OVH Community, your new community space.

amavis-new postfix ne scane pas les pièces jointes


nowwhat
20/04/2016, 11h13
J'ai posté mon main.cf - mais il est passé en modération ..... il va apparaitre dans x temps.
(Noop, je ne parle pas de viagra dans ma réponse, et je n'ai pas utilisé des liens vers des sites douteuses)
nowwhat
20/04/2016, 11h12
[QUOTE=lepirlouit;197558]....
Pourrais tu m’envoyer ton fichier main.cf ?
Je pense avoir un peu bousillé le mien.
Le main.cf n'est pas le plus important.

Mais si t'insite :

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = yes

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# http://www.policyd-weight.org/howto.html 
smtpd_helo_required = yes
smtpd_delay_reject = yes

readme_directory = /usr/share/doc/postfix

# fast_flush_domains = $relay_domains kr

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
# postfix.traduc.org/index.php/TLS_README.html
#
# remember:
# smtpd = server 
# smtp = client

# TLS server options
smtpd_tls_CApath = /etc/ssl/certs
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel = 1

smtpd_tls_ask_ccert = yes
#smtpd_tls_req_ccert = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2
smtpd_tls_mandatory_ciphers = high
#smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5

# TLS client options
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
smtp_tls_security_level=may

tls_random_source = dev:/dev/urandom

# notify_classes = bounce, delay, policy, protocol, resource, software

mynetworks = 127.0.0.0/8 IPFO1-IPv4/32 IPFO2-IPv4/32 IPFO3-IPv4/32 IPFO4-IPv4/32 IPFO5-IPv4/32 IPFO6-IPv4/32
inet_interfaces = 127.0.0.1 IPFO1-IPv4 IPFO2-IPv4 IPFO3-IPv4 IPFO4-IPv4 IPFO5-IPv4 IPFO6-IPv4
#default :
permit_mx_backup_networks = IP1v4-BMX1/32 [IP1v6-BMX1]/128 IP3v4-BMX2/32 [IP2v6-BMX2]/128 IP3v4-BMX3/32 [IP3v6-BMX3]/128

# Handles - removes sub-domaines, so xxx@mail.mon-domaine1.tld  deviendra xxxx@mon-domaine1.tld ....
masquerade_domains = mon-domaine1.tld mon-domaine2.tld mon-domaine3.tld mon-domaine4.tld mon-domaine5.tld 

#default :

smtp_address_preference = ipv6
default_transport = smtp


alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases


mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = ipv4, ipv6
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000

slow_destination_recipient_limit = 20
slow_destination_concurrency_limit = 2

# http://www.postfix.org/VIRTUAL_README.html
virtual_alias_domains = 
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf

#new http://permalink.gmane.org/gmane.mai...ix.user/227434
sender_dependent_default_transport_maps = mysql:/etc/postfix/mysql-sdd_transport_maps.cf

# Not needed anymore as from 01/10/2013 - GMAIL works now.
# transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
# mask outgoing mails on a per domain to ip match base
# sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport

virtual_mailbox_base = /var/spool/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes

#virtual_create_maildirsize = yes
#virtual_maildir_extended = yes
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = The user you are trying to reach is over quota.
#virtual_overquota_bounce = yes

proxy_read_maps = $local_recipient_maps $virtual_alias_maps $virtual_alias_domains \
 $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps \
 $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps \
 $relocated_maps $mynetworks $virtual_mailbox_limit_maps $transport_maps

# verify_cache db bug
address_verify_map = proxy:btree:$data_directory/verify_cache
proxy_write_maps = 
	$smtp_sasl_auth_cache_name 
	$lmtp_sasl_auth_cache_name 
	$address_verify_map

# http://forum.ovh.com/showthread.php?...l=1#post571301

# CHECK ! 01/07/2015 http://serverfault.com/questions/537...-of-processing

smtpd_relay_restrictions =
 permit_mynetworks
 reject_unknown_sender_domain
 permit_sasl_authenticated
 reject_unauth_destination
 reject_unauth_pipelining
 permit_mx_backup
 check_client_access pcre:/etc/postfix/blacklist_clients
 reject_unlisted_recipient
 reject_unknown_recipient_domain
 reject_non_fqdn_recipient
 reject_rbl_client cbl.abuseat.org
 reject_rbl_client zen.spamhaus.org
 permit_auth_destination
 reject

smtpd_client_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_pipelining
  reject_unauth_destination
  warn_if_reject reject_unknown_hostname
  permit

