免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 2610 | 回复: 2

[Mail] spamassassin+dcc的问题 [复制链接]

论坛徽章:
0
发表于 2007-03-09 20:49 |显示全部楼层
集成了SA和DCC,在每次用POP3软件发信后,查看信件:
Received: from localhost by lab
with SpamAssassin (version 3.1.3);
Fri, 09 Mar 2007 19:55:02 +0800
From: "user1@spam.net.cn" <user1@spam.net.cn>
To: "user2" <user2@spam.net.cn>
Subject: *****SPAM***** =?gb2312?B?Rnc6ILT6wO29+LP2v9qxqLnYtcjStc7x?=
Date: Fri, 9 Mar 2007 19:54:30 +0800
Message-Id: <200703091954271973646@spam.net.cn>
X-Spam-DCC: : lab26 1000; Body=19 Fuz1=19
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on lab26
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.4 required=4.0 tests=AWL,CN_BODY_109,CN_BODY_130,
CN_BODY_180,CN_BODY_204,CN_BODY_249,CN_BODY_376,CN_BODY_50,
CN_BODY_531,CN_BODY_62,CN_BODY_755,CN_BODY_88,CN_SUBJECT_207,
CN_SUBJECT_441,CN_SUBJECT_8,MIME_BASE64_TEXT autolearn=no
version=3.1.3
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45F14B16.37843D36"

This is a multi-part message in MIME format.

------------=_45F14B16.37843D36
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "lab26", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: user2, &Auml;ú&ordm;&Atilde;&pound;&iexcl; &Iuml;&Acirc;&Atilde;&aelig;&Ecirc;&Ccedil;×&ordf;·&cent;&Oacute;&Ecirc;&frac14;&thorn; &Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;·&cent;&frac14;&thorn;&Egrave;&Euml;&Atilde;&ucirc;×&Ouml;: &Otilde;&sup2;&Eacute;ú
&Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;·&cent;&frac14;&thorn;&Egrave;&Euml;&micro;&Oslash;&Ouml;·&pound;&ordm;mo@163.com &Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;&Ecirc;&Otilde;&frac14;&thorn;&Egrave;&Euml;&Atilde;&ucirc;×&Ouml;&pound;&ordm;ling@ccert.edu.cn
&Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;&Ecirc;&Otilde;&frac14;&thorn;&Egrave;&Euml;&micro;&Oslash;&Ouml;·&pound;&ordm;ling@ccert.edu.cn &Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;&sup3;&shy;&Euml;&Iacute;&Egrave;&Euml;&Atilde;&ucirc;×&Ouml;&pound;&ordm;
&Ocirc;&shy;&Oacute;&Ecirc;&frac14;&thorn;&sup3;&shy;&Euml;&Iacute;&Egrave;&Euml;&micro;&Oslash;&Ouml;·&pound;&ordm; [...]

Content analysis details: (8.4 points, 4.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.5 CN_SUBJECT_441 Subject contains "&sup3;&ouml;&iquest;&Uacute;"
0.5 CN_SUBJECT_8 Subject contains "&Ograve;&micro;&Icirc;&ntilde;"
1.0 CN_SUBJECT_207 Subject contains "±¨&sup1;&Oslash;"
0.3 CN_BODY_204 BODY: Body contains "&sup3;&Iuml;&ETH;&Aring;"
0.3 CN_BODY_531 BODY: Body contains "&Icirc;&Ograve;&sup1;&laquo;&Euml;&frac34;"
0.4 CN_BODY_249 BODY: Body contains "±&frac34;&sup1;&laquo;&Euml;&frac34;"
0.0 CN_BODY_88 BODY: Body contains "&Ecirc;&yacute;&Aacute;&iquest;"
0.1 CN_BODY_62 BODY: Body contains "&ordm;&pound;&sup1;&Oslash;"
0.4 CN_BODY_180 BODY: Body contains "&acute;&laquo;&Otilde;&aelig;"
0.2 CN_BODY_50 BODY: Body contains "&Agrave;&acute;&micro;&ccedil;"
0.2 CN_BODY_755 BODY: Body contains "&frac12;&oslash;&sup3;&ouml;&iquest;&Uacute;"
2.5 CN_BODY_109 BODY: Body contains "&sup1;ó&Euml;&frac34;"
2.4 CN_BODY_130 BODY: Body contains "&Icirc;&Ograve;&Euml;&frac34;"
0.3 CN_BODY_376 BODY: Body contains "&Ccedil;&cent;&Igrave;&cedil;"
1.5 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
-2.1 AWL AWL: From: address is in the auto white-list


虽然信头中可以看到X-Spam-DCC这一行代表DCC生效了,但怎么看SPAMASSASSIN的打分机制中也包括计算了DCC的分数呢?在X-Spam-Status的字段和Content analysis details: 列表中,并没看到DCC的相关信息呀

论坛徽章:
1
白银圣斗士
日期:2015-11-23 08:33:04
发表于 2007-03-09 23:00 |显示全部楼层
Return-Path: <kedajhskqsqwfugqli@ic-engines.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on Mail
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.8 required=5.0 tests=COTYPE_002,
        DATE_IN_PAST_96_XX,DCC_CHECK,EXTRA_MPART_TYPE,FH_HOST_EQ_D_D_D_D,
        FROM_LOCAL_NOVOWEL,File_00002,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,
        J_CHICKENPOX_45,J_CHICKENPOX_51,J_CHICKENPOX_62,J_CHICKENPOX_71,
        J_CHICKENPOX_92,RCVD_IN_NJABL_DUL autolearn=spam version=3.1.8
X-Spam-Report:
        *  2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
        *  0.7 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d
        *  3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
        *      1)
        *  2.0 COTYPE_002 COTYPE_002
        *  0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
        *  1.6 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
        *  0.6 J_CHICKENPOX_92 BODY: 9alpha-pock-2alpha
        *  0.6 J_CHICKENPOX_71 BODY: 7alpha-pock-1alpha
        *  0.6 J_CHICKENPOX_51 BODY: 5alpha-pock-1alpha
        *  0.6 J_CHICKENPOX_62 BODY: 6alpha-pock-2alpha
        *  0.6 J_CHICKENPOX_45 BODY: 4alpha-pock-5alpha
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  3.0 File_00002 FULL: File_00002
        *  1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
        *  1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
        *      [59.178.59.50 listed in combined.njabl.org]

论坛徽章:
0
发表于 2007-03-11 14:47 |显示全部楼层
原帖由 枫影谁用了 于 2007-3-9 23:00 发表
Return-Path: <kedajhskqsqwfugqli@ic-engines.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on Mail
X-Spam-Level: *******************
X-Spam-S ...



谢谢呀,请问你的DCC SERVER是指到哪的呀,X-Spam-report这个字段要怎样在SA中配置才出来的
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP