一、测试DSPAM(未使用amavisd调用DSPAM)- 一般邮件 1、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com 主题:1111111111111 内容空
说明:前面的博文说过了,需要再搭建一个一样的邮件系统来模拟外部邮件; 如果你的域是万网之类的地方注册的,可以解析到你的邮箱服务器就可以直接用QQ邮箱发。
2、查看日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | [root@mail ~] # tailf /var/log/maillog
Dec 10 09:22:37 mail postfix /smtpd [61297]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: <unknown[10.188.1.86]>: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
#触发DSPAM过滤器lmtp:[127.0.0.1]:10028
Dec 10 09:22:39 mail postfix /smtpd [61297]: 447941A2121: client=unknown[10.188.1.86]
Dec 10 09:22:39 mail postfix /cleanup [61307]: 447941A2121: message- id =<20141210012216.A50C743BAD14@mail.eplantstore.com>
Dec 10 09:22:39 mail postfix /qmgr [57578]: 447941A2121: from=<postmaster@eplantstore.com>, size=1013, nrcpt=1 (queue active)
Dec 10 09:22:39 mail postfix /smtpd [61297]: disconnect from unknown[10.188.1.86]
#邮件正常发出
Dec 10 09:22:44 mail postfix /smtpd [61314]: initializing the server-side TLS engine
Dec 10 09:22:44 mail postfix /smtpd [61314]: connect from localhost[127.0.0.1]
Dec 10 09:22:44 mail postfix /smtpd [61314]: 3B4541A2138: client=localhost[127.0.0.1]
Dec 10 09:22:44 mail postfix /cleanup [61307]: 3B4541A2138: message- id =<20141210012216.A50C743BAD14@mail.eplantstore.com>
Dec 10 09:22:44 mail postfix /qmgr [57578]: 3B4541A2138: from=<postmaster@eplantstore.com>, size=1633, nrcpt=1 (queue active)
#postfix将邮件交给amavisd扫描
Dec 10 09:22:44 mail amavis[61231]: (61231-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] <postmaster@eplantstore.com> -> < test @yourmail.com>, Message-ID: <20141210012216.A50C743BAD14@mail.eplantstore.com>, mail_id: bK_jEeiz4Lhq, Hits: -2.383, size: 1189, queued_as: 3B4541A2138, 4640 ms
Dec 10 09:22:44 mail postfix /pipe [61315]: 3B4541A2138: to=< test @yourmail.com>, relay=maildrop, delay=0.13, delays=0.03 /0 .03 /0/0 .08, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 10 09:22:44 mail postfix /qmgr [57578]: 3B4541A2138: removed
#amavisd调用clamav扫描病毒,通过并还给postfix
Dec 10 09:22:44 mail postfix /lmtp [61309]: 447941A2121: to=< test @yourmail.com>, relay=127.0.0.1[127.0.0.1]:10028, delay=6.6, delays=1.5 /0 .03 /0 .06 /5 , dsn=2.6.0, status=sent (250 2.6.0 < test @yourmail.com> Message accepted for delivery)
Dec 10 09:22:44 mail postfix /qmgr [57578]: 447941A2121: removed
#postfix将邮件交付给收件人
|
3、DSPAM页面的history中有一条垃圾扫描记录 显示了垃圾邮件判断结果、发送时间、发件人、邮件主题、其他信息 ![QQ截图20141210093143.png wKioL1SYvL_DYR4rAANt1M2NKTc734.jpg](http://image105.360doc.com/DownloadImg/2017/04/2321/97389608_1.jpg)
注意:系统管理员的主要工作将在这里操作,即人工判断为垃圾邮件的,点击AsSpam打入垃圾邮件; 经过长时间的学习,DSPAM系统将提高垃圾邮件的判断率,可以有意将一个邮箱账号发布到各种网站上, 以此来吸引垃圾邮件。
4、查看信头,最下方有一组DSPAM标记 1 2 3 4 5 | X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 10 09:22:39 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5487a05f580541723287998
|
5、查看DSPAM日志 1 2 3 | [root@mail ~] # tail /usr/local/dspam/var/dspam/system.log
1418174559 I postmaster 1,5487a05f580541723287998 1111111111111 0.193525
extmail Delivered <20141210012216.A50C743BAD14@mail.eplantstore.com>
|
二、测试DSPAM(未使用amavisd调用DSPAM)- 垃圾邮件 1、继续发一封邮件,主题和内容使用以下垃圾邮件测试代码
1 | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
|
2、查看日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@mail ~] # tailf /var/log/maillog
Dec 10 09:32:46 mail postfix /smtpd [61368]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: <unknown[10.188.1.86]>: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
Dec 10 09:32:46 mail postfix /smtpd [61368]: 2E16B1A2121: client=unknown[10.188.1.86]
Dec 10 09:32:46 mail postfix /cleanup [61378]: 2E16B1A2121: message- id =<20141210013228.0EB2743BAD14@mail.eplantstore.com>
Dec 10 09:32:46 mail postfix /qmgr [57578]: 2E16B1A2121: from=<postmaster@eplantstore.com>, size=1255, nrcpt=1 (queue active)
Dec 10 09:32:46 mail postfix /smtpd [61368]: disconnect from unknown[10.188.1.86]
