amavisd 规则备忘
邮件服务器在做内容过滤,结果误杀好多邮件,有一些常用规则再现,记录一下。
20150113 初版
amavisd 版本为2.6.4
https://wiki.apache.org/spamassassin/Rules 这个站点居然可以查看相关规则,看不明白呀
2.0 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
0.7 FROM_STARTS_WITH_NUMS From: starts with many numbers
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.0 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding
2.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
2.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
2.0 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
3.4 FH_DATE_PAST_20XX The date is grossly in the future.
0.7 FROM_STARTS_WITH_NUMS From: starts with many numbers
0.0 CN_BODY_51 BODY: Body contains "′óD"
0.3 CN_BODY_834 BODY: Body contains "áa μ"
0.0 CN_BODY_276 BODY: Body contains " è£o"
0.0 HTML_MESSAGE BODY: HTML included in message
2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
2.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
3.4 FH_DATE_PAST_20XX The date is grossly in the future.
1.8 SUBJ_ALL_CAPS Subject is all capitals
2.2 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?183.90.171.203>]
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.7 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
1.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Forged mail pretending to be from MS Outlook 伪造邮件伪装成来自微软的Outlook
The date is grossly in the future. 日期时间与当前不一致