MD中一份难防止的垃圾邮件
使用MD英文版9.0以上版本,其中有一份垃圾邮件很难处理,邮件的一些信息如下:说明:[email=ganyy@abc.com]ganyy@abc.com[/email]和hfl[email=hfl@abc.com]@abc.com[/email]都是公司真实的正常用户,目前在防止垃圾邮件方面,启用了白名单对自己的域用户即@abc.com;另外启用了DNSBL,如果发现某一个IP在DNSBL禁止库中且其邮件已经被识别为垃圾邮件(通过评分机制)邮件头含有垃圾邮件标示字符spam则删除该邮件。目前这个邮件处理难点是,因为其做了假,冒充是白名单域,故不会识别为垃圾邮件也就不会修改邮件头增加spam字段,虽然DNSBL识别了,但是因为不满足其删除条件,故不会删除,请高手指点
以下是邮件的邮件头:
Return-path: <[email=c.meer@exert.nl]c.meer@exert.nl[/email]>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29)
X-Spam-Level:
X-Spam-Status: No, score=-79.1 required=5.0 tests=BAYES_99,HELO_DYNAMIC_HCC,
HELO_DYNAMIC_IPADDR2,MDAEMON_DNSBL,USER_IN_WHITELIST autolearn=no
version=3.1.5
X-Spam-Report:
* 4.1 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
* 3.8 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
* addr 2)
* 3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
* -100 USER_IN_WHITELIST From: address is in the whitelist
* 10 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
Authentication-Results: abc.com
[email=smtp.mail=c.meer@exert.nl]smtp.mail=c.meer@exert.nl[/email]; spf=neutral; ip-match=fail
Authentication-Results: abc.com
[email=header.from=c.meer@exert.nl]header.from=c.meer@exert.nl[/email]; domainkeys=neutral (not signed); dkim=neutral (not signed)
X-MDDK-Result: neutral (abc.com)
X-MDDKIM-Result: neutral (abc.com)
X-MDSPF-Result: none (abc.com)
Received-SPF: none (abc.com: [email=c.meer@exert.nl]c.meer@exert.nl[/email] does not
designate permitted sender hosts)
x-spf-client=MDaemon.PRO.v9.5.2
receiver=abc.com
client-ip=201.223.61.173
envelope-from=<[email=c.meer@exert.nl]c.meer@exert.nl[/email]>
helo=173-61-223-201.adsl.terra.cl
Received: from 173-61-223-201.adsl.terra.cl (173-61-223-201.adsl.terra.cl [201.223.61.173])
by abc.com (abc.com)
(MDaemon PRO v9.5.2)
with ESMTP id md50000977055.msg
for <[email=hfl@abc.com]hfl@abc.com[/email]>; Mon, 14 Apr 2008 13:43:34 +0800
X-Originating-IP: 182.168.230.99 by smtp.190.0.84.194; Mon, 14 Apr 2008 01:41:49 -0500
Message-ID: <[email=umflnBPLAVKganyy@abc.com]umflnBPLAVKganyy@abc.com[/email]>
From: "Maura Kendrick" <[email=ganyy@abc.com]ganyy@abc.com[/email]>
Reply-To: "Maura Kendrick" <[email=ganyy@abc.com]ganyy@abc.com[/email]>
To: [email=ganyy@abc.com]ganyy@abc.com[/email]
Subject: Inexpensive Louis Vuitton bags
Date: Mon, 14 Apr 2008 01:41:49 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-RBL-Warning: mail from 201.223.61.173 refused, see [url=http://www.ordb.org/faq/]http://www.ordb.org/faq/[/url]
X-Lookup-Warning: MAIL lookup on [email=c.meer@exert.nl]c.meer@exert.nl[/email] does not match 201.223.61.173
X-MDRcpt-To: [email=hfl@abc.com]hfl@abc.com[/email]
X-Rcpt-To: [email=hfl@abc.com]hfl@abc.com[/email]
X-MDRemoteIP: 201.223.61.173
X-Return-Path: [email=c.meer@exert.nl]c.meer@exert.nl[/email]
X-Envelope-From: [email=c.meer@exert.nl]c.meer@exert.nl[/email]
X-MDaemon-Deliver-To: [email=hfl@abc.com]hfl@abc.com[/email]
X-Spam-Processed: abc.com, Mon, 14 Apr 2008 13:43:35 +0800
X-MDAV-Processed: abc.com, Mon, 14 Apr 2008 13:43:35 +0800
以下是邮件的正文:
The new Porsche Design watches originated from the novel Titanium Chronograph from the 1970's, an absolutely unique creation due to the perfection of its workmanship. Based on its design, the Porsche Design Company developed an appealing, stylish, sporty and highly accurate watch. Unfortunately, these timepieces come with a high price tag.
[url=http://pugybyno56350.blogspot.com/]http://pugybyno56350.blogspot.com/[/url]
That's why a clever group of European manufacturers decided to offer the same exact functionality and style at greatly reduced prices: the Porsche Design replica watches. These replicas are so similar to the brand name pieces that it is practically impossible to tell them apart, other than by their price. They look the same, they function the same and they definitely don't have the same prices :) How would you like to browse through an amazing collection of these watches and marvel yourself with their low prices? Visit Prestige Replicas and see for yourself why sometimes replicas are so much better than the originals!
[url=http://pugybyno56350.blogspot.com/]http://pugybyno56350.blogspot.com/[/url]
以下是发送方及接受方及主题:
发送方Maura Kendrick [[email]ganyy@abc.com[/email]]
接受方[email=ganyy@abc.com]ganyy@abc.com[/email]
主题Inexpensive Louis Vuitton bags
回复 1楼 的帖子
本地域不需要加白名单的,默认SA设置为只要能通过ESMTP身份认证就自动跳过的,不需要手工加白名单。 国家863计划反垃圾邮件平台免费使用参与条件:自建邮件服务器的企业用户
公益活动时间:2008年3月25日-2008年12月31日
更多详情请登录:tap.263.net 回复wxhsh
谢谢你的回复
你的建议是否是这样:
1.在防止垃圾邮件设置的白名单中出掉邮件系统本地域用户也就是@abc.com
2.(默认SA设置为只要能通过ESMTP身份认证就自动跳过的)这个具体怎么设置不明白,还是不需要设置。
回复 4楼 的帖子
1.对2.不要设置,默认就是这个选项。 谢谢,我去修改一下,在来报告,呵呵 这几天好像没有,继续观察一下
页:
[1]