邮件被 spamassassin 过滤了两次

邮件被 spamassassin 过滤了两次

我有一个带有 postfix、amavis 和 spamassassin 的服务器。

在 spamassassinlocal.cf文件中,我将垃圾邮件的默认标题主题标记从 更改*****SPAM******为 [SPAM],因为它更紧凑。

我注意到有些邮件的主题中有两个 [SPAM]。这些邮件曾经被标记为垃圾邮件,并且邮件中会添加一个前缀,表明该邮件被视为垃圾邮件,并且这封邮件也被标记为垃圾邮件。

以下是该邮件的内容,其中服务器名称和电子邮件地址被替换为~~~~~。

显然 spamassassin 正在发送这封邮件,并再次对其进行过滤。如何避免这种情况?

Received: from localhost by ~~~~~
    with SpamAssassin (version 3.4.2);
    Tue, 10 Nov 2020 02:48:05 +0100
From: "Hansen Yang" <[email protected]>
To: ~~~~~
Subject: [SPAM] [SPAM]Re: BK7, Sapphire, Fused Silica, Borosilicate Lens Supplier
Date: 10 Nov 2020 09:47:43 +0800
Message-Id: <20201110014803.1F3BE46C0DDE@~~~~~>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ~~~~~
X-Spam-Flag: YES
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.3 required=5.0 tests=BAYES_60,DEAR_FRIEND,
    FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,FREEMAIL_REPLYTO,
    HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE,
    SPOOFED_FREEM_REPTO,URIBL_BLOCKED autolearn=no autolearn_force=no
    version=3.4.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5FA9F155.89B4A390"

This is a multi-part message in MIME format.

------------=_5FA9F155.89B4A390
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "~~~~~",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Dear Friendï¼› This is Hansen from Newdistrict Optics Co.,Limited.
   I am professional Customized Optics manufacturer: 1)Lens plano-convex,plano-concave,bi-convex,bi-concave,doubletlens.
   2)Window,mirror Planowinows,Squarewindows,Wedgewindow,IRfilter,UVfilter.
  3)Cylindr [...] 

Content analysis details:   (9.3 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                            blocked.  See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: yeah.net]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                            mail domains are different
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                            provider (shibinjiu[at]126.com)
 2.6 DEAR_FRIEND            BODY: Dear Friend? That's not very dear!
 1.5 BAYES_60               BODY: Bayes spam probability is 60 to 80%
                            [score: 0.7688]
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
                            EnvelopeFrom freemail headers are
                            different
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
 1.0 FREEMAIL_REPLYTO       Reply-To/From or Reply-To/body contain
                            different freemails
 2.5 SPOOFED_FREEM_REPTO    Forged freemail sender with freemail
                            reply-to

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_5FA9F155.89B4A390
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Return-Path: <[email protected]>
X-Original-To: ~~~~~
Delivered-To: ~~~~~
Received: from localhost (localhost [127.0.0.1])
    by ~~~~~ (Postfix) with ESMTP id 1F3BE46C0DDE
    for <~~~~~>; Tue, 10 Nov 2020 02:48:03 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ~~~~~
X-Spam-Flag: YES
X-Spam-Score: 5.376
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.376 tagged_above=-99 required=5
    tests=[ALL_TRUSTED=-1, DEAR_FRIEND=2.604,
    FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
    FREEMAIL_REPLYTO=1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
    HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.105, MISSING_MID=0.14,
    RDNS_NONE=1.274, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ~~~~~ ([127.0.0.1])
    by localhost (~~~~~ [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 1_MKDXS7gYRM for <[email protected]>;
    Tue, 10 Nov 2020 02:48:00 +0100 (CET)
Received: from axls.com (unknown [180.104.175.97])
    by ~~~~~ (Postfix) with ESMTP id F2E7B46C0DD4
    for <~~~~~>; Tue, 10 Nov 2020 02:47:59 +0100 (CET)
Received: from vps9733 ([127.0.0.1]) by localhost via TCP with ESMTPA; Tue, 10 Nov 2020 09:47:43 +0800
MIME-Version: 1.0
From: "Hansen Yang" <[email protected]>
Sender: "Hansen Yang" <[email protected]>
To: ~~~~~
Reply-To: "Hansen Yang" <[email protected]>
Date: 10 Nov 2020 09:47:43 +0800
Subject: [SPAM]Re: BK7, Sapphire, Fused Silica, Borosilicate Lens Supplier
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Message-Id: <20201110014803.1F3BE46C0DDE@~~~~~>

