Polskie Forum Użytkowników Debiana

Cześć.
Nie znam się na serwerach pocztowych, jeden odziedziczyłem i nim zarządzam. Otóż mam następujący problem. Jedno konto wysyła i odbiera maile tylko gdy klient pocztowy znajduje się w sieci, w której jest serwer. Gdy np. pracownik próbuje wysłać maila z domu to mój serwer zwraca mu maila jako spam, i to z różnych adresów ip. Gdzie może być opcja żeby to zmienić?

Więc tak - czytając Twój post aż kusi mnie żeby na niego odpowiedzieć w taki sam sposób w jakim został napisany, czyli odpowiedź brzmiałaby:

Kod: Zaznacz cały

Opcja ta może być (właściwie jest) w pliku konfiguracyjnym postfixa

Nie obraź się i nie złość (przepraszam, że padło na Ciebie) jednak ostatnio coraz więcej jest takich postów. Nie wiem czy zapoznałeś się z działem dla początkujących - jeżeli nie chcesz być potraktowany olewczo to proszę zapoznaj się z nim raz jeszcze. Postaraj się włożyć trochę wysiłku ze swojej strony.
Wiem, że napisałeś, że nie znasz się (jednak to nie jest usprawiedliwienie) - puść w ruch wyszukiwarki. Jakieś manuale itp. Uwierz mi, że dzięki temu możesz się o wiele więcej nauczyć.

Wracając do Twojego pytania poszukaj w pliku main.cf. Jednak wcześniej przestudiuj zwrotkę jaką dostają użytkownicy - powinna Ci pomóc i naprowadzić Cię gdzie i w czym jest problem.

Jeżeli wcześniej nikt nie próbował się łączyć z serwerem z poza sieci lokalnej to na 99% chodzi o opcje mynetworks i mydestination lub też tożsame im opcje dot. domen. Poczytaj tu: http://www.postfix.org/basic.html

Chodzi, że tak się dzieje w przypadku jednego konta, wszystkie inne działają prawidłowo.

Wracając do Twojego pytania przestudiuj zwrotkę jaką dostaje użytkownik - powinna Ci pomóc i naprowadzić Cię gdzie i w czym jest problem. Ewentualnie logi.

Użytkownik dostaje coś takiego, ma w domu noestradę ale już kilka razy zmienił mu się ip, a błąd cały czas ten sam. Dodałem jego ip i nazwę do listy dostępnych i nadal to samo nie wiem co jeszcze można zrobić.

Kod: Zaznacz cały

A message from <wdarek@xxx> to:
-> arch_out@xxx
-> wdarek@xxx

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 06194-07/MKiqBIhyL28Y

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.

First upstream SMTP client IP address: [83.23.89.125]
 ddl125.neoplus.adsl.tpnet.pl
According to a 'Received:' trace, the message originated at: [83.23.89.125],
 Inbox (ddl125.neoplus.adsl.tpnet.pl [83.23.89.125])\t (using SSLv3 with
 cipher RC4-MD5 (128/128 bits)

Return-Path: <wdarek@xxx.pl>
Message-ID: <20100118194950.0F9C03A9FE4@poczta.xxx.pl>
Subject: Proba z wdarek

Problem fajny.
Jednak bez pełnych plików konfiguracyjnych oraz pełnych informacji od Ciebie nie będziemy w stanie się tym zająć. Dodatkowo logi. Zwrotkę już mamy, tak na pierwszy rzut oka mogę powiedzieć, że dynamiczne adresy IP są blokowane. Jednak tu był podobny problem:

http://debian.linux.pl/viewtopic.php?t=4038

Mógłbyś nam powiedzieć czy jakieś uwierzytelnienia, zabezpieczenia są uruchamiane z postfixem?

