|
|
1、测试amavisd端口10024
postfix将邮件发给内容过滤器amavisd:10024
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [iyunv@mail ~]# telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.
|
成功
2、测试postfix端口10025连接
amavisd调用SA或clamd扫描完邮件后,将邮件回注给postfix:10025
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| [iyunv@mail ~]# telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
|
成功
3、测试病毒邮件
(1)发送病毒邮件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| [iyunv@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20= #输入postmaster账号的base64编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA== #输入其密码的base64编码
235 2.7.0 Authentication successful
mail from:<postmaster@yourmail.com> #输入发件箱
250 2.1.0 Ok
rcpt to:<test@yourmail.com> #输入收件箱
250 2.1.5 Ok
data #输入数据内容命令
354 End data with .
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* @#输入病毒字符串
. #输入.结束data输入
250 2.0.0 Ok: queued as 039B41A2129 #039B41A2129是此邮件的ID号
quit #退出
221 2.0.0 Bye
Connection closed by foreign host.
|
(2)查看日志:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| [iyunv@mail ~]# tailf /var/log/maillog
Dec 5 13:59:06 mail postfix/smtpd[33105]: 039B41A2129: client=localhost[::1], sasl_method=login, sasl_username=postmaster@yourmail.com
Dec 5 13:59:16 mail postfix/cleanup[33115]: 039B41A2129: message-id=<20141205055906.039B41A2129@mail.yourmail.com>
Dec 5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: from=<postmaster@yourmail.com>, size=430, nrcpt=1 (queue active)
#039B41A2129是postmaster发出的邮件ID号
Dec 5 13:59:16 mail postfix/smtpd[33119]: initializing the server-side TLS engine
Dec 5 13:59:16 mail postfix/smtpd[33119]: connect from localhost[127.0.0.1]
Dec 5 13:59:16 mail postfix/smtpd[33119]: B00BE1A2131: client=localhost[127.0.0.1]
Dec 5 13:59:16 mail postfix/cleanup[33115]: B00BE1A2131: message-id=<VA6t1HGplBpVw3@mail.yourmail.com>
Dec 5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: from=<virusalert@yourmail.com>, size=2212, nrcpt=1 (queue active)
Dec 5 13:59:16 mail amavis[33064]: (33064-01) Blocked INFECTED (Eicar-Test-Signature) {NoBounceInbound,Quarantined}, [::1]:42295 [::1] <postmaster@yourmail.com> -> <test@yourmail.com>, quarantine: virus-6t1HGplBpVw3, Message-ID: <20141205055906.039B41A2129@mail.yourmail.com>, mail_id: 6t1HGplBpVw3, Hits: -, size: 430, 374 ms
#B00BE1A2131是amavisd将处理后的病毒邮件发给virusalert账号,同时保存病毒邮件报告到/var/virusmails/,名称是virus-6t1HGplBpVw3
#Blocked INFECTED (Eicar-Test-Signature)表示amavis调用clamav检测到病毒,也就是说postfix+amavisd+clamAV整合成功
Dec 5 13:59:16 mail postfix/smtp[33116]: 039B41A2129: to=<test@yourmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=16/0.09/0.02/0.36, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=33064-01, DISCARD(bounce.suppressed))
Dec 5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: removed
#amavisd将原始邮件还给postfix,DISCARD(bounce.suppressed)丢弃(抑制反弹)表示将邮件丢弃了,test是收不到邮件的。
Dec 5 13:59:16 mail postfix/pipe[33120]: B00BE1A2131: to=<virusalert@yourmail.com>, relay=maildrop, delay=0.19, delays=0.04/0.03/0/0.13, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. )
Dec 5 13:59:16 mail postfix/cleanup[33115]: DFFA91A2130: message-id=<20141205055916.DFFA91A2130@mail.yourmail.com>
Dec 5 13:59:16 mail postfix/qmgr[32477]: DFFA91A2130: from=<>, size=4184, nrcpt=1 (queue active)
Dec 5 13:59:16 mail postfix/bounce[33122]: B00BE1A2131: sender non-delivery notification: DFFA91A2130
#因为做了别名,发送给别名virusalert的邮件B00BE1A2131,转变成DFFA91A2130发给实体邮箱postmaster
Dec 5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: removed
Dec 5 13:59:17 mail postfix/pipe[33120]: DFFA91A2130: to=<postmaster@yourmail.com>, orig_to=<virusalert@yourmail.com>, relay=maildrop, delay=0.1, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 5 13:59:17 mail postfix/qmgr[32477]: DFFA91A2130: removed
Dec 5 13:59:17 mail postfix/smtpd[33105]: disconnect from localhost[::1]
#你将在邮箱postmaster中看到病毒报告邮件DFFA91A2130
|
(3)进入postmaster邮箱查看病毒邮件:
(4)查看信头,可以看到邮件编号正是DFFA91A2130:
(5)查看病毒邮件目录:
1
2
3
| [iyunv@mail ~]# ll /var/virusmails/
总用量 4
-rw-r-----. 1 amavis amavis 1027 12月 5 13:59 virus-6t1HGplBpVw3
|
(6)查看病毒邮件报告:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| [iyunv@mail ~]# cat /var/virusmails/virus-6t1HGplBpVw3
Return-Path: <>
Delivered-To: virus-quarantine
X-Envelope-From: <postmaster@yourmail.com>
X-Envelope-To: <test@yourmail.com>
X-Envelope-To-Blocked: <test@yourmail.com>
X-Quarantine-ID: <6t1HGplBpVw3>
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
Received: from mail.yourmail.com ([127.0.0.1])
by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6t1HGplBpVw3 for <test@yourmail.com>;
Fri, 5 Dec 2014 13:59:16 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 039B41A2129
for <test@yourmail.com>; Fri, 5 Dec 2014 13:58:59 +0800 (CST)
Message-Id: <20141205055906.039B41A2129@mail.yourmail.com>
Date: Fri, 5 Dec 2014 13:58:59 +0800 (CST)
From: postmaster@yourmail.com
To: undisclosed-recipients:;
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
|
4、测试垃圾邮件
(1)发送垃圾邮件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| [iyunv@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20= #输入postmaster账号的编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA== #输入其密码的编码
235 2.7.0 Authentication successful
mail from:<postmaster@yourmail.com> #输入发件箱
250 2.1.0 Ok
rcpt to:<test@yourmail.com> #输入收件箱
250 2.1.5 Ok
data #输入数据内容命令
354 End data with .
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X #输入垃圾字符串
. #输入.结束data输入
250 2.0.0 Ok: queued as 336741A2129 #336741A2129是此邮件的ID号
quit #退出
221 2.0.0 Bye
Connection closed by foreign host.
|
(2)查看日志:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| tailf /var/log/maillog
Dec 5 14:26:11 mail postfix/smtpd[33239]: 336741A2129: client=localhost[::1], sasl_method=login, sasl_username=postmaster@yourmail.com
Dec 5 14:26:46 mail postfix/cleanup[33248]: 336741A2129: message-id=<20141205062611.336741A2129@mail.yourmail.com>
Dec 5 14:26:46 mail postfix/qmgr[32477]: 336741A2129: from=<postmaster@yourmail.com>, size=430, nrcpt=1 (queue active)
Dec 5 14:26:49 mail postfix/smtpd[33239]: disconnect from localhost[::1]
#336741A2129是postmaster发出的邮件ID号
Dec 5 14:26:49 mail amavis[33065]: (33065-01) INFO: no existing header field 'Subject', inserting it
#交给amavis扫描,提示邮件没有主题,amavis会给垃圾邮件插入一个“***Spam***”这样的主题,这是amavisd中的$sa_spam_subject_tag参数定义的
Dec 5 14:26:49 mail postfix/smtpd[33254]: initializing the server-side TLS engine