# cbl.abuseat.org,bl.spamcop.net,zen.spamhaus.org

smtpd_sender_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination
  check_sender_access hash:/etc/postfix/sender_access
  warn_if_reject reject_unknown_sender_domain
  warn_if_reject reject_non_fqdn_sender
  warn_if_reject reject_unknown_client
  warn_if_reject reject_unverified_sender
  permit
  
# https://www.howtoforge.com/postfix_spf
policyd-spf-perl_time_limit = 3600

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination
  check_policy_service unix:private/policyd-spf-perl
  check_client_access pcre:/etc/postfix/blacklist_clients
  reject_unauth_pipelining
  permit_mx_backup
  warn_if_reject reject_non_fqdn_hostname
  warn_if_reject reject_non_fqdn_sender
  reject_unknown_recipient_domain
  reject_unverified_recipient
  reject_invalid_hostname
  reject_unknown_sender_domain
  reject_unlisted_recipient
  reject_unknown_recipient_domain
  reject_non_fqdn_recipient
  reject_rbl_client cbl.abuseat.org
  reject_rbl_client zen.spamhaus.org
  reject_invalid_helo_hostname
  permit_auth_destination
  reject

smtpd_data_restrictions =
  reject_unauth_pipelining
  
#
# http://www.howtoforge.com/virtual-us...ebian-lenny-p3
# http://www.howtoforge.com/virtual-us...l-debian-lenny
# http://www.emailsecuritycheck.net/index.html

# DKIM 
# http://blog.tjitjing.com/index.php/2...nd-debian.html

milter_default_action = accept
milter_protocol = 6
#milter_mail_macros = {auth_author} {auth_type} {auth_authen}
#smtpd_milters = inet:localhost:8888 inet:localhost:12354 inet:localhost:12345 inet:localhost:8893
smtpd_milters = inet:localhost:12354 inet:localhost:12345 inet:localhost:8893
non_smtpd_milters = inet:localhost:12354 inet:localhost:12345 inet:localhost:8893
# http://www.postfix.org/MILTER_README.html - so only DKIM to sign outgoing mail
#non_smtpd_milters = inet:localhost:12345

#smtpd_milters = inet:localhost:12354 inet:localhost:12345
#non_smtpd_milters = inet:localhost:12354 inet:localhost:12345

content_filter = amavis:localhost:10024

# mime_header_checks = regexp:/etc/postfix/mime_header_checks

#Read this if disabling amavais: https://workaround.org/ispmail/lenny...am-and-viruses
#receive_override_options=no_address_mappings ---------> NON !!

# http://blog.hqcodeshop.fi/archives/1...h-Postfix.html
# gmail if its refusing (5.5.0 blbla) mails on IPv6, retry using IPv4 :)
smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
Sache que j'ai un SYS (pas de KS) et de ce fait : plusieurs IPFO (6) - plusieurs nom de domaines.
J'ai privilégié le IPv6 au dessus le IPv4
Le paramétrage est 'manuelle' - je n'utilise pas des outils comme ISPConfig ou WebMin etc.

J'ai également deux MX-backup ....

C'est le master.cf qui est le plus important (gestion des certificats par domaine, etc etc)
lepirlouit
20/04/2016, 07h53
Merci pour ta réponse complète.
Pourrais tu m’envoyer ton fichier main.cf ?
Je pense avoir un peu bousillé le mien.

Le problème est peut-être ailleur, les 7 amails ont bien été bloqués che zmoi aussi :

