開源郵件網關ScrolloutF1之五--垃圾郵件報告分析
阿新 • • 發佈:2018-04-18
服務器 郵件服務器 ScrolloutF1開始運行之後會對接收或發送出去的郵件進行分析,判定為垃圾郵件的郵件遞送到隔離郵箱,下面我們就一個垃圾郵件評分進行分析,以便調整Level或加入白名單.
reputation-domain-40.rbl.scrolloutf1.com
[URIs: qq.com]
0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL //評分0.1分,IP地址在SBL列表 連接過濾器生效
[122.190.106.138 listed in zen.spamhaus.org]
2.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL //評分2.3分,IP地址在PBL列表 連接過濾器生效
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server //評分1.5,IP地址在SORBS列表 連接過濾器生效
[122.190.106.138 listed in dnsbl.sorbs.net]
reputation-domain-10.rbl.scrolloutf1.com
[URIs: incose.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL //評分2.7,IP地址在PSBL列表 連接過濾器生效
[122.190.106.138 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net //評分1.3 IP地址在SPAMCOP列表 連接過濾器生效
[Blocked - see <http://www.spamcop.net/bl.shtml?122.190.106.138>]
0.8 SO_RDNS_UNKNOWN Unspecified hostname //未定義主機,無SPF解析. 主機名過濾器生效
0.0 HTML_MESSAGE BODY: HTML included in message //郵件內容有插入HTML Body過濾器生效
1.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags //郵件中的HTML包含未確認內容 Body過濾器生效
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large //HTML中字體偏大 Body過濾器生效
4.5 BAYES_80 BODY: Bayes spam probability is 80 to 95% //貝葉斯判斷垃圾郵件概率80%-95% Spam trap score生效
[score: 0.9405]
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word //HTML字體定義異常 Body過濾器生效
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS //無反向解析, 主機名過濾器生效
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily //不必要的BASE64編碼, Body過濾器生效
2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers //OE頭直接交付,這個郵件是通過命令直接投送,意味著使用第三方軟件或命令行發送過來的,記得老版本的FOXMAIL也有個特快專遞就是用的這種模式.Header and attachments filter生效
Content analysis details: (25.1 points, 5.0 required) //總評分,這封郵件評了25.1分,我的過濾需求是5分以下才是安全郵件,7分遞送到用戶郵箱但標記為垃圾郵件,見http://www.8win.net/2018/04/255.html中的隔離選項.
pts rule name description //評分 規則名稱 描述
---- ---------------------- --------------------------------------------------
reputation-domain-40.rbl.scrolloutf1.com
[URIs: qq.com]
0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL //評分0.1分,IP地址在SBL列表 連接過濾器生效
[122.190.106.138 listed in zen.spamhaus.org]
2.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL //評分2.3分,IP地址在PBL列表 連接過濾器生效
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server //評分1.5,IP地址在SORBS列表 連接過濾器生效
[122.190.106.138 listed in dnsbl.sorbs.net]
reputation-domain-10.rbl.scrolloutf1.com
[URIs: incose.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL //評分2.7,IP地址在PSBL列表 連接過濾器生效
[122.190.106.138 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net //評分1.3 IP地址在SPAMCOP列表 連接過濾器生效
[Blocked - see <http://www.spamcop.net/bl.shtml?122.190.106.138>]
0.8 SO_RDNS_UNKNOWN Unspecified hostname //未定義主機,無SPF解析. 主機名過濾器生效
0.0 HTML_MESSAGE BODY: HTML included in message //郵件內容有插入HTML Body過濾器生效
1.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags //郵件中的HTML包含未確認內容 Body過濾器生效
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large //HTML中字體偏大 Body過濾器生效
4.5 BAYES_80 BODY: Bayes spam probability is 80 to 95% //貝葉斯判斷垃圾郵件概率80%-95% Spam trap score生效
[score: 0.9405]
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word //HTML字體定義異常 Body過濾器生效
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS //無反向解析, 主機名過濾器生效
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily //不必要的BASE64編碼, Body過濾器生效
2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers //OE頭直接交付,這個郵件是通過命令直接投送,意味著使用第三方軟件或命令行發送過來的,記得老版本的FOXMAIL也有個特快專遞就是用的這種模式.Header and attachments filter生效
南嶽冬癹,閣隱梨花;竹亭煮酒,鏘鏘夜話
開源郵件網關ScrolloutF1之五--垃圾郵件報告分析