Postfix邮箱(七):测试Amavisd-new+SpamAssassin+Clamav

1、测试amavisd端口10024

postfix将邮件发给内容过滤器amavisd:10024

[root@mail ~]# telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.

成功


2、测试postfix端口10025连接

amavisd调用SA或clamd扫描完邮件后,将邮件回注给postfix:10025

[root@mail ~]# telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

成功


3、测试病毒邮件

(1)发送病毒邮件:

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost                       #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login                           #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20=     #输入postmaster账号的base64编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA==                         #输入其密码的base64编码
235 2.7.0 Authentication successful
mail from:<[email protected]>  #输入发件箱
250 2.1.0 Ok
rcpt to:<[email protected]>          #输入收件箱
250 2.1.5 Ok
data                                 #输入数据内容命令
354 End data with <CR><LF>.<CR><LF>
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*        @#输入病毒字符串
.                                    #输入.结束data输入
250 2.0.0 Ok: queued as 039B41A2129  #039B41A2129是此邮件的ID号
quit                                 #退出
221 2.0.0 Bye
Connection closed by foreign host.

(2)查看日志:

[root@mail ~]# tailf /var/log/maillog
Dec  5 13:59:06 mail postfix/smtpd[33105]: 039B41A2129: client=localhost[::1], sasl_method=login, [email protected]
Dec  5 13:59:16 mail postfix/cleanup[33115]: 039B41A2129: message-id=<[email protected]>
Dec  5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: from=<[email protected]>, size=430, nrcpt=1 (queue active)
#039B41A2129是postmaster发出的邮件ID号
Dec  5 13:59:16 mail postfix/smtpd[33119]: initializing the server-side TLS engine
Dec  5 13:59:16 mail postfix/smtpd[33119]: connect from localhost[127.0.0.1]
Dec  5 13:59:16 mail postfix/smtpd[33119]: B00BE1A2131: client=localhost[127.0.0.1]
Dec  5 13:59:16 mail postfix/cleanup[33115]: B00BE1A2131: message-id=<[email protected]>
Dec  5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: from=<[email protected]>, size=2212, nrcpt=1 (queue active)
Dec  5 13:59:16 mail amavis[33064]: (33064-01) Blocked INFECTED (Eicar-Test-Signature) {NoBounceInbound,Quarantined}, [::1]:42295 [::1] <[email protected]> -> <[email protected]>, quarantine: virus-6t1HGplBpVw3, Message-ID: <[email protected]>, mail_id: 6t1HGplBpVw3, Hits: -, size: 430, 374 ms
#B00BE1A2131是amavisd将处理后的病毒邮件发给virusalert账号,同时保存病毒邮件报告到/var/virusmails/,名称是virus-6t1HGplBpVw3
#Blocked INFECTED (Eicar-Test-Signature)表示amavis调用clamav检测到病毒,也就是说postfix+amavisd+clamAV整合成功
Dec  5 13:59:16 mail postfix/smtp[33116]: 039B41A2129: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=16/0.09/0.02/0.36, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=33064-01, DISCARD(bounce.suppressed))
Dec  5 13:59:16 mail postfix/qmgr[32477]: 039B41A2129: removed
#amavisd将原始邮件还给postfix,DISCARD(bounce.suppressed)丢弃(抑制反弹)表示将邮件丢弃了,test是收不到邮件的。
Dec  5 13:59:16 mail postfix/pipe[33120]: B00BE1A2131: to=<[email protected]>, relay=maildrop, delay=0.19, delays=0.04/0.03/0/0.13, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. )
Dec  5 13:59:16 mail postfix/cleanup[33115]: DFFA91A2130: message-id=<[email protected]>
Dec  5 13:59:16 mail postfix/qmgr[32477]: DFFA91A2130: from=<>, size=4184, nrcpt=1 (queue active)
Dec  5 13:59:16 mail postfix/bounce[33122]: B00BE1A2131: sender non-delivery notification: DFFA91A2130
#因为做了别名,发送给别名virusalert的邮件B00BE1A2131,转变成DFFA91A2130发给实体邮箱postmaster
Dec  5 13:59:16 mail postfix/qmgr[32477]: B00BE1A2131: removed
Dec  5 13:59:17 mail postfix/pipe[33120]: DFFA91A2130: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=0.1, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  5 13:59:17 mail postfix/qmgr[32477]: DFFA91A2130: removed
Dec  5 13:59:17 mail postfix/smtpd[33105]: disconnect from localhost[::1]
#你将在邮箱postmaster中看到病毒报告邮件DFFA91A2130


