|
|
一、测试DSPAM(未使用amavisd调用DSPAM)- 一般邮件
1、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com
主题:1111111111111 内容空
说明:前面的博文说过了,需要再搭建一个一样的邮件系统来模拟外部邮件;
如果你的域是万网之类的地方注册的,可以解析到你的邮箱服务器就可以直接用QQ邮箱发。
2、查看日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| [iyunv@mail ~]# tailf /var/log/maillog
Dec 10 09:22:37 mail postfix/smtpd[61297]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: : Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to= proto=ESMTP helo=
#触发DSPAM过滤器lmtp:[127.0.0.1]:10028
Dec 10 09:22:39 mail postfix/smtpd[61297]: 447941A2121: client=unknown[10.188.1.86]
Dec 10 09:22:39 mail postfix/cleanup[61307]: 447941A2121: message-id=<20141210012216.A50C743BAD14@mail.eplantstore.com>
Dec 10 09:22:39 mail postfix/qmgr[57578]: 447941A2121: from=<postmaster@eplantstore.com>, size=1013, nrcpt=1 (queue active)
Dec 10 09:22:39 mail postfix/smtpd[61297]: disconnect from unknown[10.188.1.86]
#邮件正常发出
Dec 10 09:22:44 mail postfix/smtpd[61314]: initializing the server-side TLS engine
Dec 10 09:22:44 mail postfix/smtpd[61314]: connect from localhost[127.0.0.1]
Dec 10 09:22:44 mail postfix/smtpd[61314]: 3B4541A2138: client=localhost[127.0.0.1]
Dec 10 09:22:44 mail postfix/cleanup[61307]: 3B4541A2138: message-id=<20141210012216.A50C743BAD14@mail.eplantstore.com>
Dec 10 09:22:44 mail postfix/qmgr[57578]: 3B4541A2138: from=<postmaster@eplantstore.com>, size=1633, nrcpt=1 (queue active)
#postfix将邮件交给amavisd扫描
Dec 10 09:22:44 mail amavis[61231]: (61231-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] <postmaster@eplantstore.com> -> , Message-ID: <20141210012216.A50C743BAD14@mail.eplantstore.com>, mail_id: bK_jEeiz4Lhq, Hits: -2.383, size: 1189, queued_as: 3B4541A2138, 4640 ms
Dec 10 09:22:44 mail postfix/pipe[61315]: 3B4541A2138: to=, relay=maildrop, delay=0.13, delays=0.03/0.03/0/0.08, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 10 09:22:44 mail postfix/qmgr[57578]: 3B4541A2138: removed
#amavisd调用clamav扫描病毒,通过并还给postfix
Dec 10 09:22:44 mail postfix/lmtp[61309]: 447941A2121: to=, relay=127.0.0.1[127.0.0.1]:10028, delay=6.6, delays=1.5/0.03/0.06/5, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery)
Dec 10 09:22:44 mail postfix/qmgr[57578]: 447941A2121: removed
#postfix将邮件交付给收件人
|
3、DSPAM页面的history中有一条垃圾扫描记录
显示了垃圾邮件判断结果、发送时间、发件人、邮件主题、其他信息
注意:系统管理员的主要工作将在这里操作,即人工判断为垃圾邮件的,点击AsSpam打入垃圾邮件;
经过长时间的学习,DSPAM系统将提高垃圾邮件的判断率,可以有意将一个邮箱账号发布到各种网站上,
以此来吸引垃圾邮件。
4、查看信头,最下方有一组DSPAM标记
1
2
3
4
5
| X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 10 09:22:39 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5487a05f580541723287998
|
5、查看DSPAM日志
二、测试DSPAM(未使用amavisd调用DSPAM)- 垃圾邮件
1、继续发一封邮件,主题和内容使用以下垃圾邮件测试代码
1
| XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
|
2、查看日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| [iyunv@mail ~]# tailf /var/log/maillog
Dec 10 09:32:46 mail postfix/smtpd[61368]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: : Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to= proto=ESMTP helo=
Dec 10 09:32:46 mail postfix/smtpd[61368]: 2E16B1A2121: client=unknown[10.188.1.86]
Dec 10 09:32:46 mail postfix/cleanup[61378]: 2E16B1A2121: message-id=<20141210013228.0EB2743BAD14@mail.eplantstore.com>
Dec 10 09:32:46 mail postfix/qmgr[57578]: 2E16B1A2121: from=<postmaster@eplantstore.com>, size=1255, nrcpt=1 (queue active)
Dec 10 09:32:46 mail postfix/smtpd[61368]: disconnect from unknown[10.188.1.86]
Dec 10 09:32:48 mail postfix/smtpd[61384]: initializing the server-side TLS engine
