码迷,mamicode.com
首页 > 其他好文 > 详细

Postfix邮箱(七):测试Amavisd-new+SpamAssassin+Clamav

时间:2014-12-18 15:29:48      阅读:392      评论:0      收藏:0      [点我收藏+]

标签:postfix   amavis-new   spamassassin   clamav   垃圾过滤   病毒扫描   

1、测试amavisd端口10024

postfix将邮件发给内容过滤器amavisd:10024

[root@mail ~]# telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is ‘^]‘.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.

成功


2、测试postfix端口10025连接

amavisd调用SA或clamd扫描完邮件后,将邮件回注给postfix:10025

[root@mail ~]# telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

成功


3、测试病毒邮件

(1)发送病毒邮件:

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is ‘^]‘.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost                       #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login                           #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20=     #输入postmaster账号的base64编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA==                         #输入其密码的base64编码
235 2.7.0 Authentication successful
mail from:<postmaster@yourmail.com>  #输入发件箱
250 2.1.0 Ok
rcpt to:<test@yourmail.com>          #输入收件箱
250 2.1.5 Ok
data                                 #输入数据内容命令
354 End data with <CR><LF>.<CR><LF>
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*        @#输入病毒字符串
.                                    #输入.结束data输入
250 2.0.0 Ok: queued as 039B41A2129  #039B41A2129是此邮件的ID号
quit                                 #退出
221 2.0.0 Bye
Connection closed by foreign host.

(2)查看日志:

[root@mail ~]# tailf /var/log/maillog
Dec  5 13:59:06 mail postfix/smtpd[33105]: 039B41A2129: client=localhost[::1], sasl_method=login, sasl_username=postmaster@yourmail.com
Dec  5 13:59:16 mail postfix/cleanup[33115]: 039B41A2129: message-id=<20141205055906.039B41A2129@mail.yourmail.com>
Dec  5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: from=<postmaster@yourmail.com>, size=430, nrcpt=1 (queue active)
#039B41A2129是postmaster发出的邮件ID号
Dec  5 13:59:16 mail postfix/smtpd[33119]: initializing the server-side TLS engine
Dec  5 13:59:16 mail postfix/smtpd[33119]: connect from localhost[127.0.0.1]
Dec  5 13:59:16 mail postfix/smtpd[33119]: B00BE1A2131: client=localhost[127.0.0.1]
Dec  5 13:59:16 mail postfix/cleanup[33115]: B00BE1A2131: message-id=<VA6t1HGplBpVw3@mail.yourmail.com>
Dec  5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: from=<virusalert@yourmail.com>, size=2212, nrcpt=1 (queue active)
Dec  5 13:59:16 mail amavis[33064]: (33064-01) Blocked INFECTED (Eicar-Test-Signature) {NoBounceInbound,Quarantined}, [::1]:42295 [::1] <postmaster@yourmail.com> -> <test@yourmail.com>, quarantine: virus-6t1HGplBpVw3, Message-ID: <20141205055906.039B41A2129@mail.yourmail.com>, mail_id: 6t1HGplBpVw3, Hits: -, size: 430, 374 ms
#B00BE1A2131是amavisd将处理后的病毒邮件发给virusalert账号,同时保存病毒邮件报告到/var/virusmails/,名称是virus-6t1HGplBpVw3
#Blocked INFECTED (Eicar-Test-Signature)表示amavis调用clamav检测到病毒,也就是说postfix+amavisd+clamAV整合成功
Dec  5 13:59:16 mail postfix/smtp[33116]: 039B41A2129: to=<test@yourmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=16/0.09/0.02/0.36, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=33064-01, DISCARD(bounce.suppressed))
Dec  5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: removed
#amavisd将原始邮件还给postfix,DISCARD(bounce.suppressed)丢弃(抑制反弹)表示将邮件丢弃了,test是收不到邮件的。
Dec  5 13:59:16 mail postfix/pipe[33120]: B00BE1A2131: to=<virusalert@yourmail.com>, relay=maildrop, delay=0.19, delays=0.04/0.03/0/0.13, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. )
Dec  5 13:59:16 mail postfix/cleanup[33115]: DFFA91A2130: message-id=<20141205055916.DFFA91A2130@mail.yourmail.com>
Dec  5 13:59:16 mail postfix/qmgr[32477]: DFFA91A2130: from=<>, size=4184, nrcpt=1 (queue active)
Dec  5 13:59:16 mail postfix/bounce[33122]: B00BE1A2131: sender non-delivery notification: DFFA91A2130
#因为做了别名,发送给别名virusalert的邮件B00BE1A2131,转变成DFFA91A2130发给实体邮箱postmaster
Dec  5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: removed
Dec  5 13:59:17 mail postfix/pipe[33120]: DFFA91A2130: to=<postmaster@yourmail.com>, orig_to=<virusalert@yourmail.com>, relay=maildrop, delay=0.1, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  5 13:59:17 mail postfix/qmgr[32477]: DFFA91A2130: removed
Dec  5 13:59:17 mail postfix/smtpd[33105]: disconnect from localhost[::1]
#你将在邮箱postmaster中看到病毒报告邮件DFFA91A2130


