歡迎您光臨本站 註冊首頁
開源互助社區>文檔>運維技術

最近的系統中垃圾郵件增多

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

最近的系統中垃圾郵件增多

大家的郵件系統是不是增多了

基本上都是英文的垃圾郵件,sa系統已經判斷很多是垃圾郵件


現在考慮是不是直接將判斷出來的垃圾郵件丟棄掉還是繼續發送給接收者

兩個都有問題呀:丟棄掉的話,可能有誤判的,打上spam標記后再發送給接收者,他們說垃圾郵件多
《解決方案》

這些垃圾郵件在mailscanner的mailwatch裡面沒有顯示發送者


系統的構建是postfix+mysql+dovecot+mailscanner+clamav+SA

[ 本帖最後由 ruochen 於 2009-3-16 09:15 編輯 ]
《解決方案》

下面是mailwatch的抓圖
《解決方案》

下面是兩封信的日誌

Mar 16 08:19:04 mail postfix/smtpd: connect from S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:06 mail postfix/smtpd: 870432818254: client=S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:07 mail postfix/cleanup: 870432818254: hold: header Received: from S0106001310d4af1d.vn.shawcable.net (S0106001310d4af1d.vn.shawcable.net

)??by mail.example.com (Postfix) with SMTP id 870432818254??for <test@example.com>; Mon, 16 from S0106001310d4af1d.vn.shawcable.net;

from=<> to=<test@example.com> proto=SMTP helo=<S0106001310d4af1d.vn.shawcable.net>
Mar 16 08:19:07 mail postfix/cleanup: 870432818254: message-id=<20090315170926.1000107@uottawa.ca>
Mar 16 08:19:08 mail postfix/smtpd: disconnect from S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:10 mail MailScanner: New Batch: Scanning 1 messages, 1523 bytes
Mar 16 08:19:10 mail MailScanner: Expired 2 records from the SpamAssassin cache
Mar 16 08:19:10 mail MailScanner: Whitelist refresh time reached
Mar 16 08:19:10 mail MailScanner: Starting up SQL Whitelist
Mar 16 08:19:10 mail MailScanner: Read 0 whitelist entries
Mar 16 08:19:10 mail MailScanner: Blacklist refresh time reached
Mar 16 08:19:10 mail MailScanner: Starting up SQL Blacklist
Mar 16 08:19:10 mail MailScanner: Read 0 blacklist entries
Mar 16 08:19:14 mail MailScanner: Virus and Content Scanning: Starting
Mar 16 08:19:14 mail MailScanner: Requeue: 870432818254.085BA to A12E22818259
Mar 16 08:19:14 mail postfix/qmgr: A12E22818259: from=<>, size=811, nrcpt=1 (queue active)
Mar 16 08:19:14 mail MailScanner: Uninfected: Delivered 1 messages
Mar 16 08:19:14 mail MailScanner: Logging message 870432818254.085BA to SQL
Mar 16 08:19:14 mail MailScanner: 870432818254.085BA: Logged to MailWatch SQL
Mar 16 08:19:14 mail postfix/virtual: A12E22818259: to=<test@example.com>, relay=virtual, delay=8.7, delays=8.6/0.01/0/0.02, dsn=2.0.0, status=sent

(delivered to maildir)
Mar 16 08:19:14 mail postfix/qmgr: A12E22818259: removed











Mar 16 17:08:04 mail postfix/smtpd: connect from unknown
Mar 16 17:08:06 mail postfix/smtpd: 75BE12818254: client=unknown
Mar 16 17:08:07 mail postfix/cleanup: 75BE12818254: hold: header Received: from wergvan (unknown )??by mail.example.com (Postfix) with