Code:
Apr 20 07:51:37 ks1 amavis[21867]: (21867-18) Blocked BANNED (application/x-msdownload,.asc,attached.bat) {NoBounceInbound}, [149.202.232.193]:56718 [149.202.232.193]  -> , Queue-ID: 0101BF6047A, Message-ID: , mail_id: fGmrr2DqarCv, Hits: -, size: 1426, 392 ms
Apr 20 07:51:38 ks1 amavis[26373]: (26373-17) Blocked INFECTED (Eicar-Test-Signature) {NoBounceInbound}, [149.202.232.193]:48167 [149.202.232.193]  -> , Queue-ID: 2C82FF609EA, Message-ID: , mail_id: 8GtBApgX_kYt, Hits: -, size: 1605, 1148 ms
Apr 20 07:51:38 ks1 amavis[26373]: (26373-18) Blocked BANNED (application/x-msdownload,.asc,attached.bat,=??Q?attached.bat?=) {NoBounceInbound}, [149.202.232.193]:53043 [149.202.232.193]  -> , Queue-ID: 8CB19F6047A, Message-ID: , mail_id: Spwy1OeVmVpR, Hits: -, size: 1506, 226 ms
Apr 20 07:51:38 ks1 amavis[21867]: (21867-19) Blocked SPAM {DiscardedInbound}, [149.202.232.193]:34509 [149.202.232.193]  -> , Queue-ID: 60A1AF609FA, Message-ID: , mail_id: gGAF6vJNwhsC, Hits: 998.116, size: 1143, 1257 ms
Apr 20 07:51:38 ks1 amavis[26373]: (26373-18-2) Blocked BANNED (application/x-msdownload,.asc,attached.()bat) {NoBounceInbound}, [149.202.232.193]:59557 [149.202.232.193]  -> , Queue-ID: B4302F60A4B, Message-ID: , mail_id: KiP0Z4Pq2p-A, Hits: -, size: 1431, 187 ms
Apr 20 07:51:39 ks1 amavis[21867]: (21867-19-2) Blocked BANNED (application/x-msdownload,.asc) {NoBounceInbound}, [149.202.232.193]:48044 [149.202.232.193]  -> , Queue-ID: DA507F60A4D, Message-ID: , mail_id: zFfb95WMjPCg, Hits: -, size: 1430, 180 ms
Apr 20 07:51:39 ks1 amavis[26373]: (26373-18-3) Blocked BANNED (application/x-msdownload,.asc,attached\\) {NoBounceInbound}, [149.202.232.193]:36961 [149.202.232.193]  -> , Queue-ID: EC935F60A54, Message-ID: , mail_id: mxVxk8AzFqax, Hits: -, size: 1432, 264 ms
Je vais ajouter le check dkim et spf
nowwhat
19/04/2016, 22h35
Citation Envoyé par lepirlouit
...
Mon kimsufi est installé avec une debian et ispconfig
Très bon choix.
Mais ISPConfig, il faut quoi pour toi ?

Citation Envoyé par lepirlouit
...
Amavis-new ne semble pas scanner les pièces jointes.
Mais, il scan - et de méoire, par défaut, il scan des pièces joints - mais pas tous .....
Dans le log de démarrage de amavisd je trouve chez moi:
Code:
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .Z    at /bin/uncompress
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .gz   at /bin/gzip -d
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .bz2  at /bin/bzip2 -d
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .xz   at /usr/bin/xz -dc
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .lrz, tried: lrzip -q -k -d -o -, lrzcat -q -k
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .lzo  at /usr/bin/lzop -d
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .lz4, tried: lz4c -d
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .cpio at /bin/pax
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .tar  at /bin/pax
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .deb  at /usr/bin/ar
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .rar  at /usr/bin/unrar-free
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .arj  at /usr/bin/arj
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .arc  at /usr/bin/nomarch
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .zoo  at /usr/bin/zoo
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .doc  at /usr/bin/ripole
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .cab  at /usr/bin/cabextract
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Internal decoder for .tnef
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .zip, tried: 7za, 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .kmz, tried: 7za, 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Internal decoder for .zip 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Internal decoder for .kmz 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .7z   at /usr/bin/7zr
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .jar, tried: 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .swf, tried: 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .lha, tried: 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No ext program for   .iso, tried: 7z
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: Found decoder for    .exe  at /usr/bin/unrar-free; /usr/bin/arj
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .F   
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .iso 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .jar 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .lha 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .lrz 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .lz4 
Apr 17 01:49:13 mail.mon-domaine.tld /usr/sbin/amavisd-new[12283]: No decoder for       .swf
Si je décide qu'il est nécessaire d'activer un extension comme ".swf" je consulte le doc.