Dec 5 14:26:49 mail postfix/smtpd[33254]: connect from localhost[127.0.0.1]
Dec 5 14:26:49 mail postfix/smtpd[33254]: 5B38D1A2136: client=localhost[127.0.0.1]
Dec 5 14:26:49 mail postfix/cleanup[33248]: 5B38D1A2136: message-id=<20141205062611.336741A2129@mail.yourmail.com>
Dec 5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: from=<postmaster@yourmail.com>, size=1240, nrcpt=1 (queue active)
#5B38D1A2136是插入主题后的邮件
Dec 5 14:26:49 mail amavis[33065]: (33065-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [::1]:42299 [::1] <postmaster@yourmail.com> -> <test@yourmail.com>, quarantine: spam-Z230tCIzZbzS.gz, Message-ID: <20141205062611.336741A2129@mail.yourmail.com>, mail_id: Z230tCIzZbzS, Hits: 1000.768, size: 430, queued_as: 5B38D1A2136, 2860 ms
#由于amavis设置垃圾邮件为PASS,即不进行拦截,因此显示Passed SPAM,设置拦截会显示Blocked SPAM,并发送报告给spam.police<postmaster@yourmail.com>
#同时将垃圾邮件保存一份到/var/virusmails/,名称是spam-Z230tCIzZbzS.gz
Dec 5 14:26:49 mail postfix/smtp[33251]: 336741A2129: to=<test@yourmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=43, delays=40/0.04/0.01/2.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5B38D1A2136)
Dec 5 14:26:49 mail postfix/qmgr[32477]: 336741A2129: removed
#amavisd将邮件还给postfix,用的是10024端口
Dec 5 14:26:49 mail postfix/pipe[33255]: 5B38D1A2136: to=<test@yourmail.com>, relay=maildrop, delay=0.11, delays=0.02/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: removed[iyunv@mail ~]# ll /var/virusmails/
#postfix将邮件发送给收件人test,这次是在原邮件基础上加了SPAM标题发出去了
|
(3)进入test邮箱查看收到的垃圾邮件
可以看到主题被插入了垃圾邮件提示符。
(4)查看信头
可以看到邮件编号正是5B38D1A2136,以及SPAM标记的分数1000.768,远远超过了要求的6.2。
(5)查看垃圾邮件目录:
1
2
3
4
| [iyunv@mail ~]# ll /var/virusmails/
总用量 8
-rw-r-----. 1 amavis amavis 588 12月 5 14:26 spam-Z230tCIzZbzS.gz
-rw-r-----. 1 amavis amavis 1027 12月 5 13:59 virus-6t1HGplBpVw3
|
(6)查看垃圾邮件报告:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| [iyunv@mail ~]# gunzip /var/virusmails/spam-Z230tCIzZbzS.gz
[iyunv@mail ~]# cat /var/virusmails/spam-Z230tCIzZbzS
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <postmaster@yourmail.com>
X-Envelope-To: <test@yourmail.com>
X-Envelope-To-Blocked:
X-Quarantine-ID:
X-Spam-Flag: YES
X-Spam-Score: 1000.768
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=1000.768 tag=2 tag2=6.2 kill=6.9
tests=[ALL_TRUSTED=-1, GTUBE=1000, MISSING_SUBJECT=1.767,
TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no
Received: from mail.yourmail.com ([127.0.0.1])
by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Z230tCIzZbzS for <test@yourmail.com>;
Fri, 5 Dec 2014 14:26:46 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 336741A2129
for <test@yourmail.com>; Fri, 5 Dec 2014 14:26:06 +0800 (CST)
Message-Id: <20141205062611.336741A2129@mail.yourmail.com>
Date: Fri, 5 Dec 2014 14:26:06 +0800 (CST)
From: postmaster@yourmail.com
To: undisclosed-recipients:;
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
|
提示:如果设置的是拦截垃圾邮件,而垃圾邮件的tag分数设置太低,容易导致很多正常邮件
不能到达收件方;在postmaster中可以查看拦截的垃圾邮件报告。
5、留个作业给大家:
设置amavisd.conf中的垃圾过滤
$final_spam_destiny = D_BOUNCE;
执行垃圾邮件测试,观察结果比对。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2014-12-19 08:23:47
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