Sendmail中SA對垃圾郵件的處理問題
Sendmail+MailScanner+ClamAv+spamassassin
local.cf 和Mailscanner.conf 中required score設定4.1
目前系統運作還算良好,只是對有些垃圾郵件的處理老是有問題,對流入用戶信箱的垃圾郵件
郵件進行測試,分值都絕對高於4.1,可是為什麼還會流入信箱呢?
#spamassassin -t < test.eml
.......
Content analysis details: (25.5 points, 4.1 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME From: does not include a real name
0.5 DRUG_ED_CAPS BODY: Mentions an E.D. drug
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.2 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
http://www.spamcop.net/bl.shtml?123.200.12.19>]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
1.1 RCVD_IN_CBL RBL: Received via a relay in cbl.anti-spam.org.cn
0.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
0.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
0.5 DRUGS_ERECTILE Refers to an erectile drug
在outlook查看此郵件的屬性:
.......
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="@@BOUNDARY"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-Spam-Status: No <------------居然連1個s都沒有
請教了!
《解決方案》
在mailscanner設置個高分值
大於這個高分值的你設置轉發到一個特定的郵箱吧
然後裝個mailwatch的看看mailscanner是怎麼來判斷的
《解決方案》
又發現被誤判為垃圾的正常郵件。
我的系統設定4.1-7分的被隔離的同時送一封到管理員賬號,用outlook收下來查看。
其中一封信:
Content-Type: multipart/mixed; boundary="1243816985.DaumWebMailer."
X-AttachFile1: 320380,4391,foc airbill 5-31.tif
X-AttachFile2: 378594,324980,foc airinv 5-31.tif
X-ATTFILE-SIZE: 2
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam
X-MailScanner-SpamScore: ssssss <-------------6分
再次用spamassassin卻測試只有0.3分 :
。。。。。
Content analysis details: (-0.3 points, 4.1 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
1.1 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
0.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
《解決方案》
看看mailscanner的設置sa是不是有問題
《解決方案》
回復 #2 ruochen 的帖子
通過用mailwatch觀察,發現了問題所在:
我設定把自己的域名加入白名單, 而這些垃圾郵件仿冒我的域名和用戶,所以垃圾郵件就直接過了,而事後我再把信給SA測試score卻是很高。
我如果把白名單拿掉,內部用戶發的信有時又會被誤判為垃圾郵件;
請教,我現在該怎麼辦啊
《解決方案》
原帖由 eric820408 於 2009-6-2 11:58 發表 http://bbs2.chinaunix.net/images/common/back.gif
通過用mailwatch觀察,發現了問題所在:
我設定把自己的域名加入白名單, 而這些垃圾郵件仿冒我的域名和用戶,所以垃圾郵件就直接過了,而事後我再把信給SA測試score卻是很高。
我如果把白名單拿掉,內部 ...
一般我會設置本地用戶發本地用戶也要先驗證來解決此類問題。還有它法嗎?
《解決方案》
謝謝解答,我想這應該是最好的辦法了。
《解決方案》
估計是你的那個轉發的程序有問題