Помогите понять сам механизм фильтрации сообщений в данной связке
В итоге нужно настроить так,чтобы письмо помеченное как ***SPAM*** отправлялось в папку СПАМ пользователя
а также в дальнейшем нужно понять механизм обучения спам-фильтра
привожу конфиги:
exim.conf
Код: Выделить всё
hide mysql_servers = localhost/znmail/znmail/password
log_selector = +all
primary_hostname = mail.mydomain.com
domainlist local_domains = mydomain.com
domainlist relay_to_domains = mydomain.com
hostlist relay_from_hosts = localhost : 127.0.0.1/8
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
#av_scaner = clamd:/var/run/clamav/clamd
spamd_address = 127.0.0.1 783
qualify_domain = mydomain.com
qualify_recipient =mydomain.com
exim_user = znmail
exim_group = znmail
never_users = root
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 45m
timeout_frozen_after = 15d
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP"
smtp_accept_max = 500
smtp_accept_max_per_connection = 70
smtp_connect_backlog = 50
smtp_accept_max_per_host = 30
split_spool_directory = true
remote_max_parallel = 15
#return_size_limit = 70k
message_size_limit = 64M
#hello_allow_chars = _
smtp_enforce_sync = true
auth_advertise_hosts = *
begin acl
acl_check_rcpt:
accept hosts = :
deny message = "incorrect symbol in address"
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = "incorrect symbol in address"
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# accept local_parts = postmaster
# domains = +local_domains
require verify = sender
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
deny !authenticated = *
sender_domains = +local_domains : +relay_to_domains
message = Warning! Authentication required!
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "main IP in your HELO! Access denied!"
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "can not be only number in HELO!"
deny message = "your hostname is bad (adsl, poll, ppp & etc)."
condition = ${if match{$sender_host_name} \
{adsl|dialup|pool|peer|dhcp} \
{yes}{no}}
warn
set acl_m0 = 40s
warn
hosts = 10.0.0.0/8
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name [$sender_host_address] with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
deny message = you in blacklist: $dnslist_domain \n $dnslist_text
dnslists = opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
dynablock.njabl.org
accept hosts = +relay_from_hosts
deny message = "Homo hominus lupus est"
acl_check_data:
# deny malware = *
# message = "In e-mail found virus - $malware_name"
warn
message = X-Spam-Score: $spam_score ($spam_bar)
hosts = !+relay_from_hosts
spam = nobody: true
warn
message = X-Spam-Report: $spam_report
hosts = !+relay_from_hosts
spam = nobody: true
warn
message = Subject: ***SPAM*** $h_Subject:
hosts = !+relay_from_hosts
spam = nobody: true
#если включить этот блок, входящая почта реджектится вся, но как спам не помечается #
deny
message = This message scored $spam_score spam points.
spam = spamd: true
hosts = !+relay_from_hosts
condition = ${if >{$spam_score_int}{120}{1}{0}}
accept
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}
user = znmail
file_transport = address_file
pipe_transport = address_pipe
dovecot_user:
driver = accept
condition = ${lookup mysql{SELECT `goto` FROM \
`alias` WHERE \
`address`='${quote_mysql:$local_part@$domain}' OR \
`address`='${quote_mysql:@$domain}'}{yes}{no}}
transport = dovecot_delivery
procmail:
check_local_user
driver = accept
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
maildrop:
check_local_user
driver = accept
transport = maildrop_pipe
require_files = ${local_part}:+${home}:+${home}/.mailfilter:+/usr/bin/maildrop
no_verify
begin transports
remote_smtp:
driver = smtp
dovecot_delivery:
driver = pipe
command = /usr/libexec/dovecot/dovecot-lda -d $local_part@$domain
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = znmail
#local_delivery:
# driver = appendfile
# file = /znmail/$local_part@$domain
# delivery_date_add
# envelope_to_add
# return_path_add
# group = znmail
# mode = 0660
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
maildrop_pipe:
driver = pipe
command = "/usr/bin/maildrop -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
auth_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
auth_cram_md5:
driver = dovecot
public_name = CRAM-MD5
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
/etc/mail/spamassassin/local.cf
Код: Выделить всё
rewrite_header Subject ***SPAM***
add_header all Report _REPORT_
required_hits 8.0
score SUBJ_FULL_OF_8BITS 0.00
score HTML_COMMENT_8BITS 0.01
score HEADER_8BITS 0.00
score TO_NO_USER 0.01
score FORGED_MUA_OUTLOOK 0.5
score X_AUTH_WARNING 0.01
score SUBJ_HAS_UNIQ_ID 9.99
score HTTP_USERNAME_USED 9.99
score FORGED_YAHOO_RCVD 9.99
score FORGED_JUNO_RCVD 16
score UNWANTED_LANGUAGE_BODY 1.02
