开源邮件网关ScrolloutF1之五--垃圾邮件报告分析
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了开源邮件网关ScrolloutF1之五--垃圾邮件报告分析相关的知识,希望对你有一定的参考价值。
ScrolloutF1开始运行之后会对接收或发送出去的邮件进行分析,判定为垃圾邮件的邮件递送到隔离邮箱,下面我们就一个垃圾邮件评分进行分析,以便调整Level或加入白名单.
Content analysis details: (25.1 points, 5.0 required) //总评分,这封邮件评了25.1分,我的过滤需求是5分以下才是安全邮件,7分递送到用户邮箱但标记为垃圾邮件,见http://www.8win.net/2018/04/255.html中的隔离选项.
pts rule name description //评分 规则名称 描述
---- ---------------------- --------------------------------------------------
1.0 SO_PUB_URIBL_DOMAIN_40 URL's domain address is listed in //评分1分,URL规则包含qq.com URL过滤器生效
reputation-domain-40.rbl.scrolloutf1.com
[URIs: qq.com]
0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL //评分0.1分,IP地址在SBL列表 连接过滤器生效
[122.190.106.138 listed in zen.spamhaus.org]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL //评分0.4分,IP地址在XBL列表 连接过滤器生效
2.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL //评分2.3分,IP地址在PBL列表 连接过滤器生效
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server //评分1.5,IP地址在SORBS列表 连接过滤器生效
[122.190.106.138 listed in dnsbl.sorbs.net]
4.0 SO_PUB_URIBL_DOMAIN_10 URL's domain address is listed in //评分4,域名在URLBL列表 连接过滤器生效
reputation-domain-10.rbl.scrolloutf1.com
[URIs: incose.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL //评分2.7,IP地址在PSBL列表 连接过滤器生效
[122.190.106.138 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net //评分1.3 IP地址在SPAMCOP列表 连接过滤器生效
[Blocked - see <http://www.spamcop.net/bl.shtml?122.190.106.138>]
0.8 SO_RDNS_UNKNOWN Unspecified hostname //未定义主机,无SPF解析. 主机名过滤器生效
0.0 html_MESSAGE BODY: HTML included in message //邮件内容有插入HTML Body过滤器生效
1.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags //邮件中的HTML包含未确认内容 Body过滤器生效
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large //HTML中字体偏大 Body过滤器生效
4.5 BAYES_80 BODY: Bayes spam probability is 80 to 95% //贝叶斯判断垃圾邮件概率80%-95% Spam trap score生效
[score: 0.9405]
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word //HTML字体定义异常 Body过滤器生效
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS //无反向解析, 主机名过滤器生效
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily //不必要的BASE64编码, Body过滤器生效
2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers //OE头直接交付,这个邮件是通过命令直接投送,意味着使用第三方软件或命令行发送过来的,记得老版本的FOXMAIL也有个特快专递就是用的这种模式.Header and attachments filter生效
以上是关于开源邮件网关ScrolloutF1之五--垃圾邮件报告分析的主要内容,如果未能解决你的问题,请参考以下文章