package: perl-Archive-Tar-1.92-2.el7.noarch
---> Package perl-Archive-Zip.noarch 0:1.30-11.el7 will be installed
---> Package perl-Authen-SASL.noarch 0:2.15-10.el7 will be installed
--> Processing Dependency: perl(GSSAPI) for package: perl-Authen-SASL-2.15-10.el7.noarch
--> Processing Dependency: perl(Digest::HMAC_MD5) for package: perl-Authen-SASL-2.15-10.el7.noarch
---> Package perl-BerkeleyDB.x86_64 0:0.51-4.el7 will be installed
---> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be installed
---> Package perl-Convert-TNEF.noarch 0:0.18-2.el7 will be installed
---> Package perl-Convert-UUlib.x86_64 2:1.4-5.el7 will be installed
---> Package perl-Crypt-OpenSSL-RSA.x86_64 0:0.28-7.el7 will be installed
--> Processing Dependency: perl(Crypt::OpenSSL::Random) for package: perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64
--> Processing Dependency: perl(Crypt::OpenSSL::Bignum) for package: perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64
---> Package perl-DBD-SQLite.x86_64 0:1.39-3.el7 will be installed
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
---> Package perl-Digest-MD5.x86_64 0:2.52-3.el7 will be installed
--> Processing Dependency: perl(Digest::base) >= 1.00 for package: perl-Digest-MD5-2.52-3.el7.x86_64
---> Package perl-Digest-SHA.x86_64 1:5.85-3.el7 will be installed
---> Package perl-Digest-SHA1.x86_64 0:2.13-9.el7 will be installed
---> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed
--> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch
---> Package perl-IO-Socket-IP.noarch 0:0.21-4.el7 will be installed
---> Package perl-IO-Socket-SSL.noarch 0:1.94-3.el7 will be installed
---> Package perl-IO-stringy.noarch 0:2.110-22.el7 will be installed
---> Package perl-LDAP.noarch 1:0.56-3.el7 will be installed
--> Processing Dependency: perl(Convert::ASN1) >= 0.2 for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(XML::SAX::Writer) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(XML::SAX::Base) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(Text::Soundex) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(LWP::Protocol) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(LWP::MediaTypes) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(JSON) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(HTTP::Status) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(HTTP::Response) for package: 1:perl-LDAP-0.56-3.el7.noarch
--> Processing Dependency: perl(HTTP::Negotiate) for package: 1:perl-LDAP-0.56-3.el7.noarch
---> Package perl-MIME-tools.noarch 0:5.505-1.el7 will be installed
--> Processing Dependency: perl(Convert::BinHex) for package: perl-MIME-tools-5.505-1.el7.noarch
---> Package perl-Mail-DKIM.noarch 0:0.39-8.el7 will be installed
---> Package perl-Mail-SPF.noarch 0:2.8.0-4.el7 will be installed
--> Processing Dependency: perl(version) for package: perl-Mail-SPF-2.8.0-4.el7.noarch
--> Processing Dependency: perl(Error) for package: perl-Mail-SPF-2.8.0-4.el7.noarch
---> Package perl-MailTools.noarch 0:2.12-2.el7 will be installed
--> Processing Dependency: perl(Net::SMTP::SSL) for package: perl-MailTools-2.12-2.el7.noarch
--> Processing Dependency: perl(Date::Parse) for package: perl-MailTools-2.12-2.el7.noarch
--> Processing Dependency: perl(Date::Format) for package: perl-MailTools-2.12-2.el7.noarch
---> Package perl-Net-DNS.x86_64 0:0.72-5.el7 will be installed
---> Package perl-Net-LibIDN.x86_64 0:0.12-15.el7 will be installed
---> Package perl-Net-SSLeay.x86_64 0:1.55-3.el7 will be installed
---> Package perl-Net-Server.noarch 0:2.007-2.el7 will be installed
--> Processing Dependency: perl(IO::Multiplex) >= 1.05 for package: perl-Net-Server-2.007-2.el7.noarch
---> Package perl-NetAddr-IP.x86_64 0:4.069-3.el7 will be installed
---> Package perl-Razor-Agent.x86_64 0:2.85-15.el7 will be installed
---> Package perl-Socket6.x86_64 0:0.23-15.el7 will be installed
---> Package perl-Sys-Syslog.x86_64 0:0.33-3.el7 will be installed
---> Package perl-URI.noarch 0:1.60-9.el7 will be installed
--> Processing Dependency: perl(Business::ISBN) for package: perl-URI-1.60-9.el7.noarch
---> Package perl-Unix-Syslog.x86_64 0:1.1-17.el7 will be installed
---> Package spamassassin.x86_64 0:3.4.0-1.el7 will be installed
--> Processing Dependency: perl-HTML-Parser >= 3.43 for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(HTML::Parser) >= 3.43 for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: procmail for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: portreserve for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(IO::Socket::INET6) for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(HTTP::Date) for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(ExtUtils::MakeMaker) for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(Encode::Detect) for package: spamassassin-3.4.0-1.el7.x86_64
--> Processing Dependency: perl(DB_File) for package: spamassassin-3.4.0-1.el7.x86_64
---> Package tmpwatch.x86_64 0:2.11-5.el7 will be installed
--> Processing Dependency: psmisc for package: tmpwatch-2.11-5.el7.x86_64
---> Package unzoo.x86_64 0:4.4-16.el7 will be installed
--> Running transaction check
---> Package libmspack.x86_64 0:0.5-0.1.alpha.el7 will be installed
---> Package perl-Business-ISBN.noarch 0:2.06-2.el7 will be installed
--> Processing Dependency: perl(Business::ISBN::Data) >= 20120719.001 for package: perl-Business-ISBN-2.06-2.el7.noarch
---> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be installed
---> Package perl-Convert-ASN1.noarch 0:0.26-4.el7 will be installed
---> Package perl-Convert-BinHex.noarch 0:1.119-20.el7 will be installed
---> Package perl-Crypt-OpenSSL-Bignum.x86_64 0:0.04-18.el7 will be installed
---> Package perl-Crypt-OpenSSL-Random.x86_64 0:0.04-21.el7 will be installed
---> Package perl-DB_File.x86_64 0:1.830-6.el7 will be installed
---> Package perl-Data-Dumper.x86_64 0:2.145-3.el7 will be installed
---> Package perl-Digest.noarch 0:1.17-245.el7 will be installed
---> Package perl-Digest-HMAC.noarch 0:1.03-5.el7 will be installed
---> Package perl-Encode-Detect.x86_64 0:1.01-13.el7 will be installed
---> Package perl-Error.noarch 1:0.17020-2.el7 will be installed
---> Package perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 will be installed
--> Processing Dependency: perl(Test::Harness) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch
--> Processing Dependency: perl(ExtUtils::Packlist) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch
--> Processing Dependency: perl(ExtUtils::Manifest) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch
--> Processing Dependency: perl(ExtUtils::Installed) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch
--> Processing Dependency: perl(ExtUtils::Install) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch
---> Package perl-GSSAPI.x86_64 0:0.28-9.el7 will be installed
---> Package perl-HTML-Parser.x86_64 0:3.71-4.el7 will be installed
--> Processing Dependency: perl(HTML::Tagset) >= 3 for package: perl-HTML-Parser-3.71-4.el7.x86_64
---> Package perl-HTTP-Date.noarch 0:6.02-8.el7 will be installed
---> Package perl-HTTP-Message.noarch 0:6.06-6.el7 will be installed
--> Processing Dependency: perl(Encode::Locale) >= 1 for package: perl-HTTP-Message-6.06-6.el7.noarch
--> Processing Dependency: perl(IO::HTML) for package: perl-HTTP-Message-6.06-6.el7.noarch
---> Package perl-HTTP-Negotiate.noarch 0:6.01-5.el7 will be installed
---> Package perl-IO-Multiplex.noarch 0:1.13-6.el7 will be installed
---> Package perl-IO-Socket-INET6.noarch 0:2.69-5.el7 will be installed
---> Package perl-IO-Zlib.noarch 1:1.10-285.el7 will be installed
---> Package perl-JSON.noarch 0:2.59-2.el7 will be installed
---> Package perl-LWP-MediaTypes.noarch 0:6.02-2.el7 will be installed
--> Processing Dependency: mailcap for package: perl-LWP-MediaTypes-6.02-2.el7.noarch
---> Package perl-Net-SMTP-SSL.noarch 0:1.01-13.el7 will be installed
---> Package perl-Package-Constants.noarch 1:0.02-285.el7 will be installed
---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
--> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch
---> Package perl-Text-Soundex.x86_64 0:3.04-4.el7 will be installed
--> Processing Dependency: perl(Text::Unidecode) for package: perl-Text-Soundex-3.04-4.el7.x86_64
---> Package perl-TimeDate.noarch 1:2.30-2.el7 will be installed
---> Package perl-XML-SAX-Base.noarch 0:1.08-7.el7 will be installed
---> Package perl-XML-SAX-Writer.noarch 0:0.53-4.el7 will be installed
--> Processing Dependency: perl(XML::NamespaceSupport) for package: perl-XML-SAX-Writer-0.53-4.el7.noarch
--> Processing Dependency: perl(XML::Filter::BufferText) for package: perl-XML-SAX-Writer-0.53-4.el7.noarch
---> Package perl-libwww-perl.noarch 0:6.05-2.el7 will be installed
--> Processing Dependency: perl(WWW::RobotRules) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch
--> Processing Dependency: perl(Net::HTTP) >= 6.04 for package: perl-libwww-perl-6.05-2.el7.noarch
--> Processing Dependency: perl(HTTP::Daemon) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch
--> Processing Dependency: perl(HTTP::Cookies) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch
--> Processing Dependency: perl(File::Listing) >= 6 for package: perl-libwww-perl-6.05-2.el7.noarch
---> Package perl-version.x86_64 3:0.99.07-2.el7 will be installed
---> Package portreserve.x86_64 0:0.0.5-10.el7 will be installed
---> Package procmail.x86_64 0:3.22-34.el7_0.1 will be installed
---> Package psmisc.x86_64 0:22.20-8.el7 will be installed
--> Running transaction check
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
---> Package perl-Business-ISBN-Data.noarch 0:20120719.001-2.el7 will be installed
---> Package perl-Encode-Locale.noarch 0:1.03-5.el7 will be installed
---> Package perl-ExtUtils-Install.noarch 0:1.58-285.el7 will be installed
--> Processing Dependency: perl-devel for package: perl-ExtUtils-Install-1.58-285.el7.noarch
---> Package perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 will be installed
---> Package perl-File-Listing.noarch 0:6.04-7.el7 will be installed
---> Package perl-HTML-Tagset.noarch 0:3.20-15.el7 will be installed
---> Package perl-HTTP-Cookies.noarch 0:6.01-5.el7 will be installed
---> Package perl-HTTP-Daemon.noarch 0:6.01-5.el7 will be installed
---> Package perl-IO-HTML.noarch 0:1.00-2.el7 will be installed
---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
---> Package perl-Net-HTTP.noarch 0:6.06-2.el7 will be installed
---> Package perl-Test-Harness.noarch 0:3.28-2.el7 will be installed
---> Package perl-Text-Unidecode.noarch 0:0.04-20.el7 will be installed
---> Package perl-WWW-RobotRules.noarch 0:6.02-5.el7 will be installed
---> Package perl-XML-Filter-BufferText.noarch 0:1.01-17.el7 will be installed
---> Package perl-XML-NamespaceSupport.noarch 0:1.11-10.el7 will be installed
--> Running transaction check
---> Package perl-devel.x86_64 4:5.16.3-285.el7 will be installed
--> Processing Dependency: systemtap-sdt-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64
--> Processing Dependency: perl(ExtUtils::ParseXS) for package: 4:perl-devel-5.16.3-285.el7.x86_64
--> Processing Dependency: libdb-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64
--> Processing Dependency: glibc-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64
--> Processing Dependency: gdbm-devel for package: 4:perl-devel-5.16.3-285.el7.x86_64
--> Running transaction check
---> Package gdbm-devel.x86_64 0:1.10-8.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-78.el7 will be installed
--> Processing Dependency: glibc-headers = 2.17-78.el7 for package: glibc-devel-2.17-78.el7.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-78.el7.x86_64
---> Package libdb-devel.x86_64 0:5.3.21-17.el7_0.1 will be installed
---> Package perl-ExtUtils-ParseXS.noarch 1:3.18-2.el7 will be installed
---> Package systemtap-sdt-devel.x86_64 0:2.6-10.el7_1 will be installed
--> Processing Dependency: pyparsing for package: systemtap-sdt-devel-2.6-10.el7_1.x86_64
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.17-78.el7 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-78.el7.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-78.el7.x86_64
---> Package pyparsing.noarch 0:1.5.6-9.el7 will be installed
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.10.0-229.14.1.el7 will be installed
--> Finished Dependency Resolution

Changes in packages about to be updated:


Dependencies Resolved

================================================================================
 Package                      Arch     Version                  Repository
                                                                           Size
================================================================================
Installing:
 amavisd-new                  noarch   2.10.1-4.el7             epel      847 k
Installing for dependencies:
 altermime                    x86_64   0.3.10-10.el7            epel       57 k
 arj                          x86_64   3.10.22-22.el7           epel      171 k
 bzip2                        x86_64   1.0.6-12.el7             base       52 k
 cabextract                   x86_64   1.5-1.el7                epel       43 k
 freeze                       x86_64   2.5.0-16.el7             epel       31 k
 gdbm-devel                   x86_64   1.10-8.el7               base       47 k
 glibc-devel                  x86_64   2.17-78.el7              base      1.0 M
 glibc-headers                x86_64   2.17-78.el7              base      656 k
 kernel-headers               x86_64   3.10.0-229.14.1.el7      updates   2.3 M
 libdb-devel                  x86_64   5.3.21-17.el7_0.1        base       38 k
 libmspack                    x86_64   0.5-0.1.alpha.el7        epel       63 k
 lrzip                        x86_64   0.614-3.el7              epel      187 k
 lzop                         x86_64   1.03-10.el7              base       54 k
 mailcap                      noarch   2.1.41-2.el7             base       31 k
 nomarch                      x86_64   1.4-11.el7               epel       20 k
 p7zip                        x86_64   9.20.1-5.el7             epel      610 k
 p7zip-plugins                x86_64   9.20.1-5.el7             epel      871 k
 pax                          x86_64   3.4-19.el7               base       74 k
 perl-Archive-Tar             noarch   1.92-2.el7               base       73 k
 perl-Archive-Zip             noarch   1.30-11.el7              base      107 k
 perl-Authen-SASL             noarch   2.15-10.el7              base       57 k
 perl-BerkeleyDB              x86_64   0.51-4.el7               epel      148 k
 perl-Business-ISBN           noarch   2.06-2.el7               base       25 k
 perl-Business-ISBN-Data      noarch   20120719.001-2.el7       base       24 k
 perl-Compress-Raw-Bzip2      x86_64   2.061-3.el7              base       32 k
 perl-Compress-Raw-Zlib       x86_64   1:2.061-4.el7            base       57 k
 perl-Convert-ASN1            noarch   0.26-4.el7               base       54 k
 perl-Convert-BinHex          noarch   1.119-20.el7             epel       44 k
 perl-Convert-TNEF            noarch   0.18-2.el7               epel       22 k
 perl-Convert-UUlib           x86_64   2:1.4-5.el7              epel      213 k
 perl-Crypt-OpenSSL-Bignum    x86_64   0.04-18.el7              base       34 k
 perl-Crypt-OpenSSL-RSA       x86_64   0.28-7.el7               base       38 k
 perl-Crypt-OpenSSL-Random    x86_64   0.04-21.el7              base       24 k
 perl-DBD-SQLite              x86_64   1.39-3.el7               base      1.3 M
 perl-DBI                     x86_64   1.627-4.el7              base      802 k
 perl-DB_File                 x86_64   1.830-6.el7              base       74 k
 perl-Data-Dumper             x86_64   2.145-3.el7              base       47 k
 perl-Digest                  noarch   1.17-245.el7             base       23 k
 perl-Digest-HMAC             noarch   1.03-5.el7               base       16 k
 perl-Digest-MD5              x86_64   2.52-3.el7               base       30 k
 perl-Digest-SHA              x86_64   1:5.85-3.el7             base       58 k
 perl-Digest-SHA1             x86_64   2.13-9.el7               base       50 k
 perl-Encode-Detect           x86_64   1.01-13.el7              base       82 k
 perl-Encode-Locale           noarch   1.03-5.el7               base       16 k
 perl-Error                   noarch   1:0.17020-2.el7          base       32 k
 perl-ExtUtils-Install        noarch   1.58-285.el7             base       73 k
 perl-ExtUtils-MakeMaker      noarch   6.68-3.el7               base      275 k
 perl-ExtUtils-Manifest       noarch   1.61-244.el7             base       31 k
 perl-ExtUtils-ParseXS        noarch   1:3.18-2.el7             base       77 k
 perl-File-Listing            noarch   6.04-7.el7               base       13 k
 perl-GSSAPI                  x86_64   0.28-9.el7               base       59 k
 perl-HTML-Parser             x86_64   3.71-4.el7               base      115 k
 perl-HTML-Tagset             noarch   3.20-15.el7              base       18 k
 perl-HTTP-Cookies            noarch   6.01-5.el7               base       26 k
 perl-HTTP-Daemon             noarch   6.01-5.el7               base       20 k
 perl-HTTP-Date               noarch   6.02-8.el7               base       14 k
 perl-HTTP-Message            noarch   6.06-6.el7               base       82 k
 perl-HTTP-Negotiate          noarch   6.01-5.el7               base       17 k
 perl-IO-Compress             noarch   2.061-2.el7              base      260 k
 perl-IO-HTML                 noarch   1.00-2.el7               base       23 k
 perl-IO-Multiplex            noarch   1.13-6.el7               epel       25 k
 perl-IO-Socket-INET6         noarch   2.69-5.el7               base       20 k
 perl-IO-Socket-IP            noarch   0.21-4.el7               base       35 k
 perl-IO-Socket-SSL           noarch   1.94-3.el7               base      113 k
 perl-IO-Zlib                 noarch   1:1.10-285.el7           base       50 k
 perl-IO-stringy              noarch   2.110-22.el7             base       71 k
 perl-JSON                    noarch   2.59-2.el7               base       96 k
 perl-LDAP                    noarch   1:0.56-3.el7             base      411 k
 perl-LWP-MediaTypes          noarch   6.02-2.el7               base       24 k
 perl-MIME-tools              noarch   5.505-1.el7              epel      256 k
 perl-Mail-DKIM               noarch   0.39-8.el7               base      129 k
 perl-Mail-SPF                noarch   2.8.0-4.el7              base      140 k
 perl-MailTools               noarch   2.12-2.el7               base      108 k
 perl-Net-DNS                 x86_64   0.72-5.el7               base      308 k
 perl-Net-Daemon              noarch   0.48-5.el7               base       51 k
 perl-Net-HTTP                noarch   6.06-2.el7               base       29 k
 perl-Net-LibIDN              x86_64   0.12-15.el7              base       28 k
 perl-Net-SMTP-SSL            noarch   1.01-13.el7              base      9.1 k
 perl-Net-SSLeay              x86_64   1.55-3.el7               base      285 k
 perl-Net-Server              noarch   2.007-2.el7              epel      208 k
 perl-NetAddr-IP              x86_64   4.069-3.el7              base      125 k
 perl-Package-Constants       noarch   1:0.02-285.el7           base       44 k
 perl-PlRPC                   noarch   0.2020-14.el7            base       36 k
 perl-Razor-Agent             x86_64   2.85-15.el7              epel      121 k
 perl-Socket6                 x86_64   0.23-15.el7              base       27 k
 perl-Sys-Syslog              x86_64   0.33-3.el7               base       42 k
 perl-Test-Harness            noarch   3.28-2.el7               base      302 k
 perl-Text-Soundex            x86_64   3.04-4.el7               base       19 k
 perl-Text-Unidecode          noarch   0.04-20.el7              base      114 k
 perl-TimeDate                noarch   1:2.30-2.el7             base       52 k
 perl-URI                     noarch   1.60-9.el7               base      106 k
 perl-Unix-Syslog             x86_64   1.1-17.el7               epel       29 k
 perl-WWW-RobotRules          noarch   6.02-5.el7               base       18 k
 perl-XML-Filter-BufferText   noarch   1.01-17.el7              base       11 k
 perl-XML-NamespaceSupport    noarch   1.11-10.el7              base       18 k
 perl-XML-SAX-Base            noarch   1.08-7.el7               base       32 k
 perl-XML-SAX-Writer          noarch   0.53-4.el7               base       25 k
 perl-devel                   x86_64   4:5.16.3-285.el7         base      452 k
 perl-libwww-perl             noarch   6.05-2.el7               base      205 k
 perl-version                 x86_64   3:0.99.07-2.el7          base       84 k
 portreserve                  x86_64   0.0.5-10.el7             base       25 k
 procmail                     x86_64   3.22-34.el7_0.1          base      171 k
 psmisc                       x86_64   22.20-8.el7              base      140 k
 pyparsing                    noarch   1.5.6-9.el7              base       94 k
 spamassassin                 x86_64   3.4.0-1.el7              base      1.2 M
 systemtap-sdt-devel          x86_64   2.6-10.el7_1             updates    63 k
 tmpwatch                     x86_64   2.11-5.el7               base       38 k
 unzoo                        x86_64   4.4-16.el7               epel       24 k

Transaction Summary
================================================================================
Install  1 Package (+108 Dependent packages)

