幻想2004 發表於 2008-4-9 17:15:24

spam值為 -

<P>Return-path: &lt;<A href="mailto:[email protected]">[email protected]</A>&gt;<BR>X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13)<BR>X-Spam-Level: <BR>X-Spam-Status: No, score<FONT color=red>=-472.5</FONT> required=5.0 tests=BAYES_50,FORGED_RCVD_HELO,<BR>&nbsp;HTML_90_100,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MANY_EXCLAMATIONS,<BR>&nbsp;MDAEMON_DNSBL,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,URIBL_BLACK,<BR>&nbsp;URIBL_JP_SURBL,URIBL_SC_SURBL,USER_IN_WHITELIST_TO,X_LIBRARY <BR>&nbsp;autolearn=no version=3.1.0<BR>X-Spam-Report: <BR>&nbsp;*&nbsp; 2.4 X_LIBRARY Message has X-Library header<BR>&nbsp;*&nbsp; 3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL<BR>&nbsp;*&nbsp; 0.1 FORGED_RCVD_HELO Received: contains a forged HELO<BR>&nbsp;* -500 USER_IN_WHITELIST_TO address is listed in 'whitelist_to'<BR>&nbsp;*&nbsp; 0.5 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; area<BR>&nbsp;*&nbsp; 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML<BR>&nbsp;*&nbsp; 0.0 HTML_MESSAGE BODY: HTML included in message<BR>&nbsp;*&nbsp; 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60%<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;*&nbsp; 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts<BR>&nbsp;*&nbsp; 8.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;*&nbsp; 3.0 URIBL_BLACK Contains a URL listed in the URIBL.com blacklist<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;*&nbsp; 8.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;*&nbsp; 0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME<BR>&nbsp;*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; headers<BR>&nbsp;*&nbsp; 0.8 MANY_EXCLAMATIONS Subject has many exclamations<BR>Authentication-Results: <U>mail.</U><A href="mailto:[email protected]"><FONT color=#1d4489>localhost.com</FONT></A></P>
<P>&nbsp;<A href="mailto:[email protected]">[email protected]</A>; spf=neutral<BR>Authentication-Results: mail.comprousa.com<BR>&nbsp;<A href="mailto:[email protected]">[email protected]</A>; domainkeys=neutral (not signed); dkim=neutral (not signed)<BR>X-MDDK-Result: neutral (<U>mail.</U><A href="mailto:[email protected]"><FONT color=#1d4489>localhost.com</FONT></A>)<BR>X-MDDKIM-Result: neutral (<U>mail.</U><A href="mailto:[email protected]"><FONT color=#1d4489>localhost.com</FONT></A>)<BR>X-MDSPF-Result: none (mail.comprousa.com)<BR>Received-SPF: none (mail.comprousa.com: <A href="mailto:[email protected]">[email protected]</A> does not<BR>&nbsp;designate permitted sender hosts)<BR>&nbsp;x-spf-client=MDaemon.PRO.v9.0.1<BR>&nbsp;receiver=<U>mail.</U><A href="mailto:[email protected]"><FONT color=#1d4489>localhost.com</FONT></A></P>
