歡迎您光臨本站 註冊首頁
開源互助社區>文檔>運維技術

求助!SA沒有在Header中添加標記,也沒有修改Subject.!!![已解決]

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

求助!SA沒有在Header中添加標記,也沒有修改Subject.!!![已解決]

我的SA無法在垃圾郵件的Header中標記,並且沒有修改Subject。我按照 michaelbibby 昨天給的回復修改了配置文件。但仍然不行。目前的情況是,如果發送病毒測試代碼可以修改Subject,發送SPAM代碼,沒有修改Header和Subject,我在日誌中已經看到了SA的檢查信息給出了1000分,並且有:Passed SPAM的內容。但是收到的郵件卻和正常郵件一樣,沒有辦法用Maildrop來區分。請問高手我是哪裡的問題?
我運行spamassassin -t < sample-spam.txt的結果如下:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on ss004.testdomain.net
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.4 required=5.0 tests=EMPTY_MESSAGE,MISSING_DATE,
        MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
        NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.4
X-Spam-Report:
        *  0.0 MISSING_MID Missing Message-Id: header
        *  0.0 MISSING_DATE Missing Date: header
        * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
        *  1.6 MISSING_HEADERS Missing To: header
        *  2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
        *  1.3 MISSING_SUBJECT Missing Subject: header
        *  0.6 EMPTY_MESSAGE Message appears to have no textual parts and no
        *      Subject: text
        * -0.0 NO_RECEIVED Informational: message has no Received headers
        *  0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
        *      headers
Subject: *****SPAM(6.4)*****
X-Spam-Prev-Subject: (nonexistent)

Spam detection software, running on the system "ss004.testdomain.net", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
admin@testdomain.net for details.

Content preview:  [...]

Content analysis details:   (6.4 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 MISSING_MID            Missing Message-Id: header
0.0 MISSING_DATE           Missing Date: header
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
1.6 MISSING_HEADERS        Missing To: header
2.9 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
1.3 MISSING_SUBJECT        Missing Subject: header
0.6 EMPTY_MESSAGE          Message appears to have no textual parts and no
                            Subject: text
-0.0 NO_RECEIVED            Informational: message has no Received headers
0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers

[ 本帖最後由 deanetg 於 2008-3-21 22:44 編輯 ]
《解決方案》

amaviad.conf

......
$max_servers = 15;
$daemon_user  = 'amavis';
$daemon_group = 'amavis';
......
$log_level = 1;

$sa_tag_level_deflt  = 2.0;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 10;
$sa_dsn_cutoff_level = 10;

$final_virus_destiny      = D_PASS;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;
......

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;
$defang_banned = 1;
《解決方案》

