启发式系统

orrinchen · 发表于 2007-10-9 10:56:33

大家分数都是怎么设置的，我设置为20分还是有正常邮件被阻止，现在暂时关闭，会不会有问题啊。还有怎么把对方的域名加入白名单，谢谢！

wxhsh · 发表于 2007-10-9 11:00:15

看看SMTP-IN里被档的日志，看是哪些因素导致分值过高，我是CF文件都改了才调试成完美SA。

orrinchen · 发表于 2007-10-9 14:18:44

Mon 2007-10-08 12:01:35: Session 7425; child 2; thread 1652
Mon 2007-10-08 12:01:10: 接受 SMTP 连接来自 [218.78.208.154 ：50840]
Mon 2007-10-08 12:01:10: Performing PTR lookup (154.208.78.218.IN-ADDR.ARPA)
Mon 2007-10-08 12:01:10: *  D=154.208.78.218.IN-ADDR.ARPA TTL=(0) PTR=[ws04.shaidc.com]
Mon 2007-10-08 12:01:10: *  Gathering A records...
Mon 2007-10-08 12:01:10: *  D=ws04.shaidc.com TTL=(10) A=[218.78.208.154]
Mon 2007-10-08 12:01:10: ---- End PTR results
Mon 2007-10-08 12:01:10: --> 220 mydomain.com ESMTP MDaemon 9.5.1; Mon, 08 Oct 2007 12:01:10 +0800
Mon 2007-10-08 12:01:10: <-- HELO ws04.shaidc.com
Mon 2007-10-08 12:01:10: Performing IP lookup (ws04.shaidc.com)
Mon 2007-10-08 12:01:10: *  D=ws04.shaidc.com TTL=(10) A=[218.78.208.154]
Mon 2007-10-08 12:01:10: ---- End IP lookup results
Mon 2007-10-08 12:01:10: --> 250 mydomain.com Hello ws04.shaidc.com, pleased to meet you
Mon 2007-10-08 12:01:11: <-- MAIL FROM:<wtf@mandiesel.com.cn>
Mon 2007-10-08 12:01:11: Performing IP lookup (mandiesel.com.cn)
Mon 2007-10-08 12:01:11: *  P=010 S=000 D=mandiesel.com.cn TTL=(60) MX=[mail.shaidc.com]
Mon 2007-10-08 12:01:11: ---- End IP lookup results
Mon 2007-10-08 12:01:11: Performing SPF lookup (mandiesel.com.cn / 218.78.208.154)
Mon 2007-10-08 12:01:11: *  Result: none; no SPF record in DNS
Mon 2007-10-08 12:01:11: ---- End SPF results
Mon 2007-10-08 12:01:11: --> 250 <wtf@mandiesel.com.cn>, Sender ok
Mon 2007-10-08 12:01:11: <-- RCPT TO:<aaa@mydomain.com>
Mon 2007-10-08 12:01:11: 执行 DNS-BL 查询（218.78.208.154 - 正在连接 IP）
Mon 2007-10-08 12:01:11: *  sbl-xbl.spamhaus.org - 失败
Mon 2007-10-08 12:01:31: *  relays.ordb.org - 超时（10 秒等待）
Mon 2007-10-08 12:01:31: *  bl.spamcop.net - 失败
Mon 2007-10-08 12:01:31: ---- 结束 DNS-BL 结果
Mon 2007-10-08 12:01:31: --> 250 < aaa@mydomain.com >, Recipient ok
Mon 2007-10-08 12:01:31: <-- DATA
Mon 2007-10-08 12:01:31: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000010632.tmp
Mon 2007-10-08 12:01:31: --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2007-10-08 12:01:31: Message size: 52772 bytes
Mon 2007-10-08 12:01:31: Performing DomainKeys lookup (Sender: wtf@mandiesel.com.cn)
Mon 2007-10-08 12:01:31: *  File: d:\mdaemon\queues\temp\md50000010632.tmp
Mon 2007-10-08 12:01:31: *  Message-ID: IKEKIIOJHCPNFGFDKMOKIEGDCFAA.wtf@mandiesel.com.cn
Mon 2007-10-08 12:01:31: *  Querying for policy: mandiesel.com.cn
Mon 2007-10-08 12:01:31: * Querying: _domainkey.mandiesel.com.cn ...
Mon 2007-10-08 12:01:31: *  D=_domainkey.mandiesel.com.cn TTL=(30) A=[218.83.175.154]
Mon 2007-10-08 12:01:31: * Policy record:
Mon 2007-10-08 12:01:31: *  Result: pass
Mon 2007-10-08 12:01:31: ---- End DomainKeys results
Mon 2007-10-08 12:01:31: Performing DKIM lookup
Mon 2007-10-08 12:01:31: *  File: d:\mdaemon\queues\temp\md50000010632.tmp
Mon 2007-10-08 12:01:31: *  Message-ID: IKEKIIOJHCPNFGFDKMOKIEGDCFAA.wtf@mandiesel.com.cn
Mon 2007-10-08 12:01:31: *  Result: neutral
Mon 2007-10-08 12:01:31: ---- End DKIM results
Mon 2007-10-08 12:01:31: Passing message through Spam Filter (Size: 52772)...
Mon 2007-10-08 12:01:35: *  3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Mon 2007-10-08 12:01:35: *  0.1 FORGED_RCVD_HELO Received: contains a forged HELO
Mon 2007-10-08 12:01:35: *  1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
Mon 2007-10-08 12:01:35: *  1.6 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters
Mon 2007-10-08 12:01:35: *  0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
Mon 2007-10-08 12:01:35: *  0.0 HTML_MESSAGE BODY: HTML included in message
Mon 2007-10-08 12:01:35: * 10 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
Mon 2007-10-08 12:01:35: *    [score: 0.9998]
Mon 2007-10-08 12:01:35: *  0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file
Mon 2007-10-08 12:01:35: *    name
Mon 2007-10-08 12:01:35: *  1.9 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
Mon 2007-10-08 12:01:35: *  8.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
Mon 2007-10-08 12:01:35: *    [URIs: manbw.com.cn]
Mon 2007-10-08 12:01:35: *  3.0 URIBL_BLACK Contains a URL listed in the URIBL.com blacklist
Mon 2007-10-08 12:01:35: *    [URIs: manbw.com.cn]
Mon 2007-10-08 12:01:35: *  9.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
Mon 2007-10-08 12:01:35: *    [URIs: manbw.com.cn]
Mon 2007-10-08 12:01:35: *  8.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
Mon 2007-10-08 12:01:35: *    [URIs: manbw.com.cn]
Mon 2007-10-08 12:01:35: ---- End SpamAssassin results
Mon 2007-10-08 12:01:35: Spam Filter score/req: 47.00/15.0
Mon 2007-10-08 12:01:35: Message refused because spam score is too high
Mon 2007-10-08 12:01:35: --> 554 Sorry, message looks like SPAM to me
Mon 2007-10-08 12:01:35: <-- QUIT
Mon 2007-10-08 12:01:35: --> 221 See ya in cyberspace
Mon 2007-10-08 12:01:35: SMTP 会话终止（in/out 字节： 52873/311）

orrinchen · 发表于 2007-10-9 14:19:12

比如上面这封被阻止日志

wxhsh · 发表于 2007-10-9 14:25:42

1.检查DNS是否被劫持，方法：随便PING个不存在的域名，如fasdfsdfsdf3rrasdfssd.com，如果返回IP，就说明被劫持了，那就要关闭MD的DNS黑名单功能。
2.打开\SpamAssassin\rules\80_MDaemon_scores.cf
找到

score URIBL_SBL 4.0
score URIBL_SC_SURBL 8.0
score URIBL_WS_SURBL 9.0
score URIBL_OB_SURBL 9.5
score URIBL_PH_SURBL 8.0
score URIBL_AB_SURBL 8.0
score URIBL_JP_SURBL 8.0

复制代码

替换为

score URIBL_SBL 0.0
score URIBL_SC_SURBL 0.0
score URIBL_WS_SURBL 0.0
score URIBL_OB_SURBL 0.0
score URIBL_PH_SURBL 0.0
score URIBL_AB_SURBL 0.0
score URIBL_JP_SURBL 0.0

复制代码

重启MD

		自动登录	找回密码
密码			会员注册

[求助] 启发式系统

回复 1# 的帖子