Total download size: 17 M
Installed size: 44 M
Is this ok [y/d/N]: y
Downloading packages:
(1/109): altermime-0.3.10-10.el7.x86_64.rpm                |  57 kB   00:00     
(2/109): amavisd-new-2.10.1-4.el7.noarch.rpm               | 847 kB   00:00     
(3/109): arj-3.10.22-22.el7.x86_64.rpm                     | 171 kB   00:00     
(4/109): cabextract-1.5-1.el7.x86_64.rpm                   |  43 kB   00:00     
(5/109): freeze-2.5.0-16.el7.x86_64.rpm                    |  31 kB   00:00     
(6/109): bzip2-1.0.6-12.el7.x86_64.rpm                     |  52 kB   00:00     
(7/109): gdbm-devel-1.10-8.el7.x86_64.rpm                  |  47 kB   00:00     
(8/109): glibc-devel-2.17-78.el7.x86_64.rpm                | 1.0 MB   00:00     
(9/109): glibc-headers-2.17-78.el7.x86_64.rpm              | 656 kB   00:00     
(10/109): libdb-devel-5.3.21-17.el7_0.1.x86_64.rpm         |  38 kB   00:00     
(11/109): lzop-1.03-10.el7.x86_64.rpm                      |  54 kB   00:00     
(12/109): kernel-headers-3.10.0-229.14.1.el7.x86_64.rpm    | 2.3 MB   00:00     
(13/109): libmspack-0.5-0.1.alpha.el7.x86_64.rpm           |  63 kB   00:00     
(14/109): mailcap-2.1.41-2.el7.noarch.rpm                  |  31 kB   00:00     
(15/109): lrzip-0.614-3.el7.x86_64.rpm                     | 187 kB   00:00     
(16/109): nomarch-1.4-11.el7.x86_64.rpm                    |  20 kB   00:00     
(17/109): p7zip-plugins-9.20.1-5.el7.x86_64.rpm            | 871 kB   00:00     
(18/109): p7zip-9.20.1-5.el7.x86_64.rpm                    | 610 kB   00:00     
(19/109): pax-3.4-19.el7.x86_64.rpm                        |  74 kB   00:00     
(20/109): perl-Archive-Tar-1.92-2.el7.noarch.rpm           |  73 kB   00:00     
(21/109): perl-Archive-Zip-1.30-11.el7.noarch.rpm          | 107 kB   00:00     
(22/109): perl-Authen-SASL-2.15-10.el7.noarch.rpm          |  57 kB   00:00     
(23/109): perl-Business-ISBN-2.06-2.el7.noarch.rpm         |  25 kB   00:00     
(24/109): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm   |  32 kB   00:00     
(25/109): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm    |  57 kB   00:00     
(26/109): perl-Convert-ASN1-0.26-4.el7.noarch.rpm          |  54 kB   00:00     
(27/109): perl-BerkeleyDB-0.51-4.el7.x86_64.rpm            | 148 kB   00:00     
(28/109): perl-Business-ISBN-Data-20120719.001-2.el7.noarc |  24 kB   00:00     
(29/109): perl-Convert-TNEF-0.18-2.el7.noarch.rpm          |  22 kB   00:00     
(30/109): perl-Convert-UUlib-1.4-5.el7.x86_64.rpm          | 213 kB   00:00     
(31/109): perl-Convert-BinHex-1.119-20.el7.noarch.rpm      |  44 kB   00:00     
(32/109): perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64.rpm |  34 kB   00:00     
(33/109): perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64.rpm |  24 kB   00:00     
(34/109): perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64.rpm     |  38 kB   00:00     
(35/109): perl-DBD-SQLite-1.39-3.el7.x86_64.rpm            | 1.3 MB   00:00     
(36/109): perl-DBI-1.627-4.el7.x86_64.rpm                  | 802 kB   00:00     
(37/109): perl-DB_File-1.830-6.el7.x86_64.rpm              |  74 kB   00:00     
(38/109): perl-Data-Dumper-2.145-3.el7.x86_64.rpm          |  47 kB   00:00     
(39/109): perl-Digest-1.17-245.el7.noarch.rpm              |  23 kB   00:00     
(40/109): perl-Digest-HMAC-1.03-5.el7.noarch.rpm           |  16 kB   00:00     
(41/109): perl-Digest-MD5-2.52-3.el7.x86_64.rpm            |  30 kB   00:00     
(42/109): perl-Digest-SHA-5.85-3.el7.x86_64.rpm            |  58 kB   00:00     
(43/109): perl-Digest-SHA1-2.13-9.el7.x86_64.rpm           |  50 kB   00:00     
(44/109): perl-Encode-Locale-1.03-5.el7.noarch.rpm         |  16 kB   00:00     
(45/109): perl-Encode-Detect-1.01-13.el7.x86_64.rpm        |  82 kB   00:00     
(46/109): perl-Error-0.17020-2.el7.noarch.rpm              |  32 kB   00:00     
(47/109): perl-ExtUtils-Install-1.58-285.el7.noarch.rpm    |  73 kB   00:00     
(48/109): perl-ExtUtils-Manifest-1.61-244.el7.noarch.rpm   |  31 kB   00:00     
(49/109): perl-ExtUtils-MakeMaker-6.68-3.el7.noarch.rpm    | 275 kB   00:00     
(50/109): perl-ExtUtils-ParseXS-3.18-2.el7.noarch.rpm      |  77 kB   00:00     
(51/109): perl-File-Listing-6.04-7.el7.noarch.rpm          |  13 kB   00:00     
(52/109): perl-GSSAPI-0.28-9.el7.x86_64.rpm                |  59 kB   00:00     
(53/109): perl-HTML-Parser-3.71-4.el7.x86_64.rpm           | 115 kB   00:00     
(54/109): perl-HTML-Tagset-3.20-15.el7.noarch.rpm          |  18 kB   00:00     
(55/109): perl-HTTP-Cookies-6.01-5.el7.noarch.rpm          |  26 kB   00:00     
(56/109): perl-HTTP-Daemon-6.01-5.el7.noarch.rpm           |  20 kB   00:00     
(57/109): perl-HTTP-Date-6.02-8.el7.noarch.rpm             |  14 kB   00:00     
(58/109): perl-HTTP-Negotiate-6.01-5.el7.noarch.rpm        |  17 kB   00:00     
(59/109): perl-HTTP-Message-6.06-6.el7.noarch.rpm          |  82 kB   00:00     
(60/109): perl-IO-Compress-2.061-2.el7.noarch.rpm          | 260 kB   00:00     
(61/109): perl-IO-HTML-1.00-2.el7.noarch.rpm               |  23 kB   00:00     
(62/109): perl-IO-Socket-INET6-2.69-5.el7.noarch.rpm       |  20 kB   00:00     
(63/109): perl-IO-Socket-SSL-1.94-3.el7.noarch.rpm         | 113 kB   00:00     
(64/109): perl-IO-Zlib-1.10-285.el7.noarch.rpm             |  50 kB   00:00     
(65/109): perl-IO-stringy-2.110-22.el7.noarch.rpm          |  71 kB   00:00     
(66/109): perl-JSON-2.59-2.el7.noarch.rpm                  |  96 kB   00:00     
(67/109): perl-LDAP-0.56-3.el7.noarch.rpm                  | 411 kB   00:00     
(68/109): perl-LWP-MediaTypes-6.02-2.el7.noarch.rpm        |  24 kB   00:00     
(69/109): perl-Mail-DKIM-0.39-8.el7.noarch.rpm             | 129 kB   00:00     
(70/109): perl-Mail-SPF-2.8.0-4.el7.noarch.rpm             | 140 kB   00:00     
(71/109): perl-MailTools-2.12-2.el7.noarch.rpm             | 108 kB   00:00     
(72/109): perl-Net-DNS-0.72-5.el7.x86_64.rpm               | 308 kB   00:00     
(73/109): perl-Net-Daemon-0.48-5.el7.noarch.rpm            |  51 kB   00:00     
(74/109): perl-Net-HTTP-6.06-2.el7.noarch.rpm              |  29 kB   00:00     
(75/109): perl-Net-LibIDN-0.12-15.el7.x86_64.rpm           |  28 kB   00:00     
(76/109): perl-IO-Multiplex-1.13-6.el7.noarch.rpm          |  25 kB   00:00     
(77/109): perl-Net-SMTP-SSL-1.01-13.el7.noarch.rpm         | 9.1 kB   00:00     
(78/109): perl-IO-Socket-IP-0.21-4.el7.noarch.rpm          |  35 kB   00:00     
(79/109): perl-Net-SSLeay-1.55-3.el7.x86_64.rpm            | 285 kB   00:00     
(80/109): perl-NetAddr-IP-4.069-3.el7.x86_64.rpm           | 125 kB   00:00     
(81/109): perl-Package-Constants-0.02-285.el7.noarch.rpm   |  44 kB   00:00     
(82/109): perl-PlRPC-0.2020-14.el7.noarch.rpm              |  36 kB   00:00     
(83/109): perl-MIME-tools-5.505-1.el7.noarch.rpm           | 256 kB   00:00     
(84/109): perl-Razor-Agent-2.85-15.el7.x86_64.rpm          | 121 kB   00:00     
(85/109): perl-Net-Server-2.007-2.el7.noarch.rpm           | 208 kB   00:00     
(86/109): perl-Socket6-0.23-15.el7.x86_64.rpm              |  27 kB   00:00     
(87/109): perl-Sys-Syslog-0.33-3.el7.x86_64.rpm            |  42 kB   00:00     
(88/109): perl-Text-Soundex-3.04-4.el7.x86_64.rpm          |  19 kB   00:00     
(89/109): perl-Test-Harness-3.28-2.el7.noarch.rpm          | 302 kB   00:00     
(90/109): perl-Text-Unidecode-0.04-20.el7.noarch.rpm       | 114 kB   00:00     
(91/109): perl-TimeDate-2.30-2.el7.noarch.rpm              |  52 kB   00:00     
(92/109): perl-URI-1.60-9.el7.noarch.rpm                   | 106 kB   00:00     
(93/109): perl-WWW-RobotRules-6.02-5.el7.noarch.rpm        |  18 kB   00:00     
(94/109): perl-XML-NamespaceSupport-1.11-10.el7.noarch.rpm |  18 kB   00:00     
(95/109): perl-XML-SAX-Base-1.08-7.el7.noarch.rpm          |  32 kB   00:00     
(96/109): perl-XML-SAX-Writer-0.53-4.el7.noarch.rpm        |  25 kB   00:00     
(97/109): perl-devel-5.16.3-285.el7.x86_64.rpm             | 452 kB   00:00     
(98/109): perl-libwww-perl-6.05-2.el7.noarch.rpm           | 205 kB   00:00     
(99/109): perl-version-0.99.07-2.el7.x86_64.rpm            |  84 kB   00:00     
(100/109): portreserve-0.0.5-10.el7.x86_64.rpm             |  25 kB   00:00     
(101/109): procmail-3.22-34.el7_0.1.x86_64.rpm             | 171 kB   00:00     
(102/109): psmisc-22.20-8.el7.x86_64.rpm                   | 140 kB   00:00     
(103/109): pyparsing-1.5.6-9.el7.noarch.rpm                |  94 kB   00:00     
(104/109): spamassassin-3.4.0-1.el7.x86_64.rpm             | 1.2 MB   00:00     
(105/109): perl-XML-Filter-BufferText-1.01-17.el7.noarch.r |  11 kB   00:00     
(106/109): perl-Unix-Syslog-1.1-17.el7.x86_64.rpm          |  29 kB   00:00     
(107/109): tmpwatch-2.11-5.el7.x86_64.rpm                  |  38 kB   00:00     
(108/109): systemtap-sdt-devel-2.6-10.el7_1.x86_64.rpm     |  63 kB   00:00     
(109/109): unzoo-4.4-16.el7.x86_64.rpm                     |  24 kB   00:00     
--------------------------------------------------------------------------------
Total                                              4.7 MB/s |  17 MB  00:03     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : perl-Data-Dumper-2.145-3.el7.x86_64                        1/109 
  Installing : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64                2/109 
  Installing : perl-Sys-Syslog-0.33-3.el7.x86_64                          3/109 
  Installing : perl-NetAddr-IP-4.069-3.el7.x86_64                         4/109 
  Installing : perl-XML-SAX-Base-1.08-7.el7.noarch                        5/109 
  Installing : perl-Net-LibIDN-0.12-15.el7.x86_64                         6/109 
  Installing : perl-Socket6-0.23-15.el7.x86_64                            7/109 
  Installing : perl-Encode-Locale-1.03-5.el7.noarch                       8/109 
  Installing : 1:perl-TimeDate-2.30-2.el7.noarch                          9/109 
  Installing : perl-HTTP-Date-6.02-8.el7.noarch                          10/109 
  Installing : perl-Digest-1.17-245.el7.noarch                           11/109 
  Installing : perl-Digest-MD5-2.52-3.el7.x86_64                         12/109 
  Installing : 1:perl-Digest-SHA-5.85-3.el7.x86_64                       13/109 
  Installing : perl-Digest-HMAC-1.03-5.el7.noarch                        14/109 
  Installing : perl-Net-DNS-0.72-5.el7.x86_64                            15/109 
  Installing : perl-Net-SSLeay-1.55-3.el7.x86_64                         16/109 
  Installing : perl-IO-Socket-IP-0.21-4.el7.noarch                       17/109 
  Installing : perl-IO-Socket-SSL-1.94-3.el7.noarch                      18/109 
  Installing : perl-IO-stringy-2.110-22.el7.noarch                       19/109 
  Installing : perl-Net-SMTP-SSL-1.01-13.el7.noarch                      20/109 
  Installing : perl-MailTools-2.12-2.el7.noarch                          21/109 
  Installing : perl-File-Listing-6.04-7.el7.noarch                       22/109 
  Installing : perl-IO-Socket-INET6-2.69-5.el7.noarch                    23/109 
  Installing : perl-XML-Filter-BufferText-1.01-17.el7.noarch             24/109 
  Installing : perl-Archive-Zip-1.30-11.el7.noarch                       25/109 
  Installing : freeze-2.5.0-16.el7.x86_64                                26/109 
  Installing : altermime-0.3.10-10.el7.x86_64                            27/109 
  Installing : 1:perl-Error-0.17020-2.el7.noarch                         28/109 
  Installing : perl-Test-Harness-3.28-2.el7.noarch                       29/109 
  Installing : perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64              30/109 
  Installing : perl-Net-Daemon-0.48-5.el7.noarch                         31/109 
  Installing : pax-3.4-19.el7.x86_64                                     32/109 
  Installing : pyparsing-1.5.6-9.el7.noarch                              33/109 
  Installing : systemtap-sdt-devel-2.6-10.el7_1.x86_64                   34/109 
  Installing : 1:perl-Package-Constants-0.02-285.el7.noarch              35/109 
  Installing : kernel-headers-3.10.0-229.14.1.el7.x86_64                 36/109 
  Installing : glibc-headers-2.17-78.el7.x86_64                          37/109 
  Installing : glibc-devel-2.17-78.el7.x86_64                            38/109 
  Installing : 2:perl-Convert-UUlib-1.4-5.el7.x86_64                     39/109 
  Installing : perl-Text-Unidecode-0.04-20.el7.noarch                    40/109 
  Installing : perl-Text-Soundex-3.04-4.el7.x86_64                       41/109 
  Installing : perl-IO-HTML-1.00-2.el7.noarch                            42/109 
  Installing : nomarch-1.4-11.el7.x86_64                                 43/109 
  Installing : perl-Unix-Syslog-1.1-17.el7.x86_64                        44/109 
  Installing : perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64              45/109 
  Installing : perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64                  46/109 
  Installing : perl-Mail-DKIM-0.39-8.el7.noarch                          47/109 
  Installing : lzop-1.03-10.el7.x86_64                                   48/109 
  Installing : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64                49/109 
  Installing : perl-IO-Compress-2.061-2.el7.noarch                       50/109 
  Installing : 1:perl-IO-Zlib-1.10-285.el7.noarch                        51/109 
  Installing : perl-Archive-Tar-1.92-2.el7.noarch                        52/109 
  Installing : perl-Net-HTTP-6.06-2.el7.noarch                           53/109 
  Installing : perl-PlRPC-0.2020-14.el7.noarch                           54/109 
  Installing : perl-DBI-1.627-4.el7.x86_64                               55/109 
  Installing : perl-DBD-SQLite-1.39-3.el7.x86_64                         56/109 
  Installing : perl-BerkeleyDB-0.51-4.el7.x86_64                         57/109 
  Installing : perl-ExtUtils-Manifest-1.61-244.el7.noarch                58/109 
  Installing : mailcap-2.1.41-2.el7.noarch                               59/109 
  Installing : perl-LWP-MediaTypes-6.02-2.el7.noarch                     60/109 
  Installing : perl-JSON-2.59-2.el7.noarch                               61/109 
  Installing : perl-Convert-ASN1-0.26-4.el7.noarch                       62/109 
  Installing : p7zip-9.20.1-5.el7.x86_64                                 63/109 
  Installing : perl-IO-Multiplex-1.13-6.el7.noarch                       64/109 
  Installing : perl-Net-Server-2.007-2.el7.noarch                        65/109 
  Installing : arj-3.10.22-22.el7.x86_64                                 66/109 
  Installing : perl-DB_File-1.830-6.el7.x86_64                           67/109 
  Installing : perl-Encode-Detect-1.01-13.el7.x86_64                     68/109 
  Installing : procmail-3.22-34.el7_0.1.x86_64                           69/109 
  Installing : perl-GSSAPI-0.28-9.el7.x86_64                             70/109 
  Installing : perl-Authen-SASL-2.15-10.el7.noarch                       71/109 
  Installing : unzoo-4.4-16.el7.x86_64                                   72/109 
  Installing : portreserve-0.0.5-10.el7.x86_64                           73/109 
  Installing : libmspack-0.5-0.1.alpha.el7.x86_64                        74/109 
  Installing : cabextract-1.5-1.el7.x86_64                               75/109 
  Installing : gdbm-devel-1.10-8.el7.x86_64                              76/109 
  Installing : 3:perl-version-0.99.07-2.el7.x86_64                       77/109 
  Installing : perl-Convert-BinHex-1.119-20.el7.noarch                   78/109 
  Installing : perl-MIME-tools-5.505-1.el7.noarch                        79/109 
  Installing : perl-Convert-TNEF-0.18-2.el7.noarch                       80/109 
  Installing : perl-HTML-Tagset-3.20-15.el7.noarch                       81/109 
  Installing : libdb-devel-5.3.21-17.el7_0.1.x86_64                      82/109 
  Installing : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch                 83/109 
  Installing : perl-ExtUtils-Install-1.58-285.el7.noarch                 84/109 
  Installing : 1:perl-ExtUtils-ParseXS-3.18-2.el7.noarch                 85/109 
  Installing : 4:perl-devel-5.16.3-285.el7.x86_64                        86/109 
  Installing : perl-Digest-SHA1-2.13-9.el7.x86_64                        87/109 
  Installing : lrzip-0.614-3.el7.x86_64                                  88/109 
  Installing : perl-XML-NamespaceSupport-1.11-10.el7.noarch              89/109 
  Installing : perl-XML-SAX-Writer-0.53-4.el7.noarch                     90/109 
  Installing : perl-Business-ISBN-Data-20120719.001-2.el7.noarch         91/109 
  Installing : perl-Business-ISBN-2.06-2.el7.noarch                      92/109 
  Installing : perl-URI-1.60-9.el7.noarch                                93/109 
  Installing : perl-HTTP-Message-6.06-6.el7.noarch                       94/109 
  Installing : perl-HTML-Parser-3.71-4.el7.x86_64                        95/109 
  Installing : perl-HTTP-Negotiate-6.01-5.el7.noarch                     96/109 
  Installing : perl-Mail-SPF-2.8.0-4.el7.noarch                          97/109 
  Installing : perl-HTTP-Cookies-6.01-5.el7.noarch                       98/109 
  Installing : perl-HTTP-Daemon-6.01-5.el7.noarch                        99/109 
  Installing : perl-Razor-Agent-2.85-15.el7.x86_64                      100/109 
  Installing : perl-WWW-RobotRules-6.02-5.el7.noarch                    101/109 
  Installing : perl-libwww-perl-6.05-2.el7.noarch                       102/109 
  Installing : spamassassin-3.4.0-1.el7.x86_64                          103/109 
  Installing : 1:perl-LDAP-0.56-3.el7.noarch                            104/109 
  Installing : p7zip-plugins-9.20.1-5.el7.x86_64                        105/109 
  Installing : psmisc-22.20-8.el7.x86_64                                106/109 
  Installing : tmpwatch-2.11-5.el7.x86_64                               107/109 
  Installing : bzip2-1.0.6-12.el7.x86_64                                108/109 
  Installing : amavisd-new-2.10.1-4.el7.noarch                          109/109 
  Verifying  : perl-IO-stringy-2.110-22.el7.noarch                        1/109 
  Verifying  : perl-IO-Socket-IP-0.21-4.el7.noarch                        2/109 
  Verifying  : cabextract-1.5-1.el7.x86_64                                3/109 
  Verifying  : perl-XML-SAX-Writer-0.53-4.el7.noarch                      4/109 
  Verifying  : perl-LWP-MediaTypes-6.02-2.el7.noarch                      5/109 
  Verifying  : perl-Mail-SPF-2.8.0-4.el7.noarch                           6/109 
  Verifying  : bzip2-1.0.6-12.el7.x86_64                                  7/109 
  Verifying  : psmisc-22.20-8.el7.x86_64                                  8/109 
  Verifying  : p7zip-plugins-9.20.1-5.el7.x86_64                          9/109 
  Verifying  : perl-Sys-Syslog-0.33-3.el7.x86_64                         10/109 
  Verifying  : perl-Razor-Agent-2.85-15.el7.x86_64                       11/109 
  Verifying  : perl-Business-ISBN-Data-20120719.001-2.el7.noarch         12/109 
  Verifying  : perl-DBI-1.627-4.el7.x86_64                               13/109 
  Verifying  : glibc-devel-2.17-78.el7.x86_64                            14/109 
  Verifying  : perl-XML-NamespaceSupport-1.11-10.el7.noarch              15/109 
  Verifying  : amavisd-new-2.10.1-4.el7.noarch                           16/109 
  Verifying  : perl-Data-Dumper-2.145-3.el7.x86_64                       17/109 
  Verifying  : lrzip-0.614-3.el7.x86_64                                  18/109 
  Verifying  : perl-Digest-SHA1-2.13-9.el7.x86_64                        19/109 
  Verifying  : 1:perl-Digest-SHA-5.85-3.el7.x86_64                       20/109 
  Verifying  : glibc-headers-2.17-78.el7.x86_64                          21/109 
  Verifying  : systemtap-sdt-devel-2.6-10.el7_1.x86_64                   22/109 
  Verifying  : perl-Net-HTTP-6.06-2.el7.noarch                           23/109 
  Verifying  : 4:perl-devel-5.16.3-285.el7.x86_64                        24/109 
  Verifying  : libdb-devel-5.3.21-17.el7_0.1.x86_64                      25/109 
  Verifying  : perl-HTML-Tagset-3.20-15.el7.noarch                       26/109 
  Verifying  : perl-Convert-BinHex-1.119-20.el7.noarch                   27/109 
  Verifying  : 3:perl-version-0.99.07-2.el7.x86_64                       28/109 
  Verifying  : perl-MailTools-2.12-2.el7.noarch                          29/109 
  Verifying  : perl-Mail-DKIM-0.39-8.el7.noarch                          30/109 
  Verifying  : spamassassin-3.4.0-1.el7.x86_64                           31/109 
  Verifying  : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch                 32/109 
  Verifying  : 1:perl-IO-Zlib-1.10-285.el7.noarch                        33/109 
  Verifying  : gdbm-devel-1.10-8.el7.x86_64                              34/109 
  Verifying  : libmspack-0.5-0.1.alpha.el7.x86_64                        35/109 
  Verifying  : portreserve-0.0.5-10.el7.x86_64                           36/109 
  Verifying  : unzoo-4.4-16.el7.x86_64                                   37/109 
  Verifying  : perl-Net-SSLeay-1.55-3.el7.x86_64                         38/109 
  Verifying  : perl-Digest-HMAC-1.03-5.el7.noarch                        39/109 
  Verifying  : perl-GSSAPI-0.28-9.el7.x86_64                             40/109 
  Verifying  : procmail-3.22-34.el7_0.1.x86_64                           41/109 
  Verifying  : perl-Encode-Detect-1.01-13.el7.x86_64                     42/109 
  Verifying  : perl-Net-DNS-0.72-5.el7.x86_64                            43/109 
  Verifying  : perl-MIME-tools-5.505-1.el7.noarch                        44/109 
  Verifying  : perl-DB_File-1.830-6.el7.x86_64                           45/109 
  Verifying  : arj-3.10.22-22.el7.x86_64                                 46/109 
  Verifying  : 1:perl-LDAP-0.56-3.el7.noarch                             47/109 
  Verifying  : perl-IO-Multiplex-1.13-6.el7.noarch                       48/109 
  Verifying  : perl-HTTP-Date-6.02-8.el7.noarch                          49/109 
  Verifying  : perl-IO-Socket-SSL-1.94-3.el7.noarch                      50/109 
  Verifying  : perl-Digest-1.17-245.el7.noarch                           51/109 
  Verifying  : p7zip-9.20.1-5.el7.x86_64                                 52/109 
  Verifying  : perl-File-Listing-6.04-7.el7.noarch                       53/109 
  Verifying  : perl-Convert-ASN1-0.26-4.el7.noarch                       54/109 
  Verifying  : perl-JSON-2.59-2.el7.noarch                               55/109 
  Verifying  : perl-Business-ISBN-2.06-2.el7.noarch                      56/109 
  Verifying  : mailcap-2.1.41-2.el7.noarch                               57/109 
  Verifying  : perl-ExtUtils-Manifest-1.61-244.el7.noarch                58/109 
  Verifying  : perl-DBD-SQLite-1.39-3.el7.x86_64                         59/109 
  Verifying  : perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64                  60/109 
  Verifying  : perl-BerkeleyDB-0.51-4.el7.x86_64                         61/109 
  Verifying  : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64                62/109 
  Verifying  : lzop-1.03-10.el7.x86_64                                   63/109 
  Verifying  : perl-HTML-Parser-3.71-4.el7.x86_64                        64/109 
  Verifying  : perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64              65/109 
  Verifying  : perl-WWW-RobotRules-6.02-5.el7.noarch                     66/109 
  Verifying  : perl-Digest-MD5-2.52-3.el7.x86_64                         67/109 
  Verifying  : perl-HTTP-Message-6.06-6.el7.noarch                       68/109 
  Verifying  : perl-Unix-Syslog-1.1-17.el7.x86_64                        69/109 
  Verifying  : perl-Authen-SASL-2.15-10.el7.noarch                       70/109 
  Verifying  : nomarch-1.4-11.el7.x86_64                                 71/109 
  Verifying  : perl-HTTP-Cookies-6.01-5.el7.noarch                       72/109 
  Verifying  : perl-HTTP-Negotiate-6.01-5.el7.noarch                     73/109 
  Verifying  : perl-Net-SMTP-SSL-1.01-13.el7.noarch                      74/109 
  Verifying  : perl-IO-HTML-1.00-2.el7.noarch                            75/109 
  Verifying  : perl-Text-Unidecode-0.04-20.el7.noarch                    76/109 
  Verifying  : perl-PlRPC-0.2020-14.el7.noarch                           77/109 
  Verifying  : 2:perl-Convert-UUlib-1.4-5.el7.x86_64                     78/109 
  Verifying  : 1:perl-TimeDate-2.30-2.el7.noarch                         79/109 
  Verifying  : perl-IO-Socket-INET6-2.69-5.el7.noarch                    80/109 
  Verifying  : perl-Text-Soundex-3.04-4.el7.x86_64                       81/109 
  Verifying  : perl-Archive-Tar-1.92-2.el7.noarch                        82/109 
  Verifying  : perl-XML-SAX-Base-1.08-7.el7.noarch                       83/109 
  Verifying  : perl-Convert-TNEF-0.18-2.el7.noarch                       84/109 
  Verifying  : kernel-headers-3.10.0-229.14.1.el7.x86_64                 85/109 
  Verifying  : perl-IO-Compress-2.061-2.el7.noarch                       86/109 
  Verifying  : perl-NetAddr-IP-4.069-3.el7.x86_64                        87/109 
  Verifying  : 1:perl-Package-Constants-0.02-285.el7.noarch              88/109 
  Verifying  : pyparsing-1.5.6-9.el7.noarch                              89/109 
  Verifying  : perl-Net-Server-2.007-2.el7.noarch                        90/109 
  Verifying  : pax-3.4-19.el7.x86_64                                     91/109 
  Verifying  : perl-Net-Daemon-0.48-5.el7.noarch                         92/109 
  Verifying  : perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64              93/109 
  Verifying  : perl-Test-Harness-3.28-2.el7.noarch                       94/109 
  Verifying  : tmpwatch-2.11-5.el7.x86_64                                95/109 
  Verifying  : perl-Encode-Locale-1.03-5.el7.noarch                      96/109 
  Verifying  : perl-XML-Filter-BufferText-1.01-17.el7.noarch             97/109 
  Verifying  : perl-Socket6-0.23-15.el7.x86_64                           98/109 
  Verifying  : 1:perl-Error-0.17020-2.el7.noarch                         99/109 
  Verifying  : perl-ExtUtils-Install-1.58-285.el7.noarch                100/109 
  Verifying  : perl-HTTP-Daemon-6.01-5.el7.noarch                       101/109 
  Verifying  : 1:perl-ExtUtils-ParseXS-3.18-2.el7.noarch                102/109 
  Verifying  : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64              103/109 
  Verifying  : perl-libwww-perl-6.05-2.el7.noarch                       104/109 
  Verifying  : altermime-0.3.10-10.el7.x86_64                           105/109 
  Verifying  : freeze-2.5.0-16.el7.x86_64                               106/109 
  Verifying  : perl-URI-1.60-9.el7.noarch                               107/109 
  Verifying  : perl-Archive-Zip-1.30-11.el7.noarch                      108/109 
  Verifying  : perl-Net-LibIDN-0.12-15.el7.x86_64                       109/109 

