贡献基于DEBIAN +AMAVISD+SPAMASSASSIN+DSPAM+SLOCKD+MAILMAN+JABBER的经验
刚开始学做这个 DSPAM 由于公司服务器系统都是DEBIAN 配置和REDHAT 体系还是有很大不同 花费了不少时间哈哈 :lol 今天终于见到了 理想效果 DSPAM和EXTMAIL能够完美配合 我把DSPAM学习次数修改为了三次 测试单击某邮件三次 “这是垃圾邮件“后 能够准确再第四次后 把他直接丢到垃圾油箱里去 :lol 测试几次都这样正常 我当初还当心这个东西的DSPAM。PM能不能在DEBIAN上正常工作 呵呵 现在看来没任何问题哈哈 SPAMASSASSIN BEYES学习经过调整也正常了 基本上是来任何一封邮件 用 sa-learn --dump magic 能直接看到数据库在变化 :lol :lol 垃圾邮件学习也是准确率高达 100% 哈哈 :lol
现在共享出来正确的配置文件给各大网友 注意系统是:DEBIAN 4 /5都可以
DSPAM 的 dspam.conf 如下:
mail:~# grep -v "^#" /etc/dspam/dspam.conf
Home /var/spool/dspam
StorageDriver /usr/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/sbin/sendmail"
DeliveryHost 127.0.0.1
DeliveryPort 10024
DeliveryIdent localhost
DeliveryProto SMTP <---此处也可以使用LMTP 也可以的 经过测试没问题
OnFail error
Trust root
Trust dspam
Trust vmail 〈----------------------这个账户是你的MAIL系统账户 比如VMAIL
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Feature tb=3
Algorithm graham burton
PValue bcr
Tokenizer chain
SupressWebStats off
Preference "spamAction=tag"
Preference "signatureLocation=headers" # 'message' or 'headers'
Preference "showFactors=on"
Preference "spamSubject=Spam"
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
HashRecMax 98317
HashAutoExtend on
HashMaxExtents 0
HashExtentSize 49157
HashMaxSeek 100
HashConnectionCache 10
Notifications off
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse on
MaxMessageSize 20971520
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
ServerPort 10028
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
ServerMode auto
ServerPass.Relay1 "secret"
ServerParameters "--user=vmail --deliver=innocent,spam"
ServerIdent "localhost.localdomain"
ClientHost 127.0.0.1
ClientPort 10028
ClientIdent "secret@Relay1"
ProcessorBias on
ProcessorURLContext on
Include /etc/dspam/dspam.d/
下面是 DSPAM。D下的 MYSQL。CONF
MySQLServer /var/run/mysqld/mysqld.sock
MySQLUser libdspam7-drv-my
MySQLPass dspam
MySQLDb libdspam7drvmysql
MySQLCompress true
MySQLConnectionCache 20
MySQLUIDInSignature on
上面的都是直接搞出来的 都是原来的配置没有修改过 比LOBSOAO的要准确点 直接复制到你的DSPAM。CONF里面保存下就可以用了 只要你的邮件账户是VMAIL
[[i] 本帖最后由 hondasky 于 2009-12-28 09:59 编辑 [/i]]
接着上面
mail:/etc/spamassassin# cat local.cf# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
## Enable Bayes auto-learning
use_auto_whitelist 0
use_bayes 1
use_bayes_rules 1
bayes_path /var/lib/amavis/.spamassassin/bayes
# Enable Bayes auto-learning
bayes_auto_learn 1
bayes_min_ham_num 200 《-----这里设置最小学习正常邮件数量
bayes_min_spam_num 200 〈-----这里设置最小学习垃圾邮件数量
bayes_auto_learn_threshold_nonspam 0.0 〈----这里设置正常邮件开启BEYES学习的最小分数
bayes_auto_learn_threshold_spam 5.0 〈----这里设置垃圾邮件开启BEYES学习的最小分数 就是说当邮件分数满足5分时就开始学习 哈哈 这个地方找了好久才找到
#auto_whitelist
#auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist
#auto_whitelist_file_mode 0600
#rbl
skip_rbl_checks 1
#modules
use_razor2 1
use_dcc 1
use_pyzor 1
dns_available yes
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
#include dspam modlues
include dspam.cf
score DCC_CHECK 4.0
score RAZOR2_CHECK 2.5
这个下面是针对变态的垃圾邮件而做的特殊平分规则 能够过滤特殊不规则垃圾邮件 哈哈
# local domain from but ip not match.
header __FROM_TEATIME Received =~ /from test.com.cn/i
header __FROM_TEATIME_IP Received =~ /\[12\.34\.56\.78\]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From test.com.cn but ip not match
score FROM_TEATIME_BUT_IP_ERROR 11.0
# From addr like <some chinese>@mydomain
header __FROM_8BIT_LOCAL From:addr =~ /[a-zA-Z0-9_-]*[\x80xff][a-zA-Z0-9_-]*\@test\.com\.cn/i
header __TO_8BIT_LOCAL To:addr =~ /[a-zA-Z0-9_-]*[\x80-\xff][a-zA-Z0-9_-]*\@test\.com\.cn/i
header __CC_8BIT_LOCAL Cc:addr =~ /[a-zA-Z0-9_-]*[\x80-\xff][a-zA-Z0-9_-]*\@test\.com\.cn/i
meta LOCAL_8BIT_USER (__FROM_8BIT_LOCAL || __TO_8BIT_LOCAL || __CC_8BIT_LOCAL)
describe LOCAL_8BIT_USER From or To a [email]chinese@test.com.cn[/email]
score LOCAL_8BIT_USER 11.0
score ADDRESS_IN_SUBJECT 11.00 # To: address appears in Subject
score ADDR_FREE 3.000 # From Address contains FREE
score BAD_ENC_HEADER 0.500 # Message has bad MIME encoding in the header
score BANG_MORE 5.000 # Talks about more with an exclamation!