(3)进入postmaster邮箱查看病毒邮件:

wKiom1SSWtOxuzWqAAMU7Anowqk945.jpg


4)查看信头,可以看到邮件编号正是DFFA91A2130:

wKioL1SSW4qSU0ERAAHUro6-3Xw082.jpg


(5)查看病毒邮件目录:

[root@mail ~]# ll /var/virusmails/
总用量 4
-rw-r-----. 1 amavis amavis 1027 12月  5 13:59 virus-6t1HGplBpVw3

(6)查看病毒邮件报告:

[root@mail ~]# cat /var/virusmails/virus-6t1HGplBpVw3 
Return-Path: <>
Delivered-To: virus-quarantine
X-Envelope-From: <[email protected]>
X-Envelope-To: <[email protected]>
X-Envelope-To-Blocked: <[email protected]>
X-Quarantine-ID: <6t1HGplBpVw3>
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
Received: from mail.yourmail.com ([127.0.0.1])
  by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id 6t1HGplBpVw3 for <[email protected]>;
  Fri,  5 Dec 2014 13:59:16 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
  by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 039B41A2129
  for <[email protected]>; Fri,  5 Dec 2014 13:58:59 +0800 (CST)
Message-Id: <[email protected]>
Date: Fri,  5 Dec 2014 13:58:59 +0800 (CST)
From: [email protected]
To: undisclosed-recipients:;
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


4、测试垃圾邮件

(1)发送垃圾邮件:

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourmail.com ESMTP Postfix - by yourmail.com
ehlo localhost                       #输入ehlo命令
250-mail.yourmail.com
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login                           #输入认证登陆命令
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB5b3VybWFpbC5jb20=     #输入postmaster账号的编码
334 UGFzc3dvcmQ6
ZXh0bWFpbA==                         #输入其密码的编码
235 2.7.0 Authentication successful
mail from:<[email protected]>  #输入发件箱
250 2.1.0 Ok
rcpt to:<[email protected]>          #输入收件箱
250 2.1.5 Ok
data                                 #输入数据内容命令
354 End data with <CR><LF>.<CR><LF>
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X        #输入垃圾字符串
.                                    #输入.结束data输入
250 2.0.0 Ok: queued as 336741A2129  #336741A2129是此邮件的ID号
quit                                 #退出
221 2.0.0 Bye
Connection closed by foreign host.


(2)查看日志:

tailf /var/log/maillog
Dec  5 14:26:11 mail postfix/smtpd[33239]: 336741A2129: client=localhost[::1], sasl_method=login, [email protected]
Dec  5 14:26:46 mail postfix/cleanup[33248]: 336741A2129: message-id=<[email protected]>
Dec  5 14:26:46 mail postfix/qmgr[32477]: 336741A2129: from=<[email protected]>, size=430, nrcpt=1 (queue active)
Dec  5 14:26:49 mail postfix/smtpd[33239]: disconnect from localhost[::1]
#336741A2129是postmaster发出的邮件ID号
Dec  5 14:26:49 mail amavis[33065]: (33065-01) INFO: no existing header field 'Subject', inserting it
#交给amavis扫描,提示邮件没有主题,amavis会给垃圾邮件插入一个“***Spam***”这样的主题,这是amavisd中的$sa_spam_subject_tag参数定义的
Dec  5 14:26:49 mail postfix/smtpd[33254]: initializing the server-side TLS engine
Dec  5 14:26:49 mail postfix/smtpd[33254]: connect from localhost[127.0.0.1]
Dec  5 14:26:49 mail postfix/smtpd[33254]: 5B38D1A2136: client=localhost[127.0.0.1]
Dec  5 14:26:49 mail postfix/cleanup[33248]: 5B38D1A2136: message-id=<[email protected]>
Dec  5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: from=<[email protected]>, size=1240, nrcpt=1 (queue active)
#5B38D1A2136是插入主题后的邮件
Dec  5 14:26:49 mail amavis[33065]: (33065-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [::1]:42299 [::1] <[email protected]> -> <[email protected]>, quarantine: spam-Z230tCIzZbzS.gz, Message-ID: <[email protected]>, mail_id: Z230tCIzZbzS, Hits: 1000.768, size: 430, queued_as: 5B38D1A2136, 2860 ms
#由于amavis设置垃圾邮件为PASS,即不进行拦截,因此显示Passed SPAM,设置拦截会显示Blocked SPAM,并发送报告给spam.police<[email protected]>
#同时将垃圾邮件保存一份到/var/virusmails/,名称是spam-Z230tCIzZbzS.gz
Dec  5 14:26:49 mail postfix/smtp[33251]: 336741A2129: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=43, delays=40/0.04/0.01/2.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5B38D1A2136)
Dec  5 14:26:49 mail postfix/qmgr[32477]: 336741A2129: removed
#amavisd将邮件还给postfix,用的是10024端口
Dec  5 14:26:49 mail postfix/pipe[33255]: 5B38D1A2136: to=<[email protected]>, relay=maildrop, delay=0.11, delays=0.02/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec  5 14:26:49 mail postfix/qmgr[32477]: 5B38D1A2136: removed[root@mail ~]# ll /var/virusmails/
#postfix将邮件发送给收件人test,这次是在原邮件基础上加了SPAM标题发出去了


(3)进入test邮箱查看收到的垃圾邮件

wKioL1SSW9rC8IVYAAEgzuzYPHY872.jpg

可以看到主题被插入了垃圾邮件提示符。


(4)查看信头

wKiom1SSW1eyii33AAPC5PSDuZQ662.jpg

可以看到邮件编号正是5B38D1A2136,以及SPAM标记的分数1000.768,远远超过了要求的6.2。


(5)查看垃圾邮件目录:

[root@mail ~]# ll /var/virusmails/
总用量 8
-rw-r-----. 1 amavis amavis  588 12月  5 14:26 spam-Z230tCIzZbzS.gz
-rw-r-----. 1 amavis amavis 1027 12月  5 13:59 virus-6t1HGplBpVw3

(6)查看垃圾邮件报告:

[root@mail ~]# gunzip /var/virusmails/spam-Z230tCIzZbzS.gz
[root@mail ~]# cat /var/virusmails/spam-Z230tCIzZbzS 
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <[email protected]>
X-Envelope-To: <[email protected]>
X-Envelope-To-Blocked:
X-Quarantine-ID: <Z230tCIzZbzS>
X-Spam-Flag: YES
X-Spam-Score: 1000.768
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=1000.768 tag=2 tag2=6.2 kill=6.9
  tests=[ALL_TRUSTED=-1, GTUBE=1000, MISSING_SUBJECT=1.767,
  TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no
Received: from mail.yourmail.com ([127.0.0.1])
  by localhost (mail.yourmail.com [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id Z230tCIzZbzS for <[email protected]>;
  Fri,  5 Dec 2014 14:26:46 +0800 (CST)
Received: from localhost (localhost [IPv6:::1])
  by mail.yourmail.com (Postfix - by yourmail.com) with ESMTPA id 336741A2129
  for <[email protected]>; Fri,  5 Dec 2014 14:26:06 +0800 (CST)
Message-Id: <[email protected]>
Date: Fri,  5 Dec 2014 14:26:06 +0800 (CST)
From: [email protected]
To: undisclosed-recipients:;
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

提示:如果设置的是拦截垃圾邮件,而垃圾邮件的tag分数设置太低,容易导致很多正常邮件

不能到达收件方;在postmaster中可以查看拦截的垃圾邮件报告。


5、留个作业给大家:

设置amavisd.conf中的垃圾过滤

$final_spam_destiny  = D_BOUNCE;

执行垃圾邮件测试,观察结果比对。


你可能感兴趣的:(postfix,ClamAV,病毒扫描,垃圾过滤)