不过滤回复邮件如何操作？（仅指经过本地账户回复过的邮件）

nfore

如果一封邮件中，是本地账号发送出去的，那对方回复时，不要过滤如何设置？

因为我发现有些系统判断是垃圾邮件，但其实这些邮件是回复本地账户发送的邮件，不应该是垃圾邮件。

wxhsh

最好能贴下此邮件的smtp-in日志，看如何改善此问题。

nfore

MDaemon-20080311-SMTP（入）.log:

Tue 2008-03-11 08:54:40: ----------
Tue 2008-03-11 08:54:51: Session 3337; child 2; thread 2092
Tue 2008-03-11 08:54:48: 接受 SMTP 连接来自 [218.85.134.167:60978]
Tue 2008-03-11 08:54:48: Performing PTR lookup (167.134.85.218.IN-ADDR.ARPA)
Tue 2008-03-11 08:54:48: *  D=167.134.85.218.IN-ADDR.ARPA TTL=(720) PTR=[slave.mail145.cn4e.com]
Tue 2008-03-11 08:54:48: *  Gathering A records...
Tue 2008-03-11 08:54:49: *  D=slave.mail145.cn4e.com TTL=(60) A=[218.85.134.167]
Tue 2008-03-11 08:54:49: ---- End PTR results
Tue 2008-03-11 08:54:49: --> 220 mail.xxxxxx.cn ESMTP MDaemon 9.6.4; Tue, 11 Mar 2008 08:54:49 +0800
Tue 2008-03-11 08:54:49: <-- EHLO slave.mail145.cn4e.com
Tue 2008-03-11 08:54:49: Performing IP lookup (slave.mail145.cn4e.com)
Tue 2008-03-11 08:54:49: *  D=slave.mail145.cn4e.com TTL=(60) A=[218.85.134.167]
Tue 2008-03-11 08:54:49: ---- End IP lookup results
Tue 2008-03-11 08:54:49: --> 250-mail.xxxxxx.cn Hello slave.mail145.cn4e.com, pleased to meet you
Tue 2008-03-11 08:54:49: --> 250-ETRN
Tue 2008-03-11 08:54:49: --> 250-AUTH=LOGIN
Tue 2008-03-11 08:54:49: --> 250-AUTH LOGIN CRAM-MD5
Tue 2008-03-11 08:54:49: --> 250-8BITMIME
Tue 2008-03-11 08:54:49: --> 250-STARTTLS
Tue 2008-03-11 08:54:49: --> 250 SIZE 30720000
Tue 2008-03-11 08:54:49: <-- MAIL FROM:<ywm@hengkun.com> SIZE=9768
Tue 2008-03-11 08:54:49: Performing IP lookup (hengkun.com)
Tue 2008-03-11 08:54:49: *  D=hengkun.com TTL=(60) A=[222.76.213.47]
Tue 2008-03-11 08:54:49: *  P=000 S=000 D=hengkun.com TTL=(60) MX=[mx.hengkun.com] {218.85.134.167}
Tue 2008-03-11 08:54:49: ---- End IP lookup results
Tue 2008-03-11 08:54:49: Performing SPF lookup (hengkun.com / 218.85.134.167)
Tue 2008-03-11 08:54:49: *  Result: none; no SPF record in DNS
Tue 2008-03-11 08:54:49: ---- End SPF results
Tue 2008-03-11 08:54:49: --> 250 <ywm@hengkun.com>, Sender ok
Tue 2008-03-11 08:54:49: <-- RCPT TO:<qiurl@xxxxxx.cn>
Tue 2008-03-11 08:54:49: 执行 DNS-BL 查询（218.85.134.167 - 正在连接 IP）
Tue 2008-03-11 08:54:49: *  cblless.anti-spam.org.cn - 通过
Tue 2008-03-11 08:54:50: *  zen.spamhaus.org - 通过
Tue 2008-03-11 08:54:50: *  zen.spamhaus.org - 通过
Tue 2008-03-11 08:54:50: *  bl.spamcop.net - 通过
Tue 2008-03-11 08:54:50: ---- 结束 DNS-BL 结果
Tue 2008-03-11 08:54:50: --> 250 <qiurl@xxxxxx.cn>, Recipient ok
Tue 2008-03-11 08:54:50: <-- DATA
Tue 2008-03-11 08:54:50: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000429486.tmp
Tue 2008-03-11 08:54:50: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2008-03-11 08:54:51: Message size: 9768 bytes
Tue 2008-03-11 08:54:51: Performing DKIM lookup
Tue 2008-03-11 08:54:51: *  File: d:\mdaemon\queues\temp\md50000429486.tmp
Tue 2008-03-11 08:54:51: *  Message-ID: 200803110856420120399@hengkun.com
Tue 2008-03-11 08:54:51: *  Result: neutral
Tue 2008-03-11 08:54:51: ---- End DKIM results
Tue 2008-03-11 08:54:51: Performing DomainKeys lookup (Sender: ywm@hengkun.com)
Tue 2008-03-11 08:54:51: *  File: d:\mdaemon\queues\temp\md50000429486.tmp
Tue 2008-03-11 08:54:51: *  Message-ID: 200803110856420120399@hengkun.com
Tue 2008-03-11 08:54:51: *  Querying for policy: hengkun.com
Tue 2008-03-11 08:54:51: *    Querying: _domainkey.hengkun.com ...
Tue 2008-03-11 08:54:51: *    DNS: *  名称服务器报告未知的域名
Tue 2008-03-11 08:54:51: *  Result: neutral
Tue 2008-03-11 08:54:51: ---- End DomainKeys results
Tue 2008-03-11 08:54:51: 邮件创建 successful：d:\mdaemon\queues\inbound\md50000448449.msg
Tue 2008-03-11 08:54:51: --> 250 Ok, message saved <Message-ID: 200803110856420120399@hengkun.com>
Tue 2008-03-11 08:54:51: <-- QUIT
Tue 2008-03-11 08:54:51: --> 221 See ya in cyberspace
Tue 2008-03-11 08:54:51: SMTP 会话成功（进/出字节：9878/449）
Tue 2008-03-11 08:54:51: ----------


