SpamAssassin 评分异常低 + 与手动分析不同,导致几乎所有垃圾邮件都通过

SpamAssassin 评分异常低 + 与手动分析不同,导致几乎所有垃圾邮件都通过

我在使用 SpamAssassin 时遇到了问题;它为电子邮件分配的分数远低于应有的分数。此外,它在收到电子邮件时分配的分数与spamassassin -t事后对同一封电子邮件运行的结果不同。例如,以下是从我的电子邮件客户端中的电子邮件标题中提取的垃圾邮件分数报告:

Content analysis details:   (1.3 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                          for more information.
                             [URIs: goatkoo.us]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.0 DATE_IN_FUTURE_06_12   Date: is 6 to 12 hours after Received: date
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
                         background
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 T_REMOTE_IMAGE         Message contains an external image

同时,结果如下spamassassin -t

Content analysis details:   (4.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                         for more information.
                            [URIs: wilsonbiggs.com]
 1.9 URIBL_ABUSE_SURBL      Contains an URL listed in the ABUSE SURBL blocklist
                            [URIs: goatkoo.us]
 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?185.73.200.38>]
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 DATE_IN_FUTURE_06_12   Date: is 6 to 12 hours after Received: date
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
                            background
 1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
 0.0 T_REMOTE_IMAGE         Message contains an external image

我没有设置自定义规则。我有 exim4 和 courier,并使用 ajenti-v 作为控制面板;在 ajenti-v 中,我为 exim4 设置了以下配置:

自定义配置:

SMTP_PORT == 25:587
LOCAL_INTERFACES == <; 0.0.0.0.25 ; 0.0.0.0.587 ; 0.0.0.0.465 ; [::0]:25 ; [::0]:587 ; [::0]:465
smtp_accept_max = 50

spamd_address = 127.0.0.1 783
ACL_SMTP_DATA == acl_custom_check_data
USE = "exiscan"

自定义 ACL:

acl_custom_check_data:

  deny
    message = Message headers fail syntax check
    !verify = header_syntax

  warn spam = nobody:true
    add_header = X-Spam-Score: $spam_score ($spam_bar)
    add_header = X-Spam-Report: $spam_report

  warn spam = nobody
    remove_header = Subject
    add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:

  warn message = Content Policy Restriction: Mails to undisclosed recipients are not permitted
    condition = ${if eq{$h_TO:}{undisclosed-recipients:;} {true}{false}}

  accept

自定义路由器:

maildir_spam:
  driver    = accept
  transport = maildir_spam_delivery
  condition = ${if def:h_X-Spam_score: {true}}

定制运输:

maildir_spam_delivery:
  driver = appendfile
  maildir_format = true
  directory = /var/vmail/$domain/$local_part/.Spam
  user = mail
  create_directory
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail
  mode = 0600

由于这些问题,我每天收到 120 多条垃圾邮件。感谢大家的帮助!

答案1

正如 Rodolfo Saccani 所评论的,这些 IP 可以在您收到消息后列出,因此这会产生差异。

从您收到的第一个分数警告来看,似乎您在 DNS 解析检查 RBL 时遇到了问题。在第一个标头上,SpamAssassin 没有根据 RBL 分配任何分数,但在第二个标头上,由于该邮件来自 RBL 列出的 IP 地址,您获得了一些分数。

custom.cf编辑/创建spamassassing 配置文件夹(通常是 /etc/mail/spamassassin 或类似文件)上的文件并添加以下内容:

dns_server 8.8.8.8
dns_server 8.8.4.4
dns_server 1.1.1.1

或您喜欢的 DNS 服务器。如果您的问题是由于 SpamAssassin 的 DNS 解析引起的,那么这些行将对您有所帮助。请记住重新启动 spamd 守护程序。

相关内容