Postfix e-Mail (vii): Test AMAVISD-NEW+SPAMASSASSIN+CLAMAV

1. Test AMAVISD Port 10024

postfix send mail to content filter amavisd:10024

[[Email protected] ~]# telnet localhost 10024Trying:: 1...Connected to localhost. Escape character is ' ^] '. [:: 1] ESMTP amavisd-new service Readyehlo localhost250-[::1]250- vrfy250-pipelining250-size250-enhancedstatuscodes250-8bitmime250-dsn250 xforward NAME ADDR PORT PROTO HELO IDENT SOURCEquit221 2.0.0 [:: 1] amavisd-new closing transmission channelconnection closed by foreign host.

Success

2. Test Postfix Port 10025 Connection

AMAVISD calls the SA or CLAMD after the message is scanned, the message is returned to postfix:10025

[[Email protected] ~]# telnet localhost 10025Trying:: 1...telnet:connect to Address:: 1:connection refusedtrying 127.0.0 .1...Connected to localhost. Escape character is ' ^] '. mail.yourmail.com ESMTP postfix-by Yourmail.comehlo Localhost250-mail.yourmail.com250-pipelining250-size 10485760250-vrfy250-etrn250-starttls250-auth LOGIN Plain250-auth=login plain250-enhancedstatuscodes250-8bitmime250 DSNquit221 2.0.0 byeconnection closed by foreign host.

Success

3. Test virus Mail

(1) Send virus mail:

[[email protected] ~]# telnet localhost 25trying ::1...connected to  localhost. escape character is  ' ^] '. 220 mail.yourmail.com esmtp postfix - by  yourmail.comehlo localhost                        # Enter the EHLO command 250-mail.yourmail.com250-pipelining250-size 10485760250-vrfy250-etrn250-starttls250-auth  login plain250-auth=login plain250-enhancedstatuscodes250-8bitmime250 dsnauth login                              #输入认证登陆命令334  vxnlcm5hbwu6cg9zdg1hc3rlckb5b3vybwfpbc5jb20=       #输入postmaster账号的base64编码334  UGFzc3dvcmQ6ZXh0bWFpbA==                           #输入其密码的base64编码235  2.7.0  authentication successfulmail from:<[email protected]>   #输入发件箱250  2.1.0  Okrcpt to:<[email protected]>            #输入收件箱250  2.1.5 Okdata                                    #输入数据内容命令354  end data with <cr><lf>.<cr><lf>x5o! p% @AP [4\pzx54 (p^) 7CC) 7} $EICAR-standard-antivirus-test-file! $H +h*         @ #输入病毒字符串 .                                       #输入. End data Input 250&Nbsp;2.0.0 ok: queued as 039b41a2129   #039B41A2129是此邮件的ID号quit                                     #退出221  2.0.0 byeconnection  closed by foreign host.

(2) View log:

