Все привет. Собственно проблема.
Скачиваю почту по fetchmail с ящика провайдера, потом письма проходят через фильтр postfix header_checks. Так вот письма подпавшие под него антивирус не проверяет (в тело письма не попадает заголовок что проверен Clamav) соответственно остальные письма проверку проходят. Как бы заставить антивирус первым проверять до фильтра?
> Все привет. Собственно проблема.
> Скачиваю почту по fetchmail с ящика провайдера, потом письма проходят через фильтр
> postfix header_checks. Так вот письма подпавшие под него антивирус не проверяет
> (в тело письма не попадает заголовок что проверен Clamav) соответственно остальные
> письма проверку проходят. Как бы заставить антивирус первым проверять до фильтра?использовать
LD_PRELOAD=libastral.sohint: конфиг мы угадывать должны, да?
>> Все привет. Собственно проблема.
>> Скачиваю почту по fetchmail с ящика провайдера, потом письма проходят через фильтр
>> postfix header_checks. Так вот письма подпавшие под него антивирус не проверяет
>> (в тело письма не попадает заголовок что проверен Clamav) соответственно остальные
>> письма проверку проходят. Как бы заставить антивирус первым проверять до фильтра?
> использовать
> LD_PRELOAD=libastral.so
> hint: конфиг мы угадывать должны, да?Ну мало ли там может дело в одной команде какой. Гадать не надо усе щас будет )
Вот main.сf
========================================================
### Config### Common config
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
myhostname = mailsb.virtual.local
mydomain = virtual.local
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 10.0.0.0/24
#in_flow_delay = 1s
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliaseslocal_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrophtml_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILESvirtual_transport = dovecot
dovecot_destination_recipient_limit=1### Auth
smtpd_sasl_auth_enable=yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# см. конфиг Dovecot### Relay Domains:
#relay_domains = mysql:/etc/postfix/sql/mysql_relay_domains.cfrelayhost = [relay.peterstar.ru]
### Virtual Domains:
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
mysql:/etc/postfix/sql/virtual_mailbox_domains.cf
virtual_alias_maps = mysql:/etc/postfix/sql/virtual_alias_maps.cf
virtual_mailbox_maps =
mysql:/etc/postfix/sql/virtual_mailbox_maps.cfvirtual_minimum_uid = 5000
#virtual_minimum_gid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
### Restrictions
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
permitsmtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permitsmtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
rejectsmtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
rejectsmtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permitsmtpd_etrn_restrictions = reject
smtpd_helo_required = yes#strict_rfc821_envelopes = yes
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
disable_vrfy_command = yes### TLS
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtp_tls_security_level=may
smtpd_tls_mandatory_protocols=TLSv1, TLSv1.1, TLSv1.2, !SSLv2, !SSLv3
smtpd_tls_auth_only = yessmtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
always_bcc = arhiw@test.rucontent_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappingsheader_checks = regexp:/etc/postfix/header_checks
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d $(recipient)
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>clamsmtpd.conf
# ------------------------------------------------------------------------------
# SAMPLE CLAMSMTPD CONFIG FILE
# ------------------------------------------------------------------------------
#
# - Comments are a line that starts with a #
# - All the options are found below with their defaults commented out
# The address to send scanned mail to.
# This option is required unless TransparentProxy is enabled
OutAddress: 10026# The maximum number of connection allowed at once.
# Be sure that clamd can also handle this many connections
#MaxConnections: 64# Amount of time (in seconds) to wait on network IO
#TimeOut: 180# Address to listen on (defaults to all local addresses on port 10025)
Listen: 127.0.0.1:10025# The address clamd is listening on
ClamAddress: /var/run/clamav/clamd.ctl# A header to add to all scanned email
Header: X-AV-Checked: ClamAV using ClamSMTP# Directory for temporary files
TempDirectory: /var/spool/clamsmtp# PidFile: location of PID file
PidFile: /var/run/clamsmtp/clamsmtpd.pid# Whether or not to bounce email (default is to silently drop)
#Bounce: off# Whether or not to keep virus files
Quarantine: on# Enable transparent proxy support
#TransparentProxy: off# User to run as
User: clamsmtp# Virus actions: There's an option to run a script every time a
# virus is found. Read the man page for clamsmtpd.conf for details.#VirusAction: /etc/clamav/script.sh
===================================================================
Загружается libastral.so.... Неудачно!
Попытка получить содержимое /etc/postfix/header_checks - не удалась!
Попытка увидеть логи - не удалась!
> Загружается libastral.so.... Неудачно!
> Попытка получить содержимое /etc/postfix/header_checks - не удалась!
> Попытка увидеть логи - не удалась!Ха-ха, дык версию видать старую грузишь. )
В фильтре все банально просто.