Dec 10 09:32:48 mail postfix/smtpd[61384]: connect from localhost[127.0.0.1]
Dec 10 09:32:48 mail postfix/smtpd[61384]: BFE3E1A2141: client=localhost[127.0.0.1]
Dec 10 09:32:48 mail postfix/cleanup[61378]: BFE3E1A2141: message-id=<20141210013228.0EB2743BAD14@mail.eplantstore.com>
Dec 10 09:32:48 mail postfix/qmgr[57578]: BFE3E1A2141: from=<postmaster@eplantstore.com>, size=2316, nrcpt=1 (queue active)
Dec 10 09:32:48 mail amavis[61233]: (61233-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [10.188.1.86] <postmaster@eplantstore.com> -> , quarantine: spam-iow5FVd_Jg1C.gz, Message-ID: <20141210013228.0EB2743BAD14@mail.eplantstore.com>, mail_id: iow5FVd_Jg1C, Hits: 997.617, size: 1431, queued_as: BFE3E1A2141, 2452 ms
#amavisd调用了SA扫描垃圾,判定为SPAM(垃圾),但仍然放行了,在/var/virusmails/中保存了垃圾邮件记录spam-iow5FVd_Jg1C.gz
#由于maidrop全局过滤,垃圾邮件到了客户端的“垃圾邮件”文件夹,使用POP3连接的客户端无法同步到,使用IMAP连接的客户端和WEB端可以看到垃圾邮件
Dec 10 09:32:48 mail postfix/lmtp[61380]: 2E16B1A2121: to=, relay=127.0.0.1[127.0.0.1]:10028, delay=2.7, delays=0.08/0.01/0.04/2.6, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery)
Dec 10 09:32:48 mail postfix/qmgr[57578]: 2E16B1A2121: removed
Dec 10 09:32:48 mail postfix/pipe[61385]: BFE3E1A2141: to=, relay=maildrop, delay=0.14, delays=0.03/0.04/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 10 09:32:48 mail postfix/qmgr[57578]: BFE3E1A2141: removed
|
3、查看信头
1
2
3
4
5
6
7
8
9
10
| X-Virus-Scanned: amavisd-new at yourmail.com
X-Spam-Flag: YES
X-Spam-Score: 997.617
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=997.617 tagged_above=2 required=6.2
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 10 09:32:46 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5487a2be580545400920763
|
注意:垃圾邮件主题中会插件***Spam***标记
结论:此时amavisd和DSPAM各自工作正常
三、测试DSPAM(已使用amavisd-2.8.0调用DSPAM)
1、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com
2、查看日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| [iyunv@mail ~]# tailf /var/log/maillog
Dec 9 15:41:42 mail postfix/smtpd[57810]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:
: Client host triggers FILTER lmtp:[127.0.0.1]:10028;
from=<postmaster@eplantstore.com> to= proto=ESMTP helo=
#客户端主机触发了DSPAM过滤器
Dec 9 15:41:44 mail postfix/smtpd[57810]: NOQUEUE: reject: RCPT from unknown[10.188.1.86]:
450 4.7.1 : Recipient address rejected: Try again,
see http://bl.extmail.org/cgi/why?greylist; from=<postmaster@eplantstore.com>
to= proto=ESMTP helo=
#拒收邮件,因为是第一次接收对方邮件,Slockd的灰名单插件作用了,稍后重试
Dec 9 15:48:17 mail postfix/smtpd[57833]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: : Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to= proto=ESMTP helo=
Dec 9 15:48:17 mail postfix/smtpd[57833]: EA2AA1A211A: client=unknown[10.188.1.86]
Dec 9 15:48:17 mail postfix/cleanup[57843]: EA2AA1A211A: message-id=<20141209074132.59A6D440AA19@mail.eplantstore.com>
Dec 9 15:48:18 mail postfix/qmgr[57578]: EA2AA1A211A: from=<postmaster@eplantstore.com>, size=954, nrcpt=1 (queue active)
Dec 9 15:48:18 mail postfix/smtpd[57833]: disconnect from unknown[10.188.1.86]
#邮件发出来了
Dec 9 15:48:19 mail dspam[57851]: Unable to determine the destination user
Dec 9 15:48:19 mail dspam[57851]: DSPAM agent misconfigured: aborting
#dspam报错,dspam和amavisd都配置了--user extmail参数,应该是版本问题
Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)auto-learning with spam scanner DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam: exit 1
Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)Auto-learn failed: DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam: exit 1 at (eval 108) line 207.