Dec 10 09:32:48 mail postfix /smtpd [61384]: initializing the server-side TLS engine
Dec 10 09:32:48 mail postfix /smtpd [61384]: connect from localhost[127.0.0.1]
Dec 10 09:32:48 mail postfix /smtpd [61384]: BFE3E1A2141: client=localhost[127.0.0.1]
Dec 10 09:32:48 mail postfix /cleanup [61378]: BFE3E1A2141: message- id =<20141210013228.0EB2743BAD14@mail.eplantstore.com>
Dec 10 09:32:48 mail postfix /qmgr [57578]: BFE3E1A2141: from=<postmaster@eplantstore.com>, size=2316, nrcpt=1 (queue active)
Dec 10 09:32:48 mail amavis[61233]: (61233-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, [10.188.1.86] <postmaster@eplantstore.com> -> < test @yourmail.com>, quarantine: spam-iow5FVd_Jg1C.gz, Message-ID: <20141210013228.0EB2743BAD14@mail.eplantstore.com>, mail_id: iow5FVd_Jg1C, Hits: 997.617, size: 1431, queued_as: BFE3E1A2141, 2452 ms
#amavisd调用了SA扫描垃圾,判定为SPAM(垃圾),但仍然放行了,在/var/virusmails/中保存了垃圾邮件记录spam-iow5FVd_Jg1C.gz
#由于maidrop全局过滤,垃圾邮件到了客户端的“垃圾邮件”文件夹,使用POP3连接的客户端无法同步到,使用IMAP连接的客户端和WEB端可以看到垃圾邮件
Dec 10 09:32:48 mail postfix /lmtp [61380]: 2E16B1A2121: to=< test @yourmail.com>, relay=127.0.0.1[127.0.0.1]:10028, delay=2.7, delays=0.08 /0 .01 /0 .04 /2 .6, dsn=2.6.0, status=sent (250 2.6.0 < test @yourmail.com> Message accepted for delivery)
Dec 10 09:32:48 mail postfix /qmgr [57578]: 2E16B1A2121: removed
Dec 10 09:32:48 mail postfix /pipe [61385]: BFE3E1A2141: to=< test @yourmail.com>, relay=maildrop, delay=0.14, delays=0.03 /0 .04 /0/0 .06, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 10 09:32:48 mail postfix /qmgr [57578]: BFE3E1A2141: removed
|
3、查看信头 1 2 3 4 5 6 7 8 9 10 | X-Virus-Scanned: amavisd-new at yourmail.com
X-Spam-Flag: YES
X-Spam-Score: 997.617
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=997.617 tagged_above=2 required=6.2
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Dec 10 09:32:46 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5487a2be580545400920763
|
注意:垃圾邮件主题中会插件***Spam***标记 结论:此时amavisd和DSPAM各自工作正常
三、测试DSPAM(已使用amavisd-2.8.0调用DSPAM) 1、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com
2、查看日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | [root@mail ~] # tailf /var/log/maillog
Dec 9 15:41:42 mail postfix /smtpd [57810]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]:
<unknown[10.188.1.86]>: Client host triggers FILTER lmtp:[127.0.0.1]:10028;
from=<postmaster@eplantstore.com> to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
#客户端主机触发了DSPAM过滤器
Dec 9 15:41:44 mail postfix /smtpd [57810]: NOQUEUE: reject: RCPT from unknown[10.188.1.86]:
450 4.7.1 < test @yourmail.com>: Recipient address rejected: Try again,
see http: //bl .extmail.org /cgi/why ?greylist; from=<postmaster@eplantstore.com>
to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
#拒收邮件,因为是第一次接收对方邮件,Slockd的灰名单插件作用了,稍后重试
Dec 9 15:48:17 mail postfix /smtpd [57833]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: <unknown[10.188.1.86]>: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
Dec 9 15:48:17 mail postfix /smtpd [57833]: EA2AA1A211A: client=unknown[10.188.1.86]
Dec 9 15:48:17 mail postfix /cleanup [57843]: EA2AA1A211A: message- id =<20141209074132.59A6D440AA19@mail.eplantstore.com>
Dec 9 15:48:18 mail postfix /qmgr [57578]: EA2AA1A211A: from=<postmaster@eplantstore.com>, size=954, nrcpt=1 (queue active)
Dec 9 15:48:18 mail postfix /smtpd [57833]: disconnect from unknown[10.188.1.86]
#邮件发出来了
Dec 9 15:48:19 mail dspam[57851]: Unable to determine the destination user
Dec 9 15:48:19 mail dspam[57851]: DSPAM agent misconfigured: aborting
#dspam报错,dspam和amavisd都配置了--user extmail参数,应该是版本问题
Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)auto-learning with spam scanner DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam : exit 1
Dec 9 15:48:19 mail amavis[57071]: (57071-01) (!)Auto-learn failed: DSPAM failed: DSPAM: error running program /usr/local/dspam/bin/dspam : exit 1 at ( eval 108) line 207.