(3)进入postmaster邮箱查看病毒邮件:

bubuko.com,布布扣


4)查看信头,可以看到邮件编号正是DFFA91A2130:

bubuko.com,布布扣


(5)查看病毒邮件目录:

[root@mail ~]# ll /var/virusmails/
总用量 4
-rw-r-----. 1 amavis amavis 1027 12月  5 13:59 virus-6t1HGplBpVw3

(6)查看病毒邮件报告:

[root@mail ~]# cat /var/virusmails/virus-6t1HGplBpVw3 
Return-Path: <>
Delivered-To: virus-quarantine
X-Envelope-From: <postmaster@yourmail.com>
X-Envelope-To: <test@yourmail.com>
X-Envelope-To-Blocked: <test@yourmail.com>
X-Quarantine-ID: <6t1HGplBpVw3>
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
Received: from mail.yourmail.com ([127.0.0.1])
  by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id 6t1HGplBpVw3 for <test@yourmail.com>;
  Fri,  5 Dec 2014 13:59:16 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
  by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 039B41A2129
  for <test@yourmail.com>; Fri,  5 Dec 2014 13:58:59 +0800 (CST)
Message-Id: <20141205055906.039B41A2129@mail.yourmail.com>
Date: Fri,  5 Dec 2014 13:58:59 +0800 (CST)
From: postmaster@yourmail.com
To: undisclosed-recipients:;
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


4、测试垃圾邮件

(1)发送垃圾邮件:

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is ‘^]‘.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost                       #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login                           #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20=     #输入postmaster账号的编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA==                         #输入其密码的编码
235 2.7.0 Authentication successful
mail from:<postmaster@yourmail.com>  #输入发件箱
250 2.1.0 Ok
rcpt to:<test@yourmail.com>          #输入收件箱
250 2.1.5 Ok
data                                 #输入数据内容命令
354 End data with <CR><LF>.<CR><LF>
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X        #输入垃圾字符串
.                                    #输入.结束data输入
250 2.0.0 Ok: queued as 336741A2129  #336741A2129是此邮件的ID号
quit                                 #退出
221 2.0.0 Bye
Connection closed by foreign host.


(2)查看日志:

tailf /var/log/maillog
Dec  5 14:26:11 mail postfix/smtpd[33239]: 336741A2129: client=localhost[::1], sasl_method=login, sasl_username=postmaster@yourmail.com
Dec  5 14:26:46 mail postfix/cleanup[33248]: 336741A2129: message-id=<20141205062611.336741A2129@mail.yourmail.com>
Dec  5 14:26:46 mail postfix/qmgr[32477]: 336741A2129: from=<postmaster@yourmail.com>, size=430, nrcpt=1 (queue active)
Dec  5 14:26:49 mail postfix/smtpd[33239]: disconnect from localhost[::1]
#336741A2129是postmaster发出的邮件ID号
Dec  5 14:26:49 mail amavis[33065]: (33065-01) INFO: no existing header field ‘Subject‘, inserting it
#交给amavis扫描,提示邮件没有主题,amavis会给垃圾邮件插入一个“***Spam***”这样的主题,这是amavisd中的$sa_spam_subject_tag参数定义的
Dec  5 14:26:49 mail postfix/smtpd[33254]: initializing the server-side TLS engine
Dec  5 14:26:49 mail postfix/smtpd[33254]: connect from localhost[127.0.0.1]
Dec  5 14:26:49 mail postfix/smtpd[33254]: 5B38D1A2136: client=localhost[127.0.0.1]
Dec  5 14:26:49 mail postfix/cleanup[33248]: 5B38D1A2136: message-id=<20141205062611.336741A2129@mail.yourmail.com>
Dec  5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: from=<postmaster@yourmail.com>, size=1240, nrcpt=1 (queue active)
#5B38D1A2136是插入主题后的邮件
Dec  5 14:26:49 mail amavis[33065]: (33065-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [::1]:42299 [::1] <postmaster@yourmail.com> -> <test@yourmail.com>, quarantine: spam-Z230tCIzZbzS.gz, Message-ID: <20141205062611.336741A2129@mail.yourmail.com>, mail_id: Z230tCIzZbzS, Hits: 1000.768, size: 430, queued_as: 5B38D1A2136, 2860 ms
#由于amavis设置垃圾邮件为PASS,即不进行拦截,因此显示Passed SPAM,设置拦截会显示Blocked SPAM,并发送报告给spam.police<postmaster@yourmail.com>
#同时将垃圾邮件保存一份到/var/virusmails/,名称是spam-Z230tCIzZbzS.gz
Dec  5 14:26:49 mail postfix/smtp[33251]: 336741A2129: to=<test@yourmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=43, delays=40/0.04/0.01/2.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5B38D1A2136)
Dec  5 14:26:49 mail postfix/qmgr[32477]: 336741A2129: removed
#amavisd将邮件还给postfix,用的是10024端口
Dec  5 14:26:49 mail postfix/pipe[33255]: 5B38D1A2136: to=<test@yourmail.com>, relay=maildrop, delay=0.11, delays=0.02/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: removed[root@mail ~]# ll /var/virusmails/
#postfix将邮件发送给收件人test,这次是在原邮件基础上加了SPAM标题发出去了


(3)进入test邮箱查看收到的垃圾邮件

bubuko.com,布布扣

可以看到主题被插入了垃圾邮件提示符。


(4)查看信头

bubuko.com,布布扣

可以看到邮件编号正是5B38D1A2136,以及SPAM标记的分数1000.768,远远超过了要求的6.2。


(5)查看垃圾邮件目录:

[root@mail ~]# ll /var/virusmails/
总用量 8
-rw-r-----. 1 amavis amavis  588 12月  5 14:26 spam-Z230tCIzZbzS.gz
-rw-r-----. 1 amavis amavis 1027 12月  5 13:59 virus-6t1HGplBpVw3

(6)查看垃圾邮件报告:

[root@mail ~]# gunzip /var/virusmails/spam-Z230tCIzZbzS.gz
[root@mail ~]# cat /var/virusmails/spam-Z230tCIzZbzS 
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <postmaster@yourmail.com>
X-Envelope-To: <test@yourmail.com>
X-Envelope-To-Blocked:
X-Quarantine-ID: <Z230tCIzZbzS>
X-Spam-Flag: YES
X-Spam-Score: 1000.768
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=1000.768 tag=2 tag2=6.2 kill=6.9
  tests=[ALL_TRUSTED=-1, GTUBE=1000, MISSING_SUBJECT=1.767,
  TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no
Received: from mail.yourmail.com ([127.0.0.1])
  by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id Z230tCIzZbzS for <test@yourmail.com>;
  Fri,  5 Dec 2014 14:26:46 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
  by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 336741A2129
  for <test@yourmail.com>; Fri,  5 Dec 2014 14:26:06 +0800 (CST)
Message-Id: <20141205062611.336741A2129@mail.yourmail.com>
Date: Fri,  5 Dec 2014 14:26:06 +0800 (CST)
From: postmaster@yourmail.com
To: undisclosed-recipients:;
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

提示:如果设置的是拦截垃圾邮件,而垃圾邮件的tag分数设置太低,容易导致很多正常邮件

不能到达收件方;在postmaster中可以查看拦截的垃圾邮件报告。


5、留个作业给大家:

设置amavisd.conf中的垃圾过滤

$final_spam_destiny  = D_BOUNCE;

执行垃圾邮件测试,观察结果比对。


本文出自 “月晴星飞” 博客,请务必保留此出处http://ywzhou.blog.51cto.com/2785388/1591330

Postfix邮箱(七):测试Amavisd-new+SpamAssassin+Clamav

标签:postfix   amavis-new   spamassassin   clamav   垃圾过滤   病毒扫描   

原文地址:http://ywzhou.blog.51cto.com/2785388/1591330

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!