score MLM 5.55
score RCVD_NUMERIC_HELO 4.95
required_score 5.0
report_safe 1
skip_rbl_checks 0
#use razor2 0
use_dcc 1
#use_pyzor 0
#use_auto_whitelist 1
#auto_whitelist_path /etc/mail/spamassassin/auto_whitelist
use_bayes 1
bayes_auto_learn 1
bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode 0666
bayes_min_ham_num 1
bayes_min_spam_num 1
#auto_learn_threshold_nonspam -2
#auto_learn_threshold_spam 5
bayes_learn_to_journal 1
#ok_languages ru en
ok_locales ru en
trusted_networks localhost : 127.0.0.1
# lock_method flock
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
#blacklist_from *@msn.com
#blacklist_from *@mifrosopt.com
#blacklist_from spammer@mail.com
#whitelist_from gooduser@gmail.com
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# shortcircuit ALL_TRUSTED on
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Код: Выделить всё
SPAMD_OPTS="-m 30 -u nobody"
PIDFILE="/var/run/spamd.pid"
лог spamd:
Код: Выделить всё
Tue Feb 14 17:35:58 2012 [4773] warn: spamd: unauthorized connection from mail [белый ip] at port 53888 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4774] warn: spamd: unauthorized connection from mail [белый ip] at port 53889 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BB
Tue Feb 14 17:35:58 2012 [4773] warn: spamd: unauthorized connection from mail [белый ip] at port 53890 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: server successfully spawned child process, pid 7504
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 0 idle children less than 1 minimum idle children. Increasing spamd children: 7504 started.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBS
Tue Feb 14 17:35:58 2012 [4774] warn: spamd: unauthorized connection from mail [белый ip] at port 53891 at /usr/sbin/spamd line 1240.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: server successfully spawned child process, pid 7505
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 0 idle children less than 1 minimum idle children. Increasing spamd children: 7505 started.
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBIS
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: BBII
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: IBII
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 3 idle children more than 2 maximum idle children. Decreasing spamd children: 7505 killed.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: handled cleanup of child pid [7505] due to SIGCHLD: interrupted, signal 2 (0002)
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: IBI
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: III
Tue Feb 14 17:35:58 2012 [4771] info: prefork: adjust: 3 idle children more than 2 maximum idle children. Decreasing spamd children: 7504 killed.
Tue Feb 14 17:35:58 2012 [4771] info: spamd: handled cleanup of child pid [7504] due to SIGCHLD: interrupted, signal 2 (0002)
Tue Feb 14 17:35:58 2012 [4771] info: prefork: child states: II
Код: Выделить всё
2012-02-14 17:35:17 [3770] SMTP connection from [209.85.160.175]:56093 I=[белый ip]:25 (TCP/IP connection count = 1)
2012-02-14 17:35:17 [7502] Delay 40s for mail-gy0-f175.google.com [209.85.160.175] with HELO=mail-gy0-f175.google.com. Mail from testmail@gmail.com to test@mydomain.com.
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[y rejected after DATA
2012-02-14 17:34:46 [7480] SMTP connection from mail-yx0-f175.google.com [209.85.213.175]:34089 I=[белый ip]:25 closed by QUIT
2012-02-14 17:35:17 [3770] SMTP connection from [209.85.160.175]:56093 I=[белый ip]:25 (TCP/IP connection count = 1)
2012-02-14 17:35:17 [7502] Delay 40s for mail-gy0-f175.google.com [209.85.160.175] with HELO=mail-gy0-f175.google.com. Mail from testmail@gmail.com to test@mydomain.com.
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 F=<testmail@gmail.com> temporarily rejected after DATA
2012-02-14 17:35:58 [7502] SMTP connection from mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 closed by QUIT
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 Warning: ACL "warn" statement skipped: condition test deferred
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 spam acl condition: error reading from spamd socket: Connection reset by peer
2012-02-14 17:35:58 [7502] 1RxIY1-0001x0-T6 H=mail-gy0-f175.google.com [209.85.160.175]:56093 I=белый ip]:25 F=<testmail@gmail.com> temporarily rejected after DATA
2012-02-14 17:35:58 [7502] SMTP connection from mail-gy0-f175.google.com [209.85.160.175]:56093 I=[белый ip]:25 closed by QUIT
если в конфиге exim отключить блок:
Код: Выделить всё
deny
message = This message scored $spam_score spam points.
spam = spamd: true
hosts = !+relay_from_hosts
condition = ${if >{$spam_score_int}{120}{1}{0}}
буду рад любому совету и разъяснению
спасибо