score BILLION_DOLLARS 0.500 # Talks about lots of money
score BAYES_00 0.000 # Bayesian spam probability is 0 to 1%
score BAYES_05 0.000 # Bayesian spam probability is 1 to 5%
score BAYES_20 0.000 # Bayesian spam probability is 5 to 20%
score BAYES_40 0.500 # Bayesian spam probability is 20 to 40%
score BAYES_50 1.000 # Bayesian spam probability is 40 to 60%
score BAYES_60 1.000 # Bayesian spam probability is 60 to 80%
score BAYES_80 1.000 # Bayesian spam probability is 80 to 95%
score BAYES_95 1.000 # Bayesian spam probability is 95 to 99%
score BAYES_99 1.000 # Bayesian spam probability is 99 to 100%
score DATE_IN_FUTURE_03_06 1.000 # Date: is 3 to 6 hours after Received: date
score DATE_IN_FUTURE_06_12 1.000 # Date: is 6 to 12 hours after Received: date
score DATE_IN_FUTURE_12_24 1.000 # Date: is 12 to 24 hours after Received: date
score DATE_IN_FUTURE_24_48 1.000 # Date: is 24 to 48 hours after Received: date
score DATE_IN_FUTURE_48_96 1.000 # Date: is 48 to 96 hours after Received: date
score DATE_IN_FUTURE_96_XX 1.000 # Date: is 96 hours or more after Received: date
score DATE_IN_PAST_03_06 1.000 # Date: is 3 to 6 hours before Received: date
score DATE_IN_PAST_06_12 1.000 # Date: is 6 to 12 hours before Received: date
score DATE_IN_PAST_12_24 1.000 # Date: is 12 to 24 hours before Received: date
score DATE_IN_PAST_24_48 1.000 # Date: is 24 to 48 hours before Received: date
score DATE_IN_PAST_48_96 1.000 # Date: is 48 to 96 hours before Received: date
score DATE_IN_PAST_96_XX 1.000 # Date: is 96 hours or more before Received: date
score DATE_SPAMWARE_Y2K 1.000 # Date header uses unusual Y2K formatting
score DNS_FROM_AHBL_RHSBL 0.000 # From: sender listed in dnsbl.ahbl.org
score DNS_FROM_RFC_ABUSE 0.000 # Envelope sender in abuse.rfc-ignorant.org
score DNS_FROM_RFC_BOGUSMX 0.000 # Envelope sender in bogusmx.rfc-ignorant.org
score DNS_FROM_RFC_DSN 0.000 # Envelope sender in dsn.rfc-ignorant.org
score DNS_FROM_RFC_POST 0.000 # Envelope sender in postmaster.rfc-ignorant.org
score DNS_FROM_RFC_WHOIS 0.000 # Envelope sender in whois.rfc-ignorant.org
score DOMAIN_4U2 2.000 # Domain name containing a "4u" variant
score DOMAIN_RATIO 3.000 # Message body mentions many internet domains
score EMPTY_MESSAGE 1.000 # Message appears to be empty with no Subject: text
score ENGLISH_UCE_SUBJECT 1.400 # Subject contains an English UCE tag
score FORGED_HOTMAIL_RCVD 1.000 # Forged hotmail.com 'Received:' header found
score FORGED_HOTMAIL_RCVD2 1.000 # hotmail.com 'From' address, but no 'Received:'
score FORGED_MSGID_AOL 1.500 # Message-ID is forged, (aol.com)
score FORGED_MSGID_EXCITE 1.500 # Message-ID is forged, (excite.com)
score FORGED_MSGID_HOTMAIL 1.500 # Message-ID is forged, (hotmail.com)
score FORGED_MSGID_MSN 1.500 # Message-ID is forged, (msn.com)
score FORGED_MSGID_YAHOO 1.500 # Message-ID is forged, (yahoo.com)
score FORGED_MUA_AOL_FROM 1.500 # Forged mail pretending to be from AOL (by From)
score FORGED_MUA_EUDORA 1.500 # Forged mail pretending to be from Eudora
score FORGED_MUA_IMS 1.500 # Forged mail pretending to be from IMS
[[i] 本帖最后由 hondasky 于 2009-5-19 21:43 编辑 [/i]]
接着上面
score FORGED_MUA_MOZILLA 1.500 # Forged mail pretending to be from Mozillascore FORGED_MUA_OIMO 1.500 # Forged mail pretending to be from MS Outlook IMO
score FORGED_MUA_OUTLOOK 1.500 # Forged mail pretending to be from MS Outlook
score FORGED_MUA_THEBAT_BOUN 2.000 # Mail pretending to be from The Bat! (boundary)
score FORGED_MUA_THEBAT_CS 1.500 # Mail pretending to be from The Bat! (charset)
score FORGED_OUTLOOK_HTML 1.500 # Outlook can't send HTML message only
score FORGED_OUTLOOK_TAGS 1.000 # Outlook can't send HTML in this format
score FROM_ALL_NUMS 1.500 # From numeric address (except US/Canada phones)
score FROM_BLANK_NAME 1.500 # From: contains empty name
score FROM_DOMAIN_NOVOWEL 1.500 # From: domain has series of non-vowel letters
score FROM_ENDS_IN_NUMS 1.000 # From: ends in many numbers
score FROM_ILLEGAL_CHARS 1.000 # From: has too many raw illegal characters
score GAPPY_SUBJECT 3.000 # Subject: contains G.a.p.p.y-T.e.x.t
score HEAD_ILLEGAL_CHARS 0.500 # Headers have too many raw illegal characters
score HELO_DYNAMIC_IPADDR2 2.000 # Relay HELO'd using suspicious hostname (IP addr 2)
score HTML_00_10 0.000 # Message is 0% to 10% HTML
score HTML_10_20 0.000 # Message is 10% to 20% HTML
score HTML_20_30 0.000 # Message is 20% to 30% HTML
score HTML_30_40 0.000 # Message is 30% to 40% HTML
score HTML_40_50 0.000 # Message is 40% to 50% HTML
score HTML_50_60 0.000 # Message is 50% to 60% HTML
score HTML_60_70 0.000 # Message is 60% to 70% HTML
score HTML_70_80 0.000 # Message is 70% to 80% HTML
score HTML_80_90 0.000 # Message is 80% to 90% HTML
score HTML_90_100 0.000 # Message is 90% to 100% HTML
score HTML_FONT_BIG 0.000 # HTML tag for a big font size
score HTML_FONT_FACE_BAD 0.000 # HTML font face is not a word