/etc/mail/spamassassin/local.cf

rewrite_header Subject *****SPAM(_SCORE_)*****

add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_

report_safe 0
ok_locales      all

lock_method flock

required_score 5.0

use_bayes 1

bayes_auto_learn 1
《解決方案》

用mail命令發郵件后的MAILLOG

Mar 21 11:51:25 ss004 postfix/pickup: E7A5C1888092: uid=0 from=<root>
Mar 21 11:51:25 ss004 postfix/cleanup: E7A5C1888092: message-id=<20080321025125.E7A5C1888092@ss004.testdomain.net>
Mar 21 11:51:26 ss004 postfix/qmgr: E7A5C1888092: from=<root@testdomain.net>, size=366, nrcpt=1 (queue active)
Mar 21 11:51:26 ss004 amavis: (03377-04) ESMTP::10024 /var/amavis/tmp/amavis-20080321T113244-03377: <root@testdomain.net> -> <admin@testdomain.net> SIZE=366 Received: from ss004.testdomain.net () by localhost (ss004.testdomain.net ) (amavisd-new, port 10024) with ESMTP for <admin@testdomain.net>; Fri, 21 Mar 2008 11:51:26 +0900 (JST)
Mar 21 11:51:26 ss004 amavis: (03377-04) Checking: 6FKDMcALX+Tp <root@testdomain.net> -> <admin@testdomain.net>
Mar 21 11:51:26 ss004 amavis: (03377-04) cached 0fca00f17d26a0b7bf2f91aed000ec3b from <root@testdomain.net> (1,0)
Mar 21 11:51:32 ss004 amavis: (03377-04) local delivery: <> -> <spam-quarantine>, mbx=/var/virusmails/spam-6FKDMcALX+Tp.gz
Mar 21 11:51:32 ss004 postfix/smtpd: connect from ss004.testdomain.net
Mar 21 11:51:32 ss004 postfix/smtpd: DCA3B1888094: client=ss004.testdomain.net
Mar 21 11:51:32 ss004 postfix/cleanup: DCA3B1888094: message-id=<20080321025125.E7A5C1888092@ss004.testdomain.net>
Mar 21 11:51:32 ss004 postfix/qmgr: DCA3B1888094: from=<root@testdomain.net>, size=850, nrcpt=1 (queue active)
Mar 21 11:51:32 ss004 postfix/smtpd: disconnect from ss004.testdomain.net
Mar 21 11:51:32 ss004 amavis: (03377-04) FWD via SMTP: <root@testdomain.net> -> <admin@testdomain.net>,BODY=7BIT 250 2.6.0 Ok, id=03377-04, from MTA(:10025): 250 2.0.0 Ok: queued as DCA3B1888094
Mar 21 11:51:32 ss004 amavis: (03377-04) Passed SPAM, <root@testdomain.net> -> <admin@testdomain.net>, quarantine: spam-6FKDMcALX+Tp.gz, Message-ID: <20080321025125.E7A5C1888092@ss004.testdomain.net>, mail_id: 6FKDMcALX+Tp, Hits: 1004.098, size: 366, queued_as: DCA3B1888094, 6972 ms
Mar 21 11:51:32 ss004 postfix/smtp: E7A5C1888092: to=<admin@testdomain.net>, relay=127.0.0.1:10024, delay=7.2, delays=0.18/0/0/7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DCA3B1888094)
Mar 21 11:51:32 ss004 postfix/qmgr: E7A5C1888092: removed
Mar 21 11:51:33 ss004 postfix/pipe: DCA3B1888094: to=<admin@testdomain.net>, relay=maildrop, delay=0.19, delays=0.08/0/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)
Mar 21 11:51:33 ss004 postfix/qmgr: DCA3B1888094: removed
《解決方案》

接收到的郵件內容

RFC822 Message body
Return-Path: <root@testdomain.net>
Delivered-To: admin@testdomain.net
Received: from localhost (ss004.testdomain.net )
by ss004.testdomain.net (Postfix) with ESMTP id DCA3B1888094
for <admin@testdomain.net>; Fri, 21 Mar 2008 11:51:32 +0900 (JST)
X-Quarantine-ID: <6FKDMcALX+Tp>
X-Virus-Scanned: amavisd-new at testdomain.net
Received: from ss004.testdomain.net ()
by localhost (ss004.testdomain.net ) (amavisd-new, port 10024)
with ESMTP id 6FKDMcALX+Tp for <admin@testdomain.net>;
Fri, 21 Mar 2008 11:51:26 +0900 (JST)
Received: by ss004.testdomain.net (Postfix, from userid 0)
id E7A5C1888092; Fri, 21 Mar 2008 11:51:25 +0900 (JST)
To: admin@testdomain.net
Subject: test
Message-Id: <20080321025125.E7A5C1888092@ss004.testdomain.net>
Date: Fri, 21 Mar 2008 11:51:25 +0900 (JST)
From: root@testdomain.net (root)