Zawartość pliku main.cf:

Kod: Zaznacz cały

virtual_mailbox_base 		=	/var/mail/vmail
virtual_alias_maps 		=	mysql:/usr/local/etc/postfix/mysql/forwardings
virtual_mailbox_domains 	=	mysql:/usr/local/etc/postfix/mysql/domena
virtual_mailbox_maps 		=	mysql:/usr/local/etc/postfix/mysql/skrzynki
virtual_gid_maps 		=	static:1002
virtual_mailbox_limit 		=	51200000
virtual_minimum_uid 		=	1002
virtual_uid_maps 		=	static:1002
#virtual_transport 		=	virtual

recipient_bcc_maps	=	mysql:/usr/local/etc/postfix/mysql/bcc_in
sender_bcc_maps		=	mysql:/usr/local/etc/postfix/mysql/bcc_out



queue_directory = /var/spool/postfix
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
alias_maps 			=	hash:/usr/local/etc/postfix/aliases
alias_database 			=	hash:/usr/local/etc/postfix/aliases
body_checks			=	pcre:/usr/local/etc/postfix/body_checks
mail_spool_directory 		=	/var/mail/vmail
sample_directory = /usr/local/etc/postfix
manpage_directory = /usr/local/man
mailq_path = /usr/local/bin/mailq
command_directory = /usr/local/sbin
config_directory		=	/usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix


mail_owner = postfix
myhostname			=	poczta.serwer.pl
mydomain 			=	serwer.pl
myorigin = $mydomain
mydestination 			=	127.0.0.1/8
inet_interfaces 		=	all
debug_peer_level 		=	3
local_recipient_maps		=	$alias_maps unix :p asswd.byname
mynetworks 			=	127.0.0.0/8 
					83.18.43.150
					79.188.201.170
					83.238.211.169
					80.53.96.106
					
					
smtpd_banner 			=	$myhostname ESMTP nazwa-firma

			
smtpd_recipient_limit		=	80


readme_directory = no
html_directory = no
setgid_group = maildrop





#smtpd_helo_restriction		=	reject_unauth_pipeling,
#					reject_invalid_hostname,
#					permit

smtpd_helo_required		=	yes



##########################
content_filter=amavis:[127.0.0.1]:10024
relay_domains = 127.0.0.0/8
#sample_directory = /usr/local/etc/postfix
#setgid_group = maildrop
#smtpd_error_sleep_time = 3
#smtpd_hard_error_limit = 5
#mtpd_soft_error_limit = 3
unknown_local_recipient_reject_code = 450
##########################
#TLS
##########################
smtp_use_tls			=	yes
smtpd_use_tls			=	yes
smtpd_auth_only			=	yes
smtp_tls_note_starttls_offer	=	yes
#smtpd_tls_key_file		=	/usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_key_file		=	/usr/local/etc/postfix/ssl2/poczta.serwer.pl.key
#smtpd_tls_cert_file		=	/usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_cert_file		=	/usr/local/etc/postfix/ssl2/poczta.serwer.pl.crt
#smtpd_tls_CAfile		=	/usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_loglevel		=	2
smtpd_tls_received_header	=	yes
smtpd_tls_session_cache_timeout	=	3600s
tls_random_source		=	dev:/dev/random


##########################
#SASL2
##########################
smtpd_sasl_auth_enable		=	yes
broken_sasl_auth_clients 	=	yes
smtpd_sasl_security_options 	=	noanonymous
smtp_sasl_local_domain		=	


smtpd_helo_restrictions = 
    reject_unauth_pipelining
    reject_invalid_hostname
    permit
    

#Restrykcje - Sprawdzanie poczty na podstawie adresu nadawcy listu (RCPT TO):
smtpd_recipient_restrictions = 
			permit_mynetworks
			permit_sasl_authenticated
			reject_unauth_destination
			check_recipient_access			cidr:/usr/local/etc/postfix/sinokoreacidr
			reject_unknown_hostname
			reject_non_fqdn_hostname
			reject_unknown_recipient_domain
			check_sender_access			hash:/usr/local/etc/postfix/nasze_domeny