Installed:
  amavisd-new.noarch 0:2.10.1-4.el7                                             

Dependency Installed:
  altermime.x86_64 0:0.3.10-10.el7                                              
  arj.x86_64 0:3.10.22-22.el7                                                   
  bzip2.x86_64 0:1.0.6-12.el7                                                   
  cabextract.x86_64 0:1.5-1.el7                                                 
  freeze.x86_64 0:2.5.0-16.el7                                                  
  gdbm-devel.x86_64 0:1.10-8.el7                                                
  glibc-devel.x86_64 0:2.17-78.el7                                              
  glibc-headers.x86_64 0:2.17-78.el7                                            
  kernel-headers.x86_64 0:3.10.0-229.14.1.el7                                   
  libdb-devel.x86_64 0:5.3.21-17.el7_0.1                                        
  libmspack.x86_64 0:0.5-0.1.alpha.el7                                          
  lrzip.x86_64 0:0.614-3.el7                                                    
  lzop.x86_64 0:1.03-10.el7                                                     
  mailcap.noarch 0:2.1.41-2.el7                                                 
  nomarch.x86_64 0:1.4-11.el7                                                   
  p7zip.x86_64 0:9.20.1-5.el7                                                   
  p7zip-plugins.x86_64 0:9.20.1-5.el7                                           
  pax.x86_64 0:3.4-19.el7                                                       
  perl-Archive-Tar.noarch 0:1.92-2.el7                                          
  perl-Archive-Zip.noarch 0:1.30-11.el7                                         
  perl-Authen-SASL.noarch 0:2.15-10.el7                                         
  perl-BerkeleyDB.x86_64 0:0.51-4.el7                                           
  perl-Business-ISBN.noarch 0:2.06-2.el7                                        
  perl-Business-ISBN-Data.noarch 0:20120719.001-2.el7                           
  perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7                                  
  perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7                                   
  perl-Convert-ASN1.noarch 0:0.26-4.el7                                         
  perl-Convert-BinHex.noarch 0:1.119-20.el7                                     
  perl-Convert-TNEF.noarch 0:0.18-2.el7                                         
  perl-Convert-UUlib.x86_64 2:1.4-5.el7                                         
  perl-Crypt-OpenSSL-Bignum.x86_64 0:0.04-18.el7                                
  perl-Crypt-OpenSSL-RSA.x86_64 0:0.28-7.el7                                    
  perl-Crypt-OpenSSL-Random.x86_64 0:0.04-21.el7                                
  perl-DBD-SQLite.x86_64 0:1.39-3.el7                                           
  perl-DBI.x86_64 0:1.627-4.el7                                                 
  perl-DB_File.x86_64 0:1.830-6.el7                                             
  perl-Data-Dumper.x86_64 0:2.145-3.el7                                         
  perl-Digest.noarch 0:1.17-245.el7                                             
  perl-Digest-HMAC.noarch 0:1.03-5.el7                                          
  perl-Digest-MD5.x86_64 0:2.52-3.el7                                           
  perl-Digest-SHA.x86_64 1:5.85-3.el7                                           
  perl-Digest-SHA1.x86_64 0:2.13-9.el7                                          
  perl-Encode-Detect.x86_64 0:1.01-13.el7                                       
  perl-Encode-Locale.noarch 0:1.03-5.el7                                        
  perl-Error.noarch 1:0.17020-2.el7                                             
  perl-ExtUtils-Install.noarch 0:1.58-285.el7                                   
  perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7                                   
  perl-ExtUtils-Manifest.noarch 0:1.61-244.el7                                  
  perl-ExtUtils-ParseXS.noarch 1:3.18-2.el7                                     
  perl-File-Listing.noarch 0:6.04-7.el7                                         
  perl-GSSAPI.x86_64 0:0.28-9.el7                                               
  perl-HTML-Parser.x86_64 0:3.71-4.el7                                          
  perl-HTML-Tagset.noarch 0:3.20-15.el7                                         
  perl-HTTP-Cookies.noarch 0:6.01-5.el7                                         
  perl-HTTP-Daemon.noarch 0:6.01-5.el7                                          
  perl-HTTP-Date.noarch 0:6.02-8.el7                                            
  perl-HTTP-Message.noarch 0:6.06-6.el7                                         
  perl-HTTP-Negotiate.noarch 0:6.01-5.el7                                       
  perl-IO-Compress.noarch 0:2.061-2.el7                                         
  perl-IO-HTML.noarch 0:1.00-2.el7                                              
  perl-IO-Multiplex.noarch 0:1.13-6.el7                                         
  perl-IO-Socket-INET6.noarch 0:2.69-5.el7                                      
  perl-IO-Socket-IP.noarch 0:0.21-4.el7                                         
  perl-IO-Socket-SSL.noarch 0:1.94-3.el7                                        
  perl-IO-Zlib.noarch 1:1.10-285.el7                                            
  perl-IO-stringy.noarch 0:2.110-22.el7                                         
  perl-JSON.noarch 0:2.59-2.el7                                                 
  perl-LDAP.noarch 1:0.56-3.el7                                                 
  perl-LWP-MediaTypes.noarch 0:6.02-2.el7                                       
  perl-MIME-tools.noarch 0:5.505-1.el7                                          
  perl-Mail-DKIM.noarch 0:0.39-8.el7                                            
  perl-Mail-SPF.noarch 0:2.8.0-4.el7                                            
  perl-MailTools.noarch 0:2.12-2.el7                                            
  perl-Net-DNS.x86_64 0:0.72-5.el7                                              
  perl-Net-Daemon.noarch 0:0.48-5.el7                                           
  perl-Net-HTTP.noarch 0:6.06-2.el7                                             
  perl-Net-LibIDN.x86_64 0:0.12-15.el7                                          
  perl-Net-SMTP-SSL.noarch 0:1.01-13.el7                                        
  perl-Net-SSLeay.x86_64 0:1.55-3.el7                                           
  perl-Net-Server.noarch 0:2.007-2.el7                                          
  perl-NetAddr-IP.x86_64 0:4.069-3.el7                                          
  perl-Package-Constants.noarch 1:0.02-285.el7                                  
  perl-PlRPC.noarch 0:0.2020-14.el7                                             
  perl-Razor-Agent.x86_64 0:2.85-15.el7                                         
  perl-Socket6.x86_64 0:0.23-15.el7                                             
  perl-Sys-Syslog.x86_64 0:0.33-3.el7                                           
  perl-Test-Harness.noarch 0:3.28-2.el7                                         
  perl-Text-Soundex.x86_64 0:3.04-4.el7                                         
  perl-Text-Unidecode.noarch 0:0.04-20.el7                                      
  perl-TimeDate.noarch 1:2.30-2.el7                                             
  perl-URI.noarch 0:1.60-9.el7                                                  
  perl-Unix-Syslog.x86_64 0:1.1-17.el7                                          
  perl-WWW-RobotRules.noarch 0:6.02-5.el7                                       
  perl-XML-Filter-BufferText.noarch 0:1.01-17.el7                               
  perl-XML-NamespaceSupport.noarch 0:1.11-10.el7                                
  perl-XML-SAX-Base.noarch 0:1.08-7.el7                                         
  perl-XML-SAX-Writer.noarch 0:0.53-4.el7                                       
  perl-devel.x86_64 4:5.16.3-285.el7                                            
  perl-libwww-perl.noarch 0:6.05-2.el7                                          
  perl-version.x86_64 3:0.99.07-2.el7                                           
  portreserve.x86_64 0:0.0.5-10.el7                                             
  procmail.x86_64 0:3.22-34.el7_0.1                                             
  psmisc.x86_64 0:22.20-8.el7                                                   
  pyparsing.noarch 0:1.5.6-9.el7                                                
  spamassassin.x86_64 0:3.4.0-1.el7                                             
  systemtap-sdt-devel.x86_64 0:2.6-10.el7_1                                     
  tmpwatch.x86_64 0:2.11-5.el7                                                  
  unzoo.x86_64 0:4.4-16.el7                                                     

Complete!

Die Installation von amavisd-milter, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:

# yum install amavisd-milter
Loaded plugins: changelog, priorities
145 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package amavisd-milter.x86_64 0:1.6.0-6.el7.centos will be installed
--> Processing Dependency: sendmail-milter for package: amavisd-milter-1.6.0-6.el7.centos.x86_64
--> Processing Dependency: libmilter.so.1.0()(64bit) for package: amavisd-milter-1.6.0-6.el7.centos.x86_64
--> Running transaction check
---> Package sendmail-milter.x86_64 0:8.14.7-4.el7 will be installed
--> Finished Dependency Resolution

Changes in packages about to be updated:


Dependencies Resolved

================================================================================
 Package            Arch      Version               Repository             Size
================================================================================
Installing:
 amavisd-milter     x86_64    1.6.0-6.el7.centos    mailserver.guru-os     35 k
Installing for dependencies:
 sendmail-milter    x86_64    8.14.7-4.el7          base                   70 k

Transaction Summary
================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 104 k
Installed size: 141 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): amavisd-milter-1.6.0-6.el7.centos.x86_64.rpm        |  35 kB   00:00     
(2/2): sendmail-milter-8.14.7-4.el7.x86_64.rpm             |  70 kB   00:00     
--------------------------------------------------------------------------------
Total                                              255 kB/s | 104 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : sendmail-milter-8.14.7-4.el7.x86_64                          1/2 
  Installing : amavisd-milter-1.6.0-6.el7.centos.x86_64                     2/2 
  Verifying  : amavisd-milter-1.6.0-6.el7.centos.x86_64                     1/2 
  Verifying  : sendmail-milter-8.14.7-4.el7.x86_64                          2/2 

Installed:
  amavisd-milter.x86_64 0:1.6.0-6.el7.centos                                    

Dependency Installed:
  sendmail-milter.x86_64 0:8.14.7-4.el7                                         

Complete!

Die Installation von lz4, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:

# yum install lz4
Loaded plugins: changelog, priorities
145 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package lz4.x86_64 0:r131-1.el7 will be installed
--> Finished Dependency Resolution

Changes in packages about to be updated:


Dependencies Resolved

================================================================================
 Package        Arch              Version                 Repository       Size
================================================================================
Installing:
 lz4            x86_64            r131-1.el7              epel             70 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 70 k
Installed size: 220 k
Is this ok [y/d/N]: y
Downloading packages:
lz4-r131-1.el7.x86_64.rpm                                  |  70 kB   00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : lz4-r131-1.el7.x86_64                                        1/1 
  Verifying  : lz4-r131-1.el7.x86_64                                        1/1 

Installed:
  lz4.x86_64 0:r131-1.el7                                                       

Complete!

amavisd-new

Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket amavisd-new installiert wurden.

# rpm -qil amavisd-new
Name        : amavisd-new
Version     : 2.10.1
Release     : 4.el7
Architecture: noarch
Install Date: Fri 09 Oct 2015 01:27:25 PM CEST
Group       : Applications/System
Size        : 3257612
License     : GPLv2+ and BSD and GFDL
Signature   : RSA/SHA256, Thu 14 May 2015 07:16:19 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : amavisd-new-2.10.1-4.el7.src.rpm
Build Date  : Thu 14 May 2015 09:20:44 AM CEST
Build Host  : buildhw-12.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.ijs.si/software/amavisd/
Summary     : Email filter with virus scanner and spamassassin support
Description :
amavisd-new is a high-performance and reliable interface between mailer
(MTA) and one or more content checkers: virus scanners, and/or
Mail::SpamAssassin Perl module. It is written in Perl, assuring high
reliability, portability and maintainability. It talks to MTA via (E)SMTP
or LMTP, or by using helper programs. No timing gaps exist in the design
which could cause a mail loss.
/etc/amavisd
/etc/amavisd/amavisd.conf
/etc/clamd.d/amavisd.conf
/usr/bin/amavisd-agent
/usr/bin/amavisd-nanny
/usr/bin/amavisd-release
/usr/bin/amavisd-signer
/usr/bin/amavisd-submit
/usr/lib/systemd/system/amavisd-clean-quarantine.service
/usr/lib/systemd/system/amavisd-clean-quarantine.timer
/usr/lib/systemd/system/amavisd-clean-tmp.service
/usr/lib/systemd/system/amavisd-clean-tmp.timer
/usr/lib/systemd/system/amavisd.service
/usr/lib/tmpfiles.d/amavisd-new.conf
/usr/sbin/amavisd
/usr/share/doc/amavisd-new-2.10.1
/usr/share/doc/amavisd-new-2.10.1/AAAREADME.first
/usr/share/doc/amavisd-new-2.10.1/INSTALL
/usr/share/doc/amavisd-new-2.10.1/LDAP.ldif
/usr/share/doc/amavisd-new-2.10.1/LDAP.schema
/usr/share/doc/amavisd-new-2.10.1/README_FILES
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.banned
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.chroot
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.contributed
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.courier
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.courier-old
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.customize
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v3
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v3_app
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4_app
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.exim_v4_app2
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.fedora
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.ldap
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.lookups
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.milter
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.old.scanners
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.performance
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.policy-on-notifications
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.postfix
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.postfix.html
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.protocol
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.quarantine
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail-dual
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sendmail-dual.old
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql-mysql
/usr/share/doc/amavisd-new-2.10.1/README_FILES/README.sql-pg
/usr/share/doc/amavisd-new-2.10.1/README_FILES/amavisd-new-docs.html
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/blank.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/1.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/10.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/11.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/12.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/13.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/14.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/15.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/2.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/3.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/4.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/5.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/6.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/7.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/8.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/callouts/9.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/caution.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/draft.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/home.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/important.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/next.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/note.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/prev.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/tip.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-blank.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-minus.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/toc-plus.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/up.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/images/warning.png
/usr/share/doc/amavisd-new-2.10.1/README_FILES/screen.css
/usr/share/doc/amavisd-new-2.10.1/RELEASE_NOTES
/usr/share/doc/amavisd-new-2.10.1/TODO
/usr/share/doc/amavisd-new-2.10.1/amavisd-custom.conf
/usr/share/doc/amavisd-new-2.10.1/amavisd.conf-default
/usr/share/doc/amavisd-new-2.10.1/test-messages
/usr/share/doc/amavisd-new-2.10.1/test-messages/README
/usr/share/doc/amavisd-new-2.10.1/test-messages/sample.tar.gz.compl
/usr/share/licenses/amavisd-new-2.10.1
/usr/share/licenses/amavisd-new-2.10.1/LICENSE
/var/run/amavisd
/var/run/clamd.amavisd
/var/spool/amavisd
/var/spool/amavisd/db
/var/spool/amavisd/quarantine
/var/spool/amavisd/tmp

amavisd-milter

Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket amavisd-milter installiert wurden.

# rpm -qil amavisd-milter
Name        : amavisd-milter
Version     : 1.6.0
Release     : 6.el7.centos
Architecture: x86_64
Install Date: Sat 10 Oct 2015 08:41:18 AM CEST
Group       : System Environment/Daemons
Size        : 72985
License     : Petr Rehor <rx@rx.cz>. All rights reserved.
Signature   : RSA/SHA1, Fri 21 Nov 2014 11:43:03 AM CET, Key ID 60ecfb9e8195aea0
Source RPM  : amavisd-milter-1.6.0-6.el7.centos.src.rpm
Build Date  : Fri 21 Nov 2014 11:42:50 AM CET
Build Host  : vml000200.dmz.nausch.org
Relocations : (not relocatable)
Packager    : Django <django@nausch.org>
Vendor      : Amavisd-new
URL         : http://amavisd-milter.sourceforge.net/
Summary     : Milter helper for Amavisd-new
Description :
amavisd-milter is a milter (mail filter) for amavisd-new 2.4.3 and above which uses the AM.PDP protocol.
It has been tested to work with mail servers sendmail 8.13+ and postfix 2.9+
/etc/amavisd/amavisd-milter.conf
/usr/lib/systemd/system/amavisd-milter.service
/usr/sbin/amavisd-milter
/usr/sbin/amavisd-milter-helper
/usr/share/doc/amavisd-milter-1.6.0
/usr/share/doc/amavisd-milter-1.6.0/CHANGES
/usr/share/doc/amavisd-milter-1.6.0/LICENSE
/usr/share/doc/amavisd-milter-1.6.0/README
/usr/share/doc/amavisd-milter-1.6.0/TODO
/usr/share/man/man8/amavisd-milter.8.gz

lz4

Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket lz4 installiert wurden.

# rpm -qil lz4
Name        : lz4
Version     : r131
Release     : 1.el7
Architecture: x86_64
Install Date: Sat 10 Oct 2015 03:24:16 PM CEST
Group       : Applications/System
Size        : 225613
License     : GPLv2+ and BSD
Signature   : RSA/SHA256, Wed 08 Jul 2015 03:36:34 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : lz4-r131-1.el7.src.rpm
Build Date  : Mon 06 Jul 2015 06:47:15 PM CEST
Build Host  : buildvm-03.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : https://code.google.com/p/lz4/
Summary     : Extremely fast compression algorithm
Description :
LZ4 is an extremely fast loss-less compression algorithm, providing compression
speed at 400 MB/s per core, scalable with multi-core CPU. It also features
an extremely fast decoder, with speed in multiple GB/s per core, typically
reaching RAM speed limits on multi-core systems.
/usr/bin/lz4
/usr/bin/lz4c
/usr/bin/lz4cat
/usr/bin/unlz4
/usr/lib64/liblz4.so.1
/usr/lib64/liblz4.so.1.7.1
/usr/share/doc/lz4-r131
/usr/share/doc/lz4-r131/COPYING
/usr/share/doc/lz4-r131/NEWS
/usr/share/man/man1/lz4.1.gz
/usr/share/man/man1/lz4c.1.gz
/usr/share/man/man1/lz4cat.1.gz
/usr/share/man/man1/unlz4.1.gz

iptables Regel

Damit der AMaViS (A MAil Virus Scanner) auch über den AMaViS - amavisd-milter erreichbar ist und nicht das Empfangen der IP-Paket vom Paketfilter iptables blockiert wird, muss nachfolgende Regel zum iptables-Regelwerk hinzugefügt werden.

Um die aktuellen iptables-Regeln erweitern zu können, sollten diese erst einmal aufgelistet werden, was mit nachfolgendem Befehl durchgeführt werden kann:

# iptables -L -nv --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22  
5        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Nachfolgende Befehle, fügen folgende iptables-Regeln dem iptables-Regelwerk nach der Position 4 hinzu, ohne das der Paketfilter angehalten werden muss:

  • -A INPUT -p tcp --dport 10014 -j ACCEPT
  • -A INPUT -p tcp --dport 10024 -j ACCEPT
  • -A INPUT -p tcp --dport 10026 -j ACCEPT

und hier der Befehl:

# iptables -I INPUT 5 -p tcp --dport 10014 -j ACCEPT
# iptables -I INPUT 6 -p tcp --dport 10024 -j ACCEPT
# iptables -I INPUT 6 -p tcp --dport 10026 -j ACCEPT

Ein erneute Abfrage des iptables-Regelwerts, sollte dann nachfolgend dargestellte Ausgabe ergeben, was mit folgendem Befehl durchgeführt werden kann:

# iptables -L -nv --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10014 state NEW
6        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10024 state NEW
7        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10026 state NEW
8        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Die neuen Zeilen sind an Position 5 (INPUT) und Position 7 (INPUT) zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (nur relevanter Ausschnitt):

...
5        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10014 state NEW
6        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10024 state NEW
7        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10026 state NEW
...

Um diese iptables-Regel dauerhaft, auch nach einem Neustart des Server, weiterhin im iptables-Regelwerk zu speichern, muss nachfolgend dargestellter Befehl abschließend noch ausgeführt werden:

# /usr/sbin/iptables-save > /etc/sysconfig/iptables 

Konfiguration: amavisd

Bevor mit der eigentlichen Konfiguration begonnen werden soll, kann mit nachfolgenden Befehl ein Start des AMaViS im Vordergrund und im DEBUG-Modus durchgeführt werden, um überprüfen zu können, ob die gewünschten Module geladen werden und ob für das entpacken der von Archiven die benötigten Programme zur Verfügung stehen.

