From: Thomas S. <sp...@bt...> - 2002-11-30 01:23:52
|
I now got my amavis-ng running and it detected the eicar.com test virus in the e-mail that I send from another account. However, despite that I get the e-mail, the sender always gets an error message that looks like this (no eicar.com attached to this e-mail): This is the Postfix program at host aargau.btspuhler.com. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program <-...@bt...>: invalid recipient syntax: "-...@bt..." Reporting-MTA: dns; aargau.btspuhler.com Arrival-Date: Fri, 29 Nov 2002 08:35:00 -0700 (MST) Final-Recipient: rfc822; -...@bt... Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; invalid recipient syntax: "-...@bt..." Here is my amavis-ng log: Nov 29 08:34:58 aargau.btspuhler.com amavis[8750]: Logging system initializ= ed Nov 29 08:34:58 aargau.btspuhler.com amavis[8750]: AMAVIS::MTA::Postfix ini= tialized. Nov 29 08:34:59 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::Mail in= itialized. Nov 29 08:34:59 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::GZIP in= itialized. Nov 29 08:34:59 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::BZIP2 i= nitialized. Nov 29 08:34:59 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::LHA ini= tialized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::Zip ini= tialized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::Extract::Tar ini= tialized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::AV::FPROT initia= lized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::Notify::Recipien= ts initialized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::Notify::Admin in= itialized. Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS initialized Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS: Running as UID/E= UID mail(8)/mail(8) Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Called as amavis tspuhle= r...@ho... - - sp...@lo... Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::MTA::Postfix: Se= nder is tsp...@ho... Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: AMAVIS::MTA::Postfix: Re= cipients are -, -, sp...@lo... Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Unpacking message in /tm= p/amavis-unpack-3de78924-222e Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: File 00000000 is type me= ssage/rfc822 Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Attempting to unpack 000= 00000 as MIME compliant message Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: File 00000001 is type te= xt/plain Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Not attempting to unpack= 00000001 Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Scanning with FPROT Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Output from /usr/local/b= in/f-prot -dumb /tmp/amavis-unpack-3de78924-222e/parts Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Virus scanning report -= 29. November 2002 8:35 Nov 29 08:35:00 aargau.btspuhler.com amavis[8750]: Without activating amavis, I do not get this error. Here is the postfix master.cf that control the amavis-ng filter: smtp inet n - y - - smtpd #smtp inet n - y - - smtpd -o content_filter=3Dfilter: filter unix - n n - - pipe flags=3DRq user=3Dmail argv=3D/usr/bin/amavis ${sender} - - ${recipient} The only change I make to activate/deactivate amavis-ng is commenting out either line 1 or line 2=20 Below is th amavis-ng config file: ; $Id: amavis.conf,v 1.18.2.1.2.2 2002/05/17 06:08:58 bengen Exp $ ; Configuration file for amavis [global] ;; Which MTA to use. Specify one. : mail-transfer-agent =3D DebugMTA ; mail-transfer-agent =3D Exim ; mail-transfer-agent =3D EximPerl mail-transfer-agent =3D Postfix ; mail-transfer-agent =3D Sendmail ; mail-transfer-agent =3D SMTP ;; Which virus scanner to use. Use more than one if you desire ; virus-scanner =3D FSAV ; virus-scanner =3D AVP ; virus-scanner =3D FSP ; virus-scanner =3D hbEDV ; virus-scanner =3D Sophos ; virus-scanner =3D Sophie ; virus-scanner =3D Bitdefender virus-scanner =3D FPROT ; virus-scanner =3D MKS ; virus-scanner =3D NAI ; virus-scanner =3D NVC ; virus-scanner =3D Panda ; virus-scanner =3D CLAM ; virus-scanner =3D Trend ;; Extractor modules. ;; "Mail" should definitely be used, it is used for decoding MIME ;; attachments ;; text,ARC, ZOO, RAR don't work extractors=3DMail, GZIP, BZIP2, LHA, Zip, Tar ;; Who should be notified? ;;notifiers=3DSender, Recipients, Admin "original" notifiers=3DRecipients, Admin ;; What should be inserted into the message's headers if it is let ;; through? x-header =3D true x-header-tag =3D X-Scanned-By x-header-line =3D AMaViS at a badly configured