CentOS 5.1 下用源码编译安装 ExtMail (第四部分)
CentOS 5.1 下安装 ExtMail (主要软件使用 RPM 包方式安装)
2008-1-19 
03:57 
0
597
CentOS 5.1 下用源码编译安装 ExtMail (五部分)
这一部分,将一些重要的配置文件贴出来,供参考:
(一)postfix 中的重要配置文件:
================== main.cf =====================================
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.4.6-documentation/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.6-documentation/README_FILES
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
# hostname
mynetworks = 127.0.0.1
myhostname = mail.redzone.com.cn
mydomain = redzone.com.cn
mydestination = $mynetworks, $myhostname
# banner
mail_name = Postfix - By $mydomain
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 3s
unknown_local_recipient_reject_code = 550
command_time_limit = 120s
smtp_data_done_timeout = 1800s
smtp_connect_timeout = 1200s
queue_run_delay = 300s
bounce_queue_lifetime = 3600s
maximal_queue_lifetime = 3600s
minimal_backoff_time = 600s
maximal_backoff_time = 3600s
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
# maildrop setting
#maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
check_policy_service inet:127.0.0.1:10030
# SMTP sender login matching config
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
# Content-Filter
header_checks = regexp:/etc/postfix/header_checks
receive_override_options = no_address_mappings
# Message and return code control
mailbox_size_limit = 419430400
message_size_limit = 41943040
show_user_unknown_table_name = no
# Base Config
line_length_limit = 40960
header_size_limit = 1024000
queue_minfree = 94371840
bounce_size_limit = 51200
smtp_destination_recipient_limit = 10
smtpd_client_connection_rate_limit = 50
smtpd_client_connection_count_limit = 50
==============================================================
================== master.cf =====================================
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
#flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
==============================================================
================== MailScanner.conf =====================================
%org-name% = redzone
%1% = Virus-Scan
%2% = Spam-Check
%3% = Spam-Score
%4% = Information
%5% = Email-From
%6% = Email-To
%org-long-name% = redzone
%web-site% = Information Center
%etc-dir% = /etc/MailScanner
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
#
# System settings
# ---------------
#
Max Children = 5
Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 6
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Restart Every = 14400
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
#
# Incoming Work Dir Settings
# --------------------------
#
Incoming Work User = postfix
Incoming Work Group = postfix
Incoming Work Permissions = 0600
#
# Quarantine and Archive Settings
# -------------------------------
#
Quarantine User = postfix
Quarantine Group = postfix
Quarantine Permissions = 0600
#
# Processing Incoming Mail
# ------------------------
#
Max Unscanned Bytes Per Scan = 1024m
Max Unsafe Bytes Per Scan = 1024m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 409600
Scan Messages = yes
Reject Message = no
Maximum Attachments Per Message = 200
Expand TNEF = no
Use TNEF Contents = replace
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 30
File Command = /usr/bin/file
File Timeout = 30
Gunzip Command = /bin/gunzip
Gunzip Timeout = 30
Unrar Command = /usr/bin/unrar
Unrar Timeout = 30
Find UU-Encoded Files = yes
Maximum Message Size = %rules-dir%/max.message.size.rules
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 5
Find Archives By Content = yes
Zip Attachments = yes
Attachments Zip Filename = MessageAttachments.zip
Attachments Min Total Size To Zip = 10240k
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
#
# Virus Scanning and Vulnerability Testing
# ----------------------------------------
#
Virus Scanning = yes
Virus Scanners = mcafee
Virus Scanner Timeout = 60
Deliver Disinfected Files = yes
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = yes
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = yes
#
# Removing/Logging dangerous or potentially offensive content
# -----------------------------------------------------------
#
Dangerous Content Scanning = yes
Allow Partial Messages = yes
Allow External Message Bodies = yes
Find Phishing Fraud = no
Also Find Numeric Phishing = no
Use Stricter Phishing Net = no
Highlight Phishing Fraud = no
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf
Allow IFrame Tags = yes
Allow Form Tags = yes
Allow Script Tags = yes
Allow WebBugs = yes
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
Known Web Bug Servers = msgtag.com
Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif
Allow Object Codebase Tags = yes
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
#
# Attachment Filename Checking
# ----------------------------
#
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf
Allow Filetypes =
Deny Filetypes =
Filetype Rules = %etc-dir%/filetype.rules.conf
#
# Reports and Responses
# ---------------------
#
Quarantine Infections = no
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = no
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Signature Image Filename = %report-dir%/sig.jpg
Signature Image
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
#
# Changes to Message Headers
# --------------------------
#
Mail Header = %1%:
Spam Header = %2%:
Spam Score Header = %3%:
Information Header = %4%:
Add Envelope From Header = yes
Add Envelope To Header = yes
Envelope From Header = %5%:
Envelope To Header = %6%:
Spam Score Character = *
SpamScore Number Instead Of Stars = yes
Minimum Stars If On Spam List = 0
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = yes
Multiple Headers = append
Hostname = ($HOSTNAME) MailScanner
Sign Messages Already Processed = no
Sign Clean Messages = yes
Attach Image To Signature = no
Attach Image To HTML Message Only = no
Mark Infected Messages = yes
Mark Unscanned Messages = no
Unscanned Header Value = Not scanned: please contact your postmaster
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages = yes
#
# Notifications back to the senders of blocked messages
# -----------------------------------------------------
#
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Blocked Size Attachments = no
Notify Senders Of Other Blocked Content = no
Never Notify Senders Of Precedence = list bulk
#
# Changes to the Subject: line
# ----------------------------
#
Scanned Modify Subject = no
Scanned Subject Text = {Scanned}
Virus Modify Subject = yes
Virus Subject Text = < Virus/Checked By redzone >
Filename Modify Subject = yes
Filename Subject Text = {Filename?}
Content Modify Subject = yes
Content Subject Text = < Dangerous Content >
Size Modify Subject = no
Size Subject Text = {Size}
Disarmed Modify Subject = no
Disarmed Subject Text = {Disarmed}
Phishing Modify Subject = no
Phishing Subject Text = {Fraud?}
Spam Modify Subject = yes
Spam Subject Text = < Attention: SPAM >
High Scoring Spam Modify Subject = yes
High Scoring Spam Subject Text = < SPAM/Checked By redzone >
#
# Changes to the Message Body
# ---------------------------
#
Warning Is Attachment = yes
Attachment Warning Filename = warn_message.txt
Attachment Encoding Charset = ISO-8859-1
#
# Mail Archiving and Monitoring
# -----------------------------
#
Archive Mail =
#
# Notices to System Administrators
# --------------------------------
#
Send Notices = no
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = yes
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner
Notices To = postmaster
Local Postmaster = postmaster
#
# Spam Detection and Virus Scanner Definitions
# --------------------------------------------
#
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
#
# Spam Detection and Spam Lists (DNS blocklists)
# ----------------------------------------------
#
Spam Checks = yes
Spam List = # spamhaus-ZEN # You can un-comment this to enable them
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3
Spam List Timeout = 10
Max Spam List Timeouts = 30
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = no
Definite Spam Is High Scoring = no
Ignore Spam Whitelist If Recipients Exceed = 1000
Max Spam Check Size = 10485760k
#
# Watermarking
# ------------
#
Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = nothing
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret
Watermark Lifetime = 3600
Watermark Header = MailScanner-Watermark:
#
# SpamAssassin
# ------------
#
Use SpamAssassin = yes
Max SpamAssassin Size = 10240k
Required SpamAssassin Score = 13
High SpamAssassin Score = 18
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 30
Max SpamAssassin Timeouts = 40
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = no
Include Binary Attachments In SpamAssassin = no
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 3600
Wait During Bayes Rebuild = no
#
# Custom Spam Scanner Plugin
# --------------------------
#
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 15
Max Custom Spam Scanner Timeouts = 30
Custom Spam Scanner Timeout History = 20
#
# What to do with spam
# --------------------
#
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no
#
# Logging
# -------
#
Syslog Facility = mail
Log Speed = yes
Log Spam = yes
Log Non Spam = yes
Log Permitted Filenames = yes
Log Permitted Filetypes = yes
Log Silent Viruses = yes
Log Dangerous HTML Tags = yes
#
# Advanced SpamAssassin Settings
# ------------------------------
#
SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir = /etc/mail/spamassassin
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir = /usr/share/spamassassin
#
# MCP (Message Content Protection)
# -----------------------------
#
MCP Checks = no
First Check = spam
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
#
# Advanced Settings
# -----------------
#
Use Default Rules With Multiple Recipients = no
Spam Score Number Format = %d
MailScanner Version Number = 4.66.5
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = no
Run In Foreground = no
Always Looked Up Last = no
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = no
Lockfile Dir = /tmp
Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions
Lock Type =
Syslog Socket Type =
Minimum Code Status = supported
==============================================================
================== local.cf =====================================
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam.