Ein Start im des AMaViS im Vordergrund und im DEBUG-Modusm kann mit nachfolgendem Befehl durchgeführt werden:

# amavisd -u amavis -c /etc/amavisd/amavisd.conf debug

/etc/amavisd/amavisd.conf

Standardmäßig wird nach der Installation von AMaViS in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS hinterlegt:

  • /etc/amavisd/amavisd.conf

Um alle möglichen Konfigurationsparameter einsehen zu können, wird mit der Installation des AMaViS nachfolgende Default-Konfigurationsdatei in nachfolgendem Verzeichnis mit nachfolgendem Namen installiert, welche als Referenz für alle Konfigurationsdirektiven verwendet werden kann:

  • /usr/share/doc/amavisd-new-2.10.1/amavisd.conf-default bzw.
  • /usr/share/doc/amavisd-new-2.11.0/amavisd.conf-default

Welche Konfigurationsparameter gesetzt werden sollten, soll in nachfolgender Beispielkonfigurationsdatei dargestellt werden.

use strict;
 
## AMaViS - amavsid-new configuration.
 
## The 'after-default' comment indicates that these variables obtain their
## default value if the config file left them undefined. It means these values
## are not yet available during processing of the configuration file, but that
## they can derive their value from other configurations variables no matter
## where in the configuration file they appear.
 
 
## GENERAL
 
$myhostname = 'amavis.idmz.tachtler.net';                                       # FQDN des Servers.
$mydomain   = 'tachtler.net';                                                   # Basiseinstellung.
# $snmp_contact  = '';
# $snmp_location = '';
$daemon_user   = 'amavis';                                                      # Benutzer, unter dem der AMaViS-Dienst gestartet wird.         [-u]
$daemon_group  = 'amavis';                                                      # Gruppe, unter der der AMaViS-Dienst gestartet wird.           [-g]
$MYHOME = '/var/spool/amavisd';                                                 # Basiseinstellung.                                             [-H]
$TEMPBASE = "$MYHOME/tmp";                                                      # Arbeitsverzeichnis, muss vor dem Start existieren.            [-T]
$db_home = "$MYHOME/db";                                                        # Verzeichnis fuer bdb nanny/cache/snmp Datenbanken.            [-D]
$pid_file = "/var/run/amavisd/amavisd.pid";                                     # PID (Process-ID)-Datei.                                       [-P]
$lock_file = "/var/run/amavisd/amavisd.lock";                                   # Lock (Process-Lock)-Datei.                                    [-L]
# $daemon_chroot_dir = undef;
$max_requests = 20;                                                             # Beenden eines Kind-Prozesses nach xx Aufrufen. (Speicher).
$max_servers = 4;                                                               # Anzahl der maximalen gleichzeitig laufenden Kind-Prozesse.    [-m]
$min_servers = 1;                                                               # Anzahl der minimal gleichzeitig laufenden Kind-Prozesse.
$min_spare_servers = 1;                                                         # Anzahl der minimal vorgehaltenen Kind-Prozesse.
$max_spare_servers = 3;                                                         # Anzahl der maximal vorgehaltenen Kind-Prozesse.
# $child_timeout = 8*60;
# $localpart_is_case_sensitive = 0;
$enable_db = 1;                                                                 # Nutzung der BerkeleyDB/libdb (SNMP und nanny).
# $enable_zmq = undef;
# @zmq_sockets = ( "ipc://$MYHOME/amavisd-zmq.sock" );  # after-default
$nanny_details_level = 2;                                                       # nanny - Log-Level: 0 (aus), 1 (traditionell), 2 (detailiert).
# @additional_perl_modules = ();
@local_domains_maps = ( [".$mydomain"] );                                       # Liste aller lokalen Sub/Domains.
@mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 
                192.168.0.0/24 192.168.1.0/24
                192.168.2.0/25 88.217.171.167/32 );                             # Liste aller als lokal angesehenen IP-Adressen und Netze.
# @mynetworks_maps = (\@mynetworks);
# @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps;
 
 
## LOGGING AND DEBUGGING
 
$log_level = 3;                                                                 # Log-Level: 0..5.                                              [-d]
# $logfile = undef;
$do_syslog = 1;                                                                 # Syslog-Schreibung nutzen.  
$syslog_ident = 'amavis';                                                       # Dienst-Identitaet bei der syslog-Scheribung.
$syslog_facility = 'mail';                                                      # Dienst-Bereichs-Identitaet bei der syslog-Schereibung.
# $logline_maxlen = 980;
# enable_log_capture_dump = undef;
 
# $log_short_templ   ... built-in default at the end of file amavisd
# $log_verbose_templ ... built-in default at the end of file amavisd
# $log_recip_templ = ... built-in default at the end of file amavisd
# $log_templ = $log_short_templ;
 
# @debug_sender_acl = ();
# @debug_sender_maps = (\@debug_sender_acl);
# @debug_recipient_maps = ();
# $sa_debug = undef;
# $allow_preserving_evidence = 1;
 
 
## DKIM VERIFICATION
 
$enable_dkim_verification = 0;                                                  # Deaktiviert die DKIM Ueberpruefung, wegen OpenDKIM-Milter!
# $reputation_factor = 0.2;
# @signer_reputation_maps = ();
# @author_to_policy_bank_maps = ();
# $dkim_minimum_key_bits = 1024;
# $myauthservid = $myhostname;  # after-default (RFC 5451)
# $dkim_minimum_key_bits = 1024;
 
## DKIM SIGNING
 
$enable_dkim_signing = 0;                                                       # Deaktiviert das Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key.
dkim_key('tachtler.net', 'main', '/etc/pki/amavis/dkim/dkim.key', h=>'sha256'); # Spezifikationen zum DKIM-Schluessel und dessen Anwendung.
# %dkim_signing_keys = ();
@dkim_signature_options_bysender_maps = (
      { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } }
);                                                                              # Optionen zur DKIM-Signaturerstellung.
# $dkim_signing_service = undef;
#
# for (qw(Accept-Language Archived-At Auto-Submitted Content-Alternative
#         Content-Base Content-Class Content-Description Content-Disposition
#         Content-Duration Content-Features Content-Id Content-Language
#         Content-Location Content-MD5 Content-Transfer-Encoding In-Reply-To
#         List-Archive List-Help List-Id List-Owner List-Post List-Subscribe
#         List-Unsubscribe Message-Context Message-ID MIME-Version
#         Organisation Organization Original-Message-ID Pics-Label
#         Precedence Received References Reply-To Resent-Date Resent-From
#         Resent-Message-ID Resent-Sender Sensitivity Solicitation
#         User-Agent VBR-Info X-Mailer))   { $signed_header_fields{lc $_} = 1 }
# for (qw(From Date Subject Content-Type)) { $signed_header_fields{lc $_} = 2 }
$signed_header_fields{'received'} = 0;                                          # Received: from-Zeile aus DKIM-Signatur-Berechnung ausnehmen.
 
 
## MTA INTERFACE - INPUT
 
# @listen_sockets =  ... $unix_socketname and $inet_socket_port are added here
$unix_socketname = "/var/run/amavisd/amavisd.sock";                             # Unix socket zur Nutzung des AMaViS "helper protocol".
# $unix_socket_mode = undef; # sets sockets protection (numeric mode), or undef
$inet_socket_port = [10024,10026];                                              # Akzeptiert Verbindungen via TCP auf diesen Port(s) (SMTP...).
$inet_socket_bind = undef;                                                      # AMaViS NICHT an einen Socket binden, sondern @inet_acl nutzen.
# $inet_socket_bind = [ '127.0.0.1', '[::1]' ];  # if both inet & inet6 avail.
#   $inet_socket_bind = '127.0.0.1';             # if only inet available
#   $inet_socket_bind = '[::1]'                  # if only inet6 available
@inet_acl = qw( 0.0.0.0/32 127.0.0.0/8 
                192.168.0.0/24 192.168.1.0/24
                192.168.2.0/25 88.217.171.167/32 );                             # AMaViS ist nicht auf dem MTA-Host und via Netzwerk erreichbar.
# $listen_queue_size = undef;
 
# $protocol = ... defaults to 'SMTP' or 'LMTP' (autodetected) on inet and inet6
#             sockets; must be configured explicitly for Unix sockets.
#             Possible values: 'SMTP', 'LMTP', 'AM.PDP',
#             and with appropriate patches applied also: 'COURIER' or 'QMQPqq'
 
# $soft_bounce = undef;
# $smtpd_timeout = 8*60;
# $smtpd_recipient_limit = 1100;
# $smtpd_message_size_limit = undef;  # site-wide limit
# @message_size_limit_maps = ();      # per-recipient limits
# $smtpd_greeting_banner = '${helo-name} ${protocol} ${product} service ready';
# $smtpd_quit_banner = '${helo-name} ${product} closing transmission channel';
# $auth_required_inp = undef;
# $auth_required_release = 1;
# @auth_mech_avail=(); # empty list disables incoming AUTH; or: qw(PLAIN LOGIN)
# $smtp_connection_cache_on_demand = 1;
# $smtp_connection_cache_enable = 1;
# $enforce_smtpd_message_size_limit_64kb_min = 1;
# @smtpd_discard_ehlo_keywords = ();
 
# Tachtler
# SEE: https://raw.githubusercontent.com/benningm/amavisd-new/master/amavisd
# SEE: http://search.cpan.org/~sullr/IO-Socket-SSL-2.049/lib/IO/Socket/SSL.pod#Description_Of_Methods
$tls_security_level_in = 'may';                                                 # Opportunistische TLS Transportverschluesselung eingehend aktiviere
%smtpd_tls_server_options = (
 SSL_verifycn_scheme    => 'smtp',
 SSL_session_cache      => 2,
 SSL_cert_file          => '/etc/pki/amavis/certs/CAcert-class3-wildcard.crt',
 SSL_key_file           => '/etc/pki/amavis/private/tachtler.net.key',
 SSL_dh_file            => '/etc/pki/amavis/private/dh_2048.pem',
 SSL_ca_file            => '/etc/pki/tls/certs/ca-bundle.crt',
 SSL_version            => 'SSLv23:!SSLv3:!SSLv2',
 SSL_cipher_list        => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA',
 SSL_honor_cipher_order => '1',
 SSL_verify_mode        => 'SSL_VERIFY_NONE',
 SSL_passwd_cb => sub { 'example' },
);
 
## MTA INTERFACE - OUTPUT
 
## see also $notify_method, $forward_method and $*_quarantine_method
 
$localhost_name = 'amavis.idmz.tachtler.net';                                # Eigener EHLO Name, welcher in den Received-Zeilen verwendet wird.
# $local_client_bind_address = undef;  # my source IP address as a SMTP client
# $auth_required_out = undef;
# $amavis_auth_user  = undef;    # for submitting notifications and quarantine
# $amavis_auth_pass  = undef;
# $auth_reauthenticate_forwarded = undef; # our credentials for forwarding too
 
# Tachtler
# SEE: https://raw.githubusercontent.com/benningm/amavisd-new/master/amavisd
# SEE: http://search.cpan.org/~sullr/IO-Socket-SSL-2.049/lib/IO/Socket/SSL.pod#Description_Of_Methods
$tls_security_level_out = 'may';                                                # Opportunistisches TLS Transportverschluesselung ausgehend aktivieren.
%smtp_tls_client_options = (
# SSL_verifycn_scheme   => 'smtp',
 SSL_verifycn_scheme    => 'none',
 SSL_version            => 'SSLv23:!SSLv3:!SSLv2',
 SSL_cipher_list        => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA',
 SSL_client_ca_file     => '/etc/pki/tls/certs/ca-bundle.crt',
 SSL_honor_cipher_order => '1',
 SSL_verify_mode        => 'SSL_VERIFY_PEER',
);
 
 
## MAIL FORWARDING
 
# Tachtler
# default: # $forward_method = 'smtp:[127.0.0.1]:10025';  # may be arrayref
$forward_method = 'smtp:[192.168.0.60]:10025';                                  # Rueckgabe von gescannten Nachrichten an Postfix. undef bei NUR MILTER !!!
 
#              # or 'smtp:[::1]:10025' when INET6 is available
# @forward_method_maps = ( sub { Opaque(c('forward_method')) } );
# $resend_method = undef;  # falls back to $forward_method
# $always_bcc = undef;
 
$final_virus_destiny = D_REJECT;                                                # Aktion bei Virus e-Mails. (D_PASS, D_DISCARD, D_BOUNCE ,D_REJECT)
$final_banned_destiny = D_REJECT;                                               # Aktion bei geblockten Dateianhaengen e-Mails.
$final_spam_destiny = D_REJECT;                                                 # Aktion bei SPAM e-Mails.
$final_bad_header_destiny = D_PASS;                                             # Aktion bei schlechten/unfvollstaendigen Header e-Mails.
 
 
## QUARANTINE
 
# $release_method = undef;  # falls back to $notify_method
# $requeue_method = 'smtp:[127.0.0.1]:25';
#              # or 'smtp:[::1]:25' when INET6 is available
# $release_format = 'resend';  # (dsn), (arf), attach,  plain,  resend
# $report_format  = 'arf';     # (dsn),  arf,  attach,  plain,  resend
# $attachment_password = ''; # '': no pwd, undef: PIN, code ref, or static str
# $attachment_email_name = 'msg-%m.eml';
# $attachment_outer_name = 'msg-%m.zip';
 
# $virus_quarantine_method        = 'local:virus-%m';
# $spam_quarantine_method         = 'local:spam-%m.gz';
# $banned_files_quarantine_method = 'local:banned-%m';
# $bad_header_quarantine_method   = 'local:badh-%m';
# $clean_quarantine_method   = undef;
# $archive_quarantine_method = undef;
 
# $mail_id_size_bits = 72;
 
$QUARANTINEDIR = undef;                                                         # KEIN Quarantaene Ablageort definiert.                         [-Q]
# $quarantine_subdir_levels = undef;  # 0 or 1  (undef treated as 0)
# $sql_quarantine_chunksize_max;  # see SQL section
 
$virus_quarantine_to = undef;                                                   # KEIN Quarantaene Ablageort fuer Virus e-Mails.
$banned_quarantine_to = undef;                                                  # KEIN Quarantaene Ablageort fuer geblockte Dateinanhaenge e-Mails.
$bad_header_quarantine_to = undef;                                              # KEIN Quarantaene Ablageort fuer schlechten/unfvollst. Header e-Mails.
$spam_quarantine_to = undef;                                                    # KEIN Quarantaene Ablageort fuer SPAM e-Mails.
# $spam_quarantine_bysender_to = undef;
# $clean_quarantine_to     = 'clean-quarantine';
# $archive_quarantine_to   = 'archive-quarantine';
 
# @virus_quarantine_to_maps      = (\$virus_quarantine_to);
# @banned_quarantine_to_maps     = (\$banned_quarantine_to);
# @bad_header_quarantine_to_maps = (\$bad_header_quarantine_to);
# @spam_quarantine_to_maps       = (\$spam_quarantine_to);
# @spam_quarantine_bysender_to_maps = (\$spam_quarantine_bysender_to);
# @clean_quarantine_to_maps      = (\$clean_quarantine_to);
# @archive_quarantine_to_maps    = (\$archive_quarantine_to);
 
# %local_delivery_aliases  ... predefined, used by a delivery method 'local:'
$mailfrom_to_quarantine = '';                                                   # Quarantaene Anwtort e-Mail-Adresse, undef (Original Absender), '' (<>).
 
 
## NOTIFICATIONS (DSN, admin, recip)
 
$notify_method  = 'smtp:[192.168.0.60]:10025';                                  # Transport von Meldungen über gescannte Nachrichten zurueck an Postfix.
#              # or 'smtp:[::1]:10025' when INET6 is available
 
# $propagate_dsn_if_possible = 1;
# $terminate_dsn_on_notify_success = 0;
 
# $newvirus_admin = undef;
$virus_admin = "virusalert\@$mydomain";                                         # E-Mail an, falls eine Virus entdeckt wurde.
# $spam_admin = undef;
$banned_admin = "bannedfilealert\@$mydomain";                                   # E-Mail an, falls eine Dateianhang geblockt wurde.
# $bad_header_admin = undef;
 
# $dsn_bcc = undef;
 
# @newvirus_admin_maps   = (\$newvirus_admin);
# @virus_admin_maps      = (\%virus_admin, \$virus_admin);
# @banned_admin_maps     = (\$banned_admin);
# @spam_admin_maps       = (\%spam_admin,  \$spam_admin);
# @bad_header_admin_maps = (\$bad_header_admin);
 
# $hdr_encoding = 'UTF-8';  # header field bodies charset
# $bdy_encoding = 'UTF-8';  # notification body text charset
# $hdr_encoding_qb = 'Q';   # quoted-printable (Q or B)
 
# $notify_sender_templ       = ... built-in default at the end of file amavisd
# $notify_virus_sender_templ = ... built-in default at the end of file amavisd
# $notify_spam_sender_templ  = ... built-in default at the end of file amavisd
# $notify_virus_admin_templ  = ... built-in default at the end of file amavisd
# $notify_spam_admin_templ   = ... built-in default at the end of file amavisd
$notify_virus_recips_templ = read_text('/etc/amavisd/notify_virus_recips.txt');
# $notify_spam_recips_templ  = ... built-in default at the end of file amavisd
# $notify_release_templ      = ... built-in default at the end of file amavisd
# $notify_report_templ       = ... built-in default at the end of file amavisd
 
$mailfrom_notify_admin = "mailfilter\@$mydomain";                               # Absender von administrativen Benachrichtigungen.
$mailfrom_notify_recip = "mailfilter\@$mydomain";                               # Absender von Empfaengerbenachrichtigungen.
$mailfrom_notify_spamadmin = "spamfilter\@$mydomain";                           # Absender von SPAM-Filter Benachrichtigungen.
 
## these are after-defaults:
# $hdrfrom_notify_sender = "\"Content-filter at $myhostname\" <postmaster\@$myhostname>";
# $hdrfrom_notify_recip     = ... derived from $mailfrom_notify_recip
# $hdrfrom_notify_admin     = ... derived from $mailfrom_notify_admin
# $hdrfrom_notify_spamadmin = ... derived from $mailfrom_notify_spamadmin
# $hdrfrom_notify_release   = $hdrfrom_notify_sender;
# $hdrfrom_notify_report    = $hdrfrom_notify_sender;
 
# $warnbannedsender = undef;
# $warnbadhsender   = undef;
 
# $warn_offsite     = undef;
 
# $warnvirusrecip   = undef;
# $warnbannedrecip  = undef;
# $warnbadhrecip    = undef;
# @warnvirusrecip_maps  = (\$warnvirusrecip);
# @warnbannedrecip_maps = (\$warnbannedrecip);
# @warnbadhrecip_maps   = (\$warnbadhrecip);
 
 
## MODIFICATIONS TO PASSED MAIL
 
# %allowed_added_header_fields = ...;     # built-in default
# %prefer_our_added_header_fields = ...;  # built-in default
# $remove_existing_x_scanned_headers = 0;
# $remove_existing_spam_headers = 1;
# @remove_existing_spam_headers_maps = (\$remove_existing_spam_headers);
# $allow_fixing_improper_header = 1;   # all-white folding lines and long lines
# $allow_fixing_improper_header_folding = 1;
# $allow_fixing_long_header_lines = 1;
# $prepend_header_fields_hdridx = 0;
 
# $X_HEADER_TAG  = 'X-Virus-Scanned';               # after-default
# $X_HEADER_LINE = "$myproduct_name at $mydomain";  # after-default
 
$defang_virus  = 1;                                                             # Fuegt die gesamte Virus e-Mail als MIME-Container an.
$defang_banned = 1;                                                             # Fuegt die gesamte geblockte Dateianhang e-Mails als MIME-Container an.
$defang_spam   = 1;                                                             # Fuegt die gesamte SPAM e-Mail als MIME-Container an.
# $defang_bad_header = undef;
$defang_undecipherable = 1;                                                     # Fuegt die nicht leserliche e-Mail als MIME-Container an.
# $defang_all    = undef;  # mostly for testing
 
$defang_by_ccat{CC_BADH.",3"} = 1;                                              # <NUL> oder <CR> Zeichen im Header enthalten.
$defang_by_ccat{CC_BADH.",5"} = 1;                                              # Header Zeile ist laenger als 998 Zeichen.
$defang_by_ccat{CC_BADH.",6"} = 1;                                              # Fehlerhafter Syntax im Header.
 
# $allow_disclaimers = undef;
# $outbound_disclaimers_only = undef;
# $enable_anomy_sanitizer = 0;
# @anomy_sanitizer_args = ();   # a config file or list of var=value pairs
# ****************************************************************************
# *  ! DISABLE alterMIME, when using amavisd-milter, it's NOT COMPATIBLE. !  *
# ****************************************************************************
$altermime = '/usr/bin/altermime';                                              # Pfad zum Programm (binary) alterMIME
@altermime_args_defang     = qw(--verbose --removeall);                         # Verarbeitung definieren.
# Definition der einzelnen Disclaimersyntax und der entsprechenden Disclaimerdateien fuer die einzelnen Benutzer.
@altermime_args_disclaimer = qw(--disclaimer=/etc/amavisd/altermime/_OPTION_.text --disclaimer-html=/etc/amavisd/altermime/_OPTION_.html);
@disclaimer_options_bysender_maps = (
      { 'root@tachtler.net'             => 'disclaimer-root',
        'postmaster@tachtler.net'       => 'disclaimer-postmaster',
        'klaus@tachtler.net'            => 'disclaimer-klaus',
        '.'                             => 'disclaimer-default' },
);                                                                              # Definition der einzelnen Disclaimer.
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];                          # Anhaengen der Disclaimer beim verarbeiten der e-Mails.
 
# $undecipherable_subject_tag = '***UNCHECKED*** ';
$sa_spam_subject_tag = '***SPAM*** ';                                           # Kennzeichnung im Betreff von als SPAM deklarierten Nachrichten.
# $sa_spam_level_char = '*';
 
# @spam_subject_tag_maps  = (\$sa_spam_subject_tag1); # N.B.: inconsistent name
# @spam_subject_tag2_maps = (\$sa_spam_subject_tag);  # N.B.: inconsistent name
# @spam_subject_tag3_maps = ();
 
 
## ADDING ADDRESS EXTENSIONS TO RECIPIENTS - 'plus addressing'
 
$recipient_delimiter = '+';                                                     # Adresszusatz fuer Nachrichten mit 'Adress-Delimeter'.
# $replace_existing_extension = 1;
# $addr_extension_virus  = undef;
# $addr_extension_banned = undef;
# $addr_extension_spam   = undef;
# $addr_extension_bad_header = undef;
@addr_extension_virus_maps      = ('virus');                                    # Adresszusatz fuer Viren Nachrichten.
@addr_extension_banned_maps     = ('banned');                                   # Adresszusatz fuer geblockte Dateianhaenge Nachrichten.
@addr_extension_spam_maps       = ('spam');                                     # Adresszusatz fuer SPAM Nachrichten.
@addr_extension_bad_header_maps = ('badh');                                     # Adresszusatz fuer schlechten/unfvollstaendigen Header Nachrichten.
 
