论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-03-09 20:49 |只看该作者 |倒序浏览

集成了SA和DCC，在每次用POP3软件发信后，查看信件：
Received: from localhost by lab
with SpamAssassin (version 3.1.3);
Fri, 09 Mar 2007 19:55:02 +0800
From: "user1@spam.net.cn" <user1@spam.net.cn>
To: "user2" <user2@spam.net.cn>
Subject: *****SPAM***** =?gb2312?B?Rnc6ILT6wO29+LP2v9qxqLnYtcjStc7x?=
Date: Fri, 9 Mar 2007 19:54:30 +0800
Message-Id: <200703091954271973646@spam.net.cn>
X-Spam-DCC: : lab26 1000; Body=19 Fuz1=19
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on lab26
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.4 required=4.0 tests=AWL,CN_BODY_109,CN_BODY_130,
CN_BODY_180,CN_BODY_204,CN_BODY_249,CN_BODY_376,CN_BODY_50,
CN_BODY_531,CN_BODY_62,CN_BODY_755,CN_BODY_88,CN_SUBJECT_207,
CN_SUBJECT_441,CN_SUBJECT_8,MIME_BASE64_TEXT autolearn=no
version=3.1.3
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45F14B16.37843D36"

This is a multi-part message in MIME format.

------------=_45F14B16.37843D36
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "lab26", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: user2, ÄúºÃ£¡ ÏÂÃæÊÇ×ª·¢ÓÊ¼þ ÔÓÊ¼þ·¢¼þÈËÃû×Ö: Õ²Éú
ÔÓÊ¼þ·¢¼þÈËµØÖ·£ºmo@163.com ÔÓÊ¼þÊÕ¼þÈËÃû×Ö£ºling@ccert.edu.cn
ÔÓÊ¼þÊÕ¼þÈËµØÖ·£ºling@ccert.edu.cn ÔÓÊ¼þ³ËÍÈËÃû×Ö£º
ÔÓÊ¼þ³ËÍÈËµØÖ·£º [...]

Content analysis details: (8.4 points, 4.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.5 CN_SUBJECT_441 Subject contains "³ö¿Ú"
0.5 CN_SUBJECT_8 Subject contains "ÒµÎñ"
1.0 CN_SUBJECT_207 Subject contains "±¨¹Ø"
0.3 CN_BODY_204 BODY: Body contains "³ÏÐÅ"
0.3 CN_BODY_531 BODY: Body contains "ÎÒ¹«Ë¾"
0.4 CN_BODY_249 BODY: Body contains "±¾¹«Ë¾"
0.0 CN_BODY_88 BODY: Body contains "ÊýÁ¿"
0.1 CN_BODY_62 BODY: Body contains "º£¹Ø"
0.4 CN_BODY_180 BODY: Body contains "´«Õæ"
0.2 CN_BODY_50 BODY: Body contains "À´µç"
0.2 CN_BODY_755 BODY: Body contains "½ø³ö¿Ú"
2.5 CN_BODY_109 BODY: Body contains "¹óË¾"
2.4 CN_BODY_130 BODY: Body contains "ÎÒË¾"
0.3 CN_BODY_376 BODY: Body contains "Ç¢Ì¸"
1.5 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
-2.1 AWL AWL: From: address is in the auto white-list

虽然信头中可以看到X-Spam-DCC这一行代表DCC生效了，但怎么看SPAMASSASSIN的打分机制中也包括计算了DCC的分数呢？在X-Spam-Status的字段和Content analysis details: 列表中，并没看到DCC的相关信息呀

文库|博客

枫影谁用了

富足长乐

论坛徽章:: 1

2楼 [报告]

发表于 2007-03-09 23:00 |只看该作者

Return-Path: <kedajhskqsqwfugqli@ic-engines.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on Mail
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.8 required=5.0 tests=COTYPE_002,
DATE_IN_PAST_96_XX,DCC_CHECK,EXTRA_MPART_TYPE,FH_HOST_EQ_D_D_D_D,
FROM_LOCAL_NOVOWEL,File_00002,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,
J_CHICKENPOX_45,J_CHICKENPOX_51,J_CHICKENPOX_62,J_CHICKENPOX_71,
J_CHICKENPOX_92,RCVD_IN_NJABL_DUL autolearn=spam version=3.1.8
X-Spam-Report:
*  2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
*  0.7 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d
*  3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
*    1)
*  2.0 COTYPE_002 COTYPE_002
*  0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
*  1.6 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
*  0.6 J_CHICKENPOX_92 BODY: 9alpha-pock-2alpha
*  0.6 J_CHICKENPOX_71 BODY: 7alpha-pock-1alpha
*  0.6 J_CHICKENPOX_51 BODY: 5alpha-pock-1alpha
*  0.6 J_CHICKENPOX_62 BODY: 6alpha-pock-2alpha
*  0.6 J_CHICKENPOX_45 BODY: 4alpha-pock-5alpha
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  3.0 File_00002 FULL: File_00002
*  1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
*  1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
*    [59.178.59.50 listed in combined.njabl.org]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

chdonald

稍有积蓄

论坛徽章:: 0

3楼 [报告]

发表于 2007-03-11 14:47 |只看该作者

原帖由 枫影谁用了 于 2007-3-9 23:00 发表
Return-Path: <kedajhskqsqwfugqli@ic-engines.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on Mail
X-Spam-Level: *******************
X-Spam-S ...

谢谢呀，请问你的DCC SERVER是指到哪的呀，X-Spam-report这个字段要怎样在SA中配置才出来的

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › IT运维 › 服务器应用 › spamassassin+dcc的问题

[Mail] spamassassin+dcc的问题 [复制链接]