required_score 15.0
# Change the subject of suspected spam
rewrite_header subject ***SPAM(_SCORE_)***
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 0
# Enable the Bayes system
use_auto_whitelist 0
use_bayes 1
use_bayes_rules 1
bayes_path /var/spool/MailScanner/.spamassassin/bayes
# Enable Bayes auto-learning
#bayes_auto_learn 1
auto_learn 1
bayes_min_ham_num 30
bayes_min_spam_num 40
bayes_auto_learn_threshold_nonspam 0.0
bayes_auto_learn_threshold_spam 5.0
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available yes
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english japanese
ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
header LOCAL_RCVD Received =~ /.*\(\S+\.redzone\.com\.cn\s+\[.*\]\)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -25
# Disabled scores.
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
# local domain from but ip not match.
header __FROM_TEATIME Received =~ /from redzone.com.cn/i
header __FROM_TEATIME_IP Received =~ /\[213\.141\.239\.123\]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From redzone.com.cn but ip not match
score FROM_TEATIME_BUT_IP_ERROR 12.0
# From addr like
header __FROM_8BIT_LOCAL From:addr =~ /[a-zA-Z0-9_-]*[\x80xff][a-zA-Z0-9_-]*\@redzone\.com\.cn/i
header __TO_8BIT_LOCAL To:addr =~ /[a-zA-Z0-9_-]*[\x80-\xff][a-zA-Z0-9_-]*\@redzone\.com\.cn/i
header __CC_8BIT_LOCAL Cc:addr =~ /[a-zA-Z0-9_-]*[\x80-\xff][a-zA-Z0-9_-]*\@redzone\.com\.cn/i
meta LOCAL_8BIT_USER (__FROM_8BIT_LOCAL || __TO_8BIT_LOCAL || __CC_8BIT_LOCAL)
describe LOCAL_8BIT_USER From or To a chinese@redzone.com.cn
score LOCAL_8BIT_USER 12.0
score ADDRESS_IN_SUBJECT 3.000 # To: address appears in Subject
score ADDR_FREE 3.000 # From Address contains FREE
score BAD_ENC_HEADER 0.500 # Message has bad MIME encoding in the header
score BANG_MORE 5.000 # Talks about more with an exclamation!
score BILLION_DOLLARS 0.500 # Talks about lots of money
score BAYES_00 0.000 # Bayesian spam probability is 0 to 1%
score BAYES_05 0.000 # Bayesian spam probability is 1 to 5%
score BAYES_20 0.000 # Bayesian spam probability is 5 to 20%
score BAYES_40 0.500 # Bayesian spam probability is 20 to 40%
score BAYES_50 1.000 # Bayesian spam probability is 40 to 60%
score BAYES_60 1.000 # Bayesian spam probability is 60 to 80%
score BAYES_80 1.000 # Bayesian spam probability is 80 to 95%
score BAYES_95 1.000 # Bayesian spam probability is 95 to 99%
score BAYES_99 1.000 # Bayesian spam probability is 99 to 100%
score DATE_IN_FUTURE_03_06 1.000 # Date: is 3 to 6 hours after Received: date
score DATE_IN_FUTURE_06_12 1.000 # Date: is 6 to 12 hours after Received: date
score DATE_IN_FUTURE_12_24 1.000 # Date: is 12 to 24 hours after Received: date
score DATE_IN_FUTURE_24_48 1.000 # Date: is 24 to 48 hours after Received: date
score DATE_IN_FUTURE_48_96 1.000 # Date: is 48 to 96 hours after Received: date
score DATE_IN_FUTURE_96_XX 1.000 # Date: is 96 hours or more after Received: date
score DATE_IN_PAST_03_06 1.000 # Date: is 3 to 6 hours before Received: date
score DATE_IN_PAST_06_12 1.000 # Date: is 6 to 12 hours before Received: date
score DATE_IN_PAST_12_24 1.000 # Date: is 12 to 24 hours before Received: date
score DATE_IN_PAST_24_48 1.000 # Date: is 24 to 48 hours before Received: date
score DATE_IN_PAST_48_96 1.000 # Date: is 48 to 96 hours before Received: date
score DATE_IN_PAST_96_XX 1.000 # Date: is 96 hours or more before Received: date
score DATE_SPAMWARE_Y2K 1.000 # Date header uses unusual Y2K formatting
score DNS_FROM_AHBL_RHSBL 0.000 # From: sender listed in dnsbl.ahbl.org
score DNS_FROM_RFC_ABUSE 0.000 # Envelope sender in abuse.rfc-ignorant.org
score DNS_FROM_RFC_BOGUSMX 0.000 # Envelope sender in bogusmx.rfc-ignorant.org
score DNS_FROM_RFC_DSN 0.000 # Envelope sender in dsn.rfc-ignorant.org
score DNS_FROM_RFC_POST 0.000 # Envelope sender in postmaster.rfc-ignorant.org
score DNS_FROM_RFC_WHOIS 0.000 # Envelope sender in whois.rfc-ignorant.org
score DNS_FROM_SECURITYSAGE 1.000 # Envelope sender in blackholes.securitysage.com
score DOMAIN_4U2 2.000 # Domain name containing a "4u" variant
score DOMAIN_RATIO 3.000 # Message body mentions many internet domains
score EMPTY_MESSAGE 1.000 # Message appears to be empty with no Subject: text
score ENGLISH_UCE_SUBJECT 1.400 # Subject contains an English UCE tag
score FORGED_HOTMAIL_RCVD 1.000 # Forged hotmail.com 'Received:' header found
score FORGED_HOTMAIL_RCVD2 1.000 # hotmail.com 'From' address, but no 'Received:'
score FORGED_MSGID_AOL 1.500 # Message-ID is forged, (aol.com)
score FORGED_MSGID_EXCITE 1.500 # Message-ID is forged, (excite.com)
score FORGED_MSGID_HOTMAIL 1.500 # Message-ID is forged, (hotmail.com)
score FORGED_MSGID_MSN 1.500 # Message-ID is forged, (msn.com)
score FORGED_MSGID_YAHOO 1.500 # Message-ID is forged, (yahoo.com)
score FORGED_MUA_AOL_FROM 1.500 # Forged mail pretending to be from AOL (by From)
score FORGED_MUA_EUDORA 1.500 # Forged mail pretending to be from Eudora
score FORGED_MUA_IMS 1.500 # Forged mail pretending to be from IMS
score FORGED_MUA_MOZILLA 1.500 # Forged mail pretending to be from Mozilla
score FORGED_MUA_OIMO 1.500 # Forged mail pretending to be from MS Outlook IMO
score FORGED_MUA_OUTLOOK 1.500 # Forged mail pretending to be from MS Outlook
score FORGED_MUA_THEBAT_BOUN 2.000 # Mail pretending to be from The Bat! (boundary)
score FORGED_MUA_THEBAT_CS 1.500 # Mail pretending to be from The Bat! (charset)
score FORGED_OUTLOOK_HTML 1.500 # Outlook can't send HTML message only
score FORGED_OUTLOOK_TAGS 1.000 # Outlook can't send HTML in this format
score FROM_ALL_NUMS 1.500 # From numeric address (except US/Canada phones)
score FROM_BLANK_NAME 1.500 # From: contains empty name
score FROM_DOMAIN_NOVOWEL 1.500 # From: domain has series of non-vowel letters
score FROM_ENDS_IN_NUMS 1.000 # From: ends in many numbers
score FROM_ILLEGAL_CHARS 1.000 # From: has too many raw illegal characters
score GAPPY_SUBJECT 3.000 # Subject: contains G.a.p.p.y-T.e.x.t
score HEAD_ILLEGAL_CHARS 0.500 # Headers have too many raw illegal characters
score HELO_DYNAMIC_IPADDR2 2.000 # Relay HELO'd using suspicious hostname (IP addr 2)
score HTML_00_10 0.000 # Message is 0% to 10% HTML
score HTML_10_20 0.000 # Message is 10% to 20% HTML
score HTML_20_30 0.000 # Message is 20% to 30% HTML
score HTML_30_40 0.000 # Message is 30% to 40% HTML
score HTML_40_50 0.000 # Message is 40% to 50% HTML
score HTML_50_60 0.000 # Message is 50% to 60% HTML
score HTML_60_70 0.000 # Message is 60% to 70% HTML
