如何阻挡图片垃圾邮件？ 垃圾邮件

feiwupiaoxue

公司使用的是Postfix邮件相同，安装在Linux上，最近出现了许多图片的垃圾邮件，而且地址和域名是变化无常的，请问如何阻挡，请大家出谋划策，不胜感激！

  

  

jacky

引用第0楼feiwupiaoxue于2006-11-07 15:16发表的:
公司使用的是Postfix邮件相同，安装在Linux上，最近出现了许多图片的垃圾邮件，而且地址和域名是变化无常的，请问如何阻挡，请大家出谋划策，不胜感激！

[attach]151[/attach]

[attach]152[/attach]
.......

可以用ocr来过滤

feiwupiaoxue

请版主讲的详细一些，俺是个新手啊，谢谢！

yucong

用Regular Expression(Perl-compatible)的关键词过滤html内容.
.*src="cid(part1|[A-Z0-9]{8})\.[A-Z0-9]{8}\.[A-Z0-9]{8}|[A-Z0-9]{20}).*
可过滤掉一部分.

jacky

this is what I did with my Fedora Core 4 / Amavisd / Postfix / Spamassassin


--------start--------
1. upgrade the SpamAssassin to 3.1.4 or above (I used v3.1.6)
2. download the requirement
a. netpbm (yum install netpbm-progs)
b. ImageMagick (yum install ImageMagick)
c. libungif and libungif-progs (yum install libungif-progs)
d. perl Digest::MD5, String::Approx

perl -MCPAN -e shell
install Digest::MD5
install String::Approx

e. ExifTool (yum install perl-Image-ExifTool)

3. Follow this procedure on patching and installing libungif and gocr
(http://www200.pair.com/mecham/spam/image_spam.html)

a. libungif

wget http://internap.dl.sourceforge.n ... bungif-4.1.4.tar.gz
tar xzvf libungif-4.1.4.tar.gz
cd libungif-4.1.4/util
wget http://users.own-hero.net/~decod ... text-segfault.patch
patch giftext.c < giftext-segfault.patch
cd ..
./configure --prefix=/usr && make && make install

b. GOCR
Download, extract, patch, compile and install gocr:

cd /usr/local/src
wget http://www-e.uni-magdeburg.de/jschulen/ocr/gocr-0.40.tar.gz
tar xzvf gocr-0.40.tar.gz
cd gocr-0.40/src
wget http://antispam.imp.ch/patches/patch-gocr-segfault
patch pgm2asc.c < patch-gocr-segfault
cd ..
./configure --prefix=/usr && make && make install

c. install FuzzyOcr

cd /usr/local/src/
wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-2.3b.tar.gz
tar xzvf fuzzyocr-2.3b.tar.gz
cd FuzzyOcr-2.3b

*** We will use a new patch Robert LeBlanc created for this particular version of FuzzyOcr.

wget http://www200.pair.com/mecham/sp ... hashdb-poison.patch
patch FuzzyOcr.pm < fuzzyocr-23b-hashdb-poison.patch

*** Then place the files:

cp FuzzyOcr.pm /etc/mail/spamassassin/
cp FuzzyOcr.cf /etc/mail/spamassassin/
cp FuzzyOcr.words.sample /etc/mail/spamassassin/FuzzyOcr.words

d. edit FuzzyOcr.cf and TEST IT.. follow the procedure on the website

http://www200.pair.com/mecham/spam/image_spam.html

e. install Imageinfo plugins for false positive

** look for Plugin of Spamassassin ***

cd /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin (mine)
wget http://www.rulesemporium.com/plugins/ImageInfo.pm
cd /etc/mail/spamassassin
wget http://www.rulesemporium.com/plugins/imageinfo.cf

edit v310.pre
*** and insert (at the bottom):

loadplugin Mail::SpamAssassin:lugin::ImageInfo

*** Edit imageinfo.cf and lower any scores that are 3.0 or more to half their value. This is to help prevent false positives:

vi imageinfo.cf

4. check spamassassin by "spamassassin --lint"

if no error.. restart your amavisd and mail server

feiwupiaoxue

谢谢jacky大斑竹的回话，另外我想请问yucong，如何在linux设定这段话来测试。敬请告知，谢谢！

feiwupiaoxue

引用第3楼yucong于2006-11-08 23:35发表的:
用Regular Expression(Perl-compatible)的关键词过滤html内容.
.*src="cid(part1|[A-Z0-9]{8}).[A-Z0-9]{8}.[A-Z0-9]{8}|[A-Z0-9]{20}).*
可过滤掉一部分.

我建立了centos4.4+clamav-0.8.6+amvisd-new-2.3.3+spamassassin-3.1.7+ocr的识别插件，可以阻挡此类的垃圾邮件，但是实际正在应用的系统spamassassin的版本是3.0几的，比较低啊，系统也是RHAS4.2的，发现用不了ocr的插件，现在不知道如何弄了，头大了。