SMTP id 75BE12818254??for <test@example.com>; Mon, 16 Mar 2009 17:08:05 +0800 (CST) from unknown; from=<> to=<test@lfm-agile.com.hk>

proto=SMTP helo=<wergvan>
Mar 16 17:08:07 mail postfix/cleanup: 75BE12818254: message-id=<20090316110208.4020702@aus.edu>
Mar 16 17:08:07 mail postfix/smtpd: disconnect from unknown
Mar 16 17:08:20 mail MailScanner: New Batch: Scanning 1 messages, 1270 bytes
Mar 16 17:08:20 mail MailScanner: Whitelist refresh time reached
Mar 16 17:08:20 mail MailScanner: Starting up SQL Whitelist
Mar 16 17:08:20 mail MailScanner: Read 0 whitelist entries
Mar 16 17:08:20 mail MailScanner: Blacklist refresh time reached
Mar 16 17:08:20 mail MailScanner: Starting up SQL Blacklist
Mar 16 17:08:20 mail MailScanner: Read 0 blacklist entries
Mar 16 17:08:23 mail MailScanner: Virus and Content Scanning: Starting
Mar 16 17:08:23 mail MailScanner: Requeue: 75BE12818254.C50D7 to 6D61A281828F
Mar 16 17:08:23 mail MailScanner: Uninfected: Delivered 1 messages
Mar 16 17:08:23 mail postfix/qmgr: 6D61A281828F: from=<>, size=732, nrcpt=1 (queue active)
Mar 16 17:08:23 mail MailScanner: Logging message 75BE12818254.C50D7 to SQL
Mar 16 17:08:23 mail MailScanner: 75BE12818254.C50D7: Logged to MailWatch SQL
Mar 16 17:08:23 mail postfix/virtual: 6D61A281828F: to=<test@example.com>, relay=virtual, delay=18, delays=18/0.01/0/0.03, dsn=2.0.0, status=sent

(delivered to maildir)
Mar 16 17:08:23 mail postfix/qmgr: 6D61A281828F: removed
《解決方案》

下面是兩封信的郵件頭
下面是其中一封(垃圾郵件,沒有判斷出來的)


Return-Path: <>
X-Original-To: test@example.com
Delivered-To: test@example.com
Received: from S0106001310d4af1d.vn.shawcable.net (S0106001310d4af1d.vn.shawcable.net )
        by mail.test@example.com (Postfix) with SMTP id 870432818254
        for <test@example.com>; Mon, 16 Mar 2009 08:19:06 +0800 (CST)
Received: from dxhb ()
        by S0106001310d4af1d.vn.shawcable.net (8.13.1/8.13.1) with SMTP id 200903151712051413;
        Sun, 15 Mar 2009 17:12:00 -0800
Message-ID: <20090315170926.1000107@uottawa.ca>
Date: Sun, 15 Mar 2009 17:09:26 -0800
From: "Sampson" <tkl@uottawa.ca>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: test@example.com
Subject: Bomb was blasted in your town
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-mail-MailScanner-Information: Please contact the ISP for more information
X-mail-MailScanner-ID: 870432818254.085BA
X-mail-MailScanner: Found to be clean
X-mail-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
        score=2.862, required 7.8, URIBL_BLACK 1.96, URIBL_RHS_DOB 0.90)
X-mail-MailScanner-SpamScore: ss
X-mail-MailScanner-From:
X-Spam-Status: No

It's terrible! http://oek.yourbreakingnew.com/news.php

下面是另外一封(被判斷是spam的)


Return-Path: <>
X-Original-To: allstaffs@example.com
Delivered-To: test@example.com
Received: from cpe-76-173-52-0.socal.res.rr.com (cpe-76-173-52-0.socal.res.rr.com )
        by mail.example.com (Postfix) with SMTP id EDDC42818260
        for <allstaffs@example.com>; Mon, 16 Mar 2009 07:14:49 +0800 (CST)
Received: from (helo=fpaj)
        by cpe-76-173-52-0.socal.res.rr.com with smtp (Exim 4.69)
        id 123715843364-0005Ly-IP; Sun, 15 Mar 2009 16:07:13 -0800
Message-ID: <20090315160525.3050604@umail.hinet.net>
Date: Sun, 15 Mar 2009 16:05:25 -0800
From: "Davy" <pohampdd@umail.hinet.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: allstaffs@example.com
Subject: {Spam?} How do you feel?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-mail-MailScanner-Information: Please contact the ISP for more information
X-mail-MailScanner-ID: EDDC42818260.9B1C3
X-mail-MailScanner: Found to be clean
X-mail-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=7.915,
        required 7.8, FH_HELO_EQ_D_D_D_D 0.50, HELO_DYNAMIC_DHCP 1.52,
        HELO_DYNAMIC_IPADDR 2.94, RDNS_DYNAMIC 0.10, URIBL_BLACK 1.96,
        URIBL_RHS_DOB 0.90)
X-mail-MailScanner-SpamScore: sssssss
X-mail-MailScanner-From:
X-Spam-Status: Yes

