即使许多相同的垃圾邮件被正确过滤到服务器的垃圾邮件箱,一些高分的邮件也会传递给用户邮箱。 这里有一个例子:邮件被正确地过滤为垃圾邮件
Date: Thu, 04 Aug 2016 15:08:33 +0300 From: Erich Gibbs <[email protected]> To: **** <*****@****.**> Subject: please sign [-- Attachment #1 --] [-- Type: multipart/related, Encoding: 7bit, Size: 16K --] [-- Attachment #1 --] [-- Type: text/plain, Encoding: 8bit, Size: 0.1K --] Dear **** Please sign the receipt attached for the arrival of new office facilities. Best regards, Erich Gibbs [-- Attachment #2: fe12f845f8ff.zip --] [-- Type: application/zip, Encoding: base64, Size: 15K --] [-- application/zip is unsupported (use 'v' to view this part) --] [-- Attachment #2: SpamAssassinReport.txt --] [-- Type: text/plain, Encoding: 7bit, Size: 1.0K --] Spam detection software, running on the system "****.****.**", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear **** Please sign the receipt attached for the arrival of new office facilities. Best regards, Erich Gibbs [...] Content analysis details: (5.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or Generic rPTR 0.0 TVD_RCVD_IP Message was received from an IP address 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 这是类似的消息,达到我的收件箱
Return-Path: <[email protected]> Received: from 108.subnet110-136-45.speedy.telkom.net.id (108.subnet110-136-45.speedy.telkom.net.id [110.136.45.108] (may be forged)) by (8.14.7/8.14.7) with ESMTP id u74CAuvv038162 for <****@****.**>; Thu, 4 Aug 2016 14:11:07 +0200 Received: from root by telkom.net.id with local (Exim 4.80) (envelope-from <[email protected]>) id kcxAKb-MGbTTg-NC for ****@****.**; Thu, 04 Aug 2016 19:10:52 +0700 To: "*****" <****@****.**> Subject: please sign Date: Thu, 04 Aug 2016 19:10:52 +0700 From: "Earlene Blankenship" <[email protected]> Message-ID: <[email protected]> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="b1_560b0ac54766d9148a54052f9a46e5ef" X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/ Received-SPF: None (****.****.**: domain of [email protected] does not designate permitted sender hosts) receiver=****.****.**; client-ip=110.136.45.108; envelope-from=<[email protected]>; helo=108.subnet110-136-45.speedy.telkom.net.id; X-Virus-Scanned: clamav-milter 0.99.2 at ****.****.** X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.78 on 62.168.116.66 --b1_560b0ac54766d9148a54052f9a46e5ef Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Dear **** Please sign the receipt attached for the arrival of new office facilities. Best regards, Earlene Blankenship 1_560b0ac54766d9148a54052f9a46e5ef Content-Type: application/zip; name="d8bc18159378.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="d8bc18159378.zip"
当我用spamc查看同一信息的分数时,分数很高。 我不知道为什么在交货前没有正确标记。
# spamc -R <'1470312683.38275_0.****.****.**:2,Sa' 8.3/5.0 Spam detection software, running on the system "****.****.**", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear servis Please sign the receipt attached for the arrival of new office facilities. Best regards, Earlene Blankenship [...] Content analysis details: (8.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [110.136.45.108 listed in psbl.surriel.com] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [110.136.45.108 listed in zen.spamhaus.org] -1.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS #
任何想法可能是什么原因? 谢谢。
我find了原因。 在mimedefangfilter被定义为只有小于100kB的消息被spamassassin处理。 我已经提高了300kB,问题解决了。
if ($Features{"SpamAssassin"}) { if (-s "./INPUTMSG" < 300*1024) { ...
我希望这可以帮助别人。