[Postfix][Spamassassin]

[Spamassassin] [Postfix] - réseaux et sécurité - Linux et OS Alternatifs

Marsh Posté le 07-11-2007 à 18:49:11    

Bonjour,
 
Suite des aventures avec Postfix.
Maintenant qu'il fonctionne bien et qu'il filtre les emails de mon domaine (ce qui est déjà bien), j'aimerai limiter les spams en ajoutant un produit du type spamassassin.
 
J'ai lu différentes documentations, et je me suis lancé.
J'ai installé spamassassin, et j'ai modifié le main.cf et le master.cf de Postfix avec respectivement ces deux lignes:
 

smtp      inet  n       -       -       -       -       smtpd -o content-filter=spamassassin
spamassassin unix -     n       n       -       -       pipe user=spamd argv=/usr/sbin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}  


 
La config de spamassassin est celle-ci:
 

# /etc/default/spamassassin
# Duncan Findlay
 
# WARNING: please read README.spamd before using.
# There may be security risks.
 
# Change to one to enable spamd
ENABLED=1
 
# Options
# See man spamd for possible options. The -d option is automatically added.
 
# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
 
SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --daemonize --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log "
 
# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="${SAHOME}spamd.pid"
 
# Set nice level of spamd
#NICE="--nicelevel 15"


 
J'ai bien arrêté Postfix, lancer spamassassin, relancer Postfix... Postfix continue bien son boulot, mais je n'ai aucun filtrage de spam (j'ai fait différent tests avec des emails douteux, et je ne vois rien de spécial dans les logs de Postfix ou de spamassassin).
 
Ci-joint les logs de Postfix (les derniers):
 

Nov  7 18:42:03 GECKO postfix/smtpd[1255]: connect from 86-63-88-24.sta.asta-net.com.pl[86.63.88.24]
Nov  7 18:42:03 GECKO postfix/smtpd[1255]: NOQUEUE: reject: RCPT from 86-63-88-24.sta.asta-net.com.pl[86.63.88.24]: 554 5.7.1
<akuehn@deroma.fr>: Relay access denied; from=<Toryrosamilia@ykwc.com> to=<akuehn@xxxxxxxxxxxx.fr> proto=ESMTP helo=<86-63-88-24.ast
a-net.com.pl>
Nov  7 18:42:03 GECKO postfix/smtpd[1255]: disconnect from 86-63-88-24.sta.asta-net.com.pl[86.63.88.24]
Nov  7 18:44:17 GECKO postfix/smtpd[1273]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov  7 18:44:17 GECKO postfix/smtpd[1273]: connect from 98.190.218.87.dynamic.jazztel.es[87.218.190.98]
Nov  7 18:44:17 GECKO postfix/smtpd[1273]: NOQUEUE: reject: RCPT from 98.190.218.87.dynamic.jazztel.es[87.218.190.98]: 554 5.7
.1 <fvoisin@xxxxxxxxxxxx.fr>: Relay access denied; from=<Radim108@menopause-and-osteoporosis.com> to=<fvoisin@xxxxxxxxxxxx.fr> proto=ESMTP
 helo=<154.191.218.87.dynamic.jazztel.es>
Nov  7 18:44:17 GECKO postfix/smtpd[1273]: disconnect from 98.190.218.87.dynamic.jazztel.es[87.218.190.98]
Nov  7 18:44:21 GECKO postfix/anvil[1241]: statistics: max connection rate 1/60s for (smtp:83.6.230.143) at Nov  7 18:34:48
Nov  7 18:44:21 GECKO postfix/anvil[1241]: statistics: max connection count 1 for (smtp:83.6.230.143) at Nov  7 18:34:48
Nov  7 18:44:21 GECKO postfix/anvil[1241]: statistics: max cache size 4 at Nov  7 18:35:23
Nov  7 18:44:37 GECKO postfix/smtpd[1273]: connect from host14-66-dynamic.6-87-r.retail.telecomitalia.it[87.6.66.14]
Nov  7 18:44:37 GECKO postfix/smtpd[1273]: NOQUEUE: reject: RCPT from host14-66-dynamic.6-87-r.retail.telecomitalia.it[87.6.66
.14]: 554 5.7.1 <infodd@xxxxxxxxxxxx.fr>: Relay access denied; from=<Kulmancadw@goodworks-pac.ccsend.com> to=<infodd@xxxxxxxxxxxx.fr> prot
o=ESMTP helo=<host14-66-dynamic.6-87-r.retail.telecomitalia.it>
Nov  7 18:44:37 GECKO postfix/smtpd[1273]: disconnect from host14-66-dynamic.6-87-r.retail.telecomitalia.it[87.6.66.14]
Nov  7 18:44:59 GECKO postfix/smtpd[1273]: connect from unknown[200.93.162.65]
Nov  7 18:44:59 GECKO postfix/smtpd[1273]: DC1DD5FA0A: client=unknown[200.93.162.65]
Nov  7 18:45:00 GECKO postfix/smtpd[1273]: lost connection after DATA from unknown[200.93.162.65]
Nov  7 18:45:00 GECKO postfix/smtpd[1273]: disconnect from unknown[200.93.162.65]


 
Et ceux de spamassassin:
 
Wed Nov  7 17:56:34 2007 [1148] info: spamd: server pid: 1148
Wed Nov  7 17:56:34 2007 [1148] info: spamd: server successfully spawned child process, pid 1149
Wed Nov  7 17:56:34 2007 [1148] info: spamd: server successfully spawned child process, pid 1150
Wed Nov  7 17:56:34 2007 [1148] info: prefork: child states: IS
Wed Nov  7 17:56:34 2007 [1148] info: prefork: child states: II
 
Ce qui m'inquiète aussi c'est que spamassassin n'a rien "dit" depuis 17:56 alors que Postfix a vu passer des emails...
Bon enfin bref, je me répéte, Help !! :)
 
Théo

Reply

Marsh Posté le 07-11-2007 à 18:49:11   

Reply

Marsh Posté le 07-11-2007 à 18:50:27    

Pour les curieux, le début de l'histoire, c'est là --> http://forum.hardware.fr/hfr/OSAlt [...] 4985_1.htm

Reply

Marsh Posté le 07-11-2007 à 18:56:12    

passe par amavisd pour gerer spamassassin
 
c'est plus souple
 
regarde ma signature pour la procedure d'install


---------------
Messagerie dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com
Reply

Marsh Posté le 07-11-2007 à 18:56:25    

La config de local.cf de spammassassin que j'avais oublié de mettre :
 
 

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
 
 
#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
 
 
#   Use Bayesian classifier (default: 1)
#
use_bayes 1
use_bayes_rules 1
 
#   Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
 
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed