Spamassassin не фильтрует все письма с высокими оценками
Некоторые письма с высоким рейтингом проходят в почтовые ящики пользователей, даже если многие из тех же спам-сообщений правильно отфильтровываются в спам-ящик сервера. Вот один пример: Почта правильно отфильтрована как спам
Date: Thu, 04 Aug 2016 15:08:33 +0300 From: Erich Gibbs
<Gibbs.04377@ttnet.com.tr> To: **** <*****@****.**> Subject: please
sign
[-- Attachment #1 --] [-- Type: multipart/related, Encoding: 7bit,
Size: 16K --]
[-- Attachment #1 --] [-- Type: text/plain, Encoding: 8bit, Size: 0.1K
--]
Dear ****
Please sign the receipt attached for the arrival of new office
facilities.
Best regards, Erich Gibbs
[-- Attachment #2: fe12f845f8ff.zip --] [-- Type: application/zip,
Encoding: base64, Size: 15K --]
[-- application/zip is unsupported (use 'v' to view this part) --]
[-- Attachment #2: SpamAssassinReport.txt --] [-- Type: text/plain,
Encoding: 7bit, Size: 1.0K --]
Spam detection software, running on the system "****.****.**", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it or label similar future
email. If you have any questions, see the administrator of that
system for details.
Content preview: Dear **** Please sign the receipt attached for the
arrival of new office facilities. Best regards, Erich Gibbs [...]
Content analysis details: (5.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
Generic rPTR
0.0 TVD_RCVD_IP Message was received from an IP address
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Вот похожее сообщение, которое достигло моего почтового ящика
Return-Path: <Blankenship.08610@telkom.net.id> Received: from
108.subnet110-136-45.speedy.telkom.net.id (108.subnet110-136-45.speedy.telkom.net.id [110.136.45.108] (may be
forged)) by (8.14.7/8.14.7) with ESMTP id u74CAuvv038162
for <****@****.**>; Thu, 4 Aug 2016 14:11:07 +0200 Received: from
root by telkom.net.id with local (Exim 4.80) (envelope-from
<bounce-48753697-878257-8791355-1117335@telkom.net.id>) id
kcxAKb-MGbTTg-NC for ****@****.**; Thu, 04 Aug 2016 19:10:52 +0700
To: "*****" <****@****.**> Subject: please sign Date: Thu, 04 Aug
2016 19:10:52 +0700 From: "Earlene Blankenship"
<Blankenship.08610@telkom.net.id> Message-ID:
<1ae58aa60fb7a0c535a0975c9c05b7ba@thr.sk> X-Priority: 3 MIME-Version:
1.0 Content-Type: multipart/related; type="text/html"; boundary="b1_560b0ac54766d9148a54052f9a46e5ef" X-SPF-Scan-By: smf-spf
v2.0.2 - http://smfs.sf.net/ Received-SPF: None (****.****.**: domain
of blankenship.08610@telkom.net.id does not designate permitted
sender hosts) receiver=****.****.**; client-ip=110.136.45.108;
envelope-from=<Blankenship.08610@telkom.net.id>;
helo=108.subnet110-136-45.speedy.telkom.net.id; X-Virus-Scanned:
clamav-milter 0.99.2 at ****.****.** X-Virus-Status: Clean
X-Scanned-By: MIMEDefang 2.78 on 62.168.116.66
--b1_560b0ac54766d9148a54052f9a46e5ef Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit
Dear ****
Please sign the receipt attached for the arrival of new office
facilities.
Best regards, Earlene Blankenship
1_560b0ac54766d9148a54052f9a46e5ef Content-Type: application/zip; name="d8bc18159378.zip" Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="d8bc18159378.zip"
Когда я проверяю оценку того же сообщения со спамом, оценка высокая. Я не знаю, почему он неправильно помечен перед доставкой.
# spamc -R <'1470312683.38275_0.****.****.**:2,Sa'
8.3/5.0 Spam detection software, running on the system "****.****.**", has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label similar
future email. If you have any questions, see the administrator of
that system for details.
Content preview: Dear servis Please sign the receipt attached for the
arrival of new office facilities. Best regards, Earlene Blankenship
[...]
Content analysis details: (8.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[110.136.45.108 listed in psbl.surriel.com]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[110.136.45.108 listed in zen.spamhaus.org]
-1.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
#
Есть идеи, в чем может быть причина? Спасибо.
1
задан Aas
5 August 2016 в 16:40
Ссылка
1 ответ
Я нашел причину. В mimedefang-фильтре было определено, что spamassassin обрабатывает только сообщения размером менее 100 КБ. Я поднял планку до 300 КБ, и проблема решена.
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 300*1024) {
...
Надеюсь, это кому-то поможет.
2