exim+spamassassin

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
MasterRS
проходил мимо
Сообщения: 2
Зарегистрирован: 2012-02-14 16:18:32

exim+spamassassin

Непрочитанное сообщение MasterRS » 2012-02-14 16:52:09

Здравствуйте. Перечитал много статей, но так и не получается прикрутить spamassasin к exim
Помогите понять сам механизм фильтрации сообщений в данной связке
В итоге нужно настроить так,чтобы письмо помеченное как ***SPAM*** отправлялось в папку СПАМ пользователя
а также в дальнейшем нужно понять механизм обучения спам-фильтра
привожу конфиги:

exim.conf

Код: Выделить всё

hide mysql_servers = localhost/znmail/znmail/password

log_selector = +all

primary_hostname = mail.mydomain.com
domainlist local_domains = mydomain.com
domainlist relay_to_domains = mydomain.com

hostlist relay_from_hosts = localhost : 127.0.0.1/8

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

#av_scaner = clamd:/var/run/clamav/clamd

spamd_address = 127.0.0.1 783

qualify_domain = mydomain.com
qualify_recipient =mydomain.com

exim_user = znmail
exim_group = znmail
never_users = root

sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d

auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP"
smtp_accept_max = 500
smtp_accept_max_per_connection = 70
smtp_connect_backlog = 50
smtp_accept_max_per_host = 30
split_spool_directory = true
remote_max_parallel = 15
#return_size_limit = 70k
message_size_limit = 64M
#hello_allow_chars = _
smtp_enforce_sync = true

auth_advertise_hosts = *

begin acl

acl_check_rcpt:


  accept hosts = :

  deny    message       = "incorrect symbol in address"
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = "incorrect symbol in address"
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

#  accept  local_parts   = postmaster
#          domains       = +local_domains

  require verify        = sender

  deny    message       = "HELO/EHLO require by SMTP RFC"
          condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

  accept  authenticated = *

  deny    !authenticated = *
          sender_domains = +local_domains : +relay_to_domains
          message = Warning! Authentication required!

  deny    message       = "Your IP in HELO - access denied!"
          hosts         =  * : !+relay_from_hosts
          condition     = ${if eq{$sender_helo_name}\
    {$sender_host_address}{true}{false}}

  deny    condition     = ${if eq{$sender_helo_name}\
    {$interface_address}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "main IP in your HELO! Access denied!"

  deny    condition     = ${if match{$sender_helo_name}\
    {\N^\d+$\N}{yes}{no}}
          hosts         = !127.0.0.1 : !localhost : *
          message       = "can not be only number in HELO!"

  deny    message       = "your hostname is bad (adsl, poll, ppp & etc)."
          condition     = ${if match{$sender_host_name} \
                               {adsl|dialup|pool|peer|dhcp} \
                               {yes}{no}}
  warn

        set acl_m0 = 40s
  warn

        hosts = 10.0.0.0/8
        set acl_m0 = 0s
  warn

        logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address] with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
        delay = $acl_m0

  accept  domains       = +local_domains
          endpass
          message       = "In my mailserver not stored this user"
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          message       = "main server not know how relay to this address"
          verify        = recipient

  deny    message       = you in blacklist: $dnslist_domain \n $dnslist_text
          dnslists      = opm.blitzed.org : \
                          cbl.abuseat.org : \
                          bl.csma.biz : \
                          dynablock.njabl.org

  accept  hosts         = +relay_from_hosts

  deny    message       = "Homo hominus lupus est"

acl_check_data:

#  deny malware = *
#  message = "In e-mail found virus - $malware_name"

 warn
        message = X-Spam-Score: $spam_score ($spam_bar)
        hosts   = !+relay_from_hosts
        spam = nobody: true

 warn
       message = X-Spam-Report: $spam_report
        hosts   = !+relay_from_hosts
        spam = nobody: true
 warn
       message = Subject: ***SPAM*** $h_Subject:
        hosts   = !+relay_from_hosts
        spam = nobody: true