=========/etc/postfix/header_checks=============/^From:.*@gmail.com/ REDIRECT root@test.ru
===============================================
Лог когда письмо подпало под фильтр
GNU nano 2.2.6 Файл: /var/log/mail.log
Jul 11 12:27:00 mailsd postfix/smtpd[9285]: connect from localhost[127.0.0.1]
Jul 11 12:27:00 mailsd postfix/smtpd[9285]: 38A6C1A0588: client=localhost[127.0.0.1]
Jul 11 12:27:00 mailsd postfix/cleanup[9287]: 38A6C1A0588: message-id=<CAEtrP=5gcjT_XwzH-E-3U1cjDMEO23W=Jyvc0EMwb=pa+0vH4Q@mail.gmail.com>
Jul 11 12:27:00 mailsd postfix/cleanup[9287]: 38A6C1A0588: redirect: header From: =?UTF-8?B?0JrQuNGA0LjQu9C7?= <test1234@gmail.com> from localhost[127.0.0.1]; from=<test1234@gmail.com> to=<18191010@test.ru> proto=ESMTP helo=<mailsd$
Jul 11 12:27:00 mailsd postfix/qmgr[2893]: 38A6C1A0588: from=<test1234@gmail.com>, size=3051, nrcpt=1 (queue active)
Jul 11 12:27:00 mailsd postfix/smtpd[9285]: disconnect from localhost[127.0.0.1]
Jul 11 12:27:00 mailsd postfix/pipe[9288]: 38A6C1A0588: to=<root@test.ru>, orig_to=<18191010@test.ru>, relay=dovecot, delay=0.49, delays=0.12/0.03/0/0.34, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul 11 12:27:00 mailsd postfix/qmgr[2893]: 38A6C1A0588: removed
Jul 11 12:29:58 mailsd postfix/scache[9272]: statistics: start interval Jul 11 12:26:38
Jul 11 12:29:58 mailsd postfix/scache[9272]: statistics: domain lookup hits=0 miss=1 success=0%
Jul 11 12:29:58 mailsd postfix/scache[9272]: statistics: max simultaneous domains=1 addresses=1 connection=1==========================================================
Обычное письмо
mail.logJul 11 12:34:03 mailsd postfix/smtpd[9434]: connect from localhost[127.0.0.1]
Jul 11 12:34:03 mailsd postfix/smtpd[9434]: D69941A0026: client=localhost[127.0.0.1]
Jul 11 12:34:03 mailsd postfix/cleanup[9438]: D69941A0026: message-id=<2831231436607189@web24o.yandex.ru>
Jul 11 12:34:03 mailsd postfix/qmgr[2893]: D69941A0026: from=<test_ya1234@ya.ru>, size=2505, nrcpt=1 (queue active)
Jul 11 12:34:03 mailsd clamsmtpd: 100003: accepted connection from: 127.0.0.1
Jul 11 12:34:04 mailsd postfix/smtpd[9434]: disconnect from localhost[127.0.0.1]
Jul 11 12:34:04 mailsd postfix/smtpd[9441]: connect from localhost[127.0.0.1]
Jul 11 12:34:04 mailsd postfix/smtpd[9441]: 11A9F1A0F7C: client=localhost[127.0.0.1], orig_queue_id=D69941A0026, orig_client=localhost[127.0.0.1]
Jul 11 12:34:04 mailsd postfix/cleanup[9438]: 11A9F1A0F7C: message-id=<2831231436607189@web24o.yandex.ru>
Jul 11 12:34:04 mailsd postfix/qmgr[2893]: 11A9F1A0F7C: from=<test_ya1234@ya.ru>, size=2732, nrcpt=2 (queue active)
Jul 11 12:34:04 mailsd clamsmtpd: 100003: from=test_ya1234@ya.ru, to=18191010@test.ru, status=CLEAN
Jul 11 12:34:04 mailsd postfix/smtp[9439]: D69941A0026: to=<18191010@test.ru>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.29, delays=0.11/0.01/0.08/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 11A9F1A0F7C)
Jul 11 12:34:04 mailsd postfix/smtpd[9441]: disconnect from localhost[127.0.0.1]
Jul 11 12:34:04 mailsd postfix/qmgr[2893]: D69941A0026: removed
Jul 11 12:34:04 mailsd postfix/pipe[9444]: 11A9F1A0F7C: to=<18191010@test.ru>, relay=dovecot, delay=0.37, delays=0.09/0.01/0/0.27, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul 11 12:34:04 mailsd postfix/pipe[9445]: 11A9F1A0F7C: to=<arhiw@test.ru>, relay=dovecot, delay=0.42, delays=0.09/0.02/0/0.3, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul 11 12:34:04 mailsd postfix/qmgr[2893]: 11A9F1A0F7C: removed