Code:
X-Virus-Scanned: Debian amavisd-new at ks1.mon.ndd
...
Received: from ks1.mon.ndd ([127.0.0.1])
    by localhost (ks1.mon.ndd [127.0.0.1]) (amavisd-new, port 10024)
Postfix fait passer le mail par amavisd (qui, lui, le fait passer à spamassassin - et clamav) avant de le mettre dans un boit mail local.

spamassassin lui donne 4,671 point, assez pour marquer - par exemple dans le sujet du mail - le mail comme spam, si tu l'as dit de le faire.
5 points est il est déclaré comme pur-spam - a toi de décider ( == paramétrer ) ce qu'il faut faire dans ce cas.

Citation Envoyé par lepirlouit
...
Le problème est que le mail n'est pas considéré comme du spam.
Si. Il le trouve au moins suspect.
A toi de lui instruire


PS : où est ton vérification SPF ?
Ton vérif DKIM ?
DMARC ?


Un extrait de mon 'postfix':
Apr 19 21:39:39 ns311465 postfix/policy-spf[9081]: Policy action=PREPEND Received-SPF: pass (my.fil-actu.com: Sender is authorized to use 'news@my.fil-actu.com' in 'mfrom' identity (mechanism 'include:azrmta.com' matched)) receiver=ns311465.ip-188-165-201.eu; identity=mailfrom; envelope-from="news@my.fil-actu.com"; helo=my.fil-actu.com; client-ip=51.254.72.46
Le SPF est (j'ai vérifié) est correct.

Apr 19 21:39:39 ns311465 mon-domaine.tkd-smtp-client-ipv4/smtpd[9079]: 52B4563E03B3: client=mta46.smtp5.azrmta.com[51.254.72.46]
Le mail entre par l'IPv4 (j'ai plusieurs IPv4) de mon domaine - et le revers de l'émetteur est correct (important !)

Apr 19 21:39:39 ns311465 opendkim[25275]: 52B4563E03B3: DKIM verification successful
DKIM de l'métteur est ok -bien - le mail n'est pas trafiqué pendant le transit.

Apr 19 21:39:39 ns311465 opendmarc[1305]: 52B4563E03B3: my.fil-actu.com pass
DMARC happy. Bon signe.

Quand mon serveur recoit un mail de :
Received: from [39.32.129.243] (unknown [39.32.147.111])
Il (mon postfix) va avorter direct.
Un serveur qui n'a pas de 'reverse' (== unknown) c'est un serveur mail avec un crise d'identité assez grave.
Je ne suis pas médecin ..... je laisse tomber direct

PS le score de ce mail:
Apr 19 21:39:39 mail.mon-domaine.tld /usr/sbin/amavisd-new[3524]: (03524-16) Passed CLEAN {RelayedInbound}, [51.254.72.46]:53429 [51.254.72.46] -> , Queue-ID: 52B4563E03B3, Message-ID: <1-37708547-783-89382@my.fil-actu.com>, mail_id: Xts1FwWgw8Ek, Hits: -, size: 35947, queued_as: 9C19F63E03F5, 130 ms

