在 Exim 中,RBL 垃圾邮件在被 SpamAssassin 扫描之前会被拒绝吗?

在 Exim 中,RBL 垃圾邮件在被 SpamAssassin 扫描之前会被拒绝吗?

我最近一直在与邮件服务器上的垃圾邮件问题作斗争。特别是一个帐户被垃圾邮件淹没。SpamAssassin 的内存使用是我们担心的问题之一。

我所做的是在 Exim 中启用 RBL。现在,我在 Exim 日志中看到许多基于各种 RBL 的拒绝通知,这很好。

但是,当我运行 Eximstats 时,数字似乎与启用 RBL 之前的数字相同。我猜是因为电子邮件在被拒绝之前仍以某种方式记录下来。这是怎么回事,还是我遗漏了其他什么?

有人知道这些电子邮件在被 SpamAssassin 处理之前是否被拒绝了吗?或者有人知道我如何才能发现?是否有一种类似于 Eximstats 的标准方法来生成 SpamAssassin 统计数据,以便我可以比较这些数字?

感谢您的时间和任何建议。

编辑: 这是我的 Exim 配置文件的 ACL 部分

######################################################################
#                               ACLs                                 #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# local source whitelist
# accept if the source is local SMTP (i.e. not over TCP/IP).
# Test for this by testing for an empty sending host field.
  accept  hosts = :

# sender domains whitelist
# accept if sender domain is in whitelist
  accept  sender_domains = +whitelist_domains

# sender hosts whitelist
# accept if sender host is in whitelist
  accept  hosts = +whitelist_hosts
  accept  hosts = +whitelist_hosts_ip

# envelope senders whitelist
# accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders

# accept mail to postmaster in any local domain, regardless of source
  accept  local_parts = postmaster
          domains     = +local_domains

# accept mail to abuse in any local domain, regardless of source
  accept  local_parts = abuse
          domains     = +local_domains

# accept mail to hostmaster in any local domain, regardless of source
  accept  local_parts = hostmaster
          domains     =+local_domains

# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out.  However, if you'll be telling your senders of blocked
# email to send an email to [email protected], then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.

# accept mail to [email protected], regardless of source
#   accept  local_parts = errors
#           domains     = example.com

# deny so-called "legal" spammers"
  deny message = Email blocked by LBL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       sender_domains = +blacklist_domains

# deny using hostname in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts

# deny using IP in bad_sender_hosts blacklist
  deny message = Email blocked by BSHL - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts_ip

# deny using email address in blacklist_senders
  deny message = Email blocked by BSAL - to unblock see http://www.example.com/
       domains = +use_rbl_domains
       senders = +blacklist_senders

# By default we do NOT require sender verification.
# Sender verification denies unless sender address can be verified:
# If you want to require sender verification, i.e., that the sending
# address is routable and mail can be delivered to it, then
# uncomment the next line. If you do not want to require sender
# verification, leave the line commented out

#require verify = sender

# deny using .spamhaus
  deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = sbl.spamhaus.org

# deny using ordb
#  deny message = Email blocked by ORDB - to unblock see http://www.example.com/
#       # only for domains that do want to be tested against RBLs
#       domains = +use_rbl_domains
#       dnslists = relays.ordb.org

# deny using sorbs smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users

# deny using spamcop
  deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = bl.spamcop.net

# deny using njabl
  deny message = Email blocked by NJABL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.njabl.org

# deny using cbl
  deny message = Email blocked by CBL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

# deny using all other sorbs ip-based blocklist besides smtp list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.sorbs.net!=127.0.0.6

# deny using sorbs name based list
  deny message = Email blocked by SORBS - to unblock see http://www.example.com/
       domains =+use_rbl_domains
       # rhsbl list is name based
       dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
      message = "Unknown User"
          verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
  accept  domains = +relay_domains
          endpass
          verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
  deny    message = relay not permitted

# ACL that is used after the DATA command
check_message:
  accept

答案1

SpamAssasin 通常从 DATA ACL 和 RBL 中调用,从 RCPT TO ACL 开始——在 DATA 之前。

在 RCTP TO: 中的配置节中,Exim 被 RBL 拒绝

deny message = <msg>
  <additional conditions>
  dnslists = <RBL service address>

但是您的 DATA ACL 是空的(如下)——这是您的所有 ACL 配置吗?

# ACL that is used after the DATA command
check_message:
  accept

我猜如果你的 ACL 中没有“spam = ”行,你会使用 exim-sa。

查看在 Exim 中调用 SA 的其他 (推荐) 方法文档,第 41.3 节。

答案2

检查您的/var/log/syslog输出spamd;至少在我们的配置中,SpamAssassin 会在系统日志中记录它检查过的每个消息 ID 和相应的结果。

我所做的是在 Exim 中启用 RBL。现在,我在 Exim 日志中看到许多基于各种 RBL 的拒绝通知,这很好。

不,这不对 :/

如果您仅仅因为发送 MTA 被列入黑名单而拒绝邮件,您将丢失合法邮件,在我看来这是不可接受的。

我的公司运行两个邮件中继,中继大约 600000 名用户的邮件;每周有几个帐户被黑客入侵并开始发送垃圾邮件。我们监控日志以尽快识别这些帐户,然后禁用它们,但我们的服务器有时不可避免地会被列入一两个黑名单。因此,我认为仅仅因为发送 MTA 被列入一个黑名单而拒绝邮件是一个严重的错误。

我们所有的约 800 台服务器都使用 SpamAssassin 来识别垃圾邮件,并且没有一台服务器会直接拒绝可疑垃圾邮件。相反,垃圾邮件会通过筛选脚本分类到垃圾文件夹中,以便用户自行决定。单个黑名单条目通常只会导致更高的 SpamAssassin 分数,但只要邮件没有其他问题,它就会正常投递。

相关内容