<P>&nbsp;client-ip=220.163.39.129<BR>&nbsp;envelope-from=&lt;<A href="mailto:[email protected]">[email protected]</A>&gt;<BR>&nbsp;helo=cusp.com.tw<BR>Received: from cusp.com.tw (129.39.163.220.broad.km.yn.dynamic.163data.com.cn )<BR>&nbsp;by comprousa.com (mail.comprousa.com )<BR>&nbsp;(MDaemon PRO v9.0.1)<BR>&nbsp;with ESMTP id md50000798786.msg<BR>&nbsp;for &lt;<A href="mailto:[email protected]">[email protected]</A>&gt;; Wed, 09 Apr 2008 16:32:50 +0800<BR>From: =?Big5?B?rqa8d6XNqqus7Kfe?= &lt;<A href="mailto:[email protected]">[email protected]</A>&gt;<BR>Subject: =?Big5?B?rauutqhrqcq2r623ISGs7Kfet3PDZKjgISEor8Kk0bVNtdGo+ik=?=<BR>To: <A href="mailto:[email protected]"><FONT color=#1d4489>[email protected]</FONT></A><BR>Content-Type: text/html;<BR>&nbsp;charset="CHINESEBIG5_CHARSET"<BR>Date: Wed, 9 Apr 2008 16:15:49 +0800<BR>X-Priority: 3<BR>X-Library: Indy 9.00.10<BR>X-RBL-Warning: Mail from 220.163.39.129 refused by ORDB, see <A href="http://www.ordb.org/faq/">http://www.ordb.org/faq/</A><BR>&nbsp;mail from 220.163.39.129 refused, see <A href="http://www.spamhaus.org/">http://www.spamhaus.org</A><BR>X-MDRcpt-To: <A href="mailto:[email protected]"><FONT color=#1d4489>[email protected]</FONT></A><BR>X-Rcpt-To: <A href="mailto:[email protected]"><FONT color=#1d4489>[email protected]</FONT></A><BR>X-MDRemoteIP: 220.163.39.129<BR>X-Return-Path: <A href="mailto:[email protected]">[email protected]</A><BR>X-Spam-Processed: mail.comprousa.com, Wed, 09 Apr 2008 16:32:51 +0800<BR>X-MDAV-Processed: mail.comprousa.com, Wed, 09 Apr 2008 16:32:53 +0800<BR>Resent-From: <A href="mailto:[email protected]"><FONT color=#1d4489>[email protected]</FONT></A><BR>X-MDRedirect: 1<BR>X-MDaemon-Deliver-To: <A href="mailto:[email protected]"><FONT color=#1d4489>[email protected]</FONT></A><BR>&lt;html&gt;<BR>&lt;head&gt;<BR>&lt;title&gt;男性雄風&lt;/title&gt;</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .</P>
<P>信內容<BR></P>
<P>&nbsp;</P>
<P>請問大大</P>
<P>我的MDaemon&nbsp; 9.0.1&nbsp;&nbsp; 系統&nbsp; 2003server</P>
<P>最近常常有這種 積分為&nbsp;&nbsp; -xxx.x和績碩科技的垃圾信 我該怎麼做阻擋呢?</P>
<P>參考<A href="http://www.suma.tw/forum/thread-2972-1-1.html">http://www.suma.tw/forum/thread-2972-1-1.html</A></P>
<P>Security&gt;&gt;spam filter&gt;&gt;Heuristics頁籤,SMTP Reject~~改成12分及最低為5分</P>
<P>在</P>
<P>ContentFilter新增一條rule </P>
<P>1.左方勾選 "If the SPAM FILTER score is equal to" </P>
<P>2.右方勾選"DELETE themessage" </P>
<P>3.下方調整選項: </P>
<P>a.gretaer than &nbsp;queue to</P>
<P>b.&gt;= -430</P>
<P>這類的垃圾信還是會近來捏&gt;&lt;</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>p.s&nbsp;&nbsp; 每次進來的mail&nbsp;&nbsp; ip跟host都不同</P>