score HTML_IMAGE_ONLY_04 0.500 # HTML: images with 0-400 bytes of words
score HTML_IMAGE_ONLY_08 0.400 # HTML: images with 400-800 bytes of words
score HTML_IMAGE_ONLY_12 1.000 # HTML: images with 800-1200 bytes of words
score HTML_IMAGE_ONLY_16 1.000 # HTML: images with 1200-1600 bytes of words
score HTML_IMAGE_ONLY_20 1.000 # HTML: images with 1600-2000 bytes of words
score HTML_IMAGE_ONLY_24 1.000 # HTML: images with 2000-2400 bytes of words
score HTML_IMAGE_ONLY_28 1.000 # HTML: images with 2400-2800 bytes of words
score HTML_IMAGE_ONLY_32 1.000 # HTML: images with 2800-3200 bytes of words
score HTML_IMAGE_RATIO_02 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_04 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_06 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_08 2.000 # HTML has a low ratio of text to image area
score HTML_MESSAGE 0.100 # HTML included in message
score HTML_MIME_NO_HTML_TAG 3.000 # HTML-only message, but there is no HTML tag
score HTML_MISSING_CTYPE 3.000 # Message is HTML without HTML Content-Type
score HTML_NONELEMENT_00_10 0.100 # 0% to 10% of HTML elements are non-standard
score HTML_NONELEMENT_10_20 0.500 # 10% to 20% of HTML elements are non-standard
score HTML_NONELEMENT_20_30 0.000 # 20% to 30% of HTML elements are non-standard
score HTML_NONELEMENT_30_40 0.500 # 30% to 40% of HTML elements are non-standard
score HTML_NONELEMENT_40_50 0.000 # 40% to 50% of HTML elements are non-standard
score HTML_NONELEMENT_50_60 0.500 # 50% to 60% of HTML elements are non-standard
score HTML_NONELEMENT_60_70 0.700 # 60% to 70% of HTML elements are non-standard
score HTML_NONELEMENT_70_80 0.500 # 70% to 80% of HTML elements are non-standard
score HTML_NONELEMENT_80_90 0.800 # 80% to 90% of HTML elements are non-standard
score HTML_NONELEMENT_90_100 0.500 # 90% to 100% of HTML elements are non-standard
score HTML_OBFUSCATE_05_10 0.600 # Message is 5% to 10% HTML obfuscation
score HTML_OBFUSCATE_10_20 0.500 # Message is 10% to 20% HTML obfuscation
score HTML_OBFUSCATE_20_30 1.000 # Message is 20% to 30% HTML obfuscation
score HTML_OBFUSCATE_30_40 1.000 # Message is 30% to 40% HTML obfuscation
score HTML_OBFUSCATE_40_50 1.000 # Message is 40% to 50% HTML obfuscation
score HTML_OBFUSCATE_50_60 1.500 # Message is 50% to 60% HTML obfuscation
score HTML_OBFUSCATE_60_70 1.500 # Message is 60% to 70% HTML obfuscation
score HTML_OBFUSCATE_70_80 1.000 # Message is 70% to 80% HTML obfuscation
score HTML_OBFUSCATE_80_90 1.000 # Message is 80% to 90% HTML obfuscation
score HTML_OBFUSCATE_90_100 1.000 # Message is 90% to 100% HTML obfuscation
score HTML_SHORT_LINK_IMG_1 2.000 # HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_2 2.000 # HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_3 0.500 # HTML is very short with a linked image
score HTML_TAG_EXIST_BGSOUND 0.500 # HTML has "bgsound" tag
score HTML_TAG_EXIST_MARQUEE 0.500 # HTML has "marquee" tag
score HTML_TAG_EXIST_TBODY 0.500 # HTML has "tbody" tag
score HTML_TEXT_AFTER_BODY 0.500 # HTML contains text after BODY close tag
score HTML_TEXT_AFTER_HTML 0.500 # HTML contains text after HTML close tag
score INVALID_DATE 0.500 # Invalid Date: header (not RFC 2822)
score INVALID_MSGID 0.500 # Message-Id is not valid, according to RFC 2822
score INVALID_TZ_CST 0.500 # Invalid date in header (wrong CST timezone)
score INVALID_TZ_EST 0.500 # Invalid date in header (wrong EST timezone)
score INVALID_TZ_GMT 0.500 # Invalid date in header (wrong GMT/UTC timezone)
score MAILTO_TO_SPAM_ADDR 0.200 # Includes a link to a likely spammer email
score MIME_BASE64_NO_NAME 0.500 # base64 attachment does not have a file name
score MIME_BASE64_TEXT 0.500 # Message text disguised using base64 encoding
score MIME_HTML_ONLY 0.500 # Message only has text/html MIME parts
score MIME_HTML_ONLY_MULTI 0.000 # Multipart message only has text/html MIME parts
score MIME_HEADER_CTYPE_ONLY 0.000 # 'Content-Type' found without required MIME headers
score MISSING_MIMEOLE 0.500 # Message has X-MSMail-Priority, but no X-MimeOLE
score MISSING_SUBJECT 1.000 # Missing Subject: header
score MSGID_DOLLARS 3.000 # Message-Id has pattern used in spam
score MSGID_FROM_MTA_ID 0.500 # Message-Id for external message added locally
score MSGID_OUTLOOK_INVALID 0.500 # Message-Id is fake (in Outlook Express format)
score NO_DNS_FOR_FROM 0.500 # Envelope sender has no MX or A DNS records
score NO_REAL_NAME 1.000 # From: does not include a real name
score PLING_PLING 1.000 # Subject has lots of exclamation marks
score RATWARE_MS_HASH 3.000 # Bulk email fingerprint (msgid ms hash) found
score RATWARE_RCVD_AT 3.000 # Bulk email fingerprint (Received @) found
score RATWARE_RCVD_LC_ESMTP 1.500 # Bulk email fingerprint ('esmtp' Received) found
score RATWARE_RCVD_PF 3.000 # Bulk email fingerprint (Received PF) found
score RATWARE_ZERO_TZ 3.000 # Bulk email fingerprint (+0000) found