[[Email protected] ~]# tailf /var/log/maillogdec  5 13:59:06 mail  postfix/smtpd[33105]: 039b41a2129: client=localhost[::1], sasl_method=login, [email  protected]Dec  5 13:59:16 mail postfix/cleanup[33115]: 039B41A2129:  MESSAGE-ID=&LT;[EMAIL&NBSP;PROTECTED]&GT;DEC&NBSP;&NBSP;5&NBSP;13:59:16&NBSP;MAIL&NBSP;POSTFIX/QMGR[32477]:  039B41A2129: from=<[email protected]>, size=430, nrcpt=1  (queue  Active) #039B41A2129是postmaster发出的邮件ID号Dec   5 13:59:16 mail postfix/smtpd[33119]:  initializing the server-side tls enginedec  5 13:59:16 mail  postfix/smtpd[33119]: connect from localhost[127.0.0.1]dec  5 13:59:16  mail postfix/smtpd[33119]: B00BE1A2131: client=localhost[127.0.0.1]Dec  5  13:59:16 mail postfix/cleanup[33115]: b00be1a2131: message-id=<[email protected]>dec  5 13:59:16  mail postfix/qmgr[32477]: b00be1a2131: from=<[email protected]>, size=2212,  nrcpt=1  (queue active) dec  5 13:59:16 mail amavis[33064]:  ( 33064-01)  Blocked INFECTED  (eicar-test-signature)  {nobounceinbound,quarantined}, [::1 ]:42295 [::1] <[email protected]> -> <[email protected]>,  quarantine: virus-6t1hgplbpvw3, message-id: <[email protected]>, mail_id:  6t1hgplbpvw3, hits: -, size: 430, 374 ms# B00BE1A2131 is AMAVISD will be processed virus mail sent to Virusalert account, while Save virus Mail report to/var/virusmails/, name is virus-6t1hgplbpvw3#blocked  infected  (eicar-test-signature) indicates that Amavis call ClamAV detected a virus, which means POSTFIX+AMAVISD+CLAMAV integration succeeded dec  5  13:59:16 mail postfix/smtp[33116]: 039b41a2129: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=16/ 0.09/0.02/0.36, dsn=2.5.0, status=sent  (250 2.5.0 ok, id=33064-01, discard ( bounce.suppressed)) dec  5 13:59:16 mail postfix/qmgr[32477]: 039b41a2129:  REMOVED#AMAVISD the original message back to Postfix,discard (bounce.suppressed) discard (suppress bounce) means the message is discarded, test is not receiving mail. dec  5 13:59:16 mail postfix/pipe[33120]: b00be1a2131: to=<[email  protected]>, relay=maildrop, delay=0.19, delays=0.04/0.03/0/0.13, dsn=5.1.1,  status=bounced  (user unknown. command output: invalid user specified.  ) dec  5 13:59:16 mail postfix/cleanup[33115]: dffa91a2130: message-id=<[ email protected]>dec  5 13:59:16 mail postfix/qmgr[32477]: dffa91a2130:  from=<>, size=4184, nrcpt=1  (queue active) dec  5 13:59:16 mail postfix/bounce[33122]:  b00be1a2131: sender non-delivery notification: dffa91a2130# because he made an alias, Sent to alias Virusalert Mail b00be1a2131, converted to dffa91a2130 sent to the entity mailbox postmasterdec  5 13:59:16 mail  postfix/qmgr[32477]: b00be1a2131: removeddec  5 13:59:17 mail postfix/pipe[ 33120]: dffa91a2130: to=<[email protected]>, orig_to=<[email protected]>,  relay=maildrop, delay=0.1, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent  ( Delivered via maildrop service) dec  5 13:59:17 mail postfix/qmgr[32477 ]: dffa91a2130: removeddec  5 13:59:17 mail postfix/smtpd[33105]:  DISCONNECT&NBSP;FROM&NBSP;LOCALHOST[::1] #你将在邮箱postmaster中看到病毒报告邮件DFFA91A2130

(3) Enter Postmaster mailbox to view virus mail:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/23/wKiom1SSWtOxuzWqAAMU7Anowqk945.jpg "title=" Qq20141205134701.png "alt=" Wkiom1sswtoxuzwqaamu7anowqk945.jpg "/>

( 4) Looking at the letterhead, you can see that the message number is dffa91a2130:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/20/wKioL1SSW4qSU0ERAAHUro6-3Xw082.jpg "title=" Qq20141205140912.png "alt=" Wkiol1ssw4qsu0eraahuro6-3xw082.jpg "/>

(5) To view the virus Mail directory:

[[email protected] ~]# ll/var/virusmails/total usage 4-rw-r-----. 1 Amavis amavis 1027 December 5 13:59 virus-6t1hgplbpvw3

(6) View virus Email Report:

[[email protected] ~]# cat /var/virusmails/virus-6t1hgplbpvw3 return-path: < >delivered-to: virus-quarantinex-envelope-from: <[email protected]>x-envelope-to:  <[email protected]>x-envelope-to-blocked: <[email protected]>x-quarantine-id:  <6t1HGplBpVw3>X-Amavis-Alert: INFECTED, message contains virus:  Eicar-test-signaturex-spam-flag: nox-spam-score: 0x-spam-level:x-spam-status: no, score=x  tag=x tag2=x kill=x tests=[] autolearn=unavailableReceived: from  mail.yourmail.com  ([127.0.0.1])   by localhost  (mail.yourmail.com [127.0.0.1])   (amavisd-new, port 10024)   with ESMTP id 6t1HGplBpVw3 for  <[email protected]>;  Fri,  5 Dec 2014 13:59:16 +0800  (CST) Received: from localhost  (Localhost [ipv6:::1])   by mail.yourmail.com  (postfix - by  yourmail.com)  with esmtpa id 039b41a2129  for <[email protected] >; Fri,  5 Dec 2014 13:58:59 +0800  (CST) message-id: <[email  protected]>Date: Fri,  5 Dec 2014 13:58:59 +0800  (CST) from:  [email protected]To: undisclosed-recipients:; X5o! p% @AP [4\pzx54 (p^) 7CC) 7} $EICAR-standard-antivirus-test-file! $H +h*

