Französische SA Rules?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Französische SA Rules?

Claas Goltz-2

Hallo Community,

ich bekomme recht viel Spam in französischer Sprache. Ich habe schon versucht im Internet ein geeignetes Ruleset zu finden, leider erfolglos. Die Mails werden in der Regel mit einem ziemlich guten Score bewertet. Vielleicht hab ich an irgendeiner Stelle auch den falschen Schalter umgelegt. Kennt jemand einen sa update Mirror aus Frankreich?

Vielen Dank für eure Zeit und Hilfe!


amavis, sa rules von heinlein, schaal-it und spamassassin,

postfix main.cf relevanter Teil:

smtpd_restriction_classes = check_greylist, insiders_only
check_greylist = check_policy_service inet:127.0.0.1:10023

smtpd_recipient_restrictions =
# Empfaenger whitelisten?
        check_recipient_access hash:/etc/postfix/access_recipient,
# Hosts und Absender blacklisten?
        check_client_access cidr:/etc/postfix/access_client,
        check_helo_access hash:/etc/postfix/access_helo,
        check_sender_access hash:/etc/postfix/access_sender,
        check_recipient_access hash:/etc/postfix/protected_destinations,
# Keine unsauberen Mails annehmen!
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_invalid_hostname,
# Unsere Kinderchens erlauben!
        permit_sasl_authenticated,
        permit_mynetworks,
# RBL checken!
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client ix.dnsbl.manitu.net,
# Policyd-weight
        check_policy_service inet:127.0.0.1:12525
# Greylisting checken!
        check_client_access regexp:/etc/postfix/check_client_greylist
        reject_unverified_recipient,
# Backup MX erlauben!
        permit_mx_backup,
# Alles andere Relaying verbieten!
        reject_unauth_destination,
# Was jetzt noch ist darf durch!
        permit


Beispiel Header einer franz. Spam Mail:

Header:

Received: from de-hb-ex02.MYDOMAIN.DE (x.x.0.167) by de-hb-ex01.MYDOMAIN.DE
 (x.x.0.168) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34 via Mailbox
 Transport; Wed, 21 Jun 2017 10:59:35 +0200
Received: from mx0.MYDOMAIN.DE (x.x.100.247) by de-hb-ex02.MYDOMAIN.DE
 (x.x.0.167) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34; Wed, 21
 Jun 2017 10:59:35 +0200
Received: from localhost (localhost [127.0.0.1])
    by de-hb-mx0.MYDOMAIN.DE (Postfix) with ESMTP id 15DB0FF041
    for <[hidden email]>; Wed, 21 Jun 2017 11:00:28 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx0.MYDOMAIN.DE
X-Spam-Flag: NO
X-Spam-Score: -1.572
X-Spam-Level:
X-Spam-Status: No, score=-1.572 tagged_above=-999 required=4.5
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, HTML_IMAGE_RATIO_02=0.437, HTML_MESSAGE=0.001,
    SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no
Authentication-Results: de-hb-mx0.MYDOMAIN.DE (amavisd-new);
    dkim=pass (1024-bit key) header.d=mes-offrestendances.com
    header.b=WmumcHNn; dkim=pass (1024-bit key)
    header.d=mes-offrestendances.com header.b=E1p64S94;
    domainkeys=fail (1024-bit key)
    reason="fail (message has been altered)"
    header.from=[hidden email]
    header.d=mes-offrestendances.com
Received: from de-hb-mx0.MYDOMAIN.DE ([127.0.0.1])
    by localhost (de-hb-mx0.MYDOMAIN.DE [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id sjIi6xC63gSi for <[hidden email]>;
    Wed, 21 Jun 2017 11:00:27 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 (only DNSBL check requested)
Received: from smtp1.mes-offrestendances.com (smtp1.mes-offrestendances.com [163.172.236.148])
    by de-hb-mx0.MYDOMAIN.DE (Postfix) with ESMTPS
    for <[hidden email]>; Wed, 21 Jun 2017 11:00:26 +0200 (CEST)
X-QHPSI: clean
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
    d=mes-offrestendances.com; s=default; h=Date:To:From:Reply-To:
    Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type:
    Content-Transfer-Encoding; bh=PLI7Z9vIwbQzcAoiNG+/k2JmnPI=; b=Wm
    umcHNnVgKYu/rtdEjpxY/jEmO2J+HGFL/cnwl6nCqG/xGrOb/9CuocgsUOCuCumN
    wYU/Thhhfx7iIxDquyP7SZZoWHC0L6JLV7Xev4PhkAWCrU298dqBGaoI3ZWB2SYy
    drZB2MkSpJ6MTfqldCAazDebUCbal4QhtMnup8QfM=
Received: (qmail 21141 invoked by uid 0); Wed, 21 Jun 2017 10:55:56 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
    d=mes-offrestendances.com; s=default; x=1498640156; h=DomainKey-Signature:
    Date:To:From:Reply-To:Subject:Message-ID:List-Unsubscribe:
    MIME-Version:Content-Type:Content-Transfer-Encoding; bh=PLI7Z9vI
    wbQzcAoiNG+/k2JmnPI=; b=E1p64S94FvmqcQiYagE4GxC6IMd27mzd77MGNuNQ
    BhB5aE9noDvFyUsNgAKNhmiyfZMI0cDpRFQPMYpoEvFyvAtvTXDurKkMCz5w9cAx
    eqgoeQ+se4O5V/Dww9ff6894Si04qXByg4pJHPg1QYiJW7152Ay4G4m9DezodWnu
    4L8=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=default; d=mes-offrestendances.com;
    b=broCECyg4DKqefx2xuWCCuWGr2XJVz8nbzgwPK8SvHys/FEn3QsKWmoKPPG1nufltkA5Bq0az8bKUdHZuH9e+mgGSokBVwqOzHcS2FNS2wTI+g9b55h//7OvZnYn+IGcnvjImnIqnrXe47cfsFoy00IiRpPP70U1/8LhQ6EIYVM=;
Date: Wed, 21 Jun 2017 10:55:56 +0200
To: [hidden email]
From: =?utf-8?B?R8OpbW8=?= <[hidden email]>
Reply-To: =?utf-8?B?R8OpbW8=?= <[hidden email]>
Subject: =?utf-8?B?TGVzIGpvdXJuw6llcyBjb2xvcsOpZXMgR8OpbW8gISBqdXNxdSfDoCAtNTAlIHBvdXIgZMOpbWFycmVyIGwnw6l0w6k=?=
Message-ID: <mHPm3wSFHNlV3XoyqQLluytSV5LedAMzKO3/jbWjkq7t6x/Hbj37/QZHxw0/[hidden email]>
List-Unsubscribe: <http://mes-offrestendances.com/6ib7sqkZDvq4Ygs-022phXo-Z2vcn2XVvnGMjmLllBYh0ZPS9ni12mzkQxBlOCzsFoRih-jceh-a_DDwcmXNNsszjIDLuxe4ENdjAFf9mvJPmYuxK7KvQBMAUpnsACXy3Nij-bUQGAiCgC2X61z4wA==>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_5a38bfd9fe34135610b0f91fe87a5e6f"
Content-Transfer-Encoding: 8bit
Return-Path: [hidden email]
X-MS-Exchange-Organization-Network-Message-Id: 4793674a-4435-43f0-1c51-08d4b883d6d1
X-MS-Exchange-Organization-AuthSource: de-hb-ex02.MYDOMAIN.DE
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.3006656