score HTML_70_80 0.000 # Message is 70% to 80% HTML
score HTML_80_90 0.000 # Message is 80% to 90% HTML
score HTML_90_100 0.000 # Message is 90% to 100% HTML
score HTML_FONT_BIG 0.000 # HTML tag for a big font size
score HTML_FONT_FACE_BAD 0.000 # HTML font face is not a word
score HTML_IMAGE_ONLY_04 0.500 # HTML: images with 0-400 bytes of words
score HTML_IMAGE_ONLY_08 0.400 # HTML: images with 400-800 bytes of words
score HTML_IMAGE_ONLY_12 1.000 # HTML: images with 800-1200 bytes of words
score HTML_IMAGE_ONLY_16 1.000 # HTML: images with 1200-1600 bytes of words
score HTML_IMAGE_ONLY_20 1.000 # HTML: images with 1600-2000 bytes of words
score HTML_IMAGE_ONLY_24 1.000 # HTML: images with 2000-2400 bytes of words
score HTML_IMAGE_ONLY_28 1.000 # HTML: images with 2400-2800 bytes of words
score HTML_IMAGE_ONLY_32 1.000 # HTML: images with 2800-3200 bytes of words
score HTML_IMAGE_RATIO_02 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_04 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_06 2.000 # HTML has a low ratio of text to image area
score HTML_IMAGE_RATIO_08 2.000 # HTML has a low ratio of text to image area
score HTML_MESSAGE 0.000 # HTML included in message
score HTML_MIME_NO_HTML_TAG 1.000 # HTML-only message, but there is no HTML tag
score HTML_MISSING_CTYPE 1.000 # Message is HTML without HTML Content-Type
score HTML_NONELEMENT_00_10 0.000 # 0% to 10% of HTML elements are non-standard
score HTML_NONELEMENT_10_20 0.500 # 10% to 20% of HTML elements are non-standard
score HTML_NONELEMENT_20_30 0.000 # 20% to 30% of HTML elements are non-standard
score HTML_NONELEMENT_30_40 0.500 # 30% to 40% of HTML elements are non-standard
score HTML_NONELEMENT_40_50 0.000 # 40% to 50% of HTML elements are non-standard
score HTML_NONELEMENT_50_60 0.500 # 50% to 60% of HTML elements are non-standard
score HTML_NONELEMENT_60_70 0.000 # 60% to 70% of HTML elements are non-standard
score HTML_NONELEMENT_70_80 0.500 # 70% to 80% of HTML elements are non-standard
score HTML_NONELEMENT_80_90 0.000 # 80% to 90% of HTML elements are non-standard
score HTML_NONELEMENT_90_100 0.500 # 90% to 100% of HTML elements are non-standard
score HTML_OBFUSCATE_05_10 0.600 # Message is 5% to 10% HTML obfuscation
score HTML_OBFUSCATE_10_20 0.500 # Message is 10% to 20% HTML obfuscation
score HTML_OBFUSCATE_20_30 1.000 # Message is 20% to 30% HTML obfuscation
score HTML_OBFUSCATE_30_40 1.000 # Message is 30% to 40% HTML obfuscation
score HTML_OBFUSCATE_40_50 1.000 # Message is 40% to 50% HTML obfuscation
score HTML_OBFUSCATE_50_60 1.500 # Message is 50% to 60% HTML obfuscation
score HTML_OBFUSCATE_60_70 1.500 # Message is 60% to 70% HTML obfuscation
score HTML_OBFUSCATE_70_80 1.000 # Message is 70% to 80% HTML obfuscation
score HTML_OBFUSCATE_80_90 1.000 # Message is 80% to 90% HTML obfuscation
score HTML_OBFUSCATE_90_100 1.000 # Message is 90% to 100% HTML obfuscation
score HTML_SHORT_LINK_IMG_1 2.000 # HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_2 2.000 # HTML is very short with a linked image
score HTML_SHORT_LINK_IMG_3 0.500 # HTML is very short with a linked image
score HTML_TAG_EXIST_BGSOUND 0.500 # HTML has "bgsound" tag
score HTML_TAG_EXIST_MARQUEE 0.500 # HTML has "marquee" tag
