一、测试DSPAM(未使用amavisd调用DSPAM)- 一般邮件
1、外部邮箱[email protected]发送一封邮件给[email protected]
主题:1111111111111 内容空
说明:前面的博文说过了,需要再搭建一个一样的邮件系统来模拟外部邮件;
如果你的域是万网之类的地方注册的,可以解析到你的邮箱服务器就可以直接用QQ邮箱发。
2、查看日志
[root@mail ~]# tailf /var/log/maillog Dec 10 09:22:37 mail postfix/smtpd[61297]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from= to= proto=ESMTP helo= #触发DSPAM过滤器lmtp:[127.0.0.1]:10028 Dec 10 09:22:39 mail postfix/smtpd[61297]: 447941A2121: client=unknown[10.188.1.86] Dec 10 09:22:39 mail postfix/cleanup[61307]: 447941A2121: message-id=<[email protected]> Dec 10 09:22:39 mail postfix/qmgr[57578]: 447941A2121: from= , size=1013, nrcpt=1 (queue active) Dec 10 09:22:39 mail postfix/smtpd[61297]: disconnect from unknown[10.188.1.86] #邮件正常发出 Dec 10 09:22:44 mail postfix/smtpd[61314]: initializing the server-side TLS engine Dec 10 09:22:44 mail postfix/smtpd[61314]: connect from localhost[127.0.0.1] Dec 10 09:22:44 mail postfix/smtpd[61314]: 3B4541A2138: client=localhost[127.0.0.1] Dec 10 09:22:44 mail postfix/cleanup[61307]: 3B4541A2138: message-id=<[email protected]> Dec 10 09:22:44 mail postfix/qmgr[57578]: 3B4541A2138: from= , size=1633, nrcpt=1 (queue active) #postfix将邮件交给amavisd扫描 Dec 10 09:22:44 mail amavis[61231]: (61231-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] -> , Message-ID: <[email protected]>, mail_id: bK_jEeiz4Lhq, Hits: -2.383, size: 1189, queued_as: 3B4541A2138, 4640 ms Dec 10 09:22:44 mail postfix/pipe[61315]: 3B4541A2138: to= , relay=maildrop, delay=0.13, delays=0.03/0.03/0/0.08, dsn=2.0.0, status=sent (delivered via maildrop service) Dec 10 09:22:44 mail postfix/qmgr[57578]: 3B4541A2138: removed #amavisd调用clamav扫描病毒,通过并还给postfix Dec 10 09:22:44 mail postfix/lmtp[61309]: 447941A2121: to= , relay=127.0.0.1[127.0.0.1]:10028, delay=6.6, delays=1.5/0.03/0.06/5, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery) Dec 10 09:22:44 mail postfix/qmgr[57578]: 447941A2121: removed #postfix将邮件交付给收件人
3、DSPAM页面的history中有一条垃圾扫描记录
显示了垃圾邮件判断结果、发送时间、发件人、邮件主题、其他信息
注意:系统管理员的主要工作将在这里操作,即人工判断为垃圾邮件的,点击AsSpam打入垃圾邮件;
经过长时间的学习,DSPAM系统将提高垃圾邮件的判断率,可以有意将一个邮箱账号发布到各种网站上,
以此来吸引垃圾邮件。
4、查看信头,最下方有一组DSPAM标记
X-DSPAM-Result: Innocent X-DSPAM-Processed: Wed Dec 10 09:22:39 2014 X-DSPAM-Confidence: 0.9902 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 1,5487a05f580541723287998
5、查看DSPAM日志
[root@mail ~]# tail /usr/local/dspam/var/dspam/system.log 1418174559 I postmaster 1,5487a05f580541723287998 1111111111111 0.193525 extmail Delivered <[email protected]>
二、测试DSPAM(未使用amavisd调用DSPAM)- 垃圾邮件
1、继续发一封邮件,主题和内容使用以下垃圾邮件测试代码
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
2、查看日志