#amavis调用dspam报错,这是amavis-2.8.0版本的BUG,已在在2.8.1中修复了
#BUG官方说明:http://www.ijs.si/software/amavisd/release-notes.txt
Dec 9 15:48:19 mail postfix/smtpd[57852]: initializing the server-side TLS engine
Dec 9 15:48:19 mail postfix/smtpd[57852]: connect from localhost[127.0.0.1]
Dec 9 15:48:19 mail postfix/smtpd[57852]: 6E7A51A2142: client=localhost[127.0.0.1]
Dec 9 15:48:19 mail postfix/cleanup[57843]: 6E7A51A2142: message-id=<20141209074132.59A6D440AA19@mail.eplantstore.com>
Dec 9 15:48:19 mail postfix/qmgr[57578]: 6E7A51A2142: from=<postmaster@eplantstore.com>, size=1781, nrcpt=1 (queue active)
Dec 9 15:48:19 mail amavis[57071]: (57071-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] <postmaster@eplantstore.com> -> , Message-ID: <20141209074132.59A6D440AA19@mail.eplantstore.com>, mail_id: nLJvfGg4h34C, Hits: -2.803, size: 1163, queued_as: 6E7A51A2142, 1414 ms
#postfix将邮件转给amavisd扫描
Dec 9 15:48:19 mail postfix/lmtp[57845]: EA2AA1A211A: to=, relay=127.0.0.1[127.0.0.1]:10028, delay=1.9, delays=0.36/0.02/0.04/1.5, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery)
Dec 9 15:48:19 mail postfix/qmgr[57578]: EA2AA1A211A: removed
#dspam还回邮件
Dec 9 15:48:19 mail postfix/pipe[57853]: 6E7A51A2142: to=, relay=maildrop, delay=0.21, delays=0.07/0.04/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 9 15:48:19 mail postfix/qmgr[57578]: 6E7A51A2142: removed
#amavis还回邮件
|
说明:由于我是先做的这个测试,所有灰名单先起作用,然后取消amavisd调用dspam,因此在测试一、二中没有灰名单作用了,不管你先测哪个,明白第一次收到对方的邮件时灰名单作用就行了。
3、查看信头
1
2
3
4
5
6
7
8
9
10
11
12
| X-DSPAM-Processed: Tue Dec 9 15:48:19 2014
X-DSPAM-Confidence: 0.9901
X-DSPAM-Probability: 0.0000
X-Virus-Scanned: amavisd-new at yourmail.com
X-DSPAM-Result: Innocent
X-DSPAM-Signature: 1,5486a943574271440440046
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Tue Dec 9 15:48:18 2014
X-DSPAM-Confidence: 0.7811
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5486a942574272128866500
|
说明:上部分是amavisd调用DSPAM产生的,下部分是postfix调用DSPAM产生的。
4、查看DSPAM页面
在DSPAM页面中的history查看Resent是因为灰名单插件,邮件发送两次进行了两次DSPAM处理
5、查看日志
1
2
3
4
5
| [iyunv@mail ~]# tailf /var/log/maildrop.log
Date: Tue Dec 9 15:48:19 2014
From: "=?ISO-8859-1?B?cG9zdG1hc3Rlcg==?=" <postmaster@eplantstore.com>
Subj: =?ISO-8859-1?B?aGFhaGFoYWhhaA==?=
File: /home/domains/yourmail.com/test/Maildir/ (1814)
|
四、测试DSPAM(已使用amavisd-2.6.6调用DSPAM)
1、amavisd-new换成2.6.6版本
1
2
| [iyunv@mail ~]# yum erase amavisd-new
[iyunv@mail ~]# yum install amavisd-new-2.6.6
|
amavis的账号及组会重建,重新赋予权限
1
| [iyunv@mail ~]# chown -R amavis.amavis /var/amavis/
|
重新将clamav用户加入amavis组
1
| [iyunv@mail ~]# usermod -G amavis clamav
|
重新设置amavisd.conf,参考前面的博文
重启clamd和amavisd服务
2、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com
3、查看日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@mail ~]# tailf /var/log/maillog
Dec 11 09:25:23 mail postfix/smtpd[17976]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: : Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to= proto=ESMTP helo=
Dec 11 09:25:23 mail postfix/smtpd[17976]: B79381A2135: client=unknown[10.188.1.86]
Dec 11 09:25:23 mail postfix/cleanup[17985]: B79381A2135: message-id=<20141211012455.44E6B416F82E@mail.eplantstore.com>
Dec 11 09:25:23 mail postfix/smtpd[17976]: disconnect from unknown[10.188.1.86]
Dec 11 09:25:23 mail postfix/qmgr[57578]: B79381A2135: from=<postmaster@eplantstore.com>, size=2029, nrcpt=1 (queue active)
Dec 11 09:25:25 mail postfix/smtpd[17993]: initializing the server-side TLS engine
Dec 11 09:25:25 mail postfix/smtpd[17993]: connect from localhost[127.0.0.1]
Dec 11 09:25:25 mail postfix/smtpd[17993]: 0B6E51A2149: client=localhost[127.0.0.1]
Dec 11 09:25:25 mail postfix/cleanup[17985]: 0B6E51A2149: message-id=<20141211012455.44E6B416F82E@mail.eplantstore.com>
Dec 11 09:25:25 mail postfix/qmgr[57578]: 0B6E51A2149: from=<postmaster@eplantstore.com>, size=3295, nrcpt=1 (queue active)
Dec 11 09:25:25 mail amavis[17965]: (17965-01) Passed SPAM, [10.188.1.86] [10.188.1.86] <postmaster@eplantstore.com> -> , quarantine: spam-Cf07BG0OO0xy.gz, Message-ID: <20141211012455.44E6B416F82E@mail.eplantstore.com>, mail_id: Cf07BG0OO0xy, Hits: 998.797, size: 2208, queued_as: 0B6E51A2149, 1077 ms
Dec 11 09:25:25 mail postfix/lmtp[17987]: B79381A2135: to=, relay=127.0.0.1[127.0.0.1]:10028, delay=1.5, delays=0.23/0.04/0.04/1.2, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery)
Dec 11 09:25:25 mail postfix/qmgr[57578]: B79381A2135: removed
Dec 11 09:25:25 mail postfix/pipe[17994]: 0B6E51A2149: to=, relay=maildrop, delay=0.25, delays=0.04/0.04/0/0.18, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 11 09:25:25 mail postfix/qmgr[57578]: 0B6E51A2149: removed
|
这回没有报错信息了
4、再来查看信头
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| X-DSPAM-Result: Whitelisted
X-DSPAM-Processed: Thu Dec 11 09:25:24 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5488f284633212468127837
X-Quarantine-ID:
X-Virus-Scanned: amavisd-new at yourmail.com
X-Spam-Flag: YES
X-Spam-Score: 998.797
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=998.797 tagged_above=2 required=6.2
tests=[ALL_TRUSTED=-1, DSPAM_AWL=-1.05, FROM_EXCESS_BASE64=0.105,
GTUBE=1000, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
MIME_HTML_ONLY=1.105, TVD_SPACE_RATIO=0.001, DSPAM:Whitelisted=-1.000]
autolearn=no autolearn_force=no
X-DSPAM-Result: Whitelisted
X-DSPAM-Processed: Thu Dec 11 09:25:24 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5488f283633214439921469
|
结论:
测试邮件发多了,DSPAM已自动将发件人放进白名单了;
amavisd调用了SA扫描垃圾,判定为垃圾,投放到“垃圾邮件”箱中;
可以在X-Spam-Status看到DSPAM:Whitelisted=-1.000,这表明DSPAM作为SA的插件,执行了分数减1的操作;
autolearn=no表示amavisd调用SA自动学习白名单没有设置,后面关于amavisd启动黑白名单会讲。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2014-12-24 08:14:21
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