score RCVD_DOUBLE_IP_SPAM 0.500 # Bulk email fingerprint (double IP) found
score RCVD_HELO_IP_MISMATCH 1.000 # Received: HELO and IP do not match, but should
score RCVD_ILLEGAL_IP 1.000 # Received: contains illegal IP address
score RCVD_NUMERIC_HELO 1.000 # Received: contains an IP address used for HELO
score SPF_FAIL 11.00 # SPF: sender does not match SPF record (fail)
score SPF_HELO_FAIL 11.00 # SPF: HELO does not match SPF record (fail)
score SPF_HELO_NEUTRAL 1.000 # SPF: HELO does not match SPF record (neutral)
score SPF_HELO_PASS 0.000 # SPF: HELO matches SPF record
score SPF_HELO_SOFTFAIL 0.000 # SPF: HELO does not match SPF record (softfail)
score SPF_NEUTRAL 1.000 # SPF: sender does not match SPF record (neutral)
score SPF_PASS 0.000 # SPF: sender matches SPF record
score SPF_SOFTFAIL 0.500 # SPF: sender does not match SPF record (softfail)
score SUBJECT_DIET 1.812 # Subject talks about losing pounds
score SUBJECT_DRUG_GAP_C 3.000 # Subject contains a gappy version of 'cialis'
score SUBJECT_DRUG_GAP_L 3.000 # Subject contains a gappy version of 'levitra'
score SUBJECT_DRUG_GAP_P 3.000 # Subject contains a gappy version of 'phentermine'
score SUBJECT_DRUG_GAP_S 3.000 # Subject contains a gappy version of 'soma'
score SUBJECT_DRUG_GAP_VA 3.000 # Subject contains a gappy version of 'valium'
score SUBJECT_DRUG_GAP_VIC 3.000 # Subject contains a gappy version of 'vicodin'
score SUBJECT_DRUG_GAP_X 3.000 # Subject contains a gappy version of 'xanax'
score SUBJECT_ENCODED_TWICE 2.000 # Subject: MIME encoded twice
score SUBJECT_EXCESS_BASE64 0.782 # Subject: base64 encoded encoded unnecessarily
score SUBJECT_EXCESS_QP 0.000 # Subject: quoted-printable encoded unnecessarily
score SUBJECT_FUZZY_CHEAP 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_MEDS 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_PENIS 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_TION 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_NOVOWEL 0.000 # Subject: has long non-vowel letter sequence
score SUBJECT_SEXUAL 2.160 # Subject indicates sexually-explicit content
score SUBJ_2_NUM_PARENS 0.952 # Subject contains common spam sign (2 numbers)
score SUBJ_ALL_CAPS 2.000 # Subject is all capitals
score SUBJ_AS_SEEN 3.000 # Subject contains "As Seen"
score SUBJ_BUY 2.000 # Subject line starts with Buy or Buying
score SUBJ_CONSONANTS 0.000 # Subject contains consecutive consonants in "word"
score SUBJ_DOLLARS 0.650 # Subject starts with dollar amount
score SUBJ_FOR_ONLY 1.500 # Subject contains "For Only"
score SUBJ_FREE_CAP 1.200 # Subject contains "FREE" in CAPS
score SUBJ_GUARANTEED 1.360 # Subject GUARANTEED
score SUBJ_HAS_SPACES 1.000 # Subject contains lots of white space
score SUBJ_HAS_UNIQ_ID 0.895 # Subject contains a unique ID
score SUBJ_ILLEGAL_CHARS 1.000 # # Subject: has too many raw illegal characters
score SUBJ_LIFE_INSURANCE 11.00 # Subject includes "life insurance"
score SUBJ_YOUR_DEBT 11.00 # Subject contains "Your Bills" or similar
score SUBJ_YOUR_FAMILY 11.00 # Subject contains "Your Family"
score SUBJ_YOUR_OWN 4.000 # Subject contains "Your Own"
score SUB_FREE_OFFER 1.000 # Subject starts with "Free"
score SUB_HELLO 1.500 # Subject starts with "Hello"
score TO_EMPTY 11.00 # To: is empty
score UNPARSEABLE_RELAY 0.000 # Informational: message has unparseable relay lines
score UPPERCASE_25_50 0.500 # message body is 25-50% uppercase
score UPPERCASE_50_75 1.000 # message body is 50-75% uppercase
score UPPERCASE_75_100 1.500 # message body is 75-100% uppercase
score URIBL_AB_SURBL 0.000 # Contains an URL listed in the AB SURBL blocklist
score URIBL_JP_SURBL 0.000 # Contains an URL listed in the JP SURBL blocklist
score URIBL_OB_SURBL 0.000 # Contains an URL listed in the OB SURBL blocklist
score URIBL_PH_SURBL 0.000 # Contains an URL listed in the PH SURBL blocklist
score URIBL_SBL 0.000 # Contains an URL listed in the SBL blocklist
score URIBL_SC_SURBL 0.000 # Contains an URL listed in the SC SURBL blocklist
score URIBL_WS_SURBL 0.000 # Contains an URL listed in the WS SURBL blocklist
score URI_SCHEME_MIXED_CASE 1.500 # URI scheme has mixed uppercase and lowercase
score WEIRD_QUOTING 1.000 # Weird repeated double-quotation marks
score USER_IN_BLACKLIST 20.00 # From: address is in the user's black-list
score USER_IN_WHITELIST -80.0 # From: address is in the user's white-list
[[i] 本帖最后由 hondasky 于 2009-5-19 21:49 编辑 [/i]]
SPAMASSASSIN 配置和整合
Chinese_rules.cf 这个大家到中国发垃圾联盟下过来就是 都是最新的 至于SPAMASSASSIN 和DSPAM POSTFIX整合问题和堂子的文章一样 复制过来就完事了 :lol :lol另外我那个200封垃圾邮件和非垃圾邮件都是从这个堂子的那个给大家训练DSPAM的两个压缩包里面随便挑了部分邮件然后用 sa-learn --spam spam_2/ 和 sa-learn --ham easy_ham_2/ 学习下就生成了默认的BEYES数据库 另外要特别检查下 /var/lib/amavis/.spamassassin/下面的文件权限 要求都是 0666 即可 不然BEYES学习 会有问题。:lol
搞完上面的工作后 要检查下spamassassin的工作情况 用命令 spamassassin --lint -D 看有没有什么错误 一般是权限问题
[[i] 本帖最后由 hondasky 于 2009-5-29 12:30 编辑 [/i]]
POSTFIX的main.cf
mail:/etc/postfix# cat main.cf# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
