[ kefalo @ 18.07.2009. 13:13 ] @
Imam na serveru instaliran qmail+vpopmail+simscan+courier imap+spamassassin+clamav+squirrelmail+mrtg. Sve to gura 5-6 virtualnih domena sa u prosjeku 10 mailova po virtuelnom domenu. Na zahtjev korisnika sam instalirao maildrop i mailfilter(skripta za sortiranje spama koja radi sa maildropom). Potrebno je sortirati spam u posebne foldere ".Spam" u Maildir-u koji su dostupni preko webmail-a. To u slucaju da neki od mailova zaluta u spam. Sve radi fino, ali imam false/positive spamove. Spam zavrsi u ham folderu oznacen sa subject [SPAM] score prelazi potreban score za spam a header sadrzi "X-Spam-Status: No". Skripta mailfilter sortira mailove na osnovu ovog header-a i dogadja se (dosta cesto) da mail sa [SPAM] u subjectu zavrsi u ham folderu. evo primjera jednog header-a: Code: Return-Path: <[email protected]> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on yeah X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, NO_RELAYS autolearn=unavailable version=3.2.5 Delivered-To: [email protected] Received: (qmail 22445 invoked by uid 89); 17 Jul 2009 23:54:50 -0000 Received: by simscan 1.4.0 ppid: 22406, pid: 22407, t: 39.3587s scanners: attach: 1.4.0 clamav: 0.94/m:48/d:8255 spam: 3.1.7-deb Received: from localhost by moj.server with SpamAssassin (version 3.2.5); Sat, 18 Jul 2009 01:54:50 +0200 From: "Steffanie Ymjmyyuq" <[email protected]> To: [email protected] Subject: [SPAM] Where did you go? Date: Fri, 17 Jul 2009 20:54:06 -0300 Message-Id: <1113AJF.43174E4D5.1506333485DCYNHNKTTONKVBU117@bd67187d.virtua.com.br> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_4A610F4A.80F566CC" obratite paznju na FROM u headeru. Email se predstavlja kao da dolazi sa iste adrese na koju se salje. Imam ukljucen report_safe u spamassassinu pa evo i poruke i bodova spamassassina Code: Spam detection software, running on the system "moj.server", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Jfqvjlqziweke Weekly Newsletter Online version here CONTACT US I SUBSCRIBE TO MORE NEWSLETTERS I SIGN IN TO YOUR ACCOUNT To unsubscribe from the our Weekly Newsletter, click here To view our privacy policy, click here [...] Content analysis details: (7.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [189.103.24.125 listed in zen.spamhaus.org] 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS -1.1 AWL AWL: From: address is in the auto white-list The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. Zasto se ovo dogadja? Kako sprijeciti? hvala unaprijed |