#amavis调用dspam报错,这是amavis-2.8.0版本的BUG,已在在2.8.1中修复了
#BUG官方说明:http://www./software/amavisd/release-notes.txt
Dec 9 15:48:19 mail postfix /smtpd [57852]: initializing the server-side TLS engine
Dec 9 15:48:19 mail postfix /smtpd [57852]: connect from localhost[127.0.0.1]
Dec 9 15:48:19 mail postfix /smtpd [57852]: 6E7A51A2142: client=localhost[127.0.0.1]
Dec 9 15:48:19 mail postfix /cleanup [57843]: 6E7A51A2142: message- id =<20141209074132.59A6D440AA19@mail.eplantstore.com>
Dec 9 15:48:19 mail postfix /qmgr [57578]: 6E7A51A2142: from=<postmaster@eplantstore.com>, size=1781, nrcpt=1 (queue active)
Dec 9 15:48:19 mail amavis[57071]: (57071-01) Passed CLEAN {RelayedInbound}, [10.188.1.86] <postmaster@eplantstore.com> -> < test @yourmail.com>, Message-ID: <20141209074132.59A6D440AA19@mail.eplantstore.com>, mail_id: nLJvfGg4h34C, Hits: -2.803, size: 1163, queued_as: 6E7A51A2142, 1414 ms
#postfix将邮件转给amavisd扫描
Dec 9 15:48:19 mail postfix /lmtp [57845]: EA2AA1A211A: to=< test @yourmail.com>, relay=127.0.0.1[127.0.0.1]:10028, delay=1.9, delays=0.36 /0 .02 /0 .04 /1 .5, dsn=2.6.0, status=sent (250 2.6.0 < test @yourmail.com> Message accepted for delivery)
Dec 9 15:48:19 mail postfix /qmgr [57578]: EA2AA1A211A: removed
#dspam还回邮件
Dec 9 15:48:19 mail postfix /pipe [57853]: 6E7A51A2142: to=< test @yourmail.com>, relay=maildrop, delay=0.21, delays=0.07 /0 .04 /0/0 .11, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 9 15:48:19 mail postfix /qmgr [57578]: 6E7A51A2142: removed
#amavis还回邮件
|
说明:由于我是先做的这个测试,所有灰名单先起作用,然后取消amavisd调用dspam,因此在测试一、二中没有灰名单作用了,不管你先测哪个,明白第一次收到对方的邮件时灰名单作用就行了。
3、查看信头 1 2 3 4 5 6 7 8 9 10 11 12 | X-DSPAM-Processed: Tue Dec 9 15:48:19 2014
X-DSPAM-Confidence: 0.9901
X-DSPAM-Probability: 0.0000
X-Virus-Scanned: amavisd-new at yourmail.com
X-DSPAM-Result: Innocent
X-DSPAM-Signature: 1,5486a943574271440440046
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Tue Dec 9 15:48:18 2014
X-DSPAM-Confidence: 0.7811
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5486a942574272128866500
|
说明:上部分是amavisd调用DSPAM产生的,下部分是postfix调用DSPAM产生的。
4、查看DSPAM页面 在DSPAM页面中的history查看Resent是因为灰名单插件,邮件发送两次进行了两次DSPAM处理 ![QQ截图20141223091505.png wKiom1SYwkqyYpIsAABIlsVB-i0970.jpg](http://image105.360doc.com/DownloadImg/2017/04/2321/97389608_2.jpg)
5、查看日志 1 2 3 4 5 | [root@mail ~] # tailf /var/log/maildrop.log
Date: Tue Dec 9 15:48:19 2014
From: "=?ISO-8859-1?B?cG9zdG1hc3Rlcg==?=" <postmaster@eplantstore.com>
Subj: =?ISO-8859-1?B?aGFhaGFoYWhhaA==?=
File: /home/domains/yourmail .com /test/Maildir/ (1814)
|
四、测试DSPAM(已使用amavisd-2.6.6调用DSPAM) 1、amavisd-new换成2.6.6版本 1 2 | [root@mail ~] # yum erase amavisd-new
[root@mail ~] # yum install amavisd-new-2.6.6
|
amavis的账号及组会重建,重新赋予权限 1 | [root@mail ~] # chown -R amavis.amavis /var/amavis/
|
重新将clamav用户加入amavis组 1 | [root@mail ~] # usermod -G amavis clamav
|
重新设置amavisd.conf,参考前面的博文 重启clamd和amavisd服务
2、外部邮箱postmaster@eplanstore.com发送一封邮件给test@yourmail.com
3、查看日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@mail ~] # tailf /var/log/maillog