 
## MAIL DECODING
 
# $bypass_decode_parts = undef;
 
# $keep_decoded_original_re = undef;
@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',                # let virus scanner see full original message
  qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));
 
# $map_full_type_to_short_type_re = ... predefined regexp lookup table
# @map_full_type_to_short_type_maps = (\$map_full_type_to_short_type_re);
 
$MAXLEVELS = 14;                                                                # Verzeichnistiefe bei zu pruefenden e-Mail-Anhaengen.
$MAXFILES  = 3000;                                                              # Maximale Anzahl an Dateien bei zu pruefenden e-Mail-Anhaengen.
$MIN_EXPANSION_QUOTA = 100*1024;                                                # Minimale Groesse von Dateianhaengen, damit diese entpackt werden.
$MAX_EXPANSION_QUOTA = 500*1024*1024;                                           # Maximale Groesse von Dateianhaengen, bis zu der diese entpackt werden.
# $MIN_EXPANSION_FACTOR =   5;  # times original mail size
# $MAX_EXPANSION_FACTOR = 500;  # times original mail size
 
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';         # Suchpfadangaben fuer Zusatzprogramme.
# $file = 'file';
 
# For backward compatibility the @decoders list defaults to use of legacy
# variables $gzip, $bzip2, $lzop, ...  It is cleaner to explicitly assign
# a list to @decoders in amavisd.conf and directly specify program paths,
# without indirections through legacy variables $gzip, etc.
#
# $gzip = $bzip2 = $lzop = $rpm2cpio = undef;
# $uncompress = $unfreeze = $arc = $unarj = $unrar = undef;
# $zoo = $lha = $pax = $cpio = $cabextract = undef;
 
@decoders = (
  ['mail', \&do_mime_decode],
  [[qw(asc uue hqx ync)], \&do_ascii],  # not safe
  ['F',    \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ],
  ['gz',   \&do_uncompress, 'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress, 'bzip2 -d'],
  ['xz',   \&do_uncompress,
           ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ],
  ['lzma', \&do_uncompress,
           ['lzmadec', 'xz -dc --format=lzma',
            'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ],
  ['lrz',  \&do_uncompress,
           ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ],
  ['lzo',  \&do_uncompress, 'lzop -d'],
  ['lz4',  \&do_uncompress, ['lz4c -d'] ],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ],
  [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ],
           # ['/usr/local/heirloom/usr/5bin/pax', 'pax', 'gcpio', 'cpio']
  ['deb',  \&do_ar, 'ar'],
# ['a',    \&do_ar, 'ar'],  # unpacking .a seems an overkill
# Tachtler
# default:  ['rar',  \&do_unrar, ['unrar', 'rar'] ],
  ['rar',  \&do_unrar, ['7za', '7z'] ],
  ['arj',  \&do_unarj, ['unarj', 'arj'] ],
  ['arc',  \&do_arc,   ['nomarch', 'arc'] ],
  ['zoo',  \&do_zoo,   ['zoo', 'unzoo'] ],
# ['doc',  \&do_ole,   'ripole'],  # no ripole package so far
  ['cab',  \&do_cabextract, 'cabextract'],
# ['tnef', \&do_tnef_ext, 'tnef'],  # use internal do_tnef() instead
  ['tnef', \&do_tnef],
# Tachtler 
# default: # ['lha',  \&do_lha,   'lha'],  # not safe, use 7z instead
  ['lha',  \&do_lha,   ['7za', '7z'] ],  # not safe, use 7z instead
# ['sit',  \&do_unstuff, 'unstuff'],  # not safe
  [['zip','kmz'], \&do_7zip,  ['7za', '7z'] ],
  [['zip','kmz'], \&do_unzip],
  ['7z',   \&do_7zip,  ['7zr', '7za', '7z'] ],
  [[qw(gz bz2 Z tar)],
           \&do_7zip,  ['7za', '7z'] ],
  [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)],
           \&do_7zip,  '7z' ],
# Tachtler
# default:  ['exe',  \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ],
  ['exe',  \&do_executable, ['7za','7z'], 'lha', ['unarj','arj'] ],
);
 
 
## ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS
 
@av_scanners = (
  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  # NOTE: run clamd under the same user as amavisd - or run it under its own
  #   uid such as clamav, add user clamav to the amavis group, and then add
  #   AllowSupplementaryGroups to clamd.conf;
  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
  #   this entry; when running chrooted one may prefer a socket under $MYHOME.
);
@av_scanners_backup = (
  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);
 
# $first_infected_stops_scan = undef;
# $virus_scanners_failure_is_fatal = undef;
 
# $viruses_that_fake_sender_re = undef;
# @viruses_that_fake_sender_maps = (\$viruses_that_fake_sender_re, 1);
# @virus_name_to_policy_bank_maps = ();
#
# @virus_name_to_spam_score_maps =
#   (new_RE(  # the order matters, first match wins
#     [ qr'^Structured\.(SSN|CreditCardNumber)\b'            => 0.1 ],
#     [ qr'^(Heuristics\.)?Phishing\.'                       => 0.1 ],
#     [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'      => 0.1 ],
#     [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected
#     [ qr'^Sanesecurity\.Foxhole\.'                => undef ],# keep as infected
#     [ qr'^Sanesecurity\.'                                  => 0.1 ],
#     [ qr'^Sanesecurity_PhishBar_'                          => 0   ],
#     [ qr'^Sanesecurity.TestSig_'                           => 0   ],
#     [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0   ],
#     [ qr'^Email\.Spammail\b'                               => 0.1 ],
#     [ qr'^MSRBL-(Images|SPAM)\b'                           => 0.1 ],
#     [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke'            => 0.1 ],
#     [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
#     [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)'          => 0.1 ],
#     [ qr'^Safebrowsing\.'                                  => 0.1 ],
#     [ qr'^winnow\.(phish|spam)\.'                          => 0.1 ],
#     [ qr'^INetMsg\.SpamDomain'                             => 0.1 ],
#     [ qr'^Doppelstern\.(Spam|Scam|Phishing|Junk|Lott|Loan)'=> 0.1 ],
#     [ qr'^Bofhland\.Phishing'                              => 0.1 ],
#     [ qr'^ScamNailer\.'                                    => 0.1 ],
#     [ qr'^HTML/Bankish'                                    => 0.1 ],  # F-Prot
#     [ qr'^PORCUPINE_JUNK'                                  => 0.1 ],
#     [ qr'^PORCUPINE_PHISHING'                              => 0.1 ],
#     [ qr'^Porcupine\.Junk'                                 => 0.1 ],
#     [ qr'-SecuriteInfo\.com(\.|\z)'         => undef ],  # keep as infected
#     [ qr'^MBL_NA\.UNOFFICIAL'               => 0.1 ],    # false positives
#     [ qr'^MBL_'                             => undef ],  # keep as infected
#   ));
 
# @banned_filename_maps = ( 'DEFAULT' );
# %banned_rules = ( 'DEFAULT' => $banned_filename_re);  # after-default
 
$banned_filename_re = new_RE(
 
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
# qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
  qr'^\.(exe|lha|cab|dll)$',              # banned file(1) types
 
### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
  [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 
  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
# qr'^\.zip$',                            # block zip type
 
### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives
 
  qr'^application/x-msdownload$'i,        # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
 
# qr'^message/partial$'i,         # rfc2046 MIME type
# qr'^message/external-body$'i,   # rfc2046 MIME type
 
# qr'^(application/x-msmetafile|image/x-wmf)$'i,  # Windows Metafile MIME type
# qr'^\.wmf$',                            # Windows Metafile file(1) type
 
  # block certain double extensions in filenames
  qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 
# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
 
# qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
  qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
         inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi|
         msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd|
         wmf|wsc|wsf|wsh)$'ix,                # banned extensions - long
  qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i,     # consider also
  qr'.\.(ani|cur|ico)$'i,                 # banned cursors and icons filename
  qr'^\.ani$',                            # banned animated cursor file(1) type
  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
 
# Tachtler - Word 
# qr'.\.(doc|docx)$'i,                  # block word files
# qr'^application/vnd.ms-word$'i,       # block word MIME types
# Tachtler - Excel 
# qr'.\.(xls|xlsx)$'i,                  # block excel files
# qr'^application/vnd.ms-excel$'i,      # block excel MIME types
# Tachtler - PowerPoint
# qr'.\.(ppt|pptx)$'i,                  # block powerpoint files
# qr'^application/vnd.ms-powerpoint$'i, # block powerpoint MIME types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
 
# $banned_namepath_re = undef;  # regexp-style
 
# @bypass_virus_checks_maps = (\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
# @bypass_banned_checks_maps = (\%bypass_banned_checks, \@bypass_banned_checks_acl, \$bypass_banned_checks_re);
# @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re);
 
# @virus_lovers_maps = (\%virus_lovers, \@virus_lovers_acl, \$virus_lovers_re);
# @banned_files_lovers_maps = (\%banned_files_lovers, \@banned_files_lovers_acl, \$banned_files_lovers_re);
# @bad_header_lovers_maps = (\%bad_header_lovers, \@bad_header_lovers_acl, \$bad_header_lovers_re);
# @unchecked_lovers_maps = ();
 
# Tachtler - new -
# $allowed_header_tests{$_} = 1  for qw(other mime 8bit control empty long
#                                       syntax missing multiple);
$allowed_header_tests{'8bit'} = 0;
 
 
## ANTI-Spam CONTROLS
 
$ENV{TMPDIR} = $TEMPBASE;                                                       # Umgebungsvariable temporaeres Verzeichnis fuer SpamAssassin.
 
# @spam_scanners = ( ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'] );
 
# $helpers_home = $MYHOME;  # after-default
# $sa_configpath = undef;
# $sa_siteconfigpath = undef;
# $sa_num_instances = 1;
# @sa_userconf_maps = ();
# @sa_username_maps = ();
 
$sa_mail_body_size_limit = 400*1024;                                            # SpamAssassin einbinden, NUR bei e-Mail Groesse, bei <= Wert.
$sa_local_tests_only = 0;                                                       # NUR Test ausfuehren, die OHNE Internetverbinden auskommen deaktivieren.
# $sa_spawned = 0;
# $dspam = undef;
 
# $sa_timeout = 30;
 
# @bypass_spam_checks_maps = (\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
# @spam_lovers_maps = (\%spam_lovers, \@spam_lovers_acl, \$spam_lovers_re);
 
$sa_tag_level_deflt  = '-1000.0';                                               # Hinzufuegen von SPAM-Header Informationen, bei >= Wert.
$sa_tag2_level_deflt = 6.31;                                                    # Hinzufuegen von SPAM-Erkannt Informationen, bei >= Wert.
# $sa_tag3_level_deflt = undef;
$sa_kill_level_deflt = 6.31;                                                    # Aktion ausloesen bei SPAM-Nachrichten, bei >= Wert.
$sa_dsn_cutoff_level = 10;                                                      # SPAM-Level, ab dem keine DSN-Benachrichtigung gesendet wird.
$sa_crediblefrom_dsn_cutoff_level = 18;                                         # SPAM-Level, ab dem keine DNS-From-Benachrichtigung gesendet wird.
# $sa_quarantine_cutoff_level = 25;                                             # SPAM-Level, ab dem keine Quarantaene Enlieferung erfolgt.
 
# @spam_tag_level_maps  = (\$sa_tag_level_deflt);
# @spam_tag2_level_maps = (\$sa_tag2_level_deflt);
# @spam_tag3_level_maps = (\$sa_tag3_level_deflt);
# @spam_kill_level_maps = (\$sa_kill_level_deflt);
# @spam_quarantine_cutoff_level_maps = (\$sa_quarantine_cutoff_level);
# @spam_notifyadmin_cutoff_level_maps = ();
# @spam_dsn_cutoff_level_maps          = (\$sa_dsn_cutoff_level);
# @spam_dsn_cutoff_level_bysender_maps = (\$sa_dsn_cutoff_level);
# @spam_crediblefrom_dsn_cutoff_level_maps =
#   (\$sa_crediblefrom_dsn_cutoff_level);
# @spam_crediblefrom_dsn_cutoff_level_bysender_maps =
#   (\$sa_crediblefrom_dsn_cutoff_level);
 
$bounce_killer_score = 100;                                                     # SPAM-Punkte, fuer "joe-job" Rufschaedigung BOUNCE gelten, bei >= Wert.
 
$penpals_bonus_score = 8;                                                       # NUR bei Einsatz von @storage_sql_dsn Datenbanken.
# $penpals_halflife = 7*24*60*60;
# $penpals_threshold_low = 1.0;
$penpals_threshold_high = $sa_kill_level_deflt;                                 # SPAM mit hohen Widererkennungswert, Punkte-Ueberschreitung, bei >= Wert.
 
# $reputation_factor = 0.2;
 
 
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
 
@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed
 
# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],
 
  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost
 
   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),
 
#  read_hash("/var/amavis/sender_scores_sitewide"),
 
   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 
     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,
 
   },
  ],  # end of site-wide tables
});
 
 
# @signer_reputation_maps = ();
 
# @blacklist_sender_maps = (\%blacklist_sender, \@blacklist_sender_acl, \$blacklist_sender_re);
# @whitelist_sender_maps = (\%whitelist_sender, \@whitelist_sender_acl, \$whitelist_sender_re);
 
# $per_recip_blacklist_sender_lookup_tables = undef;
# $per_recip_whitelist_sender_lookup_tables = undef;  # deprecated
 
# $os_fingerprint_method = undef;
# $os_fingerprint_dst_ip_and_port = undef;
 
 
## SQL, LDAP, Redis
 
# $database_sessions_persistent = 1;
# $trim_trailing_space_in_lookup_result_fields = 0;
# $lookup_maps_imply_sql_and_ldap = 1;
 
# @storage_redis_dsn = ();  # Redis server(s) for pen pals, IP reput, JSON log
# $storage_redis_ttl = 16*24*60*60;
# $enable_ip_repu = 1;
# @ip_repu_ignore_networks = ();
# @ip_repu_ignore_maps = (\@ip_repu_ignore_networks);
# $redis_logging_key = undef;
# $redis_logging_queue_size_limit = undef;
 
# @lookup_sql_dsn  = ();  # SQL data source name for lookups, or empty
# @storage_sql_dsn = ();  # SQL data source name for log/quarantine, or empty
 
# $sql_store_info_for_all_msgs = 1;
# $sql_schema_version = $myversion_id_numeric;
# $timestamp_fmt_mysql = undef;
# $sql_partition_tag = undef;
# $sql_allow_8bit_address = 0;  # VARCHAR (0), VARBINARY/BYTEA (1)
# $sql_lookups_no_at_means_domain = 0;
# $sql_quarantine_chunksize_max = 16384;
 
# $sql_select_policy =
#   'SELECT *,users.id'.
#   ' FROM users LEFT JOIN policy ON users.policy_id=policy.id'.
#   ' WHERE users.email IN (%k) ORDER BY users.priority DESC';
 
# $sql_select_white_black_list =
#   'SELECT wb'.
#   ' FROM wblist JOIN mailaddr ON wblist.sid=mailaddr.id'.
#   ' WHERE wblist.rid=? AND mailaddr.email IN (%k)'.
#   ' ORDER BY mailaddr.priority DESC';
 
# %sql_clause = (
#   'sel_policy' => \$sql_select_policy,
#   'sel_wblist' => \$sql_select_white_black_list,
#   'sel_adr' =>
#     'SELECT id FROM maddr WHERE partition_tag=? AND email=?',
#   'ins_adr' =>
#     'INSERT INTO maddr (partition_tag, email, domain) VALUES (?,?,?)',
#   'ins_msg' =>
#     'INSERT INTO msgs (partition_tag, mail_id, secret_id, am_id,'.
#     ' time_num, time_iso, sid, policy, client_addr, size, host)'.
#     ' VALUES (?,?,?,?,?,?,?,?,?,?,?)',
#   'upd_msg' =>
#     'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'.
#     ' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?,'.
#     ' originating=?'.
#     ' WHERE partition_tag=? AND mail_id=?',
#   'ins_rcp' =>
#     'INSERT INTO msgrcpt (partition_tag, mail_id, rseqnum, rid, is_local,'.
#     ' content, ds, rs, bl, wl, bspam_level, smtp_resp)'.
#     ' VALUES (?,?,?,?,?,?,?,?,?,?,?,?)',
#   'ins_quar' =>
#     'INSERT INTO quarantine (partition_tag, mail_id, chunk_ind, mail_text)'.
#     ' VALUES (?,?,?,?)',
#   'sel_msg' =>  # obtains partition_tag if missing in a release request
#     'SELECT partition_tag FROM msgs WHERE mail_id=?',
#   'sel_quar' =>
#     'SELECT mail_text FROM quarantine'.
#     ' WHERE partition_tag=? AND mail_id=?'.
#     ' ORDER BY chunk_ind',
#   'sel_penpals' =>  # no message-id references list
#     "SELECT msgs.time_num, msgs.mail_id, subject".
#     " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)".
#     " WHERE sid=? AND rid=? AND msgs.content!='V' AND ds='P'".
#     " ORDER BY msgs.time_num DESC",  # LIMIT 1
#   'sel_penpals_msgid' =>  # with a nonempty list of message-id references
#     "SELECT msgs.time_num, msgs.mail_id, subject, message_id, rid".
#     " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)".
#     " WHERE sid=? AND msgs.content!='V' AND ds='P' AND message_id IN (%m)".
#       " AND rid!=sid".
#     " ORDER BY rid=? DESC, msgs.time_num DESC",  # LIMIT 1
# );
 
## LDAP, Please see file README.lookups for more info.
 
# $enable_ldap = 0;
# $ldap_lookups_no_at_means_domain = 0;
#
# $default_ldap = {
#   hostname       => 'localhost',
#   localaddr      => undef,
#   port           => undef,  # 389 or 636, default provided by Net::LDAP
#   scheme         => undef,  # 'ldaps' or 'ldap', depending on hostname
#   inet6          => $have_inet6 ? 1 : 0,
#   version        => 3,
#   timeout        => 120,
#   deref          => 'find',
#   bind_dn        => undef,
#   bind_password  => undef,
#   tls            => 0,
#   verify         => 'none',
#   sslversion     => 'tlsv1',
#   clientcert     => undef,
#   clientkey      => undef,
#   cafile         => undef,
#   capath         => undef,
#   sasl           => 0,
#   sasl_mech      => undef,  # space-separated list of mech names
#   sasl_auth_id   => undef,
# };
 
 
## hierarchy by which a final setting is chosen:
##   policy bank (based on port or IP address) -> *_by_ccat
##   *_by_ccat (based on mail contents) -> *_maps
##   *_maps (based on recipient address) -> final configuration value
 
 
## MAPPING A CONTENTS CATEGORY TO A SETTING CHOSEN
 
# %final_destiny_maps_by_ccat = (
#   # value is normally a list of by-recipient lookup tables, but for compa-
#   # tibility with old %final_destiny_by_ccat a value may also be a scalar
#   CC_VIRUS,       sub { c('final_virus_destiny') },
#   CC_BANNED,      sub { c('final_banned_destiny') },
#   CC_UNCHECKED,   sub { c('final_unchecked_destiny') },
#   CC_SPAM,        sub { c('final_spam_destiny') },
#   CC_BADH,        sub { c('final_bad_header_destiny') },
#   CC_MTA.',1',    D_TEMPFAIL,  # MTA response was 4xx
#   CC_MTA.',2',    D_REJECT,    # MTA response was 5xx
#   CC_MTA,         D_TEMPFAIL,
#   CC_OVERSIZED,   D_BOUNCE,
#   CC_CATCHALL,    D_PASS,
# );
# %forward_method_maps_by_ccat = (
#   CC_CATCHALL,    sub { ca('forward_method_maps') },
# );
# %smtp_reason_by_ccat = (
#   # currently only used for blocked messages only, status 5xx
#   # a multiline message will produce a valid multiline SMTP response
#   CC_VIRUS,       'id=%n - INFECTED: %V',
#   CC_BANNED,      'id=%n - BANNED: %F',
#   CC_UNCHECKED.',1', 'id=%n - UNCHECKED: encrypted',
#   CC_UNCHECKED.',2', 'id=%n - UNCHECKED: over limits',
#   CC_UNCHECKED,      'id=%n - UNCHECKED',
#   CC_SPAM,        'id=%n - spam',
#   CC_SPAMMY.',1', 'id=%n - spammy (tag3)',
#   CC_SPAMMY,      'id=%n - spammy',
#   CC_BADH.',1',   'id=%n - BAD HEADER: MIME error',
#   CC_BADH.',2',   'id=%n - BAD HEADER: nonencoded 8-bit character',
#   CC_BADH.',3',   'id=%n - BAD HEADER: contains invalid control character',
#   CC_BADH.',4',   'id=%n - BAD HEADER: line made up entirely of whitespace',
#   CC_BADH.',5',   'id=%n - BAD HEADER: line longer than RFC 5322 limit',
#   CC_BADH.',6',   'id=%n - BAD HEADER: syntax error',
#   CC_BADH.',7',   'id=%n - BAD HEADER: missing required header field',
#   CC_BADH.',8',   'id=%n - BAD HEADER: duplicate header field',
#   CC_BADH,        'id=%n - BAD HEADER',
#   CC_OVERSIZED,   'id=%n - Message size exceeds recipient\'s size limit',
#   CC_MTA.',1',    'id=%n - Temporary MTA failure on relaying',
#   CC_MTA.',2',    'id=%n - Rejected by next-hop MTA on relaying',
#   CC_MTA,         'id=%n - Unable to relay message back to MTA',
#   CC_CLEAN,       'id=%n - CLEAN',
#   CC_CATCHALL,    'id=%n - OTHER',  # should not happen
# );
# %lovers_maps_by_ccat = (
#   CC_VIRUS,       sub { ca('virus_lovers_maps') },
#   CC_BANNED,      sub { ca('banned_files_lovers_maps') },
#   CC_UNCHECKED,   sub { ca('unchecked_lovers_maps') },
#   CC_SPAM,        sub { ca('spam_lovers_maps') },
#   CC_SPAMMY,      sub { ca('spam_lovers_maps') },
#   CC_BADH,        sub { ca('bad_header_lovers_maps') },
# );
# %defang_maps_by_ccat = (
#   # compatible with legacy %defang_by_ccat: value may be a scalar
#   CC_VIRUS,       sub { c('defang_virus') },
#   CC_BANNED,      sub { c('defang_banned') },
#   CC_UNCHECKED,   sub { c('defang_undecipherable') },
#   CC_SPAM,        sub { c('defang_spam') },
#   CC_SPAMMY,      sub { c('defang_spam') },
# # CC_BADH.',3',   1,  # NUL or CR character in header section
# # CC_BADH.',5',   1,  # header line longer than 998 characters
# # CC_BADH.',6',   1,  # header field syntax error
#   CC_BADH,        sub { c('defang_bad_header') },
# );
# %subject_tag_maps_by_ccat = (
#   CC_VIRUS,       [ '***INFECTED*** ' ],
#   CC_BANNED,      undef,
#   CC_UNCHECKED,   sub { [ c('undecipherable_subject_tag') ] }, # not by-recip
#   CC_SPAM,        undef,
#   CC_SPAMMY.',1', sub { ca('spam_subject_tag3_maps') },
#   CC_SPAMMY,      sub { ca('spam_subject_tag2_maps') },
#   CC_CLEAN.',1',  sub { ca('spam_subject_tag_maps') },
# );
# %quarantine_method_by_ccat = (
#   CC_VIRUS,       sub { c('virus_quarantine_method') },
#   CC_BANNED,      sub { c('banned_files_quarantine_method') },
#   CC_UNCHECKED,   sub { c('unchecked_quarantine_method') },
#   CC_SPAM,        sub { c('spam_quarantine_method') },
#   CC_BADH,        sub { c('bad_header_quarantine_method') },
#   CC_CLEAN,       sub { c('clean_quarantine_method') },
# );
# %quarantine_to_maps_by_ccat = (
#   CC_VIRUS,       sub { ca('virus_quarantine_to_maps') },
#   CC_BANNED,      sub { ca('banned_quarantine_to_maps') },
#   CC_UNCHECKED,   sub { ca('unchecked_quarantine_to_maps') },
#   CC_SPAM,        sub { ca('spam_quarantine_to_maps') },
#   CC_BADH,        sub { ca('bad_header_quarantine_to_maps') },
#   CC_CLEAN,       sub { ca('clean_quarantine_to_maps') },
# );
# Tachtler - new -
# Disable notifications about ***UNCHECKED*** messages.
%admin_maps_by_ccat = (
  CC_VIRUS,       sub { ca('virus_admin_maps') },
  CC_BANNED,      sub { ca('banned_admin_maps') },
#   CC_UNCHECKED,   sub { ca('virus_admin_maps') },
  CC_SPAM,        sub { ca('spam_admin_maps') },
  CC_BADH,        sub { ca('bad_header_admin_maps') },
);
# %always_bcc_by_ccat = (
#   CC_CATCHALL,    sub { c('always_bcc') },
# );
# %dsn_bcc_by_ccat = (
#   CC_CATCHALL,    sub { c('dsn_bcc') },
# );
# %mailfrom_notify_admin_by_ccat = (
#   CC_SPAM,        sub { c('mailfrom_notify_spamadmin') },
#   CC_CATCHALL,    sub { c('mailfrom_notify_admin') },
# );
# %hdrfrom_notify_admin_by_ccat = (
#   CC_SPAM,        sub { c('hdrfrom_notify_spamadmin') },
#   CC_CATCHALL,    sub { c('hdrfrom_notify_admin') },
# );
# %mailfrom_notify_recip_by_ccat = (
#   CC_CATCHALL,    sub { c('mailfrom_notify_recip') },
# );
# %hdrfrom_notify_recip_by_ccat = (
#   CC_CATCHALL,    sub { c('hdrfrom_notify_recip') },
# );
# %hdrfrom_notify_sender_by_ccat = (
#   CC_CATCHALL,    sub { c('hdrfrom_notify_sender') },
# );
# %hdrfrom_notify_release_by_ccat = (
#   CC_CATCHALL,    sub { c('hdrfrom_notify_release') },
# );
# %hdrfrom_notify_report_by_ccat = (
#   CC_CATCHALL,    sub { c('hdrfrom_notify_report') },
# );
# %notify_admin_templ_by_ccat = (
#   CC_SPAM,        sub { cr('notify_spam_admin_templ') },
#   CC_CATCHALL,    sub { cr('notify_virus_admin_templ') },
# );
# %notify_recips_templ_by_ccat = (
#   CC_SPAM,        sub { cr('notify_spam_recips_templ') },  #usually empty
#   CC_CATCHALL,    sub { cr('notify_virus_recips_templ') },
# );
# %notify_sender_templ_by_ccat = (  # bounce templates
#   CC_VIRUS,       sub { cr('notify_virus_sender_templ') },
#   CC_BANNED,      sub { cr('notify_virus_sender_templ') }, #historical reason
#   CC_SPAM,        sub { cr('notify_spam_sender_templ') },
#   CC_CATCHALL,    sub { cr('notify_sender_templ') },
# );
# %notify_release_templ_by_ccat = (
#   CC_CATCHALL,    sub { cr('notify_release_templ') },
# );
# %notify_report_templ_by_ccat = (
#   CC_CATCHALL,    sub { cr('notify_report_templ') },
# );
# %notify_autoresp_templ_by_ccat = (
#   CC_CATCHALL,    sub { cr('notify_autoresp_templ') },
# );
# %warnsender_by_ccat = (  # deprecated use, except perhaps for CC_BADH
#   CC_VIRUS,       undef,
#   CC_BANNED,      sub { c('warnbannedsender') },
#   CC_SPAM,        undef,
#   CC_BADH,        sub { c('warnbadhsender') },
# );
# %warnrecip_maps_by_ccat = (
#   CC_VIRUS,       sub { ca('warnvirusrecip_maps') },
#   CC_BANNED,      sub { ca('warnbannedrecip_maps') },
#   CC_SPAM,        undef,
#   CC_BADH,        sub { ca('warnbadhrecip_maps') },
# );
# %addr_extension_maps_by_ccat = (
#   CC_VIRUS,       sub { ca('addr_extension_virus_maps') },
#   CC_BANNED,      sub { ca('addr_extension_banned_maps') },
#   CC_SPAM,        sub { ca('addr_extension_spam_maps') },
#   CC_SPAMMY,      sub { ca('addr_extension_spam_maps') },
#   CC_BADH,        sub { ca('addr_extension_bad_header_maps') },
# # CC_OVERSIZED,   'oversized';
# );
# %addr_rewrite_maps_by_ccat = ( );
 