[ 本文最後由 幻想2004 於 2008-4-9 05:16 PM 編輯 ]

shem888 發表於 2008-4-9 17:22:52

<P>&nbsp;</P>
<P>剛好也在研究spam 的積分:</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>這一行有點奇怪 :</P>
<P>&nbsp;* -500 USER_IN_WHITELIST_TO address is listed in 'whitelist_to'</P>
<P>&nbsp;</P>
<P>1. 你已經將他列為 Whitelist ...</P>
<P>2. -472.5&nbsp; &lt;&nbsp; -430&nbsp;&nbsp; : 當然不會刪除</P>

幻想2004 發表於 2008-4-10 10:02:50

原文由 shem888 於 2008-4-9 05:22 PM 發表    剛好也在研究spam 的積分:   這一行有點奇怪 :* -500 USER_IN_WHITELIST_TO address is listed in 'whitelist_to'   1. 你已經將他列為 Whitelist ... 2. -472.5<-430 ...



我剛剛去查看了一下
[email protected]
這個帳號並沒有在我的白名單內
大大您說Whitelist ... 2. -472.5<-430 ...
那我應該要如何設定呢??

a.gretaer thanqueue to
b.>= -430
改成多少呢?

shem888 發表於 2008-4-10 10:41:13

<P>1.Spam Filter&nbsp; &nbsp;Whitelist&nbsp; 有幾個地方 ..&nbsp;&nbsp; 都要去看!!!!</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp; 也請注意有無 :&nbsp;&nbsp;&nbsp; <A href="mailto:*@localhost.com">*@localhost.com</A>&nbsp;或類似的</P>
<P>&nbsp;</P>
<P>2. .&nbsp; 改為 &lt;= -430 應可以擋掉此封信 ,&nbsp; 但 8成的正常信也會被擋 ...</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 還是 Check 底下這個問題 :</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* -500 USER_IN_WHITELIST_TO address is listed in 'whitelist_to'</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>&nbsp;</P>

幻想2004 發表於 2008-4-10 10:46:41

原文由 shem888 於 2008-4-10 10:41 AM 發表1.Spam Filter   Whitelist有幾個地方 ..   都要去看!!!!      也請注意有無 :    *@localhost.com 或類似的   2. .改為 <= -430 ...

恩亨   我先來去查查   等等告知狀況





剛剛查閱了確實是沒有加入到白名單內   From 和To都沒有
還有其他地方的Whitelistto 也都確實沒有*@localhost.com或者是那封垃圾信的mail 或者是網域
而我又查看了其他的垃圾郵件
也都有這樣的訊息....
總部可能我都把垃圾信給通過巴><
正常的郵件積分應該是 *.*   不會是 -***.* 所以有其他的方式可以阻擋嗎?
THS

[ 本文最後由 幻想2004 於 2008-4-10 10:59 AM 編輯 ]

shem888 發表於 2008-4-10 13:08:37

<P>垃圾郵件的評分 ... + 的越高代表可能是垃圾郵件機率越大 ,</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;(當有加入whitlelist 一般是會給 -100 分, ""你的給 -500分"")&nbsp; , </P>
<P>一般 +8 分以上, 是垃圾郵件的機率就很大 ,</P>
<P>&nbsp;</P>
<P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ps:&nbsp; 我是參考 <A href="http://www.suma.tw/forum/thread-2972-1-1.html">http://www.suma.tw/forum/thread-2972-1-1.html</A>&nbsp;&nbsp; 6樓的設定</P>
<P>=======================================</P>
<P>&nbsp;</P>
<P>&nbsp;我覺得還是 whitelist 的設定問題.....&nbsp; </P>
<P>&nbsp;</P>
<P>請查一下 ...&nbsp;&nbsp; 正常的信是否有&nbsp; -500 分 , 那些沒有 ?? 還是全部都有 ?</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>&nbsp;</P>

幻想2004 發表於 2008-4-10 13:26:02

<P>
<DIV class=quote>
<BLOCKQUOTE>原文由 <I>shem888</I> 於 2008-4-10 01:08 PM 發表&nbsp;<A href="http://www.suma.tw/forum/redirect.php?goto=findpost&amp;pid=11945&amp;ptid=3059" target=_blank></A> 垃圾郵件的評分 ... + 的越高代表可能是垃圾郵件機率越大 , &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;(當有加入whitlelist 一般是會給 -100 分, ""你的給 -500分"")&nbsp; , 一般 +8 分以上, 是垃圾郵件的機率就很大 ... </BLOCKQUOTE></DIV>
<P></P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>&nbsp;可是 我剛剛去看了&nbsp;&nbsp; 我發現正常信件 都是&nbsp;&nbsp; +&nbsp; 得&nbsp; 偶而有到 -1xx.x</P>
<P>但是所有收到的垃圾信件&nbsp;&nbsp; 都是 -300以上起跳&nbsp; 偶而有+1x.x</P>
<P>&nbsp;</P>
<P>我也是參考六樓那位大大</P>
<P>唯讀</P>
<P>1.OutbreakProtection裡的Spam改成 "accept for later filtering" 分數改成5&nbsp;&nbsp; (找不到在哪邊)</P>
<P>2.DNS-BL 開啟,但底下選項全不勾&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 我還有另外勾選最底下兩個</P>
<P>而我在SpamFiltering&gt;&gt;Heuristics頁籤裡面是設定&nbsp;&nbsp; 5.0~12.0分</P>
<P>也設了from根主旨關鍵字阻擋</P>
<P>其他都照做...</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>&nbsp;</P>
<P>所以 我也不懂 到底是哪邊出了問題</P>
<P>兩個客服信箱一天大概有兩百封垃圾信</P>
<P>每天被釘到滿頭包 </P>
<P>&nbsp;</P>
<P>還是很感謝大大的教學相長</P>

