[FUG-BR] Amavis não detecta spam

Elton Clemente elton.kairos em gmail.com
Quinta Março 25 08:31:42 BRT 2010


Pessoal,


   Gostaria de saber se alguém poderia me ajudar a descobrir porque o
amavisd-new não está detectando spams.
   Todos estão sendo assinalados como "clean". A uns 2 dias estou quebrando
a cabeça com isso.
   Vírus são perfeitamente detectados e bloqueados. As notificações são
entregues.
   Bad-header são detectados, mas permito.

   Cenário:
   FreeBSD 8.0-STABLE i386
   Postfix-2.6.5,1
   amavisd-new-2.6.4_5,1
   perl v5.8.9
   p5-Mail-SpamAssassin-3.3.0_3

   Meus arquivos de configuração:

amavisd.conf:

(...)
@spam_scanners = (['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'],
                 ['SpamdClient',  'Amavis::SpamControl::SpamdClient'  ]);

$sa_debug = '3,all';
$sa_spam_report_header = 1;
$sa_spam_level_char = '*';
$sa_spawned = 0;
$sa_tag_level_deflt  = 3.0;  # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 4.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 4.9;  # triggers spam evasive actions (e.g. blocks
mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid
From
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi
spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed
bounces

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0;    # only tests which do not require internet
access?
(..)
read_l10n_templates('/etc/mail/amavis/pt_BR');
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
$bad_header_quarantine_method = undef;
(...)


local.cf:

rewrite_header Subject *****SPAM*****
report_safe 2
trusted_networks 192.168.0.
internal_networks 192.168.0.
lock_method flock
ok_locales all
skip_rbl_checks 0
use_pyzor 0
required_score 4.0
use_bayes 1
bayes_auto_learn 1
use_bayes_rules 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status


main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024


master.cf:

smtp-amavis unix - - n - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1


Executando spamassassin -t < teste.txt > spam.out :

Received: from localhost by intranet.dominio.com.br
        with SpamAssassin (version 3.3.0);
        Wed, 24 Mar 2010 23:29:36 -0300
Subject: *****SPAM*****
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on
        intranet.dominio.com.br
X-Spam-Flag: YES
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.5 required=4.0
tests=MISSING_DATE,MISSING_HEADERS,
        MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS
        autolearn=no version=3.3.0
MIME-Version: 1.0


   Pelo que entendi, está tudo certo com o SpamAssassim.


