我有一个托管电子邮件服务,其中运行着 Spamassassin。我们使用全站范围的贝叶斯过滤器。我们有 20 个用户。电子邮件过滤对所有用户都很好用,除了 1 个电子邮件地址。这个用户每天都会收到大量垃圾邮件。这些垃圾邮件中有一部分确实正常工作,并被发送到他的垃圾邮件文件夹。但大部分都进入了他的收件箱。
现在来看看奇怪的部分。到达他收件箱的垃圾邮件的标题被重写为包含***SPAM***。这就像 sa 检查了这封邮件两次。第一次它将其标记为垃圾邮件并更改标题,但第二次它说没问题并发送了它。我在下面发布了标题信息,以便您可以看到电子邮件标题的样子。为了保护隐私,我删除了一些信息。提前感谢您的帮助!
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Wed, 24 Aug 2016 18:20:52 +0000
Received: from [85.93.14.210] (port=33725 helo=timewhenhead.top)
by server.domain.com with esmtp (Exim 4.87)
(envelope-from <[email protected]>)
id 1bccnB-0005tA-39
for [email protected]; Wed, 24 Aug 2016 18:20:52 +0000
Message-ID: <[email protected]>
From: "Erectile Booster" <[email protected]>
Date: Wed, 24 Aug 2016 12:19:05 -0600
To: "user" <[email protected]>
X-Spam-Status: no, score=0.6 required=5.0 tests=BAYES_99
Content-type: multipart/alternative; boundary="76KR77.XMOO7Y7.L29.LD.260.78L.96P";
X-Spam-Status: Yes, score=41.5
X-Spam-Score: 415
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "server.domain.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: It appears HTML is disabled in your email reader. Please click
the link below for your message: http://timewhenhead.top/208f5e0ca7b60ac60263f6e056fe1b05_19e5bd57-010101010001/1/1505
That's right, you have been outright lied to for over 10 years now... [...]
Content analysis details: (41.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: timewhenhead.top]
8.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URIs: timewhenhead.top]
4.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[85.93.14.210 listed in bb.barracudacentral.org]
3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[85.93.14.210 listed in zen.spamhaus.org]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URIs: timewhenhead.top]
10 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
10 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.6 KAM_ADVERT2 RAW: This is probably an unwanted commercial email...
1.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Flag: YES
Subject: ***SPAM*** You have been lied to for 10 years...
X-From-Rewrite: unmodified, no actual sender determined from check mail permissions
答案1
Spamassassin 不会阻止垃圾邮件,它只是识别垃圾邮件。调用程序将负责适当处理结果。如果邮件已通过 Spamassassin 过滤,则添加的标头正是我所期望的。
在这种情况下,垃圾邮件中会出现“X-Spam-Status:”标头。这将使依赖邮件中第一个标头的过滤器感到困惑。在应用新标头之前,应先删除现有的 spamassassin 标头。执行此操作的方法取决于邮件服务器软件以及将标头添加到邮件的方式。
邮件服务器通常会对所有或大多数传入邮件调用 Spamassassin。但是,每个邮件服务器都有自己的配置方式。此外,可以按站点过滤邮件(无论有多少收件人,只过滤一次)或按用户过滤邮件(每个收件人过滤一次)。某些配置要求每个用户设置自己的垃圾邮件阈值。
还可以在客户端上过滤消息。这将按用户进行过滤,通常使用按用户设置。此时唯一合适的操作是过滤消息并将其放入垃圾邮件文件夹。