Postfix

使用 postfix 調試 spamassassin

  • March 28, 2018

我正在嘗試在我的 postfix 郵件伺服器上設置 spamassassin milter。

SpamAssassin Server version 3.4.1
 running on Perl 5.20.2
 with SSL support (IO::Socket::SSL 2.019)
 with zlib support (Compress::Zlib 2.064)

Postfix mail_version = 2.11.3

當我通過將其添加到此行來啟動 milter 時:

smtpd_milters = unix:/spamassassin/spamd.sock unix:/clamav/clamav-milter.ctl unix:/opendkim/opendkim.sock

奇怪的是,發送郵件需要更長的時間才能完成(我認為 spamassassin 僅適用於收到的電子郵件),我得到以下日誌:

Jan 28 15:39:38 mymailserver spamd[22388]: spamd: got connection over /var/spool/postfix/spamassassin/spamd.sock
Jan 28 15:40:08 mymailserver spamd[22388]: spamd: timeout: (30 second socket timeout reading input from client)
Jan 28 15:40:08 mymailserver postfix/smtpd[29865]: warning: milter unix:/spamassassin/spamd.sock: unreasonable packet length: 1397768525 > 1073741823
Jan 28 15:40:08 mymailserver postfix/smtpd[29865]: warning: milter unix:/spamassassin/spamd.sock: read error in initial handshake

最後一個錯誤隨機變化,有時它抱怨期待某些東西但收到其他東西,這聽起來很合理,因為它在從套接字讀取時遇到問題。

我想學習如何調試它,但我什至不知道從哪裡開始。至少我確定套接字存在並且擁有正確的所有者,至少從got connection over ...我們可以排除套接字的存在和權限來看。

還有一些其他警告我不確定它們是否相關,但我正在考慮在之後解決這些問題

Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: Pigeonhole version 0.4.8 (0c4ae064f307+) initializing
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: file storage: Storage path `/var/mail/vmail/mydomain.com/me/sieve' not found
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: file storage: Using Sieve script path: /var/mail/vmail/mydomain.com/me/.dovecot.sieve
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: file storage: Storage path `/var/mail/vmail/mydomain.com/me/.dovecot.sieve' not found
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: storage: No default script location configured
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: User has no personal script
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: file storage: Storage path `/var/mail/vmail/sieve-before' not found
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: Location for sieve_before not found: /var/mail/vmail/sieve-before
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: file storage: Storage path `/var/mail/vmail/sieve-after' not found
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: Location for sieve_after not found: /var/mail/vmail/sieve-after
Jan 28 15:40:09 mymailserver dovecot: lda(me@mydomain.com): Debug: sieve: No scripts to execute: reverting to default delivery.

** 更新 1 **

這是我的 main.cf 的內容

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
local_recipient_maps = unix:passwd.byname $alias_maps
mailbox_size_limit = 0
message_size_limit = 104857600
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mydestination = localhost.$mydomain, localhost, $mydomain
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 10.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = $smtpd_milters
readme_directory = no
recipient_delimiter = +
relay_destination_concurrency_limit = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
smtpd_milters = unix:/clamav/clamav-milter.ctl unix:/opendkim/opendkim.sock
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_checks, reject_unknown_sender_domain, reject_sender_login_mismatch
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/mail_example_com.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/ssl/private/mail_example_com.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
virtual_transport = dovecot

如果我理解正確,則 spamassassin(或 spamd,如您在此處使用的)不能直接用作 milter。

除了 spamassassin 之外,您還需要 spamass-milter。

請參閱此處: http: //www.stefan-seelmann.de/wiki/mailserver-postfix-dovecot 或此處: https ://www.nesono.com/node/220 以供參考。

正如公認的答案所指出的,有幾個組件可以使它起作用。我已經安裝了 spamassassin 和 spamass-milter。

但是,在設置過程中,我誤解瞭如何設置套接字,所以這裡是相關的文件/行

首先 /etc/default/spamassassin :

OPTIONS="-x --max-children 5 --nouser-config --helper-home-dir /var/lib/spamassassin -u debian-spamd -g debian-spamd --siteconfigpath /etc/spamassassin --socketpath=/var/run/spamassassin/spamd.sock --socketowner=debian-spamd --socketgro$

第二個 /etc/default/spamass-milter :

OPTIONS="-u spamass-milter -i 127.0.0.1 -m -I -- --socket=/var/run/spamassassin/spamd.sock"

最後,/etc/postfix/main.cf

smtpd_milters = unix:/spamass/spamass.sock

所以總而言之,據我了解,使用了幾個套接字。一種用於 milter 和 spamassassin (spamd.sock) 之間的通信,另一種用於 Postfix 和 milter (spamass.sock) 之間的通信。以前我強迫他們都使用同一個套接字,這解釋了為什麼有時它會工作(偶然),有時錯誤會指出一些意想不到的東西……

因此,在正確設置這些之後,有關 spamassassin 的錯誤消失了,性能恢復了。我也沒有看到更多與篩子相關的消息,但我不完全確定它們是否相關。除了上述之外,我沒有進行任何其他配置更改。

引用自:https://serverfault.com/questions/752437