Log do amavis quando inicia:
Mar 24 23:33:53 intranet amavis[42013]: starting.  /usr/local/sbin/amavisd
at intranet.dominio.com.br amavisd-new-2.6.4 (20090625), Unicode aware,
LC_ALL="p
t_BR.ISO8859-1", LC_CTYPE="ISO-8859-1", LANG="pt_BR.ISO8859-1"
Mar 24 23:33:53 intranet amavis[42013]: user=, EUID: 110 (110);  group=,
EGID: 110 110 (110 110)
Mar 24 23:33:53 intranet amavis[42013]: Perl version               5.008009
Mar 24 23:33:54 intranet amavis[42013]: SpamControl: init_pre_chroot on
SpamAssassin done
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: Process Backgrounded
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: 2010/03/24-23:33:54
Amavis (type Net::Server::PreForkSimple) starting! pid(42014)
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: Binding to UNIX socket
file /var/amavis/amavisd.sock using SOCK_STREAM
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: Binding to TCP port
10024 on host *
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: Binding to TCP port
10026 on host *
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: Group Not Defined.
 Defaulting to EGID '110 110'
Mar 24 23:33:54 intranet amavis[42014]: Net::Server: User Not Defined.
 Defaulting to EUID '110'
Mar 24 23:33:54 intranet amavis[42014]: Module Amavis::Conf        2.207
Mar 24 23:33:54 intranet amavis[42014]: Module Archive::Zip        1.30
Mar 24 23:33:54 intranet amavis[42014]: Module BerkeleyDB          0.41
Mar 24 23:33:54 intranet amavis[42014]: Module Compress::Zlib      2.015
Mar 24 23:33:54 intranet amavis[42014]: Module Convert::TNEF       0.17
Mar 24 23:33:54 intranet amavis[42014]: Module Convert::UUlib      1.33
Mar 24 23:33:54 intranet amavis[42014]: Module Crypt::OpenSSL::RSA 0.26
Mar 24 23:33:54 intranet amavis[42014]: Module DBD::mysql          4.013
Mar 24 23:33:54 intranet amavis[42014]: Module DBI                 1.609
Mar 24 23:33:54 intranet amavis[42014]: Module DB_File             1.817
Mar 24 23:33:54 intranet amavis[42014]: Module Digest::MD5         2.37
Mar 24 23:33:54 intranet amavis[42014]: Module Digest::SHA         5.48
Mar 24 23:33:54 intranet amavis[42014]: Module Digest::SHA1        2.12
Mar 24 23:33:54 intranet amavis[42014]: Module IO::Socket::INET6   2.56
Mar 24 23:33:54 intranet amavis[42014]: Module MIME::Entity        5.427
Mar 24 23:33:54 intranet amavis[42014]: Module MIME::Parser        5.427
Mar 24 23:33:54 intranet amavis[42014]: Module MIME::Tools         5.427
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::DKIM::Signer  0.37
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::DKIM::Verifier 0.37
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::Header        2.06
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::Internet      2.06
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::SPF           v2.007
Mar 24 23:33:54 intranet amavis[42014]: Module Mail::SpamAssassin  3.003000
Mar 24 23:33:54 intranet amavis[42014]: Module Net::DNS            0.66
Mar 24 23:33:54 intranet amavis[42014]: Module Net::Server         0.97
Mar 24 23:33:54 intranet amavis[42014]: Module NetAddr::IP         4.027
Mar 24 23:33:54 intranet amavis[42014]: Module Razor2::Client::Version 2.84
Mar 24 23:33:54 intranet amavis[42014]: Module Socket6             0.23
Mar 24 23:33:54 intranet amavis[42014]: Module Time::HiRes         1.9719
Mar 24 23:33:54 intranet amavis[42014]: Module URI                 1.52
Mar 24 23:33:54 intranet amavis[42014]: Module Unix::Syslog        1.1
Mar 24 23:33:54 intranet amavis[42014]: Amavis::DB code      loaded
Mar 24 23:33:54 intranet amavis[42014]: Amavis::Cache code   loaded
Mar 24 23:33:54 intranet amavis[42014]: SQL base code        NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: SQL::Log code        NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: SQL::Quarantine      NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: Lookup::SQL code     NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: Lookup::LDAP code    NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: AM.PDP-in proto code loaded
Mar 24 23:33:54 intranet amavis[42014]: SMTP-in proto code   loaded
Mar 24 23:33:54 intranet amavis[42014]: Courier proto code   NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: SMTP-out proto code  loaded
Mar 24 23:33:54 intranet amavis[42014]: Pipe-out proto code  NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: BSMTP-out proto code NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: Local-out proto code loaded
Mar 24 23:33:54 intranet amavis[42014]: OS_Fingerprint code  NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: ANTI-VIRUS code      loaded
Mar 24 23:33:54 intranet amavis[42014]: ANTI-SPAM code       loaded
Mar 24 23:33:54 intranet amavis[42014]: ANTI-SPAM-EXT code   NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: ANTI-SPAM-C code     loaded
Mar 24 23:33:54 intranet amavis[42014]: ANTI-SPAM-SA code    loaded
Mar 24 23:33:54 intranet amavis[42014]: Unpackers code       loaded
Mar 24 23:33:54 intranet amavis[42014]: DKIM code            loaded
Mar 24 23:33:54 intranet amavis[42014]: Tools code           NOT loaded
Mar 24 23:33:54 intranet amavis[42014]: Found $file            at
/usr/local/bin/file
Mar 24 23:33:54 intranet amavis[42014]: Found $altermime       at
/usr/local/bin/altermime
Mar 24 23:33:54 intranet amavis[42014]: Internal decoder for .mail
Mar 24 23:33:54 intranet amavis[42014]: Internal decoder for .asc
Mar 24 23:33:54 intranet amavis[42014]: Internal decoder for .uue
Mar 24 23:33:54 intranet amavis[42014]: Internal decoder for .hqx
Mar 24 23:33:54 intranet amavis[42014]: Internal decoder for .ync
Mar 24 23:33:54 intranet amavis[42014]: Found decoder for    .F    at
/usr/local/bin/unfreeze
(...)
Mar 24 23:33:54 intranet amavis[42014]: Found decoder for    .exe  at
/usr/local/bin/unrar; /usr/local/bin/lha; /usr/local/bin/arj
Mar 24 23:33:54 intranet amavis[42014]: Using primary internal av scanner
code for ClamAV-clamd
Mar 24 23:33:54 intranet amavis[42014]: Found secondary av scanner
ClamAV-clamscan at /usr/local/bin/clamscan
Mar 24 23:33:54 intranet amavis[42014]: Creating db in /var/amavis/db/;
BerkeleyDB 0.41, libdb 4.1
Mar 24 23:33:54 intranet amavis[42014]: initializing Mail::SpamAssassin
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: logger: adding facilities:
info, all
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: logger: logging level is DBG
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: generic: SpamAssassin
version 3.3.0
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: generic: Perl 5.008009,
PREFIX=/usr/local, DEF_RULES_DIR=/usr/local/share/spamassassin,
LOCAL_RULES_DIR=/usr
/local/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/db/spamassassin
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: config: timing enabled
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: config: score set 0 chosen.
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: util: running in taint mode?
yes
(..)
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: util: final PATH set to:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: dns: is Net::DNS::Resolver
available? yes
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: dns: Net::DNS version: 0.66
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: config: using
"/usr/local/etc/mail/spamassassin" for site rules pre files
Mar 24 23:33:54 intranet amavis[42014]: SA dbg: config: read file
/usr/local/etc/mail/spamassassin/init.pre
(...)
Mar 24 23:34:01 intranet amavis[42014]: SA dbg: check:
tests=DCC_CHECK,DKIM_ADSP_NXDOMAIN,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEI
VED,NO_RELAYS
Mar 24 23:34:01 intranet amavis[42014]: SA dbg: check:
subtests=__DKIM_DEPENDABLE,__GATED_THROUGH_RCVD_REMOVER,__HAS_MESSAGE_ID,__HAS_MSGID,__MISSING_REF,__
MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__NO_REAL_NAME,__SANE_MSGID,__SARE_WHITELIST_FLAG,__TO_NO_ARROWS_R,__UNUSABLE_MSGID
Mar 24 23:34:01 intranet amavis[42014]: SA dbg: plugin:
Mail::SpamAssassin::Plugin::Bayes=HASH(0xa53629c) implements
'learner_close', priority 0
Mar 24 23:34:01 intranet amavis[42014]: SA dbg: bayes: untie-ing
Mar 24 23:34:01 intranet amavis[42014]: SpamControl: init_pre_fork on
SpamAssassin done

Elton


Mais detalhes sobre a lista de discussão freebsd