开源邮件网关ScrolloutF1之五--垃圾邮件报告分析

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了开源邮件网关ScrolloutF1之五--垃圾邮件报告分析相关的知识,希望对你有一定的参考价值。

ScrolloutF1开始运行之后会对接收或发送出去的邮件进行分析,判定为垃圾邮件的邮件递送到隔离邮箱,下面我们就一个垃圾邮件评分进行分析,以便调整Level或加入白名单.

 

Content analysis details:   (25.1 points, 5.0 required) //总评分,这封邮件评了25.1分,我的过滤需求是5分以下才是安全邮件,7分递送到用户邮箱但标记为垃圾邮件,见http://www.8win.net/2018/04/255.html中的隔离选项.
pts rule name              description //评分    规则名称    描述
---- ---------------------- --------------------------------------------------
1.0 SO_PUB_URIBL_DOMAIN_40 URL's domain address is listed in    //评分1分,URL规则包含qq.com   URL过滤器生效
                            reputation-domain-40.rbl.scrolloutf1.com
                            [URIs: qq.com]
0.1 RCVD_IN_SBL            RBL: Received via a relay in Spamhaus SBL  //评分0.1分,IP地址在SBL列表   连接过滤器生效
                            [122.190.106.138 listed in zen.spamhaus.org]
0.4 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL  //评分0.4分,IP地址在XBL列表  连接过滤器生效
2.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL  //评分2.3分,IP地址在PBL列表  连接过滤器生效
1.5 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is an abusable web server  //评分1.5,IP地址在SORBS列表   连接过滤器生效
                            [122.190.106.138 listed in dnsbl.sorbs.net]
4.0 SO_PUB_URIBL_DOMAIN_10 URL's domain address is listed in  //评分4,域名在URLBL列表  连接过滤器生效
                            reputation-domain-10.rbl.scrolloutf1.com
                            [URIs: incose.org]
2.7 RCVD_IN_PSBL           RBL: Received via a relay in PSBL //评分2.7,IP地址在PSBL列表  连接过滤器生效
                            [122.190.106.138 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net  //评分1.3 IP地址在SPAMCOP列表  连接过滤器生效
             [Blocked - see <http://www.spamcop.net/bl.shtml?122.190.106.138>]
0.8 SO_RDNS_UNKNOWN        Unspecified hostname  //未定义主机,无SPF解析.  主机名过滤器生效
0.0 html_MESSAGE           BODY: HTML included in message  //邮件内容有插入HTML  Body过滤器生效
1.2 HTML_TAG_BALANCE_BODY  BODY: HTML has unbalanced "body" tags   //邮件中的HTML包含未确认内容  Body过滤器生效
0.0 HTML_FONT_SIZE_LARGE   BODY: HTML font size is large  //HTML中字体偏大  Body过滤器生效
4.5 BAYES_80               BODY: Bayes spam probability is 80 to 95% //贝叶斯判断垃圾邮件概率80%-95%  Spam trap score生效
                            [score: 0.9405]
1.0 HTML_FONT_FACE_BAD     BODY: HTML font face is not a word //HTML字体定义异常 Body过滤器生效
0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS //无反向解析,  主机名过滤器生效
1.0 FROM_EXCESS_BASE64     From: base64 encoded unnecessarily  //不必要的BASE64编码,  Body过滤器生效
2.5 DOS_OE_TO_MX           Delivered direct to MX with OE headers  //OE头直接交付,这个邮件是通过命令直接投送,意味着使用第三方软件或命令行发送过来的,记得老版本的FOXMAIL也有个特快专递就是用的这种模式.Header and attachments filter生效

 

南岳冬癹,阁隐梨花;竹亭煮酒,锵锵夜话

以上是关于开源邮件网关ScrolloutF1之五--垃圾邮件报告分析的主要内容,如果未能解决你的问题,请参考以下文章

开源邮件网关ScrolloutF1之二--基本配置

开源邮件网关ScrolloutF1之一--安装及更新

开源邮件网关ScrolloutF1之四--安全

CentOS 7.4 安装部署 IRedMail 邮件服务器

邮件安全防护之反垃圾邮件开源软件ASSP

Exchange反垃圾解决方案Proxmox Mail Gateway!