score HTML_TAG_EXIST_TBODY 0.500 # HTML has "tbody" tag
score HTML_TEXT_AFTER_BODY 0.500 # HTML contains text after BODY close tag
score HTML_TEXT_AFTER_HTML 0.500 # HTML contains text after HTML close tag
score INVALID_DATE 0.500 # Invalid Date: header (not RFC 2822)
score INVALID_MSGID 0.500 # Message-Id is not valid, according to RFC 2822
score INVALID_TZ_CST 0.500 # Invalid date in header (wrong CST timezone)
score INVALID_TZ_EST 0.500 # Invalid date in header (wrong EST timezone)
score INVALID_TZ_GMT 0.500 # Invalid date in header (wrong GMT/UTC timezone)
score MAILTO_TO_SPAM_ADDR 0.200 # Includes a link to a likely spammer email
score MIME_BASE64_NO_NAME 0.500 # base64 attachment does not have a file name
score MIME_BASE64_TEXT 0.500 # Message text disguised using base64 encoding
score MIME_HTML_ONLY 0.500 # Message only has text/html MIME parts
score MIME_HTML_ONLY_MULTI 0.000 # Multipart message only has text/html MIME parts
score MIME_HEADER_CTYPE_ONLY 0.000 # 'Content-Type' found without required MIME headers
score MISSING_MIMEOLE 0.500 # Message has X-MSMail-Priority, but no X-MimeOLE
score MISSING_SUBJECT 1.000 # Missing Subject: header
score MSGID_DOLLARS 3.000 # Message-Id has pattern used in spam
score MSGID_FROM_MTA_ID 0.500 # Message-Id for external message added locally
score MSGID_OUTLOOK_INVALID 0.500 # Message-Id is fake (in Outlook Express format)
score NO_DNS_FOR_FROM 0.500 # Envelope sender has no MX or A DNS records
score NO_REAL_NAME 1.000 # From: does not include a real name
score PLING_PLING 1.000 # Subject has lots of exclamation marks
score RATWARE_MS_HASH 3.000 # Bulk email fingerprint (msgid ms hash) found
score RATWARE_RCVD_AT 3.000 # Bulk email fingerprint (Received @) found
score RATWARE_RCVD_LC_ESMTP 1.500 # Bulk email fingerprint ('esmtp' Received) found
score RATWARE_RCVD_PF 3.000 # Bulk email fingerprint (Received PF) found
score RATWARE_ZERO_TZ 3.000 # Bulk email fingerprint (+0000) found
score RCVD_DOUBLE_IP_SPAM 0.500 # Bulk email fingerprint (double IP) found
score RCVD_HELO_IP_MISMATCH 1.500 # Received: HELO and IP do not match, but should
score RCVD_ILLEGAL_IP 1.500 # Received: contains illegal IP address
score RCVD_NUMERIC_HELO 1.500 # Received: contains an IP address used for HELO
score ROUND_THE_WORLD_LOCAL 4.000 # Received: says mail sent around the world (HELO)
score SPF_FAIL 11.00 # SPF: sender does not match SPF record (fail)
score SPF_HELO_FAIL 11.00 # SPF: HELO does not match SPF record (fail)
score SPF_HELO_NEUTRAL 1.000 # SPF: HELO does not match SPF record (neutral)
score SPF_HELO_PASS 0.000 # SPF: HELO matches SPF record
score SPF_HELO_SOFTFAIL 0.000 # SPF: HELO does not match SPF record (softfail)
score SPF_NEUTRAL 1.000 # SPF: sender does not match SPF record (neutral)
score SPF_PASS 0.000 # SPF: sender matches SPF record
score SPF_SOFTFAIL 0.500 # SPF: sender does not match SPF record (softfail)
score SUBJECT_DIET 2.000 # Subject talks about losing pounds
score SUBJECT_DRUG_GAP_C 3.000 # Subject contains a gappy version of 'cialis'
score SUBJECT_DRUG_GAP_L 3.000 # Subject contains a gappy version of 'levitra'
score SUBJECT_DRUG_GAP_P 3.000 # Subject contains a gappy version of 'phentermine'