mail_name = Qmail - by abc.com
smtpd_banner = Welcome To abc International ESMTP !
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
###################### TLS parameters ###################
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
################HOSTNAME BASE CONFIG ####################
myhostname = mail.abc.com
mydomain = abc.com
alias_maps = hash:/etc/aliases,
hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.abc.com, localhost.abc.com, localhost
smtp_helo_name = mail.abc.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
####################maildata config##################
virtual_mailbox_base = /opt/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
################## response immediately ################
smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 550
#dspam_destination_recipient_limit = 1
################## extmail config here####################
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
#transport_maps = hash:/etc/postfix/transport_maps
################## maildrop setting########################
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 2
################## smtpd related config####################
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030 《--------------- 配合SLOCKD 行为过滤
################## SMTP sender login matching config############
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
################### SMTP AUTH config here##########################
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
#Message-Filter
header_checks=regexp:/etc/postfix/filter/header_checks
#body_checks=regexp:/etc/postfix/filter/body_checks
mime_checks=regexp:/etc/postfix/filter/mime_checks
########################sender access control#####################
smtpd_client_restrictions =check_client_access regexp:/etc/postfix/filter/blacklist,
check_client_access pcre:/etc/postfix/filter/dspam_filter_access
smtpd_helo_restrictions = check_helo_access regexp:/etc/postfix/filter/blacklist
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/filter/blacklist
#maximal_backoff_time = 2h
#maximal_queue_lifetime = 1d
#minimal_backoff_time = 225s
################### Content-Filter##################################
#content_filter = smtp:[127.0.0.1]:10024
receive_override_options = no_address_mappings
##################### Message and return code control###################
message_size_limit = 20971520
show_user_unknown_table_name = no
[[i] 本帖最后由 hondasky 于 2009-6-5 09:12 编辑 [/i]]
MASTER.CF
mail:/etc/postfix# cat master.cf#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension}${nexthop}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
retry unix - - n - - error
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
amavis 主要配置文件 20-debian_defaults
mail:/etc/amavis/conf.d# grep -v "^#" 20-debian_defaultsuse strict;
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # default listening socket
$sa_spam_subject_tag = '****Spam****';
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 10.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 1024*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 20*1024*1024; # bytes
$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_BOUNCE; # (D_REJECT when front-end MTA)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr/.*/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'^\.(exe-ms)$', # banned file(1) types
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+[email]envelope@sendmail.org[/email]' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
1; # ensure a defined return
[[i] 本帖最后由 hondasky 于 2009-5-19 21:57 编辑 [/i]]
15-content_filter_mode 配置是否开启SPAMASSASSIN 和CLAMAD
mail:/etc/amavis/conf.d# grep -v "^#" 15-content_filter_modeuse strict;
@bypass_spam_checks_maps = (
\@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # ensure a defined return
maildroprc 配置
mail:/etc# cat maildroprc# Global maildrop filter file
# Uncomment this line to make maildrop default to ~/Maildir for
# delivery- this is where courier-imap (amongst others) will look.
#DEFAULT="$HOME/Maildir"
logfile "/var/log/maildrop.log"
DECODER="/var/www/extsuite/extmail/tools/decode"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
#Global Filter
#
if (/^X-Spam-Flag:.*YES/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
if (/^X-DSPAM-Result:.*Spam/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
发几个 垃圾邮件头
Return-Path: <[email]hondaskyexcel@hotmail.com[/email]>Delivered-To: [email]prayaya.ya@prayaya.com[/email]
Received: from localhost (localhost [127.0.0.1])
by mail.prayaya.com (Qmail - by prayaya.com) with ESMTP id 2B8A79003348
for <[email]prayaya.ya@prayaya.com[/email]>; Tue, 19 May 2009 13:43:07 +0800 (CST)
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char B9 hex):
X-DSPAM-Factors: ... 0.97337,\n\t8899,
0.97337,\n\t\271\343\266\253\265\330\307\370\327\250\317\337\243\27202...