shem888 發表於 2008-4-10 13:54:36

<P>&nbsp;我剛剛想到 : 你會不會是將 black list 的分數&nbsp; +/- 錯誤 ..??<BR><BR>傳上我的設定圖 :</P>
<P>&nbsp;</P>
<P>ps: 因為上傳的限制 請看 :</P>
<P><A href="http://picasaweb.google.com/shemyang/MdaemonSpam">http://picasaweb.google.com/shemyang/MdaemonSpam</A></P>
<P>&nbsp;</P>
<P></P>

[ 本文最後由 shem888 於 2008-4-10 02:18 PM 編輯 ]

幻想2004 發表於 2008-4-10 14:35:25

<DIV id=postmessage_11640 class=t_msgfont>
<P>只有最後一張,我公司沒有買 SecurityPlus .... 所以,</P>
<P>那個 OutbreakProtection 是不存在的 其他的,跟我原本的沒有太多的差異....</P>
<P>&nbsp;</P>
<P>問題會釋出在OutbreakProtection 嗎?</P>
<P>應該不至於差這麼多巴...</P></DIV>

isaacb 發表於 2008-4-15 09:43:28

这些参数好搞,一直没有找到好的设置<br>

popowolf 發表於 2008-4-15 13:10:55

<P>最近垃圾信件大增</P>
<P>真的很困擾</P>
<P>尤其很多都是localhost</P>
<P>檔掉又有些客戶的信會被檔</P>
<P>唉真頭痛</P>

blog89 發表於 2010-12-7 22:49:40

本文章最後由 blog89 於 2010-12-7 11:15 PM 編輯

各位大大,

    這個主題為何沒有在討論出結果呢?   小弟也為這個問題所苦。

    大部分都是說這個發信者在我的 White List名單中。但是遍尋不著到底設定在哪個地方。怪的是,許多垃圾信都用這個方法成功進到使用者信箱。使用者用Outlook就不會收到,一定跑到垃圾信資料夾,但是用WorldClient登入,就會發現這些信都在裏面,還有一堆"未來信件",例如今天才12/07日,卻已經有12/20日的來信,我的天呀,怎會這樣?

求助各位高手~請告知上述兩問題的設定解決方案。謝謝!!

1. USER_IN_WHITELIST_TO的設定項目是在哪一個檔案內呢? (這個問題不管哪一個版本都一樣耶,先前有看到其他文章說是MDaemon的Bug,但是似乎不是耶,每次改新版後問題一樣都是存在,所以我想應該是不知到哪邊設定沒能調好。
2. 未來時間寄信要在哪邊設定方能拒絕接收這類未來信件?

log節錄如下:
X-Spam-Level:
X-Spam-Status: No, score=-71.80 required=5.0
X-Spam-Report:
*0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
*3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
*3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
*1.6 TVD_RCVD_IP TVD_RCVD_IP
*2.6 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* -100 USER_IN_WHITELIST_TO address is listed in 'whitelist_to'
*1.5 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
*2.3 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
*1.9 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different
*0.0 HTML_MESSAGE BODY: HTML included in message
*0.4 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
*1.1 MPART_ALT_DIFF BODY: HTML and text parts are different
*1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
*2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
*      
*2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
*      
*1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
*0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
*2.6 INVALID_MSGID Message-Id is not valid, according to RFC 2822
*0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
*0.0 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

此封信亦為未來信件:
Received: from dns7.yahoo.com () by 222.124.203.58 with Microsoft SMTPSVC(5.0.2195.6824);
Sat, 18 Dec 2010 12:50:37 +0300
Date: Sat, 18 Dec 2010 08:46:37 -0100(今天才 7 號)
From: "[email protected]" <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Message-Id: <29065.271a51934366ja>
Organization: Microsoft Outlook, Build 10.0.2627



scottlong 發表於 2011-4-20 00:48:10

今天給他有學習到
頁: [1]
檢視完整版本: spam值為 -