score SUBJECT_DRUG_GAP_S 3.000 # Subject contains a gappy version of 'soma'
score SUBJECT_DRUG_GAP_VA 3.000 # Subject contains a gappy version of 'valium'
score SUBJECT_DRUG_GAP_VIC 3.000 # Subject contains a gappy version of 'vicodin'
score SUBJECT_DRUG_GAP_X 3.000 # Subject contains a gappy version of 'xanax'
score SUBJECT_ENCODED_TWICE 2.000 # Subject: MIME encoded twice
score SUBJECT_EXCESS_BASE64 0.782 # Subject: base64 encoded encoded unnecessarily
score SUBJECT_EXCESS_QP 0.000 # Subject: quoted-printable encoded unnecessarily
score SUBJECT_FUZZY_CHEAP 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_MEDS 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_PENIS 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_FUZZY_TION 3.000 # Attempt to obfuscate words in Subject:
score SUBJECT_NOVOWEL 0.000 # Subject: has long non-vowel letter sequence
score SUBJECT_SEXUAL 2.160 # Subject indicates sexually-explicit content
score SUBJ_2_NUM_PARENS 1.000 # Subject contains common spam sign (2 numbers)
score SUBJ_ALL_CAPS 2.000 # Subject is all capitals
score SUBJ_AS_SEEN 3.000 # Subject contains "As Seen"
score SUBJ_BUY 2.000 # Subject line starts with Buy or Buying
score SUBJ_CONSONANTS 0.000 # Subject contains consecutive consonants in "word"
score SUBJ_DOLLARS 0.650 # Subject starts with dollar amount
score SUBJ_FOR_ONLY 1.500 # Subject contains "For Only"
score SUBJ_FREE_CAP 1.200 # Subject contains "FREE" in CAPS
score SUBJ_GUARANTEED 1.360 # Subject GUARANTEED
score SUBJ_HAS_SPACES 1.000 # Subject contains lots of white space
score SUBJ_HAS_UNIQ_ID 0.895 # Subject contains a unique ID
score SUBJ_ILLEGAL_CHARS 1.000 # # Subject: has too many raw illegal characters
score SUBJ_LIFE_INSURANCE 11.00 # Subject includes "life insurance"
score SUBJ_YOUR_DEBT 11.00 # Subject contains "Your Bills" or similar
score SUBJ_YOUR_FAMILY 11.00 # Subject contains "Your Family"
score SUBJ_YOUR_OWN 4.000 # Subject contains "Your Own"
score SUB_FREE_OFFER 1.000 # Subject starts with "Free"
score SUB_HELLO 1.500 # Subject starts with "Hello"
score TO_EMPTY 11.00 # To: is empty
score UNPARSEABLE_RELAY 0.000 # Informational: message has unparseable relay lines
score UPPERCASE_25_50 0.500 # message body is 25-50% uppercase
score UPPERCASE_50_75 1.000 # message body is 50-75% uppercase
score UPPERCASE_75_100 1.500 # message body is 75-100% uppercase
score URIBL_AB_SURBL 3.000 # Contains an URL listed in the AB SURBL blocklist
score URIBL_JP_SURBL 3.000 # Contains an URL listed in the JP SURBL blocklist
score URIBL_OB_SURBL 3.000 # Contains an URL listed in the OB SURBL blocklist
score URIBL_PH_SURBL 3.000 # Contains an URL listed in the PH SURBL blocklist
score URIBL_SBL 3.000 # Contains an URL listed in the SBL blocklist
score URIBL_SC_SURBL 3.000 # Contains an URL listed in the SC SURBL blocklist
score URIBL_WS_SURBL 3.000 # Contains an URL listed in the WS SURBL blocklist
score URI_SCHEME_MIXED_CASE 1.500 # URI scheme has mixed uppercase and lowercase
score WEIRD_QUOTING 1.000 # Weird repeated double-quotation marks
score USER_IN_BLACKLIST 25.00 # From: address is in the user's black-list
score USER_IN_WHITELIST -200.0 # From: address is in the user's white-list
==============================================================
| 引用(0)