PGh0bWw+PGJvZHk+PFA+RGVhciBGcmllbmTvvJs8L1A+DQo8UD5UaGlzIGlzIEhhbnNlbiBm
cm9tIE5ld2Rpc3RyaWN0IE9wdGljcyBDby4sTGltaXRlZC48L1A+DQo8UD5JIGFtIHByb2Zl
c3Npb25hbCBDdXN0b21pemVkIE9wdGljcyBtYW51ZmFjdHVyZXI6IDxCUj4xKUxlbnM8QlI+
cGxhbm8tY29udmV4LHBsYW5vLWNvbmNhdmUsYmktY29udmV4LGJpLWNvbmNhdmUsZG91Ymxl
dGxlbnMuPEJSPjIpV2luZG93LG1pcnJvcjxCUj5QbGFub3dpbm93cyxTcXVhcmV3aW5kb3dz
LFdlZGdld2luZG93LElSZmlsdGVyLFVWZmlsdGVyLjxCUj4zKUN5bGluZHJpY2FsbGVuczxC
Uj5wbGFuby1jb252ZXgmYW1wO2NvbmNhdmVjeWxpbmRyaWNhbGxlbnMsQmktY29uY2F2ZSZh
bXA7Y29udmV4Y3lsaW5kcmljYWxsZW5zLjxCUj40KVByaXNtPEJSPlBlcmlzY29wZXByaXNt
LFJpZ2h0YW5nbGVwcmlzbSxQZW50YXByaXNtLERvdmVwcmlzbSxDb3JuZXJjdWJlcHJpc20u
PEJSPjUpQ29hdGluZy1BUiwgRExDLCBIUiwgSFQgZXRjLjxCUj5NYXRlcmlhbDpCazcsRnVz
ZWRTaWxpY2EsIFNhcHBoaXJlLEJvcm9zaWxpY2F0ZSBnbGFzcywgQ0RHTSwgU0NIT1RUIGV0
Yy48L1A+DQo8UD5QbGVhc2UgZmVlbCBmcmVlIHRvIGNvbnRhY3QgbWUgaWYgeW91IGhhdmUg
YW55IHJlcXVlc3RzLjwvUD4NCjxQPkFuZCBJIGhvcGUgdG8gYmUgeW91ciByZWxpYWJsZSBz
dXBwbGllciBpbiBmdXR1cmUuPC9QPg0KPFA+QmVzdCBSZWdhcmRzLDxCUj5IYW5zZW4gWWFu
ZzxCUj5HZW5lcmFsIE1hbmFnZXI8QlI+QWRkOjctNDAxIEFsbGV5NTggQmFvTGUgUm9hZCBN
YUx1IFRvd25KaWFEaW5nIERpc3RyaWN0IFNoYW5naGFpLENoaW5hPEJSPk1vYmlsZTo4Ni0x
ODkxNzM5NjU2NjxCUj5UZWw6Kzg2LTIxLTYxMTI2NTkyLEZheDo4Ni0yMS02MTEyNjU5MzxC
Uj5FLW1haWw6TmV3ZGlzdHJpY3RAeWVhaC5uZXQ8QlI+UGxlYXNlIGNvbnNpZGVyIHRoZSBl
bnZpcm9ubWVudCBiZWZvcmUgcHJpbnRpbmcgdGhpcyBlbWFpbC48L1A+PC9ib2R5PjwvaHRtbD4=


------------=_5FA9F155.89B4A390--

编辑1: 显然,一个 [SPAM] 是由 spamassassin 添加的,另一个是由 amavis 添加的。它们显然互相干扰。

编辑2:经过进一步调查,似乎 amavis 在 spamassassin 之前处理收到的邮件。当收到的邮件具有X-Spam-Flag: YES适当的分数时,amavis 会在主题行中添加垃圾邮件标签。

然后,邮件显然被传递给 spamassassin,它会添加自己的X-Spam标题字段,并且当邮件被视为垃圾邮件时,它会在主题行前面添加垃圾邮件标签。

因此,amavis 放置垃圾邮件标签的原因是它对X-Spam收到的邮件的标头做出反应。很奇怪,因为它应该根据 spamassassin 放置的标头字段做出反应。这是 amavis 的功能还是配置错误?

至少它表明禁用 amavis 中添加垃圾邮件标签应该可以解决问题。

答案1

这个问题已经通过重新配置 amavis 和 Postfix 解决了。请参阅我的回答这里提供有效的 amavis 配置。希望这会有所帮助。

相关内容