4. Test Junk Mail

(1) Sending spam messages:

[[email protected] ~]# telnet localhost 25trying ::1...connected to  localhost. escape character is  ' ^] '. 220 mail.yourmail.com esmtp postfix - by  yourmail.comehlo localhost                        # Enter the EHLO command 250-mail.yourmail.com250-pipelining250-size 10485760250-vrfy250-etrn250-starttls250-auth  login plain250-auth=login plain250-enhancedstatuscodes250-8bitmime250 dsnauth login                              #输入认证登陆命令334  vxnlcm5hbwu6cg9zdg1hc3rlckb5b3vybwfpbc5jb20=       #输入postmaster账号的编码334  UGFzc3dvcmQ6ZXh0bWFpbA==                           #输入其密码的编码235  2.7.0 authentication  successfulmail from:<[email protected]>   #输入发件箱250 &NBSP;2.1.0&NBSP;OKRCPT  to:<[email protected]>           #输入收件箱250  2.1.5 Okdata                                    #输入数据内容命令354  end data with <cr><lf>.<cr><lf>xjs*c4jdbqadn1. nsbn3*2idnen*gtube-standard-anti-ube-test-email*c.34x         #输入垃圾字符串.                                      # Input. End data Input 250 2.0.0 ok: queued as 336741a2129   #336741A2129是此邮件的ID号quit                                     #退出221  2.0.0 byeconnection closed  by foreign host.

(2) View log:

tailf /var/log/maillogdec  5 14:26:11 mail postfix/smtpd[33239]:  336741a2129: client=localhost[::1], sasl_method=login, [email protected]dec  5  14:26:46 mail postfix/cleanup[33248]: 336741A2129: message-id=<[email  protected]ail.yourmail.com>dec  5 14:26:46 mail postfix/qmgr[32477]:  336741a2129: from=<[email protected]>, size=430, nrcpt=1  (queue active) Dec &NBSP;&NBSP;5&NBSP;14:26:49&NBSP;MAIL&NBSP;POSTFIX/SMTPD[33239]:&NBSP;DISCONNECT&NBSP;FROM&NBSP;LOCALHOST[::1] #336741A2129是postmaster发出的邮件ID号Dec   5 14:26:49 mail amavis[33065]:  (33065-01)  INFO: no existing header field  ' Subject ',  inserting it# handed Amavis scan, The message does not have a subject, Amavis will insert a "***spam***" topic for spam, which is the $sa_spam_subject_tag parameter definition in AMAVISD dec  5 14:26:49  mail postfix/smtpd[33254]: initializing the server-side tls enginedec  5 14:26:49 mail  Postfix/smtpd[33254]: connect from localhost[127.0.0.1]dec  5 14:26:49 mail  postfix/smtpd[33254]: 5b38d1a2136: client=localhost[127.0.0.1]dec  5 14:26:49  mail postfix/cleanup[33248]: 5b38d1a2136: message-id=<[email protected]>dec   5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: from=<[email  protected]>, size=1240, nrcpt=1  (queue active) #5B38D1A2136是插入主题后的邮件Dec   5  14:26:49 mail amavis[33065]:  (33065-01)  passed spam {relayedtaggedinbound, quarantined}, [::1]:42299 [::1] <[email protected]> -> <[email  Protected]>, quarantine: spam-z230tcizzbzs.gz, message-id: <[email protected] >, mail_id: z230tcizzbzs, hits: 1000.768, size: 430, queued_as: 5b38d1a2136, 2860 ms# Since Amavis set up spam as pass, that is, do not intercept, so display passed spam, set up the interception will display Blocked spam, and send a report to spam.police<[email  Protected]> #同时将垃圾邮件保存一份到/var/virusmails/, name is Spam-z230tcizzbzs.gzdec  5 14:26:49 mail  postfix/smtp[33251]: 336741a2129: to=<[email protected]>, relay=127.0.0.1[ 127.0.0.1]:10024, delay=43, delays=40/0.04/0.01/2.9, dsn=2.0.0, status=sent  (250  2.0.0 from mta (smtp:[127.0.0.1]:10025): 250 2.0.0 ok: queued as  5b38d1a2136) dec  5 14:26:49 mail postfix/qmgr[32477]: 336741a2129: removed# AMAVISD the mail back to postfix with 10024 ports dec  5 14:26:49 mail postfix/pipe[33255]:  5b38d1a2136: to=<[email protected]>, relay=maildrop, delay=0.11, delays=0.02/ 0.04/0/0.05, dsn=2.0.0, status=sent  (Delivered via maildrop service) dec  5 14:26:49 mail  postfix/qmgr[32477]: 5b38d1a2136: removed[[email protected] ~]# ll /var/ virusmails/#postfix将邮件发送给收件人test, this time in the original mail based on the spam title sent out