edit:
Visit http://www.emailsecuritycheck.net/ et donne un adresse mail de ton seveur.
J'ai testé, et voici le résultat :
Code:
... Passed CLEAN {RelayedInbound}, [149.202.232.193]:51648 [149.202.232.193]  -> , Queue-ID: 45CAF63E0331, Message-ID: <1461101165.5716a26dcbb85@www.emailsecuritycheck.net>, mail_id: qmo1rRrjZ2kY, Hits: -2.896, size: 8651, pt: 16, queued_as: 7FB8263E0426, 4083 ms
... Blocked BANNED (application/x-msdownload,.asc,attached.bat) {BouncedInbound,Quarantined}, [149.202.232.193]:40515 [149.202.232.193]  -> , quarantine: 8KkS023plLGG[16], Queue-ID: 21EB663E0331, Message-ID: , mail_id: 8KkS023plLGG, Hits: -, size: 2153, pt: 16, 345 ms
... Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, [149.202.232.193]:44283 [149.202.232.193]  -> , quarantine: j4JA_H76VT9E[16], Queue-ID: 603ED63E03CD, Message-ID: , mail_id: j4JA_H76VT9E, Hits: -, size: 2332, pt: 16, 369 ms
... Blocked BANNED (application/x-msdownload,.asc,attached.bat,=??Q?attached.bat?=) {BouncedInbound,Quarantined}, [149.202.232.193]:45621 [149.202.232.193]  -> , quarantine: NamURaEnDemV[16], Queue-ID: 7C24263E1683, Message-ID: , mail_id: NamURaEnDemV, Hits: -, size: 2233, pt: 16, 305 ms
... Blocked BANNED (application/x-msdownload,.asc,attached.()bat) {BouncedInbound,Quarantined}, [149.202.232.193]:51796 [149.202.232.193]  -> , quarantine: f3PCrVmSeU54[16], Queue-ID: BBA4C63E1677, Message-ID: , mail_id: f3PCrVmSeU54, Hits: -, size: 2158, pt: 16, 304 ms
... Blocked BANNED (application/x-msdownload,.asc) {BouncedInbound,Quarantined}, [149.202.232.193]:48491 [149.202.232.193]  -> , quarantine: EuEwd4WKDUs8[16], Queue-ID: CBBB963E1690, Message-ID: , mail_id: EuEwd4WKDUs8, Hits: -, size: 2157, pt: 16, 289 ms
... Blocked BANNED (application/x-msdownload,.asc,attached\\) {BouncedInbound,Quarantined}, [149.202.232.193]:52936 [149.202.232.193]  -> , quarantine: SnFfwk69k4gX[16], Queue-ID: E0CDD63E1694, Message-ID: , mail_id: SnFfwk69k4gX, Hits: -, size: 2159, pt: 16, 305 ms
... Blocked SPAM {DiscardedInbound}, [149.202.232.193]:56156 [149.202.232.193]  -> , Queue-ID: 7AD3C63E167E, Message-ID: , mail_id: 18CDOGwuhoIw, Hits: 997.671, size: 1870, pt: 16, 1830 ms
Le premier, il passe - c'est le mail d'activation.
Les autres (tous) n'ont pas été délivré - ils sont tous passé en quarantaine (car j'ai paramétré mon spam-affaire de fonctionner ainsi).
Il y a eu même un EICAR virus check - il a été détecté bien comme il faut :
Code:
A virus was found: Eicar-Test-Signature
Banned name: .dat,eicar.com
Scanner detecting a virus: ClamAV-clamd
donc clamav fonctionne aussi.
lepirlouit
19/04/2016, 13h46
Bonjour,
Mon kimsufi est installé avec une debian et ispconfig

Amavis-new ne semble pas scanner les pièces jointes.

j'ai déjà suivit quelques tutos sur internet, mais pas grand chose qui fonctionne.
Les pièces jointes infectées passent toujours.

Le problème est que le mail n'est pas considéré comme du spam.

Voici l'entête des messages infectés :



Code:
Return-Path: 
Delivered-To: lepirlouit@mon.ndd
Received: from localhost (localhost.localdomain [127.0.0.1])
    by ks1.mon.ndd (Postfix) with ESMTP id BD108F60A4B
    for ; Tue, 19 Apr 2016 13:11:39 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ks1.mon.ndd
X-Spam-Flag: NO
X-Spam-Score: 4.671
X-Spam-Level: ****
X-Spam-Status: No, score=4.671 tagged_above=3 required=5 tests=[BAYES_00=-1.9,
    PYZOR_CHECK=1.392, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_ZBI=0.001,
    RCVD_IN_PBL=3.335, RCVD_IN_XBL=0.375, RDNS_NONE=0.793,
    SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ks1.mon.ndd ([127.0.0.1])
    by localhost (ks1.mon.ndd [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 9xAnrZecNcVb for ;
    Tue, 19 Apr 2016 13:11:38 +0200 (CEST)
Received: from [39.32.129.243] (unknown [39.32.147.111])
    by ks1.mon.ndd (Postfix) with ESMTP id 05B85F609FA
    for ; Tue, 19 Apr 2016 13:11:38 +0200 (CEST)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_064925861117965323623"
Date: Tue, 19 Apr 2016 16:10:35 +0500
From: Darrell Hurst 
To: lepirlouit@mon.ndd
Subject: =?UTF-8?B?WW91ciBMYXRlc3QgRG9jdW1lbnRzIGZyb20gQW5nZWwgU3ByaW5ncyBMdGQgW0NGMkZGNTRFXQ==?=
X-Id_client: 20496158
X-Mailer: MIME::Lite 3.027 (F2.77; T1.30; A2.06; B3.08; Q3.08)
X-AV-Checked: clean on av10
Message-Id: <20161904161035.782E3F8BAB0@mon.ndd>