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
《解決方案》

下面是重新啟動后的maillog

Mar 21 12:09:55 ss004 authdaemond: modules="authmysql", daemons=10
Mar 21 12:09:55 ss004 authdaemond: Installing libauthmysql
Mar 21 12:09:56 ss004 authdaemond: Installation complete: authmysql
Mar 21 12:10:05 ss004 clamd: clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Mar 21 12:10:06 ss004 clamd: Running as user amavis (UID 1003, GID 1003)
Mar 21 12:10:06 ss004 clamd: Log file size limited to 1048576 bytes.
Mar 21 12:10:06 ss004 clamd: Reading databases from /usr/local/share/clamav
Mar 21 12:10:06 ss004 clamd: Not loading PUA signatures.
Mar 21 12:10:11 ss004 clamd: Loaded 232444 signatures.
Mar 21 12:10:13 ss004 clamd: Unix socket file /var/run/clamav/clamd
Mar 21 12:10:13 ss004 clamd: Setting connection queue length to 15
Mar 21 12:10:13 ss004 clamd: Listening daemon: PID: 2573
Mar 21 12:10:14 ss004 clamd: Archive: Archived file size limit set to 10485760 bytes.
Mar 21 12:10:14 ss004 clamd: Archive: Recursion level limit set to 8.
Mar 21 12:10:13 ss004 spamd: logger: removing stderr method
Mar 21 12:10:14 ss004 clamd: Archive: Files limit set to 1000.
Mar 21 12:10:14 ss004 clamd: Archive: Compression ratio limit set to 250.
Mar 21 12:10:14 ss004 clamd: Archive support enabled.
Mar 21 12:10:14 ss004 clamd: Algorithmic detection enabled.
Mar 21 12:10:14 ss004 clamd: Portable Executable support enabled.
Mar 21 12:10:14 ss004 clamd: ELF support enabled.
Mar 21 12:10:14 ss004 clamd: Mail files support enabled.
Mar 21 12:10:15 ss004 clamd: Mail: Recursion level limit set to 64.
Mar 21 12:10:15 ss004 clamd: OLE2 support enabled.
Mar 21 12:10:15 ss004 clamd: PDF support disabled.
Mar 21 12:10:15 ss004 clamd: HTML support enabled.
Mar 21 12:10:15 ss004 clamd: Self checking every 1800 seconds.
Mar 21 12:10:18 ss004 amavis: starting.  /usr/local/sbin/amavisd at ss004.testdomain.net amavisd-new-2.5.3 (20071212), Unicode aware, LANG="en_US.UTF-8"
Mar 21 12:10:18 ss004 amavis: user=, EUID: 0 (0);  group=, EGID: 0 (0)
Mar 21 12:10:18 ss004 amavis: Perl version               5.010000
Mar 21 12:10:22 ss004 amavis: SpamControl: init_pre_chroot done
Mar 21 12:10:22 ss004 amavis: Net::Server: Process Backgrounded
Mar 21 12:10:22 ss004 amavis: Net::Server: 2008/03/21-12:10:22 Amavis (type Net::Server:reForkSimple) starting! pid(2632)
Mar 21 12:10:22 ss004 amavis: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
Mar 21 12:10:22 ss004 amavis: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Mar 21 12:10:22 ss004 spamd: spamd: server started on port 783/tcp (running version 3.2.4)
Mar 21 12:10:23 ss004 amavis: Net::Server: Setting gid to "1003 1003"
Mar 21 12:10:23 ss004 amavis: Net::Server: Setting uid to "1003"
Mar 21 12:10:23 ss004 amavis: Module Amavis::Conf        2.093
Mar 21 12:10:23 ss004 spamd: spamd: server pid: 2589
Mar 21 12:10:23 ss004 amavis: Module Archive::Zip        1.23
Mar 21 12:10:23 ss004 amavis: Module BerkeleyDB          0.33
Mar 21 12:10:23 ss004 amavis: Module Compress::Zlib      2.008
Mar 21 12:10:23 ss004 amavis: Module Convert::TNEF       0.17
Mar 21 12:10:23 ss004 amavis: Module Convert::UUlib      1.09
Mar 21 12:10:23 ss004 amavis: Module DBI                 1.602
Mar 21 12:10:23 ss004 spamd: spamd: server successfully spawned child process, pid 2654
Mar 21 12:10:23 ss004 amavis: Module DB_File             1.816_1
Mar 21 12:10:23 ss004 amavis: Module Digest::MD5         2.36_01
Mar 21 12:10:24 ss004 amavis: Module Digest::SHA         5.45
Mar 21 12:10:23 ss004 spamd: spamd: server successfully spawned child process, pid 2673
Mar 21 12:10:24 ss004 amavis: Module Digest::SHA1        2.11
Mar 21 12:10:24 ss004 amavis: Module IO::Socket::INET6   2.54
Mar 21 12:10:24 ss004 amavis: Module MIME::Entity        5.425
Mar 21 12:10:24 ss004 amavis: Module MIME:arser        5.425
Mar 21 12:10:24 ss004 spamd: prefork: child states: II
Mar 21 12:10:24 ss004 amavis: Module MIME::Tools         5.425
Mar 21 12:10:24 ss004 amavis: Module Mail:KIM          0.301
Mar 21 12:10:24 ss004 amavis: Module Mail::Header        2.02
Mar 21 12:10:24 ss004 amavis: Module Mail::Internet      2.02
Mar 21 12:10:24 ss004 amavis: Module Mail::SPF           v2.005
