Tools
http://www.jetmore.org/john/code/swaks/latest/doc/ref.txt
http://spamassassin.apache.org/
Test files
http://www.eicar.org/86-0-Intended-use.html
touch sample-virus-simple.txt
http://spamassassin.apache.org/gtube/gtube.txt
touch sample-spam-GTUBE-junk.txt
Normal Message test
swaks –to testuser@yourdomain.com –server localhost
amavis[1486]: (01486-02) Passed CLEAN {RelayedInternal}, LOCAL [127.0.0.1]:50268
(testuser@yourdomain.com – This is where you would like a test message to be delivered)
Testing VIRUS checking
swaks -t root@localhost –server localhost -d sample-virus-simple.txt
amavis[1488]: (01488-02) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOutbound,Quarantined}, LOCAL [127.0.0.1]:50314
TESTING CLAMAV
Install test files:
sudo apt-get install clamav-testfiles
Then test it:
sudo clamdscan /usr/share/clamav-testfiles/
Once tested you can remove them:
sudo apt-get remove clamav-testfiles
Testing SPAM checking
swaks -t root@localhost –server localhost -d sample-spam-GTUBE-junk.txt
amavis[1487]: (01487-02) Blocked SPAM {DiscardedInternal,Quarantined}, LOCAL [127.0.0.1]:50238
File Examples:
sample-spam-GTUBE-junk.txt
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
sample-virus-simple.txt
From: virus-tester
To: undisclosed-recipients:;
Subject: amavisd test – simple – virus scanner test pattern
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Statistics
On Debian you can use: pflogsumm
sudo apt-get install pflogsumm
sudo pflogsumm -d today /var/log/mail.log
Postfix log summaries for Oct 3
Grand Totals
————
messages
16 received
16 delivered
0 forwarded
0 deferred
0 bounced
2 rejected (11%)
0 reject warnings
0 held
0 discarded (0%)
14189 bytes received
14189 bytes delivered
3 senders
2 sending hosts/domains
3 recipients
2 recipient hosts/domains
…..
Rafal Zdziech 