#			reject_non_fqdn_recipient
#			reject_unknown_sender_domain
#			warn_if_reject reject_unknown_recipient_domain
#			reject_rbl_client list.dsbl.org
#			reject_rbl_client sbl-xbl.spamhaus.org
#			reject_rbl_client relay.ordb.org
#			reject_rbl_client dnsbl.njabl.org

			permit			


# Restrykcje - Sprawdzenie IP komputera, z którego wysyłana jest wiadomość
smtpd_client_restrictions = 
			permit_sasl_authenticated
			permit_mynetworks
#			reject_unknown_client
#			reject_rbl_client relays.ordb.org
#			reject_rbl_client dnsbl.njabl.org
#			reject_rbl_client sbl-xbl.spamhaus.org
			check_client_access 			hash:/usr/local/etc/postfix/access				
#			reject_rbl_client dul.dnsbl.sorbs.net

			
# Restrykcje - Sprawdzanie poczty na podstawie adresu odbiorcy listu (MAIL FROM): 
smtpd_sender_restrictions =	
			permit_sasl_authenticated
#			reject_unknown_sender_domain
			reject_non_fqdn_sender
#			reject_unknown_adress
			check_sender_access			mysql:/usr/local/etc/postfix/mysql/sender_access
			reject_sender_login_mismatch
			reject_unauth_pipelining
			permit
##########################
#dodatkowe parametry										#
##########################

bounce_queue_lifetime 		=	3h
maximal_queue_lifetime 		=	4h
berkeley_db_create_buffer_size 	=	16777216
berkeley_db_read_buffer_size 	=	131072
body_checks_size_limit 		=	51200
bounce_size_limit 		=	50000
header_size_limit 		=	102400
mailbox_size_limit 		=	1000000000
message_size_limit 		=	40960000
delay_warning_time		=	2h
transport_retry_time 		=	10m
minimal_backoff_time 		=	600s

Postaram się jeszcze o jakieś logi z prób wysłania.

Piszę post pod postem żeby ktoś go zauważył
w poscie http://debian.linux.pl/showthread.php?t=3761 jest jakiś problem z dodaniem domeny, ja natomiast nic nie dodawałem do konfiugracji postfixa, poza kontami. Niewiem dlaczego ale problem nie dotyczy juz jednego konta a kliku. W jednej lokalizacji (na jednym ip) ludziom działa poczta i inni nie mogą wysyłać bo są UBE, szukałem w googlach i znalazłem coś o amavisie. nieżej jest mój plik amavisd.conf

Zawartość pliku main.cf:

Kod: Zaznacz cały

virtual_mailbox_base         =    /var/mail/vmail
virtual_alias_maps         =    mysql:/usr/local/etc/postfix/mysql/forwardings
virtual_mailbox_domains     =    mysql:/usr/local/etc/postfix/mysql/domena
virtual_mailbox_maps         =    mysql:/usr/local/etc/postfix/mysql/skrzynki
virtual_gid_maps         =    static:1002
virtual_mailbox_limit         =    51200000
virtual_minimum_uid         =    1002
virtual_uid_maps         =    static:1002
#virtual_transport         =    virtual

recipient_bcc_maps    =    mysql:/usr/local/etc/postfix/mysql/bcc_in
sender_bcc_maps        =    mysql:/usr/local/etc/postfix/mysql/bcc_out



queue_directory = /var/spool/postfix
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
alias_maps             =    hash:/usr/local/etc/postfix/aliases
alias_database             =    hash:/usr/local/etc/postfix/aliases
body_checks            =    pcre:/usr/local/etc/postfix/body_checks
mail_spool_directory         =    /var/mail/vmail
sample_directory = /usr/local/etc/postfix
manpage_directory = /usr/local/man
mailq_path = /usr/local/bin/mailq
command_directory = /usr/local/sbin
config_directory        =    /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix


mail_owner = postfix
myhostname            =    poczta.serwer.pl
mydomain             =    serwer.pl
myorigin = $mydomain
mydestination             =    127.0.0.1/8
inet_interfaces         =    all
debug_peer_level         =    3
local_recipient_maps        =    $alias_maps unix :p asswd.byname
mynetworks             =    127.0.0.0/8 
                    83.18.43.150
                    79.188.201.170
                    83.238.211.169
                    80.53.96.106
                    