 
## POLICY BANKS
 
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$interface_policy{'10026'} = 'ORIGINATING';
 
# %interface_policy = ();  # maps input interface/port to policy bank name
 
$policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',
  auth_required_release => 0,  # do not require secret_id for amavisd-release
};
 
$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  os_fingerprint_method => undef,  # don't query p0f for internal clients
};
 
$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["mailfilter\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service back to postfix
  forward_method => 'smtp:[192.168.0.60]:10027',
  # notify to a smtpd service back to postfix
  notify_method => 'smtp:[192.168.0.60]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};
 
# $policy_bank{''} = { ...predefined... };
 
    ## the built-in policy bank (empty name) is predefined, and includes
    ## references to most other variables listed above (the dynamic config
    ## variables), which are accessed only indirectly through the currently
    ## installed policy bank. Overlaying a policy bank with another policy
    ## bank may bring-in references to entirely different variables,
    ## possibly unnamed. Here is a list of configuration variables
    ## referenced from the built-in policy bank by keys of the same name
    ## (e.g. { log_level => \$log_level, inet_acl => \@inet_acl, ...} )
    ##
    ##   $child_timeout $smtpd_timeout
    ##   $policy_bank_name $protocol @inet_acl
    ##   $myhostname $myauthservid $snmp_contact $snmp_location
    ##   $myprogram_name $syslog_ident $syslog_facility
    ##   $log_level $log_templ $log_recip_templ $enable_log_capture_dump
    ##   $forward_method $notify_method $resend_method $report_format
    ##   $release_method $requeue_method $release_format
    ##   $attachment_password $attachment_email_name $attachment_outer_name
    ##   $os_fingerprint_method $os_fingerprint_dst_ip_and_port
    ##   $originating @smtpd_discard_ehlo_keywords $soft_bounce
    ##   $propagate_dsn_if_possible $terminate_dsn_on_notify_success
    ##   $amavis_auth_user $amavis_auth_pass $auth_reauthenticate_forwarded
    ##   $auth_required_out $auth_required_inp $auth_required_release
    ##   @auth_mech_avail $tls_security_level_in $tls_security_level_out
    ##   $local_client_bind_address $smtpd_message_size_limit
    ##   $localhost_name $smtpd_greeting_banner $smtpd_quit_banner
    ##   $mailfrom_to_quarantine $warn_offsite $bypass_decode_parts @decoders
    ##   @av_scanners @av_scanners_backup @spam_scanners
    ##   $first_infected_stops_scan $virus_scanners_failure_is_fatal
    ##   $sa_spam_level_char $sa_mail_body_size_limit
    ##   $penpals_bonus_score $penpals_halflife $bounce_killer_score
    ##   $reputation_factor
    ##   $undecipherable_subject_tag $localpart_is_case_sensitive
    ##   $recipient_delimiter $replace_existing_extension
    ##   $hdr_encoding $bdy_encoding $hdr_encoding_qb
    ##   $allow_disclaimers $outbound_disclaimers_only
    ##   $prepend_header_fields_hdridx
    ##   $allow_fixing_improper_header
    ##   $allow_fixing_improper_header_folding $allow_fixing_long_header_lines
    ##   %allowed_added_header_fields %prefer_our_added_header_fields
    ##   %allowed_header_tests
    ##   $X_HEADER_TAG $X_HEADER_LINE
    ##   $remove_existing_x_scanned_headers $remove_existing_spam_headers
    ##   %sql_clause $partition_tag
    ##   %local_delivery_aliases $banned_namepath_re
    ##   $per_recip_whitelist_sender_lookup_tables
    ##   $per_recip_blacklist_sender_lookup_tables
    ##   @anomy_sanitizer_args @altermime_args_defang
    ##   @altermime_args_disclaimer @disclaimer_options_bysender_maps
    ##   %signed_header_fields @dkim_signature_options_bysender_maps
    ##   $enable_dkim_verification $enable_dkim_signing $dkim_signing_service
    ##   $dkim_minimum_key_bits $enable_ldap $enable_ip_repu $redis_logging_key
    ##
    ##   @local_domains_maps
    ##   @mynetworks_maps @client_ipaddr_policy @ip_repu_ignore_maps
    ##   @forward_method_maps @newvirus_admin_maps @banned_filename_maps
    ##   @spam_quarantine_bysender_to_maps
    ##   @spam_tag_level_maps @spam_tag2_level_maps @spam_tag3_level_maps
    ##   @spam_kill_level_maps
    ##   @spam_subject_tag_maps @spam_subject_tag2_maps @spam_subject_tag3_maps
    ##   @spam_dsn_cutoff_level_maps @spam_dsn_cutoff_level_bysender_maps
    ##   @spam_crediblefrom_dsn_cutoff_level_maps
    ##   @spam_crediblefrom_dsn_cutoff_level_bysender_maps
    ##   @spam_quarantine_cutoff_level_maps @spam_notifyadmin_cutoff_level_maps
    ##   @whitelist_sender_maps @blacklist_sender_maps @score_sender_maps
    ##   @author_to_policy_bank_maps @signer_reputation_maps
    ##   @message_size_limit_maps @debug_sender_maps @debug_recipient_maps
    ##   @bypass_virus_checks_maps @bypass_spam_checks_maps
    ##   @bypass_banned_checks_maps @bypass_header_checks_maps
    ##   @viruses_that_fake_sender_maps
    ##   @virus_name_to_spam_score_maps @virus_name_to_policy_bank_maps
    ##   @remove_existing_spam_headers_maps
    ##   @sa_userconf_maps @sa_username_maps
    ##
    ##   %final_destiny_maps_by_ccat %forward_method_maps_by_ccat
    ##   %lovers_maps_by_ccat %defang_maps_by_ccat %subject_tag_maps_by_ccat
    ##   %quarantine_method_by_ccat %quarantine_to_maps_by_ccat
    ##   %notify_admin_templ_by_ccat %notify_recips_templ_by_ccat
    ##   %notify_sender_templ_by_ccat %notify_autoresp_templ_by_ccat
    ##   %notify_release_templ_by_ccat %notify_report_templ_by_ccat
    ##   %warnsender_by_ccat
    ##   %hdrfrom_notify_admin_by_ccat %mailfrom_notify_admin_by_ccat
    ##   %hdrfrom_notify_recip_by_ccat %mailfrom_notify_recip_by_ccat
    ##   %hdrfrom_notify_sender_by_ccat
    ##   %hdrfrom_notify_release_by_ccat %hdrfrom_notify_report_by_ccat
    ##   %admin_maps_by_ccat %warnrecip_maps_by_ccat
    ##   %always_bcc_by_ccat %dsn_bcc_by_ccat
    ##   %addr_extension_maps_by_ccat %addr_rewrite_maps_by_ccat
    ##   %smtp_reason_by_ccat
 
    ## legacy dynamic configuration variables:
 
    ##   $final_virus_destiny $final_banned_destiny $final_unchecked_destiny
    ##   $final_spam_destiny $final_bad_header_destiny
    ##   @virus_lovers_maps @spam_lovers_maps @unchecked_lovers_maps
    ##   @banned_files_lovers_maps @bad_header_lovers_maps
    ##   $always_bcc $dsn_bcc
    ##   $mailfrom_notify_sender $mailfrom_notify_recip
    ##   $mailfrom_notify_admin  $mailfrom_notify_spamadmin
    ##   $hdrfrom_notify_sender  $hdrfrom_notify_recip
    ##   $hdrfrom_notify_admin   $hdrfrom_notify_spamadmin
    ##   $hdrfrom_notify_release $hdrfrom_notify_report
    ##   $notify_virus_admin_templ  $notify_spam_admin_templ
    ##   $notify_virus_recips_templ $notify_spam_recips_templ
    ##   $notify_virus_sender_templ $notify_spam_sender_templ
    ##   $notify_sender_templ $notify_release_templ
    ##   $notify_report_templ $notify_autoresp_templ
    ##   $warnbannedsender $warnbadhsender
    ##   $defang_virus $defang_banned $defang_spam
    ##   $defang_bad_header $defang_undecipherable $defang_all
    ##   $virus_quarantine_method $banned_files_quarantine_method
    ##   $unchecked_quarantine_method $spam_quarantine_method
    ##   $bad_header_quarantine_method $clean_quarantine_method
    ##   $archive_quarantine_method
    ##   @virus_quarantine_to_maps @banned_quarantine_to_maps
    ##   @unchecked_quarantine_to_maps @spam_quarantine_to_maps
    ##   @bad_header_quarantine_to_maps @clean_quarantine_to_maps
    ##   @archive_quarantine_to_maps
    ##   @virus_admin_maps @banned_admin_maps
    ##   @spam_admin_maps @bad_header_admin_maps @spam_modifies_subj_maps
    ##   @warnvirusrecip_maps @warnbannedrecip_maps @warnbadhrecip_maps
    ##   @addr_extension_virus_maps  @addr_extension_spam_maps
    ##   @addr_extension_banned_maps @addr_extension_bad_header_maps
 
1;  # insure a defined return value

Dienst/Daemon-Start einrichten: amavisd

Um einen AMaViS, welcher als Dienst/Daemon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:

# systemctl enable amavisd.service
ln -s '/usr/lib/systemd/system/amavisd.service' '/etc/systemd/system/multi-user.target.wants/amavisd.service'

Eine Überprüfung, ob beim Neustart des Server der 'amavisd-Dienst/Daemon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:

# systemctl list-unit-files --type=service | grep -e amavisd.service
amavisd.service                        enabled

bzw.

# systemctl is-enabled amavisd.service
enabled

Erster Start: amavisd

Um den AMaViS zu starten, kann nachfolgender Befehl angewandt werden:

# systemctl start amavisd

Eine Überprüfung ob der Start des AMaViS erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:

# systemctl status amavisd
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
   Active: active (running) since Tue 2015-10-13 23:50:32 CEST; 13s ago
     Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 6169 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 6189 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
           ├─6189 /usr/sbin/amavisd (master)
           ├─6204 /usr/sbin/amavisd (virgin child)
           ├─6205 /usr/sbin/amavisd (virgin child)
           ├─6206 /usr/sbin/amavisd (virgin child)
           └─6207 /usr/sbin/amavisd (virgin child)

Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Found decoder for  ...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Using primary inter...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Found secondary av ...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Deleting db files _...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: Creating db in /var...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: initializing Mail::...
Oct 13 23:50:32 server70.idmz.tachtler.net amavis[6189]: SpamAssassin debug ...
Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: SpamAssassin loaded...
Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: SpamControl: init_p...
Oct 13 23:50:40 server70.idmz.tachtler.net amavis[6189]: extra modules loade...
Hint: Some lines were ellipsized, use -l to show in full.

bzw. mit nachfolgendem Befehl, ob der Dienst/Daemon in der Prozessliste erscheint:

# ps aux | grep amavisd
amavis    6189  2.9  5.0 360600 102612 ?       Ss   23:50   0:01 /usr/sbin/amavisd (master)
amavis    6204  0.0  4.9 362144 101508 ?       S    23:50   0:00 /usr/sbin/amavisd (virgin child)
amavis    6205  0.0  4.9 362144 101512 ?       S    23:50   0:00 /usr/sbin/amavisd (virgin child)
amavis    6206  0.0  4.9 362144 101492 ?       S    23:50   0:00 /usr/sbin/amavisd (virgin child)
amavis    6207  0.0  4.9 362144 101492 ?       S    23:50   0:00 /usr/sbin/amavisd (virgin child)
root      6210  0.0  0.0 112640   924 pts/0    S+   23:51   0:00 grep --color=auto amavisd

bzw. ob dieser auch über die definierte IP-Adresse und den definierten Port erreichbar ist:

# netstat -tulpen | grep amavisd
tcp        0      0 0.0.0.0:10024          0.0.0.0:*       LISTEN    399     52815    6189/amavisd (maste
tcp        0      0 0.0.0.0:10026          0.0.0.0:*       LISTEN    399     52815    6189/amavisd (maste

Konfiguration: amavisd-milter

(Bis Version 1.6.x) - /etc/amavisd/amavisd-milter.conf

BIS Version 1.6.x

Standardmäßig wird nach der Installation von AMaViS - amavsid-milter in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS - amavisd-milter hinterlegt:

  • /etc/amavisd/amavisd-milter.conf

Nachfolgende Änderungen sind an der Konfigurationsdatei /etc/amavisd/amavisd-milter.conf durchzuführen:

(Komplette Konfigurationsdatei)

#         User to run under (must be same as amavisd daemon)
AMAVIS_USER=amavis
 
#         Set working directory (default /var/amavis).
WORKING_DIRECTORY=/var/spool/amavisd/tmp
 
#         Communication socket between sendmail and amavisd-milter (default
#         /var/amavis/amavisd-milter.sock).  The protocol spoken over this
#         socket is MILTER (Mail FILTER).  It must agree with the
#         INPUT_MAIL_FILTER entry in sendmail.mc
#         The socket should be in "proto:address" format:
#         o   {unix|local}:/path/to/file - A named pipe.
#         o   inet:port@{hostname|ip-address} - An IPV4 socket.
#         o   inet6:port@{hostname|ip-address} - An IPV6 socket.
# Tachtler
# default: SOCKET=/var/run/amavisd/amavisd-milter.sock
SOCKET=inet:10014@192.168.0.70
 
#         Communication socket between amavisd-milter and amavisd-new 
#         (default /var/amavis/amavisd.sock). It must agree with the 
#         $unix_socketname entry in amavisd.conf
#         The socket should be in "proto:address" format:
#         o   {unix|local}:/path/to/file - A named pipe.
#         o   inet:port@{hostname|ip-address} - An IPV4 socket.
#         o   inet6:port@{hostname|ip-address} - An IPV6 socket.
# Tachtler
# default: AMAVISD_SOCKET=/var/spool/amavisd/amavisd.sock
AMAVISD_SOCKET=/var/run/amavisd/amavisd.sock
 
 
#         Use this pid file (default /var/amavis/amavisd-milter.pid).
#         Better to create /var/run/amavis and put it there
#PID_FILE=/var/run/amavisd/amavisd-milter.pid
 
#         Maximum concurrent amavisd connections (default 0 - unlimited
#         number of connections).  It must agree with the $max_servers
#         entry in amavisd.conf.
# Tachtler
# default: MAX_CONNECTIONS=2
MAX_CONNECTIONS=4
 
#         Maximum wait for connection to amavisd in seconds (default 300 =
#         5 minutes).  It must be less then sending MTA timeout for a
#         response to the final "."  that terminates a message on sending
#         MTA.  sendmail has default value 1 hour, postfix 10 minutes and
#         qmail 20 minutes.  We suggest to use less than 10 minutes.
MAX_WAIT=300
 
#         sendmail connection timeout in seconds (default 600 = 10 min-
#         utes).  It must agree with the INPUT_MAIL_FILTER entry in send-
#         mail.mc and must be greater than or equal to the amavisd-new con-
#         nection timeout.  When you use other milters (especially time-
#         consuming), the timeout must be sufficient to process message in
#         all milters.
MAILDAEMON_TIMEOUT=600
 
#         amavisd-new connection timeout in seconds (default 600 = 10 min-
#         utes).  This timeout must be sufficient for message processing in
#         amavisd-new.  It's usually a good idea to adjust them to the same
#         value as sendmail connection timeout.
AMAVISD_TIMEOUT=600

Nachfolgende Änderungen sollten vorgenommen werden:

  • SOCKET=inet:10014@192.168.0.70

Socket über den mit dem AMaViS - amavisd-milter über die IP-Adresse: 192.168.0.70 und den Port: 10014 kommuniziert werden kann.

  • AMAVISD_SOCKET=/var/run/amavisd/amavisd.sock

Socket über den der AMaViS - amavisd-milter mit dem AMaViS kommunizieren kann.

  • MAX_CONNECTIONS=4

Anzahl der maximalen gleichzeitigen Verbindungen zwischen Postfix und AMaViS - amavisd-milter.

:!: WICHTIG - Dies muss mit der Angabe in der AMaViS Konfigurationsdatei

  • /etc/amavisd/amavisd.conf

und dem Parameter

  • $max_servers = 4

übereinstimmen!

(Ab Version 1.7.x) /etc/sysconfig/amavisd-milter

AB Version 1.7.x

:!: HINWEIS - Nachfolgender Befehl muss ausgeführt werden, falls ein Update von Version 1.6.x auf 1.7.x erfolgt!

systemctl daemon-reload

Standardmäßig wird nach der Installation von AMaViS - amavsid-milter in nachfolgendem Verzeichnis mit nachfolgendem Namen die Konfigurationsdatei für den AMaViS - amavisd-milter hinterlegt:

  • /etc/sysconfig/amavisd-milter

Nachfolgende Änderungen sind an der Konfigurationsdatei /etc/sysconfig/amavisd-milter durchzuführen:

(Komplette Konfigurationsdatei)

#         Communication socket between sendmail and amavisd-milter (default
#         /var/amavis/amavisd-milter.sock).  The protocol spoken over this
#         socket is MILTER (Mail FILTER).  It must agree with the
#         INPUT_MAIL_FILTER entry in sendmail.mc
#         The socket should be in "proto:address" format:
#         o   {unix|local}:/path/to/file - A named pipe.
#         o   inet:port@{hostname|ip-address} - An IPV4 socket.
#         o   inet6:port@{hostname|ip-address} - An IPV6 socket.
# Tachtler
# default: SOCKET=/var/run/amavisd/amavisd-milter.sock
SOCKET=inet:10014@192.168.0.70
 
#         Use this pid file (default /var/amavis/amavisd-milter.pid).
#         Better to create /var/run/amavis and put it there
#PID_FILE=/var/run/amavisd/amavisd-milter.pid
 
#         Maximum concurrent amavisd connections (default 0 - unlimited
#         number of connections).  It must agree with the $max_servers
#         entry in amavisd.conf.
# Tachtler
# default: MAX_CONNECTIONS=2
MAX_CONNECTIONS=4
 
#         Maximum wait for connection to amavisd in seconds (default 300 =
#         5 minutes).  It must be less then sending MTA timeout for a
#         response to the final "."  that terminates a message on sending
#         MTA.  sendmail has default value 1 hour, postfix 10 minutes and
#         qmail 20 minutes.  We suggest to use less than 10 minutes.
MAX_WAIT=300
 
#         sendmail connection timeout in seconds (default 600 = 10 min-
#         utes).  It must agree with the INPUT_MAIL_FILTER entry in send-
#         mail.mc and must be greater than or equal to the amavisd-new con-
#         nection timeout.  When you use other milters (especially time-
#         consuming), the timeout must be sufficient to process message in
#         all milters.
MAILDAEMON_TIMEOUT=600
 
#         amavisd-new connection timeout in seconds (default 600 = 10 min-
#         utes).  This timeout must be sufficient for message processing in
#         amavisd-new.  It's usually a good idea to adjust them to the same
#         value as sendmail connection timeout.
AMAVISD_TIMEOUT=600

Nachfolgende Änderungen sollten vorgenommen werden:

  • SOCKET=inet:10014@192.168.0.70

Socket über den mit dem AMaViS - amavisd-milter über die IP-Adresse: 192.168.0.70 und den Port: 10014 kommuniziert werden kann.

  • MAX_CONNECTIONS=4

Anzahl der maximalen gleichzeitigen Verbindungen zwischen Postfix und AMaViS - amavisd-milter.

:!: WICHTIG - Dies muss mit der Angabe in der AMaViS Konfigurationsdatei

  • /etc/sysconfig/amavisd-milter

und dem Parameter

  • $max_servers = 4

übereinstimmen!

Dienst/Daemon-Start einrichten: amavisd-milter

Um einen AMaViS - amavisd-milter, welcher als Dienst/Daemon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:

# systemctl enable amavisd-milter.service
ln -s '/usr/lib/systemd/system/amavisd-milter.service' '/etc/systemd/system/multi-user.target.wants/amavisd-milter.service'

Eine Überprüfung, ob beim Neustart des Server der 'amavisd-milter-Dienst/Daemon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:

# systemctl list-unit-files --type=service | grep -e amavisd-milter.service
amavisd-milter.service                 enabled

bzw.