Haven't you seen this? http://evmbpy.tntbreakingnews.com/news.php



下面是兩封信日誌


Mar 16 08:19:04 mail postfix/smtpd: connect from S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:06 mail postfix/smtpd: 870432818254: client=S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:07 mail postfix/cleanup: 870432818254: hold: header Received: from

S0106001310d4af1d.vn.shawcable.net (S0106001310d4af1d.vn.shawcable.net )??by mail.example.com

(Postfix) with SMTP id 870432818254??for <test@example.com>; Mon, 16 from S0106001310d4af1d.vn.shawcable.net

; from=<> to=<test@example.com> proto=SMTP helo=<S0106001310d4af1d.vn.shawcable.net>
Mar 16 08:19:07 mail postfix/cleanup: 870432818254: message-id=<20090315170926.1000107@uottawa.ca>
Mar 16 08:19:08 mail postfix/smtpd: disconnect from S0106001310d4af1d.vn.shawcable.net
Mar 16 08:19:10 mail MailScanner: New Batch: Scanning 1 messages, 1523 bytes
Mar 16 08:19:10 mail MailScanner: Expired 2 records from the SpamAssassin cache
Mar 16 08:19:10 mail MailScanner: Whitelist refresh time reached
Mar 16 08:19:10 mail MailScanner: Starting up SQL Whitelist
Mar 16 08:19:10 mail MailScanner: Read 0 whitelist entries
Mar 16 08:19:10 mail MailScanner: Blacklist refresh time reached
Mar 16 08:19:10 mail MailScanner: Starting up SQL Blacklist
Mar 16 08:19:10 mail MailScanner: Read 0 blacklist entries
Mar 16 08:19:14 mail MailScanner: Virus and Content Scanning: Starting
Mar 16 08:19:14 mail MailScanner: Requeue: 870432818254.085BA to A12E22818259
Mar 16 08:19:14 mail postfix/qmgr: A12E22818259: from=<>, size=811, nrcpt=1 (queue active)
Mar 16 08:19:14 mail MailScanner: Uninfected: Delivered 1 messages
Mar 16 08:19:14 mail MailScanner: Logging message 870432818254.085BA to SQL
Mar 16 08:19:14 mail MailScanner: 870432818254.085BA: Logged to MailWatch SQL
Mar 16 08:19:14 mail postfix/virtual: A12E22818259: to=<test@example.com>, relay=virtual, delay=8.7,

delays=8.6/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 16 08:19:14 mail postfix/qmgr: A12E22818259: removed



Mar 16 17:08:04 mail postfix/smtpd: connect from unknown
Mar 16 17:08:06 mail postfix/smtpd: 75BE12818254: client=unknown
Mar 16 17:08:07 mail postfix/cleanup: 75BE12818254: hold: header Received: from wergvan (unknown

)??by mail.example.com (Postfix) with SMTP id 75BE12818254??for <test@example.com>; Mon, 16 Mar