                    
smtpd_banner             =    $myhostname ESMTP nazwa-firma

            
smtpd_recipient_limit        =    80


readme_directory = no
html_directory = no
setgid_group = maildrop





#smtpd_helo_restriction        =    reject_unauth_pipeling,
#                    reject_invalid_hostname,
#                    permit

smtpd_helo_required        =    yes



##########################
content_filter=amavis:[127.0.0.1]:10024
relay_domains = 127.0.0.0/8
#sample_directory = /usr/local/etc/postfix
#setgid_group = maildrop
#smtpd_error_sleep_time = 3
#smtpd_hard_error_limit = 5
#mtpd_soft_error_limit = 3
unknown_local_recipient_reject_code = 450
##########################
#TLS
##########################
smtp_use_tls            =    yes
smtpd_use_tls            =    yes
smtpd_auth_only            =    yes
smtp_tls_note_starttls_offer    =    yes
#smtpd_tls_key_file        =    /usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_key_file        =    /usr/local/etc/postfix/ssl2/poczta.serwer.pl.key
#smtpd_tls_cert_file        =    /usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_cert_file        =    /usr/local/etc/postfix/ssl2/poczta.serwer.pl.crt
#smtpd_tls_CAfile        =    /usr/local/etc/postfix/ssl/cert.pem
smtpd_tls_loglevel        =    2
smtpd_tls_received_header    =    yes
smtpd_tls_session_cache_timeout    =    3600s
tls_random_source        =    dev:/dev/random


##########################
#SASL2
##########################
smtpd_sasl_auth_enable        =    yes
broken_sasl_auth_clients     =    yes
smtpd_sasl_security_options     =    noanonymous
smtp_sasl_local_domain        =    


smtpd_helo_restrictions = 
    reject_unauth_pipelining
    reject_invalid_hostname
    permit
    

#Restrykcje - Sprawdzanie poczty na podstawie adresu nadawcy listu (RCPT TO):
smtpd_recipient_restrictions = 
            permit_mynetworks
            permit_sasl_authenticated
            reject_unauth_destination
            check_recipient_access            cidr:/usr/local/etc/postfix/sinokoreacidr
            reject_unknown_hostname
            reject_non_fqdn_hostname
            reject_unknown_recipient_domain
            check_sender_access            hash:/usr/local/etc/postfix/nasze_domeny


#            reject_non_fqdn_recipient
#            reject_unknown_sender_domain
#            warn_if_reject reject_unknown_recipient_domain
#            reject_rbl_client list.dsbl.org
#            reject_rbl_client sbl-xbl.spamhaus.org
#            reject_rbl_client relay.ordb.org
#            reject_rbl_client dnsbl.njabl.org

            permit            


# Restrykcje - Sprawdzenie IP komputera, z którego wysyłana jest wiadomość
smtpd_client_restrictions = 
            permit_sasl_authenticated
            permit_mynetworks
#            reject_unknown_client
#            reject_rbl_client relays.ordb.org
#            reject_rbl_client dnsbl.njabl.org
#            reject_rbl_client sbl-xbl.spamhaus.org
            check_client_access             hash:/usr/local/etc/postfix/access                
#            reject_rbl_client dul.dnsbl.sorbs.net

            
# Restrykcje - Sprawdzanie poczty na podstawie adresu odbiorcy listu (MAIL FROM): 
smtpd_sender_restrictions =    
            permit_sasl_authenticated
#            reject_unknown_sender_domain
            reject_non_fqdn_sender
#            reject_unknown_adress
            check_sender_access            mysql:/usr/local/etc/postfix/mysql/sender_access
            reject_sender_login_mismatch
            reject_unauth_pipelining
            permit
##########################
#dodatkowe parametry                                        #
##########################

bounce_queue_lifetime         =    3h
maximal_queue_lifetime         =    4h
berkeley_db_create_buffer_size     =    16777216
berkeley_db_read_buffer_size     =    131072
body_checks_size_limit         =    51200
bounce_size_limit         =    50000
header_size_limit         =    102400
mailbox_size_limit         =    1000000000
message_size_limit         =    40960000
delay_warning_time        =    2h
transport_retry_time         =    10m
minimal_backoff_time         =    600s

amavisd.conf

Kod: Zaznacz cały

serwer:~# cat amavisd.conf 
use strict;