Mar 21 12:10:24 ss004 amavis: Module Mail::SPF:uery    1.999001
Mar 21 12:10:25 ss004 amavis: Module Mail::SpamAssassin  3.002004
Mar 21 12:10:25 ss004 amavis: Module Net:NS            0.63
Mar 21 12:10:25 ss004 amavis: Module Net::Server         0.97
Mar 21 12:10:25 ss004 amavis: Module NetAddr::IP         4.007
Mar 21 12:10:25 ss004 amavis: Module Razor2::Client::Version 2.84
Mar 21 12:10:25 ss004 amavis: Module Time::HiRes         1.9711
Mar 21 12:10:25 ss004 amavis: Module URI                 1.35
Mar 21 12:10:25 ss004 postfix/postfix-script: starting the Postfix mail system
Mar 21 12:10:25 ss004 amavis: Module Unix::Syslog        1.0
Mar 21 12:10:25 ss004 postfix/master: daemon started -- version 2.5.1, configuration /etc/postfix
Mar 21 12:10:25 ss004 amavis: Amavis:B code      loaded
Mar 21 12:10:25 ss004 amavis: Amavis::Cache code   loaded
Mar 21 12:10:25 ss004 amavis: SQL base code        NOT loaded
Mar 21 12:10:25 ss004 amavis: SQL:og code        NOT loaded
Mar 21 12:10:26 ss004 amavis: SQL:uarantine      NOT loaded
Mar 21 12:10:26 ss004 amavis: Lookup::SQL code     NOT loaded
Mar 21 12:10:26 ss004 amavis: Lookup:DAP code    NOT loaded
Mar 21 12:10:26 ss004 amavis: AM.PDP-in proto code loaded
Mar 21 12:10:26 ss004 amavis: SMTP-in proto code   loaded
Mar 21 12:10:26 ss004 amavis: Courier proto code   NOT loaded
Mar 21 12:10:27 ss004 amavis: SMTP-out proto code  loaded
Mar 21 12:10:27 ss004 amavis: Pipe-out proto code  NOT loaded
Mar 21 12:10:27 ss004 amavis: BSMTP-out proto code NOT loaded
Mar 21 12:10:27 ss004 amavis: Local-out proto code loaded
Mar 21 12:10:27 ss004 amavis: OS_Fingerprint code  NOT loaded
Mar 21 12:10:27 ss004 amavis: ANTI-VIRUS code      loaded
Mar 21 12:10:28 ss004 amavis: ANTI-SPAM code       loaded
Mar 21 12:10:28 ss004 amavis: ANTI-SPAM-SA code    loaded
Mar 21 12:10:28 ss004 amavis: Unpackers code       loaded
Mar 21 12:10:28 ss004 amavis: Found $file            at /usr/bin/file
Mar 21 12:10:28 ss004 amavis: No $dspam,             not using it
Mar 21 12:10:28 ss004 amavis: No $altermime,         not using it
Mar 21 12:10:28 ss004 amavis: Internal decoder for .mail
Mar 21 12:10:28 ss004 amavis: Internal decoder for .asc
Mar 21 12:10:28 ss004 amavis: Internal decoder for .uue
Mar 21 12:10:28 ss004 amavis: Internal decoder for .hqx
Mar 21 12:10:28 ss004 amavis: Internal decoder for .ync
Mar 21 12:10:28 ss004 amavis: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Mar 21 12:10:28 ss004 amavis: Found decoder for    .Z    at /usr/bin/gzip -d
Mar 21 12:10:28 ss004 amavis: Found decoder for    .gz   at /usr/bin/gzip -d
Mar 21 12:10:28 ss004 amavis: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Mar 21 12:10:28 ss004 amavis: No decoder for       .lzo  tried: lzop -d
Mar 21 12:10:28 ss004 amavis: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Mar 21 12:10:28 ss004 amavis: Found decoder for    .cpio at /usr/bin/pax
Mar 21 12:10:28 ss004 amavis: Found decoder for    .tar  at /usr/bin/pax
Mar 21 12:10:28 ss004 amavis: Found decoder for    .deb  at /usr/bin/ar
Mar 21 12:10:28 ss004 amavis: Internal decoder for .zip
Mar 21 12:10:28 ss004 amavis: No decoder for       .7z   tried: 7zr, 7za, 7z
Mar 21 12:10:28 ss004 amavis: No decoder for       .rar  tried: rar, unrar
Mar 21 12:10:28 ss004 amavis: No decoder for       .arj  tried: arj, unarj
Mar 21 12:10:28 ss004 amavis: No decoder for       .arc  tried: nomarch, arc
Mar 21 12:10:28 ss004 amavis: No decoder for       .zoo  tried: zoo, unzoo
Mar 21 12:10:28 ss004 amavis: No decoder for       .lha  tried: lha
Mar 21 12:10:28 ss004 amavis: No decoder for       .cab  tried: cabextract
Mar 21 12:10:28 ss004 amavis: No decoder for       .tnef tried: tnef
Mar 21 12:10:28 ss004 amavis: Internal decoder for .tnef
Mar 21 12:10:28 ss004 amavis: No decoder for       .exe  tried: rar, unrar; lha; arj, unarj
Mar 21 12:10:28 ss004 amavis: Using primary internal av scanner code for ClamAV-clamd
Mar 21 12:10:28 ss004 amavis: Creating db in /var/amavis/db/; BerkeleyDB 0.33, libdb 4.3
Mar 21 12:10:29 ss004 amavis: SpamControl: initializing Mail::SpamAssassin
Mar 21 12:10:31 ss004 amavis: SpamControl: init_pre_fork done
《解決方案》