site. umask =3D 002 [paths] ;; Where should mails be unpacked to? unpack =3D /tmp/ ;; Should the unpacking directory be removed afterwards? Set to 'no' ;; only for debugging purposes cleanup =3D yes ;; Where should infected mail be stored? (Only the actual mail, not ;; the unpacked attachments) quarantine =3D /var/spool/amavis/quarantine [logging] ;; Use syslog? Facility (e.g. mail|info) or "no" ; syslog =3D mail|info ; syslog loglevel =3D 3 ;; Log to which file? And atwhat level? logfile =3D /var/log/amavis/amavis.log logfile loglevel =3D 7 [Notify] ;; Which domains should be considered local? Recipients are notified ;; about mail that was stopped only if they are local. The domain name ;; is matches against this Perl regular expression. local domain =3D .btspuhler.com ;; What address will appear in the From:-header of warning messages mail from =3D pos...@bt... ;; Who is the mail admin admin =3D pos...@bt... [Exim] ;; Location and arguments of the binary exim =3D /usr/sbin/exim args =3D -oMr no-scan -i -f=20 ;; If problems occur, put message into this directory problem dir =3D /var/spool/amavis/problems [Sendmail] ;; Location and arguments of the binary sendmail =3D /usr/sbin/sendmail args =3D -i -C /etc/mail/sendmail.cf.orig -f=20 ;; If problems occur, put message into this directory problem dir =3D /var/spool/amavis/problems [Postfix] ;; Location and arguments of the binary postfix =3D /usr/sbin/sendmail args =3D -i -f ;; If problems occur, put message into this directory problem dir =3D /var/spool/amavis/problems [Qmail] qmail-queue =3D /usr/sbin/qmail-queue ;; If problems occur, put message into this directory problem dir =3D /var/spool/amavis/problems [SMTP] ; input address =3D localhost input port =3D 10025 ; output address =3D localhost output port =3D 10026 ;; SMTP session timeout. ;; unset: accept message immediately ;; =3D0: no timeout. Response is sent to client after processing ;; >0: timeout is set to n seconds. After n seconds, processing=20 ;; is aborted if it has not been finished. ; session timeout =3D 240 ; Problem dir is not needed if SMTP timeout is set. problem dir =3D /var/spool/amavis/problems pidfile =3D /var/run/amavis/amavisd.pid [DebugMTA] input file =3D /dev/stdin output file =3D /dev/stdout [external] arc =3D /usr/bin/arc bzip2 =3D /usr/bin/bzip2 lha =3D /usr/bin/lha unarj =3D /usr/bin/unarj unrar =3D /usr/bin/unrar zoo =3D /usr/bin/zoo [security] ;; Resource limits for unpacking each message ;; How many levels of unpacking do we do? maxlevels =3D 20 ;; How many files do we want to write? maxfiles =3D 1000 ;; How much diskspace do we want to consume? maxspace =3D 30M ;; If amavis is run as UID root, drop root privileges to uid, gid. uid =3D mail gid =3D mail [FSAV] fsav =3D /usr/bin/fsav [AVP] avp =3D /usr/bin/avp [Sophos] sweep =3D /usr/bin/sweep [hbEDV] antivir =3D /usr/bin/antivir [Sophie] socket =3D /var/run/sophie [NAI] uvscan =3D /usr/bin/uvscan [NVC] nvc =3D /usr/bin/nvccmd [Bitdefender] bitdefender =3D /usr/bin/bdc [Panda] panda =3D /usr/bin/pavcl [CLAM] clamscan =3D /usr/bin/clamscan [FPROT] fprot =3D /usr/local/bin/f-prot [Trend] vscan =3D /usr/bin/vscan Here is the relevant postfix log: Nov 29 08:35:00 aargau postfix/pickup[8474]: DF11F2CFBB: uid=3D8 from=3D<ts= pu...@ho...> Nov 29 08:35:00 aargau postfix/cleanup[8747]: DF11F2CFBB: message-id=3D<F11= 3Zi...@ho...> Nov 29 08:35:00 aargau postfix/pipe[8749]: D21AD2CFB2: to=3D<spuhler@localh= ost.btspuhler.com>, relay=3Dfilter, delay=3D3, status=3Dsent (aargau.btspuh= ler.com) Nov 29 08:35:00 aargau postfix/nqmgr[32475]: DF11F2CFBB: from=3D<tspuhler@h= otmail.com>, size=3D1741, nrcpt=3D2 (queue active) Nov 29 08:35:01 aargau postfix/nqmgr[32475]: DF11F2CFBB: to=3D<-@btspuhler.= com>, relay=3Dnone, delay=3D0, status=3Dbounced (invalid recipient syntax: = "-...@bt...") Nov 29 08:35:04 aargau postfix/local[8755]: DF11F2CFBB: to=3D<thomas@btspuh= ler.com>, relay=3Dlocal, delay=3D4, status=3Dsent ("|/usr/bin/procmail -Y -= a $DOMAIN") Nov 29 08:35:07 aargau postfix/local[8755]: DF11F2CFBB: to=3D<brigitte@btsp= uhler.com>, relay=3Dlocal, delay=3D7, status=3Dsent ("|/usr/bin/procmail -Y= -a $DOMAIN") Nov 29 08:35:07 aargau postfix/cleanup[8747]: EBACD2CFB6: message-id=3D<200= 211...@aa...> Nov 29 08:35:07 aargau postfix/nqmgr[32475]: EBACD2CFB6: from=3D<>, size=3D= 3361, nrcpt=3D1 (queue active) Nov 29 08:35:16 aargau postfix/smtp[8764]: EBACD2CFB6: to=3D<tspuhler@hotma= il.com>, relay=3Dmx4.hotmail.com[65.54.254.151], delay=3D9, status=3Dsent (= 250 <200...@aa...> Queued mail for deliv= ery) I don't know what is wrong and I would appreciate help form somebody knowledgeable. Tom |