Profitez en vite... Consultez cet e-mail en ligne 
GÉMO
Femme  |  Homme  |  Bébé  |  Fille  |  Garçon  |  Chaussures  |  Promos  Magasins

Recevez tous les bons plans GÉMO en vous abonnant à la newsletter !

? Je m'abonne !

Du 2 au 25 juin en magasins et sur gemo.fr
Les journées colorées en magasins et sur gemo.fr
Jusqu'à -50% sur toute une sélection d'articles
Les journées colorées Les journées colorées
Profitez en vite... Consultez cet e-mail en ligne 
GÉMO
Femme  |  Homme  |  Bébé  |  Fille  |  Garçon  |  Chaussures  |  Promos  Magasins

Recevez tous les bons plans GÉMO en vous abonnant à la newsletter !

? Je m'abonne !

Du 2 au 25 juin en magasins et sur gemo.fr
Les journées colorées en magasins et sur gemo.fr
Jusqu'à -50% sur toute une sélection d'articles
Les journées colorées Les journées colorées
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Französische SA Rules?

Alex JOST
Am 23.06.2017 um 09:54 schrieb Claas Goltz:

> Hallo Community,
>
> ich bekomme recht viel Spam in französischer Sprache. Ich habe schon versucht im Internet ein geeignetes Ruleset zu finden, leider erfolglos. Die Mails werden in der Regel mit einem ziemlich guten Score bewertet. Vielleicht hab ich an irgendeiner Stelle auch den falschen Schalter umgelegt. Kennt jemand einen sa update Mirror aus Frankreich?
>
> Vielen Dank für eure Zeit und Hilfe!
>
> Beispiel Header einer franz. Spam Mail:
>
> Header:
>
> Received: from de-hb-ex02.MYDOMAIN.DE (x.x.0.167) by de-hb-ex01.MYDOMAIN.DE
>   (x.x.0.168) with Microsoft SMTP Server (version=TLS1_2,
>   cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34 via Mailbox
>   Transport; Wed, 21 Jun 2017 10:59:35 +0200
> Received: from mx0.MYDOMAIN.DE (x.x.100.247) by de-hb-ex02.MYDOMAIN.DE
>   (x.x.0.167) with Microsoft SMTP Server (version=TLS1_2,
>   cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34; Wed, 21
>   Jun 2017 10:59:35 +0200
> Received: from localhost (localhost [127.0.0.1])
>      by de-hb-mx0.MYDOMAIN.DE (Postfix) with ESMTP id 15DB0FF041
>      for <[hidden email]>; Wed, 21 Jun 2017 11:00:28 +0200 (CEST)
> X-Virus-Scanned: Debian amavisd-new at mx0.MYDOMAIN.DE
> X-Spam-Flag: NO
> X-Spam-Score: -1.572
> X-Spam-Level:
> X-Spam-Status: No, score=-1.572 tagged_above=-999 required=4.5
>      tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
>      DKIM_VALID_AU=-0.1, HTML_IMAGE_RATIO_02=0.437, HTML_MESSAGE=0.001,
>      SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001]
>      autolearn=no autolearn_force=no


Sieht aus als würdest Du weder Pyzor noch Razor verwenden. Die bringen
in der Regel recht gute Ergebnisse in solchen Fällen.

--
Alex JOST
Loading...