# systemctl is-enabled amavisd-milter.service
enabled

Erster Start: amavisd-milter

Um den AMaViS - amavisd-milter zur Kommunikation mit dem AMaViS zu starten, kann nachfolgender Befehl angewandt werden:

# systemctl start amavisd-milter

Eine Überprüfung ob der Start des AMaViS - amavisd-milter erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:

# systemctl status amavisd-milter
amavisd-milter.service - amavisd-milter is a milter (mailfilter) for amavisd-new which uses 
the AM.PDP protocol.
   Loaded: loaded (/usr/lib/systemd/system/amavisd-milter.service; enabled)
   Active: active (running) since Tue 2015-10-13 23:39:01 CEST; 22s ago
     Docs: http://amavisd-milter.sourceforge.net/
  Process: 6135 ExecStart=/usr/sbin/amavisd-milter-helper (code=exited, status=0/SUCCESS)
 Main PID: 6137 (amavisd-milter)
   CGroup: /system.slice/amavisd-milter.service
           └─6137 /usr/sbin/amavisd-milter -B -w /var/spool/amavisd/tmp -s i...

Oct 13 23:39:01 server70.idmz.tachtler.net systemd[1]: Starting amavisd-milt...
Oct 13 23:39:01 server70.idmz.tachtler.net amavisd-milter[6137]: starting am...
Oct 13 23:39:01 server70.idmz.tachtler.net systemd[1]: Started amavisd-milte...
Hint: Some lines were ellipsized, use -l to show in full.

bzw. mit nachfolgendem Befehl, ob der Dienst/Daemon in der Prozessliste erscheint:

# ps aux | grep amavisd-milter
amavis    6137  0.0  0.0  18880   672 ?        Ssl  23:39   0:00 /usr/sbin/amavisd-milter -B -w /var/spool/amavisd/tmp -s inet:10014@192.168.0.70 -S /var/run/amavisd/amavisd.sock -p /var/run/amavisd/amavisd-milter.pid -m 4 -M 300 -t 600 -T 600
root      6144  0.0  0.0 112640   932 pts/0    S+   23:40   0:00 grep --color=auto amavisd-milter

bzw. ob dieser auch über die definierte IP-Adresse und den definierten Port erreichbar ist:

# netstat -tulpen | grep amavisd-milter
tcp        0      0 192.168.0.70:10014      0.0.0.0:*      LISTEN    399     51272    6137/amavisd-milter

Konfiguration: RAM-Disk

Eine sehr gute Möglichkeit die Performance für AMaViS zu steigern, ist eine RAM-Disk anzulegen. Dabei sollte natürlich auf die Hardware des Servers geachtete werden, aber auch auf die Gegebenheiten von AMaViS.

Um die benötigte Größe einer RAM-Disk berechnen zu können, was jedoch eher eine theoretische Größe ist, kann folgende Formel herangezogen werden:

max. AMaViS-Instanzen * (max. e-Mailgröße + (max. e-Mailgröße * Auspackfaktor))

Hier ein Beispiel:

Für 20 AMaViS-Instanzen bei einer max. e-Mailgröße von 30 MB und einem Auspackfaktor von 1,5 ergibt das eine RAM-Disk mit der Größe von 1,5 GB!

:!: Dies ist aber wie schon erwähnt, nur ein theoretischer Wert, da nicht jede e-Mail die max. Größe hat und es auch vom Netzwerkverkehr - sprich der Physik der Netzwerkkarte - nicht möglich sein dürfte, so viel Daten in kürzester Zeit (bis AMaViS-Instanzen wieder zur Verfügung stehen) zu transferieren!

Für einen kleinen privaten e-Mail-Server wird sicherlich auch eine kleinere Größe an RAM-Disk völlig ausreichend sein!

Deshalb kann mit folgenden Größen für einen kleinen privaten e-Mail-Server durchaus gerechnet werden:

Für 4 AMaViS-Instanzen bei einer max. e-Mailgröße von 10 MB und einem Auspackfaktor von 1,5 ergibt das eine RAM-Disk mit der Größe von 100 MB!

/etc/fstab

Unter CentOS Version 7.x kann mit folgendem Eintrag in der /etc/fstab kann eine RAM-Disk in der Größe von 96 MB angelegt werden (nur relevanter Ausschnitt):

...
tmpfs /var/spool/amavisd/tmp		tmpfs defaults,size=96m,mode=755,uid=399,gid=399	0 0

Zum Mounten nach dem Eintrag in der /etc/fstab kann folgender Befehl ausgeführt werden:

# mount /var/spool/amavisd/tmp

:!: WICHTIG - Falls gewünscht kann die soeben angelegte RAM-Disk auch für andere Programme lesbar gemacht werden, z.B. für Überwachungs- und Auswertungs-Tools. Dafür sollte folgender Befehl für die entsprechenden Zugriffsrechte auf das Verzeichnis /var/spool/amavisd/tmp und dessen übergeordnetem Verzeichnis /var/spool/amavisd sorgen:

# chmod 755 /var/spool/amavisd

Zur Überprüfung, ob die Verarbeitung wirklich schneller von statten geht, hier zwei Auszüge aus der LOG-Datei /var/log/maillog, der gleichen e-Mail, einmal ohne und anschließend mit RAM-Disk:

...
Jan  5 23:59:40 nss amavis[10206]: (10206-01) TIMING [total 1993 ms]...
...
Jan  6 00:12:52 nss amavis[10987]: (10987-01) TIMING [total 853 ms]...
...

Konfiguration: DKIM

DKIM - DomainKeys ist ein Identifikationsprotokoll zur Sicherstellung der Authentizität von E-Mail-Absendern, das von Yahoo entwickelt wurde und seit Ende 2004 in Erprobung ist. Es wurde konzipiert, um bei der Eindämmung von unerwünschter E-Mail wie Spam oder Phishing zu helfen.

Genauere und Detailliertere Informationen können unter folgendem Link nachgelesen werden - DomainKeys. Wie auch in anderen Bereichen, wenn es um Verschlüsselung und Signierung geht z.B. (ssh, gnupg, s_mime) ist es auch logischerweise beim Einsatz von DKIM erforderlich, ein Schlüsselpaar, bestehend aus einem

  • öffentlichen Schlüssel
  • privaten Schlüssel

zu erstellen.

Vor der eigentlichen Erstellung des Schlüsselpaares, ist es jedoch zwingend erforderlich ein Verzeichnis und ein Unterverzeichnis zu erstellen, in dem AMaViS später den privaten Schlüssel finden kann. Dies könnte z.B. im Verzeichnis

  • /etc/pki/

mit nachfolgenden Befehlen durchgeführt werden:

Erstellung eines Verzeichnisses und Unterverzeichnisses /etc/pki/amavis/dkim

# mkdir -p /etc/pki/amavis/dkim

Schlüssel erstellen

Mit nachfolgendem Befehl wird das Schlüsselpaar jetzt

  • im Verzeichnis /etc/pki/amavis/dkim
  • als dkim.key-Datei im PEM-Dateiformat

erstellt:

# amavisd genrsa /etc/pki/amavis/dkim/dkim.key
Private RSA key successfully written to file "/etc/pki/amavis/dkim/dkim.key" (1024 bits, PEM format)

bzw. mit einer höheren bit Anzahl:

# amavisd genrsa /etc/pki/amavis/dkim/dkim.key 4096
Private RSA key successfully written to file "/etc/pki/amavis/dkim/dkim.key" (4096 bits, PEM format)

:!: WICHTIG - Damit AMaViS auf die private Schlüssel-Datei auch Zugriff hat, ist es erforderlich die Besitz- und Dateirechte wie folgt mit nachfolgenden Befehlen anzupassen:

# chown amavis.amavis /etc/pki/amavis/dkim/dkim.key
# chmod 600 /etc/pki/amavis/dkim/dkim.key

Die Verzeichnisstruktur und deren Inhalt sollte danach in etwa wie folgt aussehen und kann mit nachfolgenden Befehlen angezeigt werden (nur relevanter Ausschnitt):

# ll /etc/pki/
total 44
drwxr-xr-x 3 root root 4096 Jul 17 10:29 amavis
...

# ll /etc/pki/amavis/
total 4
drwxr-xr-x 2 root root 4096 Jul 17 10:41 dkim

# ll /etc/pki/amavis/*
total 4
-rw------- 1 amavis amavis 887 Jul 17 10:41 dkim.key

Der Inhalt der privaten Schlüssel-Datei kann mit nachfolgendem Befehl angezeigt werden und sollte in etwa wie folgt aussehen:

# cat /etc/pki/amavis/dkim/dkim.key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDWypzomx/COZmYML/9j/MRNH9Chw652qzbHjM4RdzpeWzainKC
+kyYP+VuoJWMtUX2KSo+kTuWaH4AUgwWSxKq4IBq34MgWsDi3h/mFekOqtnIHTZM
16CLtzQUHAEwCUZqouQkDzQUHAEwCUZq2F9qbRFRB4WWJyuCF6GNQLX9jQIDAQAB
AoGAFgSC/R0ZrlE1O3KT26wr4HGfMfSiP874tSVtXrFaqdw2mlhi0KZTv6+dFzAC
5H+YgllJ6Uv97bccY3AFqStc6FMuEnbZBzQUHAEwCUZqMUvln1Hm+pt9nKmc2T1d
4NZFpm9wdghEolGgdQUJtqaKiClSJGAW28qne4TxQ/4s8skCQQDx07HAUveFk7dN
zHdO+LYDyXGW/Z4/Hd/+N1ckI$twIRkl1chNeFAULeSAU+/Gyi8P8TTpIIeCFhao
/R0euJY/AkEA42FJITBi3W8D4i1ifVZUnCFdBUHiZx2wpWNmkFHbMBGSddmLq1SD
o0FkSK2yUUSQr+y2C6ksJ2ULbGyI+imndrRwmd63qPdmvd+84GD5dfsddDfgg7dx
5Kcimm3a1RXTenwsD1lvVM46tmfa83vIKzgM2oI8SnZijjXqOEbMfudf1QJBAIG8
E261XeN8IRoezRA4fsQqoRmL0vME1LI4+d8kZUyS6h8FxhQ2f3lZqS9ys8h8yqzN
guSfl3OAyWCTvWXwyFMCQFb0t7soo/mHoS5EP+Q7/TRyjdzUzRrVZO5sO0HUMyhL
SPfoF9go3M+8jZ2ac/kbs6iUlQT/zS4/T4DVScoPgCs=
-----END RSA PRIVATE KEY-----

/etc/amavisd/amavisd.conf

Der erstellte private Schlüssel muss nun noch mit nachfolgenden Anpassungen der Konfigurationsdatei

  • /etc/amavsid/amavisd.conf

in AMaViS eingebunden werden.

(Nur relevanter Ausschnitt):

...
## DKIM SIGNING
 
# Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key.
$enable_dkim_signing = 0;                                                       
# Spezifikationen zum DKIM-Schluessel und dessen Anwendung.
dkim_key('tachtler.net', 'main', '/etc/pki/amavis/dkim/dkim.key', h=>'sha256'); 
# Optionen zur DKIM-Signaturerstellung.
@dkim_signature_options_bysender_maps = (
      { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } }
);                                                                              
...

Erklärung:

Variablenname Wert Erklärung
$enable_dkim_signing 0 :!: HINWEIS Deaktiviert bis die DNS-Einträge durchgeführt wurden !
dkim_key 'tachtler.net' Domainname zum DKIM-Schlüssel
'main' Selector der mit der Kennung _domainkey und dem Domainnamen benutzt wird, um über eine TXT-Record Abfrage an den DNS-Server den verwendeten öffentlichen Schlüssel zu erfragen. Hier: main._domainkey.tachtler.net
'/etc/pki/amavis/dkim/dkim.key' Privater Schlüssel, mit Pfadangabe und Dateinamen
h⇒'sha256' Über diese Optionen kann Einfluss auf die Signatur genommen werden
@dkim_signature_options_bysender_maps '.' Sender abhängige Angabe, auf die die nachfolgenden Parameter angewandt werden sollen. Hier: alle
ttl ⇒ 21*24*3600 TTL (Time To Live)
c ⇒ 'relaxed/simple' Message canonicalization (plain-text; OPTIONAL, Standard ist „simple/simple“).

Um weitere Informationen zu den oben genannten Parameter zu erhalten, können nachfolgende externe Links genutzt werden:

:!: HINWEIS - Aktuell wäre es möglich die „Verifizierung“ von e-Mails bereits zu aktivieren, OHNE selbst bereits e-Mails zu signieren!

Die notwendigen Einstellungen dafür können mit folgender Anpassung der Konfigurationsdatei

  • /etc/amavisd/amavisd.conf

durchgeführt werden

(Nur relevanter Ausschnitt):

...
$enable_dkim_verification = 1;
...

DNS-Eintrag

:!: WICHTIG - Um selbst e-Mails signieren zu können, ist es erforderlich, dass der öffentliche Schlüssel via DNS abfragbar ist, was durchaus die Mithilfe des Providers erfordern kann!

Dazu ist es erforderlich erst einmal den öffentlichen Schlüssel mit der Hilfe von AMaViS aus der Schlüsseldatei /etc/pki/amavis/dkim/dkim.pem zu erhalten, was mit nachfolgendem Befehl erreicht werden kann:

# amavisd -c /etc/amavisd/amavisd.conf showkeys tachtler.net
; key#1 1024 bits, i=main, d=tachtler.net, /etc/pki/amavis/dkim/dkim.key
main._domainkey.tachtler.net.	3600 TXT (
  "v=DKIM1; h=sha256; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJR"
  "RxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+ln"
  "Sp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkY"
  "iJw8V1oSoafME1WklQIDAQAB")

Welcher aber in nachfolgender Form in den DNS-Record eingetragen werden muss (ohne „-Zeichen und <leer>-Zeichen):

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB

Nachfolgende DNS-Einträge müssen zum DNS hinzugefügt werden, um den öffentlichen Schlüssel via DNS abfragbar zu machen (nur relevanter Ausschnitt):

...
main._domainkey.tachtler.net.           IN      TXT     "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"
...

:!: HINWEIS - Es ist nicht erforderlich, dass die neue Sub-Domain - main._domainkey.tachtler.net auf eine gültige IP-Adresse auflöst, noch irgendwelche MX-Einträge besitzt!

:!: WICHTIG - Nach dieser Änderung am DNS, ist ein Neustart des jeweiligen DNS-Servers notwendig!

Zum testen, ob AMaViS den öffentlichen Schlüssel richtig erreichen und abfragen kann, sind z.B. nachfolgende Befehle hilfreich:

AMaViS-Test

# amavisd -c /etc/amavisd/amavisd.conf testkeys tachtler.net
TESTING#1 tachtler.net: main._domainkey.tachtler.net => pass

DNS-Abfrage (beim eigenen DNS-Server)

# dig main._domainkey.tachtler.net TXT

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> main._domainkey.tachtler.net TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1477
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;main._domainkey.tachtler.net.	IN	TXT

;; ANSWER SECTION:
main._domainkey.tachtler.net. 10800 IN	TXT	"v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm
HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin
EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"

;; AUTHORITY SECTION:
tachtler.net.		10800	IN	NS	ns1.idmz.tachtler.net.

;; ADDITIONAL SECTION:
ns1.idmz.tachtler.net.	10800	IN	A	192.168.0.20

;; Query time: 1 msec
;; SERVER: 192.168.0.20#53(10.7.0.20)
;; WHEN: Thu Oct 15 13:36:12 CEST 2015
;; MSG SIZE  rcvd: 336

DNS-Abfrage (beim externen DNS-Server)

# dig @62.146.28.82 main._domainkey.tachtler.net TXT

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> @62.146.28.82 main._domainkey.tachtler.net TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16137
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;main._domainkey.tachtler.net.	IN	TXT

;; ANSWER SECTION:
main._domainkey.tachtler.net. 1048576 IN TXT	"v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm
HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin
EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"

;; Query time: 36 msec
;; SERVER: 62.146.28.82#53(62.146.28.82)
;; WHEN: Thu Oct 15 13:38:17 CEST 2015
;; MSG SIZE  rcvd: 286

DKIM aktivieren

Jetzt ist der Zeitpunkt für die Aktivierung von DKIM mit AMaViS gekommen.

Nachdem nun die DNS-Einträge verfügbar sind, kann abschließend das Signieren von e-Mails aktiviert werden, in dem in der Konfigurationsdatei

  • /etc/amavisd/amavisd.conf

nachfolgende Konfiguration durchgeführt wird:

(Nur relevanter Ausschnitt):

...
## DKIM SIGNING
 
# Signieren der ausgehenden e-Mails mit dem Schluessel unter dkim_key.
$enable_dkim_signing = 1;
...

Received-Zeilen ausnehmen

Laut RFC 4871 können auch die

  • Received: from-Zeilen

zur Signierung der e-Mail mit herangezogen werden.

Dies hat jedoch den Nachteil, dass bei einer Veränderung der Received: from-Zeilen im Nachhinein, wie es z.B. bei der Einlieferung durch Postfix via smtpd_proxy_filter (Pre-Queue) bei AMaViS der Fall sein könnte, die DKIM-Sigantur sprichwörtlich „kaputt“ geht. Siehe nachfolgenden Auszug aus den Header-Zeilen (nur relevanter Ausschnitt):

...
Authentication-Results: viruswall.idmz.tachtler.net (amavisd-new);
	dkim=fail (1024-bit key) reason="fail (message has been altered)"
	header.d=tachtler.net
...

Dies kann durch hinzufügen von nachfolgender Konfigurationszeile in die

  • /etc/amavisd.conf
$signed_header_fields{'received'} = 0;  # turn off signing of Received

verhindert werden, indem die Received: from-Zeilen nicht mehr mit in die Berechnung der DKIM-Signatur mit einfließen.

DKIM-Test: AMaViS

Mit nachfolgendem Befehl, kann eine Test des Gültigkeit der DKIM-Signatur unter Zuhilfenahme von AMaViS durchgeführt werden:

# amavisd testkeys
TESTING#1: main._domainkey.tachtler.net      => pass

DKIM-Test: DNS

Mit nachfolgenden Befehlen, kann eine entsprechende DNS-Abfrage durchgeführt werden, um zu testen, ob der entsprechende Schlüssel im DNS korrekt eingebunden ist:

# host -t TXT main._domainkey.tachtler.net
main._domainkey.tachtler.net descriptive text "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSmHUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsinEksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"

oder

# dig @8.8.8.8 main._domainkey.tachtler.net TXT

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> @8.8.8.8 main._domainkey.tachtler.net TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;main._domainkey.tachtler.net.	IN	TXT

;; ANSWER SECTION:
main._domainkey.tachtler.net. 21599 IN	TXT	"v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW697RxGpSm
HUxXFMgirRcDKJRRxoDuuIxlH/69QsHeee+hBC0Uwg72tcQ8dkmQfJwpcHAIt8nP/0VQnRc2uyRr+lnSp89Diahd3frfgnPnyKjhoNglJNlsin
EksKnsQ40G6rki1kH3Sf0mq+Hn0RYozkYiJw8V1oSoafME1WklQIDAQAB"

;; Query time: 204 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 15 18:06:04 CEST 2015
;; MSG SIZE  rcvd: 297

* Anfrage z.B. an den Google DNS-Servers !

DKIM-Test: e-Mail

Folgender Text-Auszug sollte nun beim e-Mail-Verkehr im Quelltext im Header einer e-Mail erscheinen (nur relevanter Ausschnitt):

...
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tachtler.net; h=
	user-agent:content-transfer-encoding:content-disposition
	:content-type:content-type:mime-version:subject:subject:from
	:from:date:date:message-id:received:received:received; s=main;
	 t=1247825666; x=1249640066; bh=zkfBNgBkKqRSYHugI+0qnNCPdrpy1OCX
	05xaRMuDqHM=; b=k6+oUVv686bTSWNp+3MDpJRKWzf9oEipgx6z8TGgG/KlET0X
	NiydYWN+PMJSEobjAPta9GpUvG5k+VCLyT26mrk5/I9ApBHGQpmdb0cB/j6kXqAA
	KenY0BIV4rLgWIjqkdCFeW40IgxNj3ur5WNxHPxJWGdpLGtP+SPJYBRM/EM=
...

Der empfangende Mailserver ist mit Hilfe des Authentication-Results:-Header in der Lage festzustellen, ob die eMail unverändert angekommen und somit nicht manipuliert wurde:

Authentication-Results: viruswall.dmz.tachtler.net (amavisd-new);
	dkim=pass (1024-bit key) header.d=tachtler.net

Wurde die Nachricht hingegen verändert, so schlägt die Überprüfung fehl:

Authentication-Results: viruswall.dmz.tachtler.net (amavisd-new);
	dkim=fail (1024-bit key) reason="fail (message has been altered)"
	header.d=tachtler.net

Konfiguration: alterMIME

:!: WICHTIG - Beim Einsatz von amavisd-milter zur Verbindung zwischen Postfix und AMaViS kann alterMIME innerhalb von AMaViS nicht eingesetzt werden !!! :!:

Die OpenSource-Variante von alterMIME kann zu folgenden Aktionen in Bezug auf e-Mail's genutzt werden:

  • Einfügen von sog. „Disclaimern“ - e-Mail Fußzeilen bei ein- und ausgehenden e-Mails
  • Einfügen von frei wählbaren „X-Header“-Angaben im e-Mail-Header
  • Verändern eines oder mehreren bereits in e-Mail-Header vorhandenen „X-Header“
  • Entfernen von Dateianhängen basierend auf Dateinamen, oder Dateihalten
  • Austausch von Dateianhängen basierend auf Dateinamen

Bevor mit der eigentlichen Konfiguration zur Integration von alterMIME in AMaViS begonnen werden soll, ist es empfehlenswert, um die Übersicht nicht zu verlieren, folgendes Verzeichnis mit nachfolgendem Befehl anzulegen:

# mkdir /etc/amavisd/altermime

:!: WICHTIG - Da benutzereigene „Disclaimer“ verwenden werden sollen, muss für jede e-Mail-Adresse in der Konfigurationsdatei /etc/amavisd/amavisd.conf - jeweils auch eine „Disclaimer-Datei“ für PLAIN-Text und HTML-Code nach z.B. folgendem Schema angelegt werden:

  • disclaimer_<Benutzername>.text
  • disclaimer_<Benutzername>.html

Die Dateien können mit folgenden Befehlen angelegt werden:

# touch /etc/amavisd/altermime/disclaimer_postmaster.text
# touch /etc/amavisd/altermime/disclaimer_postmaster.html

und

:!: Abschließend muss noch der Inhalt der jeweiligen benutzereigenen „Disclaimer“-Datei entsprechend angepasst werden. Hier ein Beispiel für

  • /etc/amavsid/altermime/disclaimer_postmaster.text
---------------------
Disclaimer postmaster
---------------------

/etc/amavisd/amavisd.conf

Um alterMIME in AMaViS zu integrieren, sind nachfolgende Konfigurationseinstellungen in der AMaViS-Konfigurationsdatei /etc/amavisd/amavisd.conf notwendig.

Die relevanten Änderungen gegenüber der Standard-Konfiguration sollen durch nachfolgende Anpassungen vorhandener Einstellungen in /etc/amavsid/amavisd.conf durchgeführt werden:

(Nur relevanter Ausschnitt):

...
# Tachtler
$altermime = '/usr/bin/altermime';     # a path to the program
@altermime_args_defang     = qw(--verbose --removeall);
@altermime_args_disclaimer = qw(--disclaimer=/etc/amavsid/altermime/_OPTION_.text --disclaimer-html=/etc/amavisd/altermime/_OPTION_.html);
@disclaimer_options_bysender_maps = (
      { 'postmaster@tachtler.net' => 'disclaimer-postmaster',
      { 'abuse@tachtler.net'      => 'disclaimer-abuse',
        '.'                       => 'disclaimer-default' },
    );
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
...
...
...
@mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/24 192.168.1.0/24 192.168.2.0/2488.217.171.167/32 );
...