#если включить этот блок, входящая почта реджектится вся, но как спам не помечается #

deny
       message = This message scored $spam_score spam points.
       spam = spamd: true
       hosts   = !+relay_from_hosts
       condition = ${if >{$spam_score_int}{120}{1}{0}}

 accept

begin routers

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
  user = znmail
  file_transport = address_file
  pipe_transport = address_pipe


dovecot_user:
    driver = accept
     condition = ${lookup mysql{SELECT `goto` FROM \
     `alias` WHERE \
     `address`='${quote_mysql:$local_part@$domain}' OR \
     `address`='${quote_mysql:@$domain}'}{yes}{no}}
    transport = dovecot_delivery

procmail:
  check_local_user
  driver = accept
  transport = procmail_pipe
  require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
  no_verify

maildrop:
  check_local_user
  driver = accept
  transport = maildrop_pipe
  require_files = ${local_part}:+${home}:+${home}/.mailfilter:+/usr/bin/maildrop
  no_verify



begin transports

remote_smtp:
  driver = smtp


dovecot_delivery:
  driver = pipe
  command = /usr/libexec/dovecot/dovecot-lda -d $local_part@$domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = znmail

#local_delivery:
#  driver = appendfile
#  file = /znmail/$local_part@$domain
#  delivery_date_add
#  envelope_to_add
#  return_path_add
#  group = znmail
#  mode = 0660

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

procmail_pipe:
  driver = pipe
  command = "/usr/bin/procmail -d ${local_part}"
  return_path_add
  delivery_date_add
  envelope_to_add

maildrop_pipe:
  driver = pipe
  command = "/usr/bin/maildrop -d ${local_part}"
  return_path_add
  delivery_date_add
  envelope_to_add

begin retry

*                    *       F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators


auth_plain:
        driver = dovecot
        public_name = PLAIN
        server_socket = /var/run/dovecot/auth-client
        server_set_id = $auth1

auth_login:
        driver = dovecot
        public_name = LOGIN
        server_socket = /var/run/dovecot/auth-client
        server_set_id = $auth1

auth_cram_md5:
        driver = dovecot
        public_name = CRAM-MD5
        server_socket = /var/run/dovecot/auth-client
        server_set_id = $auth1

конфиг spamassassin
/etc/mail/spamassassin/local.cf

Код: Выделить всё

rewrite_header Subject ***SPAM***
add_header all Report _REPORT_

required_hits 8.0
score SUBJ_FULL_OF_8BITS 0.00
score HTML_COMMENT_8BITS 0.01
score HEADER_8BITS 0.00
score TO_NO_USER 0.01
score FORGED_MUA_OUTLOOK 0.5
score X_AUTH_WARNING 0.01
score SUBJ_HAS_UNIQ_ID 9.99
score HTTP_USERNAME_USED 9.99
score FORGED_YAHOO_RCVD 9.99
score FORGED_JUNO_RCVD 16
score UNWANTED_LANGUAGE_BODY 1.02
score MLM 5.55
score RCVD_NUMERIC_HELO 4.95
required_score 5.0

report_safe 1
skip_rbl_checks 0

#use razor2 0
use_dcc 1
#use_pyzor 0
#use_auto_whitelist 1
#auto_whitelist_path /etc/mail/spamassassin/auto_whitelist

use_bayes 1
bayes_auto_learn 1
bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode 0666
bayes_min_ham_num 1
bayes_min_spam_num 1
#auto_learn_threshold_nonspam -2
#auto_learn_threshold_spam 5
bayes_learn_to_journal 1

#ok_languages ru en
ok_locales ru en


trusted_networks localhost : 127.0.0.1
# lock_method flock

# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status

#blacklist_from *@msn.com
#blacklist_from *@mifrosopt.com
#blacklist_from spammer@mail.com

#whitelist_from gooduser@gmail.com

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
# shortcircuit USER_IN_WHITELIST       on
# shortcircuit USER_IN_DEF_WHITELIST   on
# shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on
# shortcircuit USER_IN_BLACKLIST       on
# shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on
# shortcircuit ALL_TRUSTED             on
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit

/etc/conf.d/spamd

Код: Выделить всё

SPAMD_OPTS="-m 30 -u nobody"
PIDFILE="/var/run/spamd.pid"
вот что выдают логи при отправке почты с gmail.com на мой сервер:

лог spamd:

Код: Выделить всё

Tue Feb 14 17:35:58 2012 [4773] warn: spamd: unauthorized connection from mail [белый ip] at port 53888 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4774] warn: spamd: unauthorized connection from mail [белый ip] at port 53889 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BB
Tue Feb 14 17:35:58 2012 [4773] warn: spamd: unauthorized connection from mail [белый ip] at port 53890 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: server successfully spawned child process, pid 7504
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 0 idle children less than 1 minimum idle children. Increasing spamd children: 7504 started.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBS
Tue Feb 14 17:35:58 2012 [4774] warn: spamd: unauthorized connection from mail [белый ip] at port 53891 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: server successfully spawned child process, pid 7505
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 0 idle children less than 1 minimum idle children. Increasing spamd children: 7505 started.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBIS
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBII
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: IBII
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 3 idle children more than 2 maximum idle children. Decreasing spamd children: 7505 killed.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: handled cleanup of child pid [7505] due to SIGCHLD: interrupted, signal 2 (0002)
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: IBI
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: III
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 3 idle children more than 2 maximum idle children. Decreasing spamd children: 7504 killed.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: handled cleanup of child pid [7504] due to SIGCHLD: interrupted, signal 2 (0002)
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: II
лог exim:

Код: Выделить всё

2012-02-14 17:35:17 [3770] SMTP connection from [209.85.160.175]:56093 I=[белый ip]:25 (TCP/IP connection count = 1)
2012-02-14 17:35:17 [7502] Delay 40s for mail-gy0-f175.google.com [209.85.160.175] with HELO=mail-gy0-f175.google.com. Mail from testmail@gmail.com to test@mydomain.com.
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[y rejected after DATA
2012-02-14 17:34:46 [7480] SMTP connection from mail-yx0-f175.google.com [209.85.213.175]:34089 I=[белый ip]:25 closed by QUIT
2012-02-14 17:35:17 [3770] SMTP connection from [209.85.160.175]:56093 I=[белый ip]:25 (TCP/IP connection count = 1)
2012-02-14 17:35:17 [7502] Delay 40s for mail-gy0-f175.google.com [209.85.160.175] with HELO=mail-gy0-f175.google.com. Mail from testmail@gmail.com to test@mydomain.com.
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 F=<testmail@gmail.com> temporarily rejected after DATA
2012-02-14 17:35:58 [7502] SMTP connection from mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 closed by QUIT
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=белый ip]:25 F=<testmail@gmail.com> temporarily rejected after DATA
2012-02-14 17:35:58 [7502] SMTP connection from mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 closed by QUIT

если в конфиге exim отключить блок:

Код: Выделить всё

deny
       message = This message scored $spam_score spam points.
       spam = spamd: true
       hosts   = !+relay_from_hosts
       condition = ${if >{$spam_score_int}{120}{1}{0}}
то все сообщения проходят и даже заведомо спамовые, и как спам не помечаются. в логах чисто


буду рад любому совету и разъяснению
спасибо

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Morty
ст. лейтенант
Сообщения: 1370
Зарегистрирован: 2007-07-17 23:25:12

Re: exim+spamassassin

Непрочитанное сообщение Morty » 2012-02-15 0:18:05

эксим почему-то не может подкл к асасину

Код: Выделить всё

 spam acl condition: error reading from spamd socket: Connection reset by peer
вот http://www.maretmanu.org/homepage/infor ... m.php#spam
рабочий "блок" для эксима
вот "укладка" в папку спама http://wiki.exim.org/MaildirSpamDelivery

Укладывать еще можно по др - вариант для лентяев, ниче на стороне сервера не сортируем, только пишем в заголовок темы
асасином (вроде так :-D ) СПАМ АЛЕРТ !!! ..........и все, пользователям говорим что вы балбесы должны теперь сделать фильтр что если в теме
есть такая штука "СПАМ АЛЕРТ !!!" то это писмо должен ваш клиент сложить в паппппку СПАМ