[root@mail ~]# tailf /var/log/maillog Dec 10 09:32:46 mail postfix/smtpd[61368]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from= to= proto=ESMTP helo= Dec 10 09:32:46 mail postfix/smtpd[61368]: 2E16B1A2121: client=unknown[10.188.1.86] Dec 10 09:32:46 mail postfix/cleanup[61378]: 2E16B1A2121: message-id=<[email protected]> Dec 10 09:32:46 mail postfix/qmgr[57578]: 2E16B1A2121: from= , size=1255, nrcpt=1 (queue active) Dec 10 09:32:46 mail postfix/smtpd[61368]: disconnect from unknown[10.188.1.86] Dec 10 09:32:48 mail postfix/smtpd[61384]: initializing the server-side TLS engine Dec 10 09:32:48 mail postfix/smtpd[61384]: connect from localhost[127.0.0.1] Dec 10 09:32:48 mail postfix/smtpd[61384]: BFE3E1A2141: client=localhost[127.0.0.1] Dec 10 09:32:48 mail postfix/cleanup[61378]: BFE3E1A2141: message-id=<[email protected]> Dec 10 09:32:48 mail postfix/qmgr[57578]: BFE3E1A2141: from= , size=2316, nrcpt=1 (queue active) Dec 10 09:32:48 mail amavis[61233]: (61233-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [10.188.1.86] -> , quarantine: spam-iow5FVd_Jg1C.gz, Message-ID: <[email protected]>, mail_id: iow5FVd_Jg1C, Hits: 997.617, size: 1431, queued_as: BFE3E1A2141, 2452 ms #amavisd调用了SA扫描垃圾,判定为SPAM(垃圾),但仍然放行了,在/var/virusmails/中保存了垃圾邮件记录spam-iow5FVd_Jg1C.gz #由于maidrop全局过滤,垃圾邮件到了客户端的“垃圾邮件”文件夹,使用POP3连接的客户端无法同步到,使用IMAP连接的客户端和WEB端可以看到垃圾邮件 Dec 10 09:32:48 mail postfix/lmtp[61380]: 2E16B1A2121: to= , relay=127.0.0.1[127.0.0.1]:10028, delay=2.7, delays=0.08/0.01/0.04/2.6, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery) Dec 10 09:32:48 mail postfix/qmgr[57578]: 2E16B1A2121: removed Dec 10 09:32:48 mail postfix/pipe[61385]: BFE3E1A2141: to= , relay=maildrop, delay=0.14, delays=0.03/0.04/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service) Dec 10 09:32:48 mail postfix/qmgr[57578]: BFE3E1A2141: removed
3、查看信头
X-Virus-Scanned: amavisd-new at yourmail.com X-Spam-Flag: YES X-Spam-Score: 997.617 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=997.617 tagged_above=2 required=6.2 X-DSPAM-Result: Innocent X-DSPAM-Processed: Wed Dec 10 09:32:46 2014 X-DSPAM-Confidence: 0.9902 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 1,5487a2be580545400920763
注意:垃圾邮件主题中会插件***Spam***标记
结论:此时amavisd和DSPAM各自工作正常
三、测试DSPAM(已使用amavisd-2.8.0调用DSPAM)
1、外部邮箱[email protected]发送一封邮件给[email protected]
2、查看日志
[root@mail ~]# tailf /var/log/maillog Dec 9 15:41:42 mail postfix/smtpd[57810]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from= to= proto=ESMTP helo= #客户端主机触发了DSPAM过滤器 Dec 9 15:41:44 mail postfix/smtpd[57810]: NOQUEUE: reject: RCPT from unknown[10.188.1.86]: 450 4.7.1 : Recipient address rejected: Try again, see http://bl.extmail.org/cgi/why?greylist; from= to= proto=ESMTP helo= #拒收邮件,因为是第一次接收对方邮件,Slockd的灰名单插件作用了,稍后重试 Dec 9 15:48:17 mail postfix/smtpd[57833]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: : Client host triggers FILTER lmtp:[127.0.0.1]:10028; from= to= proto=ESMTP helo= Dec 9 15:48:17 mail postfix/smtpd[57833]: EA2AA1A211A: client=unknown[10.188.1.86] Dec 9 15:48:17 mail postfix/cleanup[57843]: EA2AA1A211A: message-id=<[email protected]> Dec 9 15:48:18 mail postfix/qmgr[57578]: EA2AA1A211A: from= , size=954, nrcpt=1 (queue active) Dec 9 15:48:18 mail postfix/smtpd[57833]: disconnect from unknown[10.188.1.86] #邮件发出来了 Dec 9 15:48:19 mail dspam[57851]: Unable to determine the destination user Dec 9 15:48:19 mail dspam[57851]: DSPAM agent misconfigured: aborting #dspam报错,dspam和amavisd都配置了--user extmail参数,应该是版本问题 Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)auto-learning with spam scanner DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam: exit 1 Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)Auto-learn failed: DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam: exit 1 at (eval 108) line 207. #amavis调用dspam报错,这是amavis-2.8.0版本的BUG,已在在2.8.1中修复了 #BUG官方说明:http://www.ijs.si/software/amavisd/release-notes.txt Dec 9 15:48:19 mail postfix/smtpd[57852]: initializing the server-side TLS engine Dec 9 15:48:19 mail postfix/smtpd[57852]: connect from localhost[127.0.0.1] Dec 9 15:48:19 mail postfix/smtpd[57852]: 6E7A51A2142: client=localhost[127.0.0.1] Dec 9 15:48:19 mail postfix/cleanup[57843]: 6E7A51A2142: message-id=<[email protected]> Dec 9 15:48:19 mail postfix/qmgr[57578]: 6E7A51A2142: from= , size=1781, nrcpt=1 (queue active) Dec 9 15:48:19 mail amavis[57071]: (57071-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] -> , Message-ID: <[email protected]>, mail_id: nLJvfGg4h34C, Hits: -2.803, size: 1163, queued_as: 6E7A51A2142, 1414 ms #postfix将邮件转给amavisd扫描 Dec 9 15:48:19 mail postfix/lmtp[57845]: EA2AA1A211A: to= , relay=127.0.0.1[127.0.0.1]:10028, delay=1.9, delays=0.36/0.02/0.04/1.5, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery) Dec 9 15:48:19 mail postfix/qmgr[57578]: EA2AA1A211A: removed #dspam还回邮件 Dec 9 15:48:19 mail postfix/pipe[57853]: 6E7A51A2142: to= , relay=maildrop, delay=0.21, delays=0.07/0.04/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service) Dec 9 15:48:19 mail postfix/qmgr[57578]: 6E7A51A2142: removed #amavis还回邮件
说明:由于我是先做的这个测试,所有灰名单先起作用,然后取消amavisd调用dspam,因此在测试一、二中没有灰名单作用了,不管你先测哪个,明白第一次收到对方的邮件时灰名单作用就行了。
3、查看信头
X-DSPAM-Processed: Tue Dec 9 15:48:19 2014 X-DSPAM-Confidence: 0.9901 X-DSPAM-Probability: 0.0000 X-Virus-Scanned: amavisd-new at yourmail.com X-DSPAM-Result: Innocent X-DSPAM-Signature: 1,5486a943574271440440046 X-DSPAM-Result: Innocent X-DSPAM-Processed: Tue Dec 9 15:48:18 2014 X-DSPAM-Confidence: 0.7811 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 1,5486a942574272128866500
说明:上部分是amavisd调用DSPAM产生的,下部分是postfix调用DSPAM产生的。
4、查看DSPAM页面
在DSPAM页面中的history查看Resent是因为灰名单插件,邮件发送两次进行了两次DSPAM处理
5、查看日志
[root@mail ~]# tailf /var/log/maildrop.log Date: Tue Dec 9 15:48:19 2014 From: "=?ISO-8859-1?B?cG9zdG1hc3Rlcg==?="Subj: =?ISO-8859-1?B?aGFhaGFoYWhhaA==?= File: /home/domains/yourmail.com/test/Maildir/ (1814)
四、测试DSPAM(已使用amavisd-2.6.6调用DSPAM)
1、amavisd-new换成2.6.6版本
[root@mail ~]# yum erase amavisd-new [root@mail ~]# yum install amavisd-new-2.6.6