(3) Enter the test mailbox to view the spam messages received

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/20/wKioL1SSW9rC8IVYAAEgzuzYPHY872.jpg "title=" Qq20141205144103.png "alt=" Wkiol1ssw9rc8ivyaaegzuzyphy872.jpg "/>

You can see that the topic is inserted into the spam prompt.

(4) View Letterhead

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/23/wKiom1SSW1eyii33AAPC5PSDuZQ662.jpg "title=" Qq20141205144251.png "alt=" Wkiom1ssw1eyii33aapc5psduzq662.jpg "/>

You can see that the message number is exactly 5b38d1a2136, and the score of the spam tag is 1000.768, far exceeding the required 6.2.

(5) To view the junk e-mail directory:

[[email protected] ~]# ll/var/virusmails/total usage 8-rw-r-----. 1 Amavis amavis 588 December 5 14:26 spam-z230tcizzbzs.gz-rw-r-----. 1 Amavis amavis 1027 December 5 13:59 virus-6t1hgplbpvw3

(6) View spam report:

[[email protected] ~]# gunzip /var/virusmails/spam-z230tcizzbzs.gz[[email protected]  ~]# cat /var/virusmails/spam-Z230tCIzZbzS Return-Path: <>Delivered-To:  spam-quarantinex-envelope-from: <[email protected]>x-envelope-to: <[email  protected]>x-envelope-to-blocked:x-quarantine-id: <z230tcizzbzs>x-spam-flag:  yesx-spam-score: 1000.768x-spam-level: ************************************************************* X-spam-status: yes, score=1000.768 tag=2 tag2=6.2 kill=6.9  tests=[all_ Trusted=-1, gtube=1000, missing_subject=1.767,  tvd_space_ratio=0.001] autolearn=no  autolearn_force=noReceived: from mail.yourmail.com  ([127.0.0.1])   by  localhost  (mail.yourmail.com [127.0.0.1])   (amavisd-new, port 10024)   with  esmtp id z230tcizzbzs for <[email protected]>;  fri,  5 dec 2014 14:26:46 + 0800  (CST) received: from localhost  (Localhost [ipv6:::1])   by  mail.yourmail.com  (postfix - by yourmail.com)  with ESMTPA id  336741a2129  for <[email protected]>; fri,  5 dec 2014  14:26:06 +0800  (CST) message-id: <[email protected]>date: fri,   5 dec 2014 14:26:06 +0800  (CST) from: [email protected]to:  Undisclosed-recipients:; Xjs*c4jdbqadn1. nsbn3*2idnen*gtube-standard-anti-ube-test-email*c.34x

Tip: If you set the Block spam, and the spam tag score setting is too low, it is easy to cause a lot of normal mail

Cannot reach the recipient; the blocked spam report can be viewed in postmaster.

5, leave a job for everyone:

Setting up garbage filtering in the amavisd.conf

$final _spam_destiny = d_bounce;

Perform spam tests and observe the results.

This article is from the "Moon Ching Xing Fei" blog, please be sure to keep this source http://ywzhou.blog.51cto.com/2785388/1591330

Postfix e-Mail (vii): Test AMAVISD-NEW+SPAMASSASSIN+CLAMAV