$max_servers = 10;            # num of pre-forked children (2..15 is common), -m
$daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'vscan';     # (no default;  customary: vscan or amavis), -g

$mydomain = 'amermedia.pl';   # a convenient default for other settings


$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/virusmails';  # -Q

$db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
$helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S

@local_domains_maps = ( ["."] );

$log_level = 3;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'mail';   # Syslog facility as a string
           # e.g.: mail, daemon, user, local0, ... local7
$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
           # choose from: emerg, alert, crit, err, warning, notice, info, debug

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
                # option(s) -p overrides $inet_socket_port and $unix_socketname

$interface_policy{'SOCK'}='AM.PDP-SOCK';  # only relevant with $unix_socketname

$policy_bank{'AM.PDP-SOCK'} = { protocol=>'AM.PDP' };

$sa_tag_level_deflt  = -100;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 4.53; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent


$sa_mail_body_size_limit = 512*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?


$virus_admin               = "virusalert\@amermedia.pl";  # notifications recip.
#$virus_admin               = "virusalert@amermedia.pl";  # notifications recip.

$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name


 $myhostname = 'localhost';  # must be a fully-qualified domain name!

$notify_method  = 'smtp:[127.0.0.1]:10025';


 $final_virus_destiny      = D_DISCARD;
 $final_banned_destiny     = D_BOUNCE;
 $final_spam_destiny       = D_BOUNCE;
 $final_bad_header_destiny = D_PASS;


$warnvirusrecip=0;
$virus_quarantine_to=undef;

@keep_decoded_original_maps = (new_RE(
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));


$banned_filename_re = new_RE(
  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

  [ qr'^pliczek.(zip)$'           => 0 ],  # allow zip o nazwie "pliczek"
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic


);

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),


   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)          #[B]tutaj probowalem dodac konta z ktorymi jest problem ale niestety nadal nie działa jak powinno[/B]
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,
    'ludmila@domena.ru'            => -3.0,
    'nika@domena.ru'            => -3.0,
    'wkasia@domena.com.pl'            => -3.0,
    'pwos@domena.com.pl'            => -3.0,
    'wdarek@domena.com.pl'            => -4.0,
    'bamer@domena.com.pl'            => -2.0,
    'pawel@domena.com.pl'            => -4.0,
    'smarzena@domena.com.pl'        => -5.0,
    'miccntwll@aol.com'            => -2.0,
    'amazein@msn.com'            => -2.0,
    '@kaspersky.pl'                => -5.0,
    'mmotyl@freeandstyle.com.pl'        => -5.0,
    '@achilles.pl'                => -4.0,
    'wdarek@domena.com.pl'            => -4.0,
    'wdarek@domena2.pl'            => -4.0,
    '@domena.com.pl'            => -2.0,
    '@domena3.com.pl'                => -4.0,
    '@domena4.net.pl'                => -4.0,    
    '@domena5.pl'            => -4.0,    
        
   },
  ],  # end of site-wide tables
});


@decoders = (
  ['mail', \&do_mime_decode],
  ['asc',  \&do_ascii],
  ['uue',  \&do_ascii],
  ['hqx',  \&do_ascii],
  ['ync',  \&do_ascii],
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
  ['gz',   \&do_uncompress,  'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
  ['lzo',  \&do_uncompress,  'lzop -d'],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_tar],
  ['deb',  \&do_ar,          'ar'],
# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill
  ['zip',  \&do_unzip],
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
  ['lha',  \&do_lha,         'lha'],
# ['doc',  \&do_ole,         'ripole'],
  ['cab',  \&do_cabextract,  'cabextract'],
  ['tnef', \&do_tnef_ext,    'tnef'],
  ['tnef', \&do_tnef],
# ['sit',  \&do_unstuff,     'unstuff'],  # broken/unsafe decoder
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);


