论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2009-06-01 08:52 |只看该作者 |倒序浏览

Sendmail+MailScanner+ClamAv+spamassassin

local.cf 和Mailscanner.conf 中required score设定4.1

目前系统运作还算良好，只是对有些垃圾邮件的处理老是有问题，对流入用户信箱的垃圾邮件
邮件进行测试，分值都绝对高于4.1，可是为什么还会流入信箱呢？

#spamassassin -t < test.eml

.......

Content analysis details: (25.5 points, 4.1 required)

pts rule name             description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME          From: does not include a real name
0.5 DRUG_ED_CAPS          BODY: Mentions an E.D. drug
0.1 HTML_90_100          BODY: Message is 90% to 100% HTML
0.0 HTML_MESSAGE          BODY: HTML included in message
0.2 HTML_FONT_FACE_BAD    BODY: HTML font face is not a word
3.5 BAYES_99             BODY: Bayesian spam probability is 99 to 100%
                        [score: 1.0000]
0.0 MIME_HTML_ONLY       BODY: Message only has text/html MIME parts
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
            [Blocked - see <http://www.spamcop.net/bl.shtml?123.200.12.19>]
3.9 RCVD_IN_XBL          RBL: Received via a relay in Spamhaus XBL
                        [123.200.12.19 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_SORBS_WEB    RBL: SORBS: sender is a abuseable web server
                        [123.200.12.19 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_CBL          RBL: Received via a relay in cbl.anti-spam.org.cn
                        [123.200.12.19 listed in cblplus.anti-spam.org.cn]
0.5 URIBL_AB_SURBL       Contains an URL listed in the AB SURBL blocklist
                        [URIs: soton.ac.uk bernat.com]
4.1 URIBL_JP_SURBL       Contains an URL listed in the JP SURBL blocklist
                        [URIs: sujdijif.cn]
2.1 URIBL_WS_SURBL       Contains an URL listed in the WS SURBL blocklist
                        [URIs: soton.ac.uk sujdijif.cn]
0.5 URIBL_OB_SURBL       Contains an URL listed in the OB SURBL blocklist
                        [URIs: soton.ac.uk bernat.com]
4.5 URIBL_SC_SURBL       Contains an URL listed in the SC SURBL blocklist
                        [URIs: soton.ac.uk]
0.5 DRUGS_ERECTILE       Refers to an erectile drug

在outlook查看此邮件的属性：

.......

MIME-Version: 1.0
Content-Type: multipart/related;
boundary="@@BOUNDARY"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-Spam-Status: No                <------------居然连1个s都没有

请教了！

文库|博客

ruochen

版主

论坛徽章:: 8

2楼 [报告]

发表于 2009-06-01 09:10 |只看该作者

在mailscanner设置个高分值
大于这个高分值的你设置转发到一个特定的邮箱吧
然后装个mailwatch的看看mailscanner是怎么来判断的

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

eric820408

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2009-06-01 09:17 |只看该作者

又发现被误判为垃圾的正常邮件。

我的系统设定4.1-7分的被隔离的同时送一封到管理员账号，用outlook收下来查看。

其中一封信：

Content-Type: multipart/mixed; boundary="1243816985.DaumWebMailer."
X-AttachFile1: 320380,4391,foc airbill 5-31.tif
X-AttachFile2: 378594,324980,foc airinv 5-31.tif
X-ATTFILE-SIZE: 2
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam
X-MailScanner-SpamScore: ssssss       <-------------6分

再次用spamassassin却测试只有0.3分：

。。。。。
Content analysis details: (-0.3 points, 4.1 required)

pts rule name             description
---- ---------------------- --------------------------------------------------
0.2 NORMAL_HTTP_TO_IP    URI: Uses a dotted-decimal IP address in URL
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
1.1 HTML_IMAGE_ONLY_32    BODY: HTML: images with 2800-3200 bytes of words
-2.6 BAYES_00             BODY: Bayesian spam probability is 0 to 1%
                        [score: 0.0000]
0.0 HTML_MESSAGE          BODY: HTML included in message
0.0 MIME_HTML_ONLY       BODY: Message only has text/html MIME parts
0.5 URIBL_AB_SURBL       Contains an URL listed in the AB SURBL blocklist
                        [URIs: daum-img.net hanmail.net]
0.5 URIBL_OB_SURBL       Contains an URL listed in the OB SURBL blocklist
                        [URIs: daum-img.net hanmail.net]