2009 17:08:05 +0800 (CST) from unknown; from=<> to=<test@lfm-agile.com.hk> proto=SMTP

helo=<wergvan>
Mar 16 17:08:07 mail postfix/cleanup: 75BE12818254: message-id=<20090316110208.4020702@aus.edu>
Mar 16 17:08:07 mail postfix/smtpd: disconnect from unknown
Mar 16 17:08:20 mail MailScanner: New Batch: Scanning 1 messages, 1270 bytes
Mar 16 17:08:20 mail MailScanner: Whitelist refresh time reached
Mar 16 17:08:20 mail MailScanner: Starting up SQL Whitelist
Mar 16 17:08:20 mail MailScanner: Read 0 whitelist entries
Mar 16 17:08:20 mail MailScanner: Blacklist refresh time reached
Mar 16 17:08:20 mail MailScanner: Starting up SQL Blacklist
Mar 16 17:08:20 mail MailScanner: Read 0 blacklist entries
Mar 16 17:08:23 mail MailScanner: Virus and Content Scanning: Starting
Mar 16 17:08:23 mail MailScanner: Requeue: 75BE12818254.C50D7 to 6D61A281828F
Mar 16 17:08:23 mail MailScanner: Uninfected: Delivered 1 messages
Mar 16 17:08:23 mail postfix/qmgr: 6D61A281828F: from=<>, size=732, nrcpt=1 (queue active)
Mar 16 17:08:23 mail MailScanner: Logging message 75BE12818254.C50D7 to SQL
Mar 16 17:08:23 mail MailScanner: 75BE12818254.C50D7: Logged to MailWatch SQL
Mar 16 17:08:23 mail postfix/virtual: 6D61A281828F: to=<test@example.com>, relay=virtual, delay=18,

delays=18/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
Mar 16 17:08:23 mail postfix/qmgr: 6D61A281828F: removed
《解決方案》

偶在 iRedMail 論壇回帖了:
http://www.iredmail.org/bbs/viewthread.php?tid=609&extra=page%3D1
《解決方案》

postfix自帶的反垃圾功能用了嗎
《解決方案》

原帖由 sosogh 於 2009-3-16 22:03 發表 http://bbs2.chinaunix.net/images/common/back.gif
postfix自帶的反垃圾功能用了嗎


你指的是什麼?
《解決方案》

原帖由 sosogh 於 2009-3-16 22:03 發表 http://bbs2.chinaunix.net/images/common/back.gif
postfix自帶的反垃圾功能用了嗎


設置了下面這些

smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
                                permit_sasl_authenticated,
                                reject_invalid_hostname,
                                reject_unknown_sender_domain,
                                reject_non_fqdn_sender,
                                reject_non_fqdn_recipient,
                                reject_unknown_recipient_domain,
                                reject_unauth_pipelining,
                                reject_unauth_destination,
                                permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
《解決方案》

回復 #9 ruochen 的帖子

恩 我說的就是這些
我伺服器上用的就是這個加上postgrey 和 anti-spam.org.cn的cblless
沒有什麼垃圾郵件,這2個的使用就見仁見智了

[火星人 ] 最近的系統中垃圾郵件增多已經有884次圍觀

http://coctec.com/docs/service/show-post-23612.html

熱門文章

  1. sed當中使用變數替換以及執行外部命令
  2. 英特爾的VT-x、VT-d、VT-c技術概述
  3. NXDomain指的是什麼意思?
  4. CACTI不能顯示圖像,rra下沒有文件!許可權,PATH,snmpwalk沒問題
  5. VPN技術討論——IPsec VPN與SSL VPN的比較。
  6. vsftp的問題500 OOPS: unrecognised variable in config file: cal_root
  7. openldap 很慢問題
  8. 為何htpasswd命令不能用
  9. tomcat的CLOSE_WAIT是怎麼回事
  10. 開源資產管理軟體—OCS-NG

最新文章

  1. 如何使用DMA66的硬碟
  2. 網卡設置指南
  3. Linux下新手裝網卡指南
  4. 設置串列埠和數據機
  5. 如何在Linux上使用HAProxy配置HTTP負載均衡系統
  6. 解決 502 bad gateway
  7. 配置mysql5.5主從伺服器
  8. Mongodb中關於GUID的顯示問題詳析
  9. Openssl實現雙向認證教程(附服務端客戶端程式碼)
  10. JVM執行時資料區劃分原理詳解