X-Spam-Flag: YES
X-Spam-Score: 11.001
X-Spam-Level: ***********
X-Spam-Status: Yes, score=11.001 tagged_above=2 required=5
tests=[CN_BODY_129=0.001, CN_BODY_708=1.38, CN_BODY_895=0.306,
DSPAM_SPAM_99=3.98, HEAD_ILLEGAL_CHARS=0.5, PYZOR_CHECK=2.834,
SUBJECT_ENCODED_TWICE=2]
Received: from localhost ([127.0.0.1])
by localhost (mail.prayaya.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id xS0n33lZK48g for <[email]prayaya.ya@prayaya.com[/email]>;
Tue, 19 May 2009 13:43:02 +0800 (CST)
Received: from bay0-omc2-s21.bay0.hotmail.com (bay0-omc2-s21.bay0.hotmail.com [65.54.246.157])
by mail.prayaya.com (Qmail - by prayaya.com) with ESMTP id B956C9003347
for <[email]prayaya.ya@prayaya.com[/email]>; Tue, 19 May 2009 13:43:01 +0800 (CST)
Received: from BAY140-W2 ([64.4.39.37]) by bay0-omc2-s21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 May 2009 22:42:59 -0700
Message-ID: <[email]BAY140-W286FEE61BA184983DD9BFB55B0@phx.gbl[/email]>
Content-Type: multipart/alternative;
boundary="_2b7547fb-f6e0-4dbe-9793-37db9ba7d20d_"
X-Originating-IP: [116.21.165.97]
From: excelhonsa <[email]hondaskyexcel@hotmail.com[/email]>
To: =?gb2312?B?ztLX1Ly6?= <[email]prayaya.ya@prayaya.com[/email]>
Subject: ****Spam****[SPAM] =?gb2312?B?sMu31tbTyei8xtaws6Gwy8TqKA==?=
=?gb2312?B?0NDV/re9z/Ip?=
Date: Tue, 19 May 2009 05:42:58 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 19 May 2009 05:42:59.0416 (UTC) FILETIME=[AAF26D80:01C9D844]
X-DSPAM-Result: Spam
X-DSPAM-Processed: Tue May 19 13:43:02 2009
X-DSPAM-Confidence: 0.9732
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 6,4a1246e6183462105717242
X-DSPAM-Factors: 15,
2216, 0.97337,
126, 0.97337,
628, 0.97337,
8899, 0.97337,
广东地区专线:020, 0.97337,
华东地区专线:021, 0.97337,
3397, 0.97337,
/, 0.97337,
9475, 0.97337,
全国统一服务热线:400, 0.97337,
5109, 0.97337,
2216 , 0.97337,
0981, 0.97337,
/ , 0.97337,
3452, 0.97337
垃圾邮件二
Return-Path: <[email]prayaya.ya@gmail.com[/email]>
Delivered-To: [email]prayaya.ya@prayaya.com[/email]
Received: from localhost (localhost [127.0.0.1])
by mail.prayaya.com (Qmail - by prayaya.com) with ESMTP id E1F749003348
for <[email]prayaya.ya@prayaya.com[/email]>; Tue, 19 May 2009 21:06:02 +0800 (CST)
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char C8 hex):
X-DSPAM-Factors: ... 0.97598,\n\t5109,
0.97598,\n\t\310\253\271\372\315\263\322\273\267\376\316\361\310\310\317\337...
X-Spam-Flag: YES
X-Spam-Score: 6.477
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.477 tagged_above=2 required=5 tests=[BAYES_50=1,
CN_BODY_11=0.383, CN_BODY_129=0.001, CN_BODY_154=0.034,
CN_BODY_2=0.001, CN_BODY_491=0.508, DSPAM_SPAM_80=2.95,
HEAD_ILLEGAL_CHARS=0.5, HTML_MESSAGE=0.1, MIME_BASE64_NO_NAME=0.5,
MIME_BASE64_TEXT=0.5]
Received: from localhost ([127.0.0.1])
by localhost (mail.prayaya.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id lnxbPVZLpJ34 for <[email]prayaya.ya@prayaya.com[/email]>;
Tue, 19 May 2009 21:05:52 +0800 (CST)
Received: from mail-pz0-f127.google.com (mail-pz0-f127.google.com [209.85.222.127])
by mail.prayaya.com (Qmail - by prayaya.com) with ESMTP id 4D9739003347
for <[email]prayaya.ya@prayaya.com[/email]>; Tue, 19 May 2009 21:05:51 +0800 (CST)
Received: by pzk33 with SMTP id 33so526738pzk.11
for <[email]prayaya.ya@prayaya.com[/email]>; Tue, 19 May 2009 06:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:date:message-id:subject
:from:to:content-type;
bh=XFIVCF/1SNlzt8E5kX/+KkVvRZsqmgFwnS0Wi1Pjndg=;
b=E1aJK7hH0GNgOa6oJTlzS9NhdxSLT8lQajtzgOPZjQy7/7b8djDcFyNkMNFs9XWo/C
zJbxvohj4KuNyeE+A2F1CnDVGSnITFHbQRDf71i8X4M0zCaQYnUs5tsGs+Ak0qsQ7cTy
2COOxGc5ufxrl8LA3QrP3zR+m0W92zeriWPUc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=D2wjZ0G6PXvDHpn1oahRYdDLc+3q2PEeSMFqQ0B+CHsfSG1yZ71X3yVFwlYuzmvFt7
xfZs+6eT3sm9UnAMyn+S4Di+RlOijrQhmsSVkjdUY3jT1tl3+RvDuMiBoCn8JuIlK6aa
CZGJU2BMAPSqokuo2mFNh1o+3QXJnkVzMf3ys=
MIME-Version: 1.0
Received: by 10.115.60.2 with SMTP id n2mr39338wak.183.1242738349347; Tue, 19
May 2009 06:05:49 -0700 (PDT)
Date: Tue, 19 May 2009 21:05:49 +0800
Message-ID: <[email]b0a25b580905190605t476fa20ej370656fb7a0945b7@mail.gmail.com[/email]>
Subject: ****Spam****[SPAM]
=?GB2312?B?wMnPzMa91ve9si3W0Ln6yczStcSjyr3VvcLU0dDM1rvh?=
From: =?GB2312?B?zunOxMH6?= <[email]prayaya.ya@gmail.com[/email]>
To: "prayaya.ya" <[email]prayaya.ya@prayaya.com[/email]>
Content-Type: multipart/alternative; boundary=0016e64b07dadc9e99046a439131
X-DSPAM-Result: Spam
X-DSPAM-Processed: Tue May 19 21:05:52 2009
X-DSPAM-Confidence: 0.6095
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 6,4a12aeb0202231957742423
X-DSPAM-Factors: 15,
Date*49, 0.01000,
Received*21, 0.01000,
Received*06, 0.01000,
Date*21, 0.01000,
3452, 0.97598,
/ , 0.97598,
0981, 0.97598,
2216 , 0.97598,
5109, 0.97598,
全国统一服务热线:400, 0.97598,
9475, 0.97598,
/, 0.97598,
3397, 0.97598,
华东地区专线:021, 0.97598,
广东地区专线:020, 0.97598
[[i] 本帖最后由 hondasky 于 2009-5-19 22:04 编辑 [/i]]
经验总结
DSPAM 训练的时候 请先把SPAMASSASSIN 一定要配置好 特别是分数 然后用dspam_trian去训练 这样就不会出错 即使错了没关系 可以用dspam_clean 清理下 再重新训练 另外堂子里面提供的垃圾邮件和非垃圾邮件标本可以自己用于SPAMASSASSIN 训练使用 一般200封足够了 当然可以根据需要调整LOCAL.CF配置即可 另外 /var/spool/dspam/data目录权限要让dspam能够读和写 不然无法打开 WEBUI WEBUI PERL模块由于本人的是DEBIAN 包依赖关系是最简单的 DEBIAN能够把需要的包全部帮你装好 而且包是最多最全 这点REDHAT 和CENTOS 没法比的 :lol :lol :lol :lol 另外本人的环境 关闭了CLAMAD 杀毒 没有用邮件杀毒 因为在客户端计算机的杀毒软件 也很厉害 也都邮件杀毒能力 所以就关闭了 减少服务器负荷 关闭方法见: 15-av_scanners 请把涉及到CLAMAD的字符全部注释掉 然后注释掉 15-content_filter_mode 中的#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#@bypass_virus_checks_maps = (1);
#@bypass_virus_checks_acl = (1);
就可以关闭CLAMA的杀毒了 哈啊:lo
[[i] 本帖最后由 hondasky 于 2009-5-20 21:39 编辑 [/i]]
不过有点疑问
DeliveryHost 127.0.0.1DeliveryPort 10024
DeliveryIdent localhost
DeliveryProto LMTP 《-----------------这个地方 看LOSLOSA的 写着SMTP 但是问题是我用LMTP也可以用哦啊 不知道为什么》?:lol :lol :lol 哇,这么多,顶一下再看
回复 12# hondasky 的帖子
May 22 08:55:32 mail dspam[10524]: Signature retrieval for '5,4a15f7e2105242089411514' failedMay 22 08:55:32 mail dspam[10524]: Unable to find a valid signature. Aborting.
May 22 08:55:32 mail dspam[10524]: process_message returned error -5. dropping message.
这个错误又来了啊 点那个 这是垃圾邮件 就出来这个?:lol
回复 14# hondasky 的帖子
5,4a15f7e2105242089411514 这个SIN 我查过有的 没问题 恭喜恭喜,你很妮害嘛回复 14# hondasky 的帖子
这问题我发现即使 开启了ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse on
MySQLUIDInSignature on
May 22 08:55:32 mail dspam[10524]: Signature retrieval for '5,4a15f7e2105242089411514' failed
May 22 08:55:32 mail dspam[10524]: Unable to find a valid signature. Aborting.
May 22 08:55:32 mail dspam[10524]: process_message returned error -5. dropping message.
也会有上面的提示错误 发现是因为一个协调问题
也就是当你发现上面的错误时 不用急 那是一个EXTMAIL和DSPAM的协调问题 你可以多等段 时间等到他们收到一封符合DSPAM顺练的邮件规则后 就可以正常工作了 另外最好开启
Preference "spamAction=tag"
Preference "signatureLocation=headers" # 'message' or 'headers'
Preference "showFactors=on"
Preference "spamSubject=Spam" 《-=-----这个地方 我不知道是不是 反正我把这里打开了DSPAM 就可以和EXTMAIL 很好配合了 就不会出现上面的错误 这点经验希望给大家一个提示
[[i] 本帖最后由 hondasky 于 2009-5-22 19:55 编辑 [/i]]
发个 正常的信头
Return-Path: <[email]hondasky_20@yahoo.cn[/email]>Delivered-To: [email]prayaya.ya@prayaya.com[/email]
Received: from localhost (localhost [127.0.0.1])
by mail.prayaya.com (Qmail - by prayaya.com) with ESMTP id 63B4EF1DF942
for <[email]prayaya.ya@prayaya.com[/email]>; Fri, 22 May 2009 10:24:12 +0800 (CST)
X-Spam-Flag: YES
X-Spam-Score: 10.945
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.945 tagged_above=2 required=5
tests=[BAYES_99=4.5, DSPAM_SPAM_90=3.37, HTML_10_20=1.351, 〈-----------tests=[BAYES_99=4.5, BAYES 已经正常启动打分规则
HTML_MESSAGE=0.001, SUBJECT_ENCODED_TWICE=1.723]
Received: from localhost ([127.0.0.1])
by localhost (mail.prayaya.com [127.0.0.1]) (amavisd-new, port 10024)
with SMTP id Av8ba7fBcZhO for <[email]prayaya.ya@prayaya.com[/email]>;
Fri, 22 May 2009 10:24:03 +0800 (CST)
Received: from web92104.mail.cnh.yahoo.com (web92104.mail.cnh.yahoo.com [203.209.250.109])
by mail.prayaya.com (Qmail - by prayaya.com) with SMTP id 7A046F1DF940
for <[email]prayaya.ya@prayaya.com[/email]>; Fri, 22 May 2009 10:24:02 +0800 (CST)
Received: (qmail 73356 invoked by uid 60001); 22 May 2009 02:24:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.cn; s=s1024; t=1242959042; bh=RElhSpCTZ/Zk++jPbEDpopZQ6kyFjW7VHRuZ1ffUvQo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=a1H1SYtVlmHxhOojPgewD9qyEMq2eBn9x53S+y0LJ4ABrVlv1L/oMoAA/EXixjvJcBfNQc5wIEA+8sxSHmxdCJFWHkPKYD6dyuOuC9drQJPCr25oKjfi5kGyTC7z97eAvHHsYmC9F5U990X4CtqDQZvJnCYQneed2Mjkk3WhJ7s=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.cn;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=jc801z6Q+W5IEeI4bZpDEG0JURpqXJC92YWCQCXwnlcr40Af+SwbSUrCteuh/7nn7pVYIRZHQNpUqHL29sLwjdug+VWAaWbSnfsY0wQj6QVHc2AI6FRTKVN2jzlLzG2VVrfeXHho4LDzFKXav1+HPWYxo2SIoQNV5TockpfimPw=;
Message-ID: <[email]55429.72057.qm@web92104.mail.cnh.yahoo.com[/email]>
X-YMail-OSG: W52M9O4VM1loOSVrI.sJbCdbmsj0HuBOgoIoz4MEiz8l.EOHui4eSarrQyoE9s3MZJZ3GBF9UepubtxNSMHZ48zePEK.0xXr3QQoXPXMx4UmBP8rqdNOUiR_yeArFXxoHCx8bswM029Cx20VGGs8x9yfMUdYwDC2hT8jsNRQ433TuENXfMcl3zAJEs1gCPGF7shr
Received: from [116.21.164.83] by web92104.mail.cnh.yahoo.com via HTTP; Fri, 22 May 2009 10:24:01 CST
X-Mailer: YahooMailClassic/5.2.20 YahooMailWebService/0.7.289.10
Date: Fri, 22 May 2009 10:24:01 +0800 (CST)
From: =?utf-8?B?5peg6KiAICA=?= <[email]hondasky_20@yahoo.cn[/email]>
Subject: ****Spam****Spam
=?utf-8?B?5aSa5om55bCR6YeP5pe25Luj55qE5aSa5oqA6IO95ZGY5bel5Z+55YW75L2T?=
=?utf-8?B?57O7?=
To: =?utf-8?B?5peg6KiA?= <[email]prayaya.ya@prayaya.com[/email]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-80840962-1242959041=:72057"
X-DSPAM-Result: Spam 〈------------------------------------ 这里就是表示垃圾邮件结果
X-DSPAM-Processed: Fri May 22 10:24:03 2009
X-DSPAM-Confidence: 0.7885
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 5,4a160cc313552121913615
X-DSPAM-Factors: 15,
Url*yahoo, 0.84000,
Content-Type*boundary="0, 0.84000,
M , 0.84000,
C , 0.84000,
Url*mail, 0.84000,
Url*//cn, 0.84000,
Url*com/mail_cn/tagline/card/, 0.84000,
Url*rd, 0.84000,
Url*//card, 0.84000,
Url*cn, 0.77778,
3452, 0.72414,
/ , 0.72414,
0981, 0.72414,
5109, 0.72414,
Date*10, 0.72414
[[i] 本帖最后由 hondasky 于 2009-5-22 10:37 编辑 [/i]]
回复 11# hondasky 的帖子
可不可以堤供一份WEBUI设定給我参考? 謝謝回复 20# lulu 的帖子
如果你的DSPAM 是用DSPAM帐户运行 并且主目录是 /VAR/SPOOL/DSPAM 的话请保证此目录下的 DATA权限是 777 或者755 SYSTEM。LOG是 755 同时是 dspam:dspam的所有者 SYSTEM。LOG是root:dspam 所有者即可 另外打开DSPAM。CONF里面的WESTAT ON 另外动作里面加个 隔离就可以了。另外就是那几个PERL的库要装好 不然图形不会出来 看了好兴奋,谢谢!试试先! 爆顶!!!强悍~ :lol 恭喜hondasky呀, 楼主试一下发附件这个病毒文件,你的邮箱怎么处理?
病毒包:[attach]1462[/attach]
[color=Red]注意:病毒包请误乱下[/color]
回复 25# nfddy 的帖子
你那句 是句病句吧? 又叫我用你给的病毒文件发附件 又叫我不给 啥意思啊?你这个病毒我下过了 发现会自己变文件大小 好象会自己释放病毒 哈哈,不解压不用怕的。在网站上显示多少大小和本机上显示大小有差异的。 弱弱的问一下
LZ 的main.cf 和 master.cf 好像没有找到和dspam 相关的设置哦
回复 28# edit 的帖子
你没有认真看吧 有啊 DSPAM 是通过SPAMASSASSIN 模块调用的哦smtpd_client_restrictions =check_client_access regexp:/etc/postfix/filter/blacklist,
check_client_access pcre:/etc/postfix/filter/dspam_filter_access <-------------这个就上了啊
[[i] 本帖最后由 hondasky 于 2009-6-10 14:07 编辑 [/i]]
页:
[1]
2