折騰一天終於找到原因了,原來是amavisd-new的配置文件中需要設置
@local_domains_maps= ( [".mydomain.net",".mydomain.com"] );
如果保留默認值或者註釋的話,那麼只能做到檢查不會添加SPAM標記,仔細查看了amavisd-new的文檔實驗出來了。
而且還以用hash表的方式保存虛擬域,如:
read_hash(\%local_domains, '/etc/amavis/local_domains');

#/etc/amavis/local_domains
mydomain.net
mydomain.com

本人是新手,可能對於高手不算什麼問題,不過仍然希望對向我一樣的新手朋友們有所幫助!
《解決方案》

:em03: 不錯,這個問題,我搞了快兩天了,終於找到原因了。謝謝樓主了

[火星人 ] 求助!SA沒有在Header中添加標記,也沒有修改Subject.!!![已解決]已經有606次圍觀

http://coctec.com/docs/service/show-post-29489.html

熱門文章

  1. sed當中使用變數替換以及執行外部命令
  2. 英特爾的VT-x、VT-d、VT-c技術概述
  3. NXDomain指的是什麼意思?
  4. CACTI不能顯示圖像,rra下沒有文件!許可權,PATH,snmpwalk沒問題
  5. VPN技術討論——IPsec VPN與SSL VPN的比較。
  6. vsftp的問題500 OOPS: unrecognised variable in config file: cal_root
  7. openldap 很慢問題
  8. 為何htpasswd命令不能用
  9. tomcat的CLOSE_WAIT是怎麼回事
  10. 開源資產管理軟體—OCS-NG

最新文章

  1. 如何使用DMA66的硬碟
  2. 網卡設置指南
  3. Linux下新手裝網卡指南
  4. 設置串列埠和數據機
  5. 如何在Linux上使用HAProxy配置HTTP負載均衡系統
  6. 解決 502 bad gateway
  7. 配置mysql5.5主從伺服器
  8. Mongodb中關於GUID的顯示問題詳析
  9. Openssl實現雙向認證教程(附服務端客戶端程式碼)
  10. JVM執行時資料區劃分原理詳解