@av_scanners = (

 ['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 qr/\bOK$/, qr/\bFOUND$/,
 qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ['KasperskyLab AVP - aveclient',
    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
     '/opt/kav/bin/aveclient','aveclient'],
    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
    qr/(?:INFECTED|SUSPICION) (.+)/,
  ],

  ### http://www.kaspersky.com/
  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
    qr/infected: (.+)/,
    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],


  ['KasperskyLab AVPDaemonClient',
    [ '/opt/AVP/kavdaemon',       'kavdaemon',
      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
      '/opt/AVP/avpdc', 'avpdc' ],
    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
  ['CentralCommand Vexira (new) vascan',
    ['vascan','/usr/lib/Vexira/vascan'],
    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
    "--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}",
    [0,3], [1,2,5],
    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ / ],
     ['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus',
    ['antivir','vexira'],
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
    

  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/Infection: (.+)/ ],

  ['Symantec CarrierScan via Symantec CommandLineScanner',
    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],

  ['Symantec AntiVirus Scan Engine',
    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
    [0], qr/^Infected\b/,
    qr/^(?:Info|Virus Name):\s+(.+)/ ],
    # NOTE: check options and patterns to see which entry better applies

  ['F-Secure Antivirus', 'fsav',
    '--dumb --mime --archive {}', [0], [3,8],
    qr/(?:infection|Infected|Suspected): (.+)/ ],

  ['CAI InoculateIT', 'inocucmd',  # retired product
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/ ],
  ['CAI eTrust Antivirus', 'etrust-wrapper',
    '-arc -nex -spm h {}', [0], [101],
    qr/is infected by virus: (.+)/ ],

  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/ ],

  ['MkS_Vir daemon', 'mksscan',
    '-s -q {}', [0], [1..7],
    qr/^... (\S+)/ ],

  ['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli',
    '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],

  ['Norman Virus Control v5 / Linux', 'nvcc',
    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
    qr/(?i).* virus in .* -> \'(.+)\'/ ],

  ['Panda Antivirus for Linux', ['pavcl'],
    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
    qr/Number of files infected[ .]*: 0+(?!\d)/,
    qr/Number of files infected[ .]*: 0*[1-9]/,
    qr/Found virus :\s*(\S+)/ ],

  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure -rv --mime --summary --noboot - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ (.+?)\s*! |
        :\ (.+)\ NOT\ a\ virus)/,
  ],
  ['VirusBuster', ['vbuster', 'vbengcl'],
    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
    qr/: '(.*)' - Virus/ ],

  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
  ],

  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],

  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/ ],

  ['BitDefender', 'bdc',
    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

);


@av_scanners_backup = (

);


1;  # insure a defined return
serwer:~# ", [0], [1],
>     qr/: '(.*)' - Virus/ ],
> 
>   ['CyberSoft VFind', 'vfind',
>     '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
>   ],
> 
>   ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
>     '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],
> 
>   ['Ikarus AntiVirus for Linux', 'ikarus',
>     '{}', [0], [40], qr/Signature (.+) found/ ],
> 
>   ['BitDefender', 'bdc',
>     '--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
-bash: !\d: event not found
>     qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
>     qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
> 
> );
> 
> 
> @av_scanners_backup = (
> 
> );
> 
> 
> 1;  # insure a defined return
> serwer:~# 
> ", [0], [1],
-bash: , [0], [1],
    qr/: '(.*)' - Virus/ ],

  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
  ],

  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
    '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ],

  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/ ],

  ['BitDefender', 'bdc',
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],

);


@av_scanners_backup = (

);


1;  # insure a defined return
serwer:~#

jakieś pomysły ?

Polskie Forum Użytkowników Debiana

postfix wysy

postfix wysyłanie i odbieranie poczty z poza sieci