:!: WICHTIG - Falls e-Mails durch einen lokalen kleinen MUA Mail User Agent wie z.B. mutt direkt in ein Postfach einfach auf die Festplatte geschrieben werden, ist es erforderlich auch die IP-Adresse - 0.0.0.0/32 in die Liste von

  • @mynetworks = qw( 0.0.0.0/32 127.0.0.0/8 [::1] 192.168.0.0/24 192.168.1.0/24 192.168.2.0/2488.217.171.167/32 );

mit aufzunehmen!

:!: WICHTIG ist auch, das Einfügen folgender Zeile

  • allow_disclaimers => 1,  # enables disclaimer insertion if available

in den policy_banks: MYNETS bzw. ORGINATING, da sonst der „Disclaimer“ nicht eingefügt wird!

Konfiguration: TLS

:!: WICHTIG - Nachfolgende Punkte sind bei der TLS Transport Verschlüsselung zu beachten:

  1. Zu AMaViS kann TLS nur bei content_filter genutzt werden
  2. Zu AMaViS kann TLS NICHT mit smtpd_proxy_filter genutzt werden
  3. Von AMaViS kann TLS nur bei Anforderung durch z.B. Postfix genutzt werden

Um auch beim AMaViS TLS Transport Verschlüsselung einsetzen zu können, ist es aktuell erforderlich einen patch einzusetzen, da sonst nachfolgende Warnmeldung in der LOG-Datei /var/log/maillog bei der Aktivierung der TLS Transport Verschlüsselung zu sehen ist:

_WARN: *******************************************************************\n Using the default of 
SSL_verify_mode of SSL_VERIFY_NONE for client\n is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER\n 
together with SSL_ca_file|SSL_ca_path for verification.\n If you really don't want to verify the certificate 
and keep the\n connection open to Man-In-The-Middle attacks please set\n SSL_verify_mode explicitly to 
SSL_VERIFY_NONE in your application.\n*******************************************************************\n  
at /usr/sbin/amavisd line 8392.

:!: WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!

Nachfolgender patch basierend auf einem patch von Markus Benning mit einigen Ergänzungen von Klaus Tachtler, welcher in den AMaViS integriert werden muss, damit

  • nachfolgende Optionen
    • SSL_cipher_list
    • SSL_version
    • SSL_CAfile
    • SSL_honor_cipher_order
    • und von Klaus Tachtler - SSL_verify_mode

bestimmt werden können.

:!: HINWEIS - Die Definition von SSL_verify_mode behebt übrigens die Warnmeldung!

Bis AMaViSd-new 2.10.x - TLS-patch

:!: WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!

Nachfolgender patch muss in den AMaViS integriert werden, damit TLS Transport Verschlüsselung entsprechend genutzt werden kann:

--- /usr/sbin/amavisd.orig	2014-10-26 01:06:00.000000000 +0200
+++ /usr/sbin/amavisd	2015-10-26 10:09:45.868759224 +0100
@@ -388,6 +388,8 @@
       $smtp_connection_cache_on_demand $smtp_connection_cache_enable
       $smtpd_recipient_limit
       $smtpd_tls_cert_file $smtpd_tls_key_file
+      $smtpd_tls_cipher_list $smtpd_tls_version $smtpd_tls_verify_mode
+      $smtpd_tls_CAfile $smtpd_tls_honor_cipher_order $smtpd_dh_params_file
       $enforce_smtpd_message_size_limit_64kb_min
       $MAXLEVELS $MAXFILES
       $MIN_EXPANSION_QUOTA $MIN_EXPANSION_FACTOR
@@ -407,6 +409,7 @@
       @dkim_signing_keys_list @dkim_signing_keys_storage
       $file $altermime $enable_anomy_sanitizer
     )],
+    'tls_client' => [qw( $smtp_tls_cipher_list $smtp_tls_version $smtp_tls_verify_mode $smtp_tls_CAfile)],
     'sa' =>  # global SpamAssassin settings
     [qw(
       $spamcontrol_obj $sa_num_instances
@@ -512,7 +515,7 @@
     )],
   );
   Exporter::export_tags qw(dynamic_confvars confvars sa platform
-                      hidden_confvars legacy_dynamic_confvars legacy_confvars);
+                      hidden_confvars legacy_dynamic_confvars legacy_confvars tls_client);
   1;
 } # BEGIN
 
@@ -1013,6 +1016,19 @@
   $smtpd_tls_cert_file = undef;     # e.g. "$MYHOME/cert/amavisd-cert.pem"
   $smtpd_tls_key_file  = undef;     # e.g. "$MYHOME/cert/amavisd-key.pem"
 
+  # see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version
+  $smtpd_tls_cipher_list = undef;  # SSL_cipher_list
+  $smtpd_tls_version = undef;  # SSL_version
+  $smtpd_tls_CAfile = undef;   # SSL_ca_file
+  $smtpd_tls_verify_mode = undef;   # SSL_verify_mode
+  $smtpd_tls_honor_cipher_order = undef; # SSL_honor_cipher_order
+  $smtpd_dh_params_file = undef;   # SSL_dh_file
+
+  $smtp_tls_cipher_list = undef;   # SSL_cipher_list
+  $smtp_tls_version = undef;   # SSL_version
+  $smtp_tls_CAfile = undef;    # SSL_client_ca_file
+  $smtp_tls_verify_mode = undef;   # SSL_verify_mode
+
   $dkim_minimum_key_bits = 1024;    # min acceptable DKIM key size (in bits)
                                     # for whitelisting
 
@@ -7934,7 +7950,7 @@
   use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION);
   $VERSION = '2.404';
   @ISA = qw(Exporter);
-  import Amavis::Conf qw(:platform);
+  import Amavis::Conf qw(:platform :tls_client);
   import Amavis::Util qw(ll do_log min max minmax idn_to_ascii);
 }
 
@@ -8389,6 +8405,14 @@
   IO::Socket::SSL->start_SSL($sock, SSL_session_cache => $ssl_cache,
     SSL_error_trap =>
       sub { my($sock,$msg)=@_; do_log(-2,"Error on socket: %s",$msg) },
+    defined $smtp_tls_verify_mode ?
+      ( SSL_verify_mode => $smtp_tls_verify_mode ) : (),
+    defined $smtp_tls_version ?
+      ( SSL_version => $smtp_tls_version ) : (),
+    defined $smtp_tls_cipher_list ?
+      ( SSL_cipher_list => $smtp_tls_cipher_list ) : (),
+    defined $smtp_tls_CAfile ?
+      ( SSL_client_ca_file => $smtp_tls_CAfile ) : (),
     %params,
   ) or die "Error upgrading socket to SSL: ".IO::Socket::SSL::errstr();
   $self->{last_event} = 'ssl-upgrade';
@@ -21943,6 +21967,18 @@
               SSL_passwd_cb => sub { 'example' },
               SSL_key_file  => $smtpd_tls_key_file,
               SSL_cert_file => $smtpd_tls_cert_file,
+	        defined $smtpd_tls_verify_mode ?
+              ( SSL_verify_mode => $smtpd_tls_verify_mode ) : (),
+	        defined $smtpd_tls_version ?
+              ( SSL_version => $smtpd_tls_version ) : (),
+                defined $smtpd_tls_cipher_list ?
+              ( SSL_cipher_list => $smtpd_tls_cipher_list ) : (),
+                defined $smtpd_tls_CAfile ?
+              ( SSL_ca_file => $smtpd_tls_CAfile ) : (),
+                defined $smtpd_tls_honor_cipher_order ?
+              ( SSL_honor_cipher_order => $smtpd_tls_honor_cipher_order ) : (),
+                defined $smtpd_dh_params_file ?
+              ( SSL_dh_file => $smtpd_dh_params_file ) : (),
             ) or die "Error upgrading socket to SSL: ".
                      IO::Socket::SSL::errstr();
             if ($self->{smtp_inpbuf} ne '') {

/etc/amavisd/amavisd.conf

:!: WICHTIG - Ab der Version 2.11.x von AMaViS, ist ein Patch nicht mehr notwendig!!!

:!: WICHTIG - Nachfolgende Konfiguration ist bis Version 2.10.x von AMaViS notwendig

Nachfolgende Konfigurationsdirektiven (alte und neue) müssen nun gesetzt werden, um eine TLS Transport Verschlüsselung von und zu AMaViS nutzen zu können.

Bis Version 2.10.x von AMaViS - Eingehende Verbindungen:

(Nur relevanter Ausschnitt)

...
# Opportunistische TLS Transportverschluesselung eingehend aktivieren
$tls_security_level_in = 'may';                                                 
$smtpd_tls_cert_file = '/etc/pki/amavis/certs/tachtler.net.crt';                # Pfad zum TLS Zertifikat.
$smtpd_tls_key_file = '/etc/pki/amavis/private/tachtler.net.key';               # Pfad zum TLS Schluessel.
...
...
...
# Tachtler - 
# Add patch from Markus Benning and Klaus Tachtler to enable right use of TLS.
# see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version
$smtpd_tls_cipher_list = 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA
:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA
:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA
:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA';
$smtpd_tls_version = 'SSLv23:!SSLv3:!SSLv2';                                    # SSL_version
$smtpd_tls_CAfile = '/etc/pki/tls/certs/ca-bundle.crt';                         # SSL_ca_file
$smtpd_tls_verify_mode = 'SSL_VERIFY_PEER';                                     # SSL_verify_mode
$smtpd_tls_honor_cipher_order = 1;                                              # SSL_honor_cipher_order
$smtpd_dh_params_file = '/etc/pki/postfix/private/dh_2048.pem';                 # SSL_dh_file
...

* Bitte keine Zeilenumbrüche bei $smtpd_tls_cipher_list durchführen!

Ab Version 2.11.x von AMaViS - Eingehende Verbindungen:

(Nur relevanter Ausschnitt)

...
$tls_security_level_in = 'may';                                                 # Opportunistische TLS Transportverschluesselung eingehend aktiviere
%smtpd_tls_server_options = (
# SSL_verifycn_scheme   => 'smtp',
 SSL_verifycn_scheme    => 'none',
 SSL_session_cache      => 2,
 SSL_cert_file          => '/etc/pki/amavis/certs/CAcert-class3-wildcard.crt',
 SSL_key_file           => '/etc/pki/amavis/private/tachtler.net.key',
 SSL_dh_file            => '/etc/pki/postfix/private/dh_2048.pem',
 SSL_ca_file            => '/etc/pki/tls/certs/ca-bundle.crt',
 SSL_version            => 'SSLv23:!SSLv3:!SSLv2',
 SSL_cipher_list        => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-
RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-
RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA',
 SSL_honor_cipher_order => '1',
 SSL_verify_mode        => 'SSL_VERIFY_NONE',
 SSL_passwd_cb => sub { 'example' },
);
...

Bis Version 2.10.x von AMaViS - Ausgehende Verbindungen:

(Nur relevanter Ausschnitt)

...
# Opportunistisches TLS Transportverschluesselung ausgehend aktivieren.
$tls_security_level_out = 'may';                                                
 
# Tachtler - 
# Add patch from Markus Benning and Klaus Tachtler to enable right use of TLS.
# see https://metacpan.org/pod/distribution/IO-Socket-SSL/lib/IO/Socket/SSL.pod#SSL_version
$smtp_tls_cipher_list = 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA
:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA
:!DHE-RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA
:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA';
$smtp_tls_version = 'SSLv23:!SSLv3:!SSLv2';                                     # SSL_version
$smtp_tls_CAfile = '/etc/pki/tls/certs/ca-bundle.crt';                          # SSL_ca_file
$smtp_tls_verify_mode = 'SSL_VERIFY_PEER';                                      # SSL_verify_mode
...

* Bitte keine Zeilenumbrüche bei $smtp_tls_cipher_list durchführen!

Ab Version 2.11.x von AMaViS - Eingehende Verbindungen:

(Nur relevanter Ausschnitt)

...
$tls_security_level_out = 'may';                                                # Opportunistisches TLS Transportverschluesselung ausgehend aktivieren.
%smtp_tls_client_options = (
# SSL_verifycn_scheme   => 'smtp',
 SSL_verifycn_scheme    => 'none',
 SSL_version            => 'SSLv23:!SSLv3:!SSLv2',
 SSL_cipher_list        => 'ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES:!CBC3-SHA:!iAES128-SHA:!DHE-RSA-AES128-SHA:!AES256-SHA:!DHE-
RSA-AES256-SHA:!CAMELLIA128-SHA:!iDHE-RSA-CAMELLIA128-SHA:!iCAMELLIA256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-
RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA',
 SSL_client_ca_file     => '/etc/pki/tls/certs/ca-bundle.crt',
 SSL_honor_cipher_order => '1',
 SSL_verify_mode        => 'SSL_VERIFY_PEER',
);
...

:!: HINWEIS - Falls ein Wildcard-Zertifikat zum Einsatz kommt (z.B. *.tachtler.net) und der Hostname nicht darauf angewendet werden kann (z.B. amavis.idmz.tachtler.net), dann muss der Parameter:

  • SSL_verifycn_scheme ⇒ 'none',

gesetzt werden!

/etc/postfix/master.cf

Nachfolgende Konfigurationen der Konfigurationsdatei von Postfix - /etc/postfix/master.cf erhält jeweils einen Zusatz, um eine TLS Transport Verschlüsselte Verbindung in gewissen Konstellationen bzw. Bereichen der Kommunikation mit AMaViS zu ermöglichen:

  1. Einlieferung via submission und Weitergabe an AMaViS via content_filter via LMTP (Local Mail Transfer Protocol)
  2. Einlieferung via pickup (lokal) und und Weitergabe an AMaViS via content_filter via LMTP (Local Mail Transfer Protocol)

(Nur relevanter Ausschnitt):

...
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o content_filter=lmtp:[192.168.0.70]:10026
  -o lmtp_use_tls=yes
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
...
...
...
pickup    unix  n       -       n       60      1       pickup
  -o content_filter=lmtp:[192.168.0.70]:10024
  -o lmtp_use_tls=yes
...

Erklärung zu den relevanten Ergänzungen:

  • lmtp_use_tls=yes

Übergabe der e-Mail von Postfix an AMaViS und dabei TLS Transport Verschlüsselung nutzen, als Vorgabe einstellen.

Neustart: amavisd

Um den AMaViS neu zu starten, kann nachfolgender Befehl angewandt werden:

# systemctl restart amavisd

Eine Überprüfung ob der Start des AMaViS erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden, welcher eine Ausgabe in etwa wie nachfolgende erzeugen sollte:

# systemctl status amavisd
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
   Active: active (running) since Thu 2015-10-15 13:49:07 CEST; 9s ago
     Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 4061 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 4078 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
           ├─4078 /usr/sbin/amavisd (master)
           ├─4093 /usr/sbin/amavisd (virgin child)
           ├─4094 /usr/sbin/amavisd (virgin child)
           ├─4095 /usr/sbin/amavisd (virgin child)
           └─4096 /usr/sbin/amavisd (virgin child)

Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Found decoder for  ...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Using primary inter...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Found secondary av ...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Deleting db files _...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: Creating db in /var...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: initializing Mail::...
Oct 15 13:49:08 server70.idmz.tachtler.net amavis[4078]: SpamAssassin debug ...
Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: SpamAssassin loaded...
Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: SpamControl: init_p...
Oct 15 13:49:15 server70.idmz.tachtler.net amavis[4078]: extra modules loade...
Hint: Some lines were ellipsized, use -l to show in full.

Fehlerbehebung

spf: lookup failed: addr is not a string

Falls beim einliefern von e-Mails an AMaViS (A MAil Virus Scanner) nachfolgende LOG-Einträge in

  • /var/log/maillog

erscheinen sollten

Oct 14 00:33:42 server70 amavis[6206]: (06206-02) _WARN: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.
Oct 14 00:33:42 server70 amavis[6206]: (06206-02) _WARN: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.

liegt dies an einem Fehler im rpm-Pakets - perl-Socket unter CentOS in der Version 7.x.

Unter nachfolgendem externen Link

kann dies nachgelesen werden.

Abhilfe kann ein Update des rpm-Paket - perl-Socket, welches unter nachfolgendem externen Link mit ebenfalls nachfolgendem Befehl in z.B. das Verzeichnis /tmp heruntergeladen werden:

# wget -P /tmp http://people.redhat.com/ppisar/perl-Socket-2.010-4.el7/perl-Socket-
2.010-4.el7_1.x86_64.rpm
--2015-10-14 11:22:55--  http://people.redhat.com/ppisar/perl-Socket-2.010-4.el7/perl-Socket-
2.010-4.el7_1.x86_64.rpm
Resolving people.redhat.com (people.redhat.com)... 209.132.183.19
Connecting to people.redhat.com (people.redhat.com)|209.132.183.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 48756 (48K) [application/x-rpm]
Saving to: ‘/tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm’

100%[=====================================>] 48,756      81.4KB/s   in 0.6s   

2015-10-14 11:22:55 (81.4 KB/s) - ‘/tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm’ saved [48756/48756]

FINISHED --2015-10-14 11:22:55--
Total wall clock time: 1.0s
Downloaded: 1 files, 48K in 0.6s (81.4 KB/s)

Die Update-Installation von /perl-Socket, kann durch ausführen des nachfolgenden Befehls durchgeführt werden:

# yum localinstall /tmp/perl-Socket-2.010-4.el7_1.x86_64.rpm 
Loaded plugins: changelog, priorities
Examining perl-Socket-2.010-4.el7_1.x86_64.rpm: perl-Socket-2.010-4.el7_1.x86_64
Marking perl-Socket-2.010-4.el7_1.x86_64.rpm as an update to perl-Socket-
2.010-3.el7.x86_64
Resolving Dependencies
--> Running transaction check
---> Package perl-Socket.x86_64 0:2.010-3.el7 will be updated
---> Package perl-Socket.x86_64 0:2.010-4.el7_1 will be an update
--> Finished Dependency Resolution

Changes in packages about to be updated:

ChangeLog for: perl-Socket-2.010-4.el7_1.x86_64
* Mon Apr 20 14:00:00 2015 Petr Pisar <ppisar@redhat.com> - 2.010-4
- Allow to call getnameinfo() on tainted value (bug #1200167)


Dependencies Resolved

===============================================================================
 Package      Arch    Version         Repository                          Size
===============================================================================
Updating:
 perl-Socket  x86_64  2.010-4.el7_1   /perl-Socket-2.010-4.el7_1.x86_64  112 k

Transaction Summary
===============================================================================
Upgrade  1 Package

Total size: 112 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : perl-Socket-2.010-4.el7_1.x86_64                            1/2 
  Cleanup    : perl-Socket-2.010-3.el7.x86_64                              2/2 
  Verifying  : perl-Socket-2.010-4.el7_1.x86_64                            1/2 
  Verifying  : perl-Socket-2.010-3.el7.x86_64                              2/2 

Updated:
  perl-Socket.x86_64 0:2.010-4.el7_1                                           

Complete!

TEST: ClamAV

Um einen Test durchführen zu können, ob AMaViS durhc Aufruf des Konfigurierten Virenscanners auch tatsächlich einen Virus erkennt, kann nachfolgender Test per telnet erfolgen, welcher eine e-Mail beim Postfix einliefert, welcher diese dann am AMaViS ebenfalls einliefert um diese nach Viren und SPAM überprüfen zu lassen

# telnet mx1.tachtler.net 25
Trying 192.168.0.60...
Connected to mx1.tachtler.net.
Escape character is '^]'.
220 mx1.tachtler.net ESMTP Postfix
ehlo mx1.tachtler.net
250-mx1.tachtler.net
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: <postmaster@tachtler.net>
250 2.1.0 Ok
rcpt to: <klaus@tachtler.net>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: postmaster@tachtler.net
To: klaus@tachtler.net
Subject: Test eicar-Test Virus 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
554 5.7.0 Reject, id=11746-01 - INFECTED: Eicar-Test-Signature. (smtpd) For assistance, contact YOUR 
postmaster or administrator. He can achieve OUR postmaster via email: <postmaster@tachtler.net>. In any case, 
please provide the following information in your problem report: This error message, time (Oct 28 13:19:05), 
client (192.168.0.60), port (44084) and server (mx1.tachtler.net).
quit
221 2.0.0 Bye
Connection closed by foreign host.

Nachfolgende Eingaben sind ein einer telnet-Sitzung dazu erforderlich:

  • telnet mx1.tachtler.net 25

telnet-Verbindung zum Postfix, welcher die e-Mail dann zu AMaViS weitergibt, herstellen.

  • ehlo mx1.tachtler.net

Identifikation des einliefernden e-Mail-Servers mit dem EHLO/HELO-Kommando.

  • mail from: <postmaster@tachtler.net>

Absender.

  • rcpt to: <klaus@tachtler.net>

Empfänger.

  • data

Data-Kommando, welches die Header-Daten und Body-Daten nach sich zieht.

  • From: postmaster@tachtler.net
    To: klaus@tachtler.net
    Subject: Test eicar-Test Virus 
    
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Header-Daten und die Body-Daten mit dem EICAR-Test Virus Pattern.

  • .

Abschluss des Data-Kommandos mit einem einfache . (Punkt) am Anfang einer neuen Zeile, ohne weiteren Inhalt.

  • quit

Beenden der telnet-Sitzung mit dem QUIT-Kommando.

TEST: SpamAssassin

Um einen Test durchführen zu können, ob AMaViS durhc Aufruf des Konfigurierten SPAM-Filters auch tatsächlich eine SPAM-e-Mail erkennt, kann nachfolgender Test per telnet erfolgen, welcher eine e-Mail beim Postfix einliefert, welcher diese dann am AMaViS ebenfalls einliefert um diese nach Viren und SPAM überprüfen zu lassen

# telnet mx1.tachtler.net 25
Trying 192.168.0.60...
Connected to mx1.tachtler.net.
Escape character is '^]'.
220 mx1.tachtler.net ESMTP Postfix
ehlo mx1.tachtler.net
250-mx1.tachtler.net
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: <postmaster@tachtler.net>
250 2.1.0 Ok
rcpt to: <klaus@tachtler.net>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: postmaster@tachtler.net
To: klaus@tachtler.net
Subject: Test GTUBE-Test SPAM

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
554 5.7.0 Reject, id=11744-02 - spam. (smtpd) For assistance, contact YOUR postmaster or administrator. He can 
achieve OUR postmaster via email: <postmaster@tachtler.net>. In any case, please provide the following 
information in your problem report: This error message, time (Oct 28 13:33:02), client (192.168.0.60), port 
(44089) and server (mx1.tachtler.net).
quit
221 2.0.0 Bye
Connection closed by foreign host.

Nachfolgende Eingaben sind ein einer telnet-Sitzung dazu erforderlich:

  • telnet mx1.tachtler.net 25

telnet-Verbindung zum Postfix, welcher die e-Mail dann zu AMaViS weitergibt, herstellen.

  • ehlo mx1.tachtler.net

Identifikation des einliefernden e-Mail-Servers mit dem EHLO/HELO-Kommando.

  • mail from: <postmaster@tachtler.net>

Absender.

  • rcpt to: <klaus@tachtler.net>

Empfänger.

  • data

Data-Kommando, welches die Header-Daten und Body-Daten nach sich zieht.

  • From: postmaster@tachtler.net
    To: klaus@tachtler.net
    Subject: Test GTUBE-Test SPAM
    
    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Header-Daten und die Body-Daten mit dem GTUBE-Test SPAM Pattern.

  • .

Abschluss des Data-Kommandos mit einem einfache . (Punkt) am Anfang einer neuen Zeile, ohne weiteren Inhalt.

  • quit

Beenden der telnet-Sitzung mit dem QUIT-Kommando.

Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
tachtler/amavis_centos_7.txt · Zuletzt geändert: 2020/05/11 08:58 von klaus