Dec 11 09:25:23 mail postfix /smtpd [17976]: NOQUEUE: filter: RCPT from unknown[10.188.1.86]: <unknown[10.188.1.86]>: Client host triggers FILTER lmtp:[127.0.0.1]:10028; from=<postmaster@eplantstore.com> to=< test @yourmail.com> proto=ESMTP helo=<mail.eplantstore.com>
Dec 11 09:25:23 mail postfix /smtpd [17976]: B79381A2135: client=unknown[10.188.1.86]
Dec 11 09:25:23 mail postfix /cleanup [17985]: B79381A2135: message- id =<20141211012455.44E6B416F82E@mail.eplantstore.com>
Dec 11 09:25:23 mail postfix /smtpd [17976]: disconnect from unknown[10.188.1.86]
Dec 11 09:25:23 mail postfix /qmgr [57578]: B79381A2135: from=<postmaster@eplantstore.com>, size=2029, nrcpt=1 (queue active)
Dec 11 09:25:25 mail postfix /smtpd [17993]: initializing the server-side TLS engine
Dec 11 09:25:25 mail postfix /smtpd [17993]: connect from localhost[127.0.0.1]
Dec 11 09:25:25 mail postfix /smtpd [17993]: 0B6E51A2149: client=localhost[127.0.0.1]
Dec 11 09:25:25 mail postfix /cleanup [17985]: 0B6E51A2149: message- id =<20141211012455.44E6B416F82E@mail.eplantstore.com>
Dec 11 09:25:25 mail postfix /qmgr [57578]: 0B6E51A2149: from=<postmaster@eplantstore.com>, size=3295, nrcpt=1 (queue active)
Dec 11 09:25:25 mail amavis[17965]: (17965-01) Passed SPAM, [10.188.1.86] [10.188.1.86] <postmaster@eplantstore.com> -> < test @yourmail.com>, quarantine: spam-Cf07BG0OO0xy.gz, Message-ID: <20141211012455.44E6B416F82E@mail.eplantstore.com>, mail_id: Cf07BG0OO0xy, Hits: 998.797, size: 2208, queued_as: 0B6E51A2149, 1077 ms
Dec 11 09:25:25 mail postfix /lmtp [17987]: B79381A2135: to=< test @yourmail.com>, relay=127.0.0.1[127.0.0.1]:10028, delay=1.5, delays=0.23 /0 .04 /0 .04 /1 .2, dsn=2.6.0, status=sent (250 2.6.0 < test @yourmail.com> Message accepted for delivery)
Dec 11 09:25:25 mail postfix /qmgr [57578]: B79381A2135: removed
Dec 11 09:25:25 mail postfix /pipe [17994]: 0B6E51A2149: to=< test @yourmail.com>, relay=maildrop, delay=0.25, delays=0.04 /0 .04 /0/0 .18, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 11 09:25:25 mail postfix /qmgr [57578]: 0B6E51A2149: removed
|
这回没有报错信息了
4、再来查看信头 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | X-DSPAM-Result: Whitelisted
X-DSPAM-Processed: Thu Dec 11 09:25:24 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5488f284633212468127837
X-Quarantine-ID: <Cf07BG0OO0xy>
X-Virus-Scanned: amavisd-new at yourmail.com
X-Spam-Flag: YES
X-Spam-Score: 998.797
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=998.797 tagged_above=2 required=6.2
tests=[ALL_TRUSTED=-1, DSPAM_AWL=-1.05, FROM_EXCESS_BASE64=0.105,
GTUBE=1000, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
MIME_HTML_ONLY=1.105, TVD_SPACE_RATIO=0.001, DSPAM:Whitelisted=-1.000]
autolearn=no autolearn_force=no
X-DSPAM-Result: Whitelisted
X-DSPAM-Processed: Thu Dec 11 09:25:24 2014
X-DSPAM-Confidence: 0.9902
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 1,5488f283633214439921469
|
结论: 测试邮件发多了,DSPAM已自动将发件人放进白名单了; amavisd调用了SA扫描垃圾,判定为垃圾,投放到“垃圾邮件”箱中; 可以在X-Spam-Status看到DSPAM:Whitelisted=-1.000,这表明DSPAM作为SA的插件,执行了分数减1的操作; autolearn=no表示amavisd调用SA自动学习白名单没有设置,后面关于amavisd启动黑白名单会讲。
|