amavis的账号及组会重建,重新赋予权限
[root@mail ~]# chown -R amavis.amavis /var/amavis/
重新将clamav用户加入amavis组
[root@mail ~]# usermod -G amavis clamav
重新设置amavisd.conf,参考前面的博文
重启clamd和amavisd服务
2、外部邮箱[email protected]发送一封邮件给[email protected]
3、查看日志
[root@mail ~]# tailf /var/log/maillog Dec 11 09:25:23 mail postfix/smtpd[17976]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from= to= proto=ESMTP helo= Dec 11 09:25:23 mail postfix/smtpd[17976]: B79381A2135: client=unknown[10.188.1.86] Dec 11 09:25:23 mail postfix/cleanup[17985]: B79381A2135: message-id=<[email protected]> Dec 11 09:25:23 mail postfix/smtpd[17976]: disconnect from unknown[10.188.1.86] Dec 11 09:25:23 mail postfix/qmgr[57578]: B79381A2135: from= , size=2029, nrcpt=1 (queue active) Dec 11 09:25:25 mail postfix/smtpd[17993]: initializing the server-side TLS engine Dec 11 09:25:25 mail postfix/smtpd[17993]: connect from localhost[127.0.0.1] Dec 11 09:25:25 mail postfix/smtpd[17993]: 0B6E51A2149: client=localhost[127.0.0.1] Dec 11 09:25:25 mail postfix/cleanup[17985]: 0B6E51A2149: message-id=<[email protected]> Dec 11 09:25:25 mail postfix/qmgr[57578]: 0B6E51A2149: from= , size=3295, nrcpt=1 (queue active) Dec 11 09:25:25 mail amavis[17965]: (17965-01) Passed SPAM, [10.188.1.86] [10.188.1.86] -> , quarantine: spam-Cf07BG0OO0xy.gz, Message-ID: <[email protected]>, mail_id: Cf07BG0OO0xy, Hits: 998.797, size: 2208, queued_as: 0B6E51A2149, 1077 ms Dec 11 09:25:25 mail postfix/lmtp[17987]: B79381A2135: to= , relay=127.0.0.1[127.0.0.1]:10028, delay=1.5, delays=0.23/0.04/0.04/1.2, dsn=2.6.0, status=sent (250 2.6.0 Message accepted for delivery) Dec 11 09:25:25 mail postfix/qmgr[57578]: B79381A2135: removed Dec 11 09:25:25 mail postfix/pipe[17994]: 0B6E51A2149: to= , relay=maildrop, delay=0.25, delays=0.04/0.04/0/0.18, dsn=2.0.0, status=sent (delivered via maildrop service) Dec 11 09:25:25 mail postfix/qmgr[57578]: 0B6E51A2149: removed
这回没有报错信息了
4、再来查看信头
X-DSPAM-Result: Whitelisted X-DSPAM-Processed: Thu Dec 11 09:25:24 2014 X-DSPAM-Confidence: 0.9902 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 1,5488f284633212468127837 X-Quarantine-ID:X-Virus-Scanned: amavisd-new at yourmail.com X-Spam-Flag: YES X-Spam-Score: 998.797 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=998.797 tagged_above=2 required=6.2 tests=[ALL_TRUSTED=-1, DSPAM_AWL=-1.05, FROM_EXCESS_BASE64=0.105, GTUBE=1000, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=1.105, TVD_SPACE_RATIO=0.001, DSPAM:Whitelisted=-1.000] autolearn=no autolearn_force=no X-DSPAM-Result: Whitelisted X-DSPAM-Processed: Thu Dec 11 09:25:24 2014 X-DSPAM-Confidence: 0.9902 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 1,5488f283633214439921469
结论:
测试邮件发多了,DSPAM已自动将发件人放进白名单了;
amavisd调用了SA扫描垃圾,判定为垃圾,投放到“垃圾邮件”箱中;
可以在X-Spam-Status看到DSPAM:Whitelisted=-1.000,这表明DSPAM作为SA的插件,执行了分数减1的操作;
autolearn=no表示amavisd调用SA自动学习白名单没有设置,后面关于amavisd启动黑白名单会讲。