让WINWEBMAIL 也支持 SpamAssassin

chinaliuqi

让WINWEBMAIL 支持 SpamAssassin 的小工具 我已经写完了，尚在测试阶段！

给大家一个例子看看
邮件头信息
Received: from localhost by mail-dns-server
    with SpamAssassin (version 3.0.1);
    Tue, 05 Feb 2008 07:18:52 +0800
From: =?GB2312?B?wfXdvA==?= <liujing@sina.com>
To: webmaster@supresoft.com
Subject: [SPAM] =?GB2312?B?usO+w7K7vPvE48HLLLu5vMe1w87SwvA/?=
Date: Tue, 5 Feb 2008 06:40:14 +0800
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mail-dns-server
X-Spam-Status: Yes, score=11.9 required=5.0 tests=CN_BODY_7,CN_SUBJECT_245,
    FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_60_70,
    HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_TEXT_AFTER_BODY,
    HTML_TEXT_AFTER_HTML,MIME_8BIT_HEADER,MIME_HTML_ONLY,
    RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL autolearn=no version=3.0.1
X-Spam-Level: ***********
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_47A79D5C.28FA0000"

经过过滤后的邮件内容  

Spam detection software, running on the system "mail-dns-server", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
http://spam.newhi.net for details.
Content preview:  我是你的好朋友，找资料时发现的一个很好的网站
  上面的学习资料很多 还有很多教学视频 [...]
Content analysis details:   (11.9 points, 5.0 required)
pts rule name              description
---- ---------------------- --------------------------------------------------
0.5 CN_SUBJECT_245         Subject contains "好久"
0.2 CN_BODY_7              BODY: Body contains "网站"
0.0 HTML_60_70             BODY: Message is 60% to 70% HTML
0.2 HTML_TEXT_AFTER_BODY   BODY: HTML contains text after BODY close tag
1.2 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE           BODY: HTML included in message
0.2 HTML_TEXT_AFTER_HTML   BODY: HTML contains text after HTML close tag
2.0 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
             [Blocked - see <http://www.spamcop.net/bl.shtml?221.203.168.147>]
2.5 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [221.203.168.147 listed in sbl-xbl.spamhaus.org]
0.0 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
0.0 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
0.3 MIME_8BIT_HEADER       Message header contains 8-bit character
3.0 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.



[ 本帖最后由 chinaliuqi 于 2008-2-5 11:13 编辑 ]

tdk

winwebmail 有你这样的用户应该很荣幸

wjmhxd

期待ing。。。。。。。。。。

coolglay

我也期待中。。。。等待老大发布。。。

chinaliuqi

做了简单测试，十分钟大概可以处理垃圾邮件1500封以上。

coolglay

不错了，不知道误判率如何？这个处理效率很不错了。

chinaliuqi

Received: from localhost by mail-dns-server
        with spam.newhi.net (version 3.0.1);
        Sun, 10 Feb 2008 19:31:06 +0800
From: <bill.sampson@unwiredlv.com>
To: <davidha@sungine.com>
Subject: [SPAM] Surprise your woman!!
Date: Sun, 10 Feb 2008 06:17:09 -0500
Message-Id: <002401c86bd6$7a009110$8c5294a3@ehzq>
X-Newhi-Flag: YES
X-Newhi-Checker-Version: spam.newhi.net 3.0.1 (2004-10-22) on mail-dns-server
X-Newhi-Status: Yes, score=17.1 required=5.0 tests=BAYES_99,NO_REAL_NAME,
        RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_OB_SURBL,
        URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no version=3.0.1
X-Newhi-Level: *****************
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_47AEE07A.1E100000"

This is a multi-part message in MIME format.

------------=_47AEE07A.1E100000
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "mail-dns-server", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
http://spam.newhi.net for details.

Content preview:  Perfect stamins and hardness!
  http://yeevea.instantsilent.com . [...]

Content analysis details:   (17.1 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 NO_REAL_NAME           From: does not include a real name
1.9 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?24.36.215.151>]
3.1 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [24.36.215.151 listed in sbl-xbl.spamhaus.org]
2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [24.36.215.151 listed in dnsbl.sorbs.net]
4.3 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: instantsilent.com]
1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: instantsilent.com]
3.2 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: instantsilent.com]



------------=_47AEE07A.1E100000
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before spam.newhi.net
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Received: from [127.0.0.1]; Sun, 10 Feb 2008 19:17:25 +0800
Received: from d36-215-151.home1.cgocable.net ([24.36.215.151]
        helo=d36-215-151.home1.cgocable.net) by spam.newhi.net; 10 Feb 2008
        19:17:24 +0800
Received: from [163.148.82.140] (helo=ehzq)
        by d36-215-151.home1.cgocable.net with smtp (Exim 4.62 (FreeBSD))
        id 1JOACP-0007ej-U0; Sun, 10 Feb 2008 06:17:48 -0500
Message-ID: <002401c86bd6$7a009110$8c5294a3@ehzq>
From: <bill.sampson@unwiredlv.com>
To: <davidha@sungine.com>
Subject: [SPAM] Surprise your woman!!
Date: Sun, 10 Feb 2008 06:17:09 -0500
MIME-Version: 1.0
Content-Type: text/plain;
        format=flowed;
        charset="iso-8859-1";
        reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-NewHi-Delay: delayed for 10m 2s; 10 Feb 2008 19:17:25 +0800
X-NewHi-Score: 100 (DNSBL-failed)
X-NewHi-Received-DNSBL: fail (zen.spamhaus.org->127.0.0.4; )
X-NewHi-Spam-Level: ********************
X-NewHi-Tag: DNSBL
X-NewHi-Envelope-From: bill.sampson@unwiredlv.com
X-NewHi-Version: 2.0Anti-Spam for NewHi
X-NewHi-Spam: YES
X-NewHi-Block: NO (Testmode)
X-NewHi-ID:
X-NewHi-Spam-Reason: Failed DNSBL: zen.spamhaus.org
X-NewHi-Totalscore: 100

Perfect stamins and hardness! http://yeevea.instantsilent.com

.

------------=_47AEE07A.1E100000--

chinaliuqi

除QQ群内用户免费外，其余用户使用此软件，将收费！ 呵呵

chinaliuqi

关于coolglay 提出的误判率，这里我做一下解释，由于对邮件并不拦截，只做标记，所以我没有做特别严格的调整！

chinaliuqi

在随后的升级版中，我会让程序自动下载调整过的CF 来自动完善spam