MDaemon-20080311-路由.log:

Tue 2008-03-11 08:54:35: ----------
Tue 2008-03-11 08:54:53: Routing message (inbound queue): d:\mdaemon\queues\inbound\md50000448449.msg
Tue 2008-03-11 08:54:53: *  From: ywm@hengkun.com; Recipient: qiurl@xxxxxx.cn; Size: 10879; Message: d:\mdaemon\queues\local\md50000962716.msg
Tue 2008-03-11 08:54:53: *  Subject: Re: Re: SJ-5017
Tue 2008-03-11 08:54:53: *  Message-ID: 200803110856420120399@hengkun.com
Tue 2008-03-11 08:54:53: ----------


MDaemon-20080311-内容过滤器.log:

Tue 2008-03-11 08:54:34: ----------
Tue 2008-03-11 08:54:54: Content Filter processing d:\mdaemon\queues\local\md50000962716.msg...
Tue 2008-03-11 08:54:54: * Message return-path: ywm@hengkun.com
Tue 2008-03-11 08:54:54: * Message from: ywm@hengkun.com
Tue 2008-03-11 08:54:54: * Message to: qiurl@xxxxxx.cn
Tue 2008-03-11 08:54:54: * Message subject: [**BN-MD-Spam** S/R: 05.6/5.0] Re: Re: SJ-5017
Tue 2008-03-11 08:54:54: * Message ID: <200803110856420120399@hengkun.com>
Tue 2008-03-11 08:54:54: Start Content Filter results
Tue 2008-03-11 08:54:55: * Message matched rule: 5-9.99
Tue 2008-03-11 08:54:55: * Matched 1 of 11 active rules    被判断值大小5，
Tue 2008-03-11 08:54:55: End of Content Filter results
Tue 2008-03-11 08:54:55: ----------

其实有些邮件的值会被评的比较高，但其实并不是垃圾邮件。提高评值的准确性是一个方法，但这个方法是不太好控制，而对这类邮件直接判为可信任的，不进行过滤是比较好的一种方法吧。

[ 本帖最后由 nfore 于 2008-3-11 13:56 编辑 ]

nfore

这封邮件其实是：
qiurl@xxxxxx.cn  发给 ywm@hengkun.com，对方收到进行的回复邮件。

wxhsh

CF过滤器并不是SA过滤，它匹配了你11条中的一条，而默认MD只有两条，所以先要检查下是被哪条你的自定义规则过滤了。而奇怪的是SMTP-IN里并没有SA的信息，所以我也不知道这5.6分是哪来的。

nfore

to wxhsh:

其实我的意思并不是针对这封邮件，而是针对这一类的邮件，即：只要是回复本地账户的邮件均不要过滤。

wxhsh

但你这个问题又会引申到一个更深入的问题“如何评判此邮件是真正回复本地邮件？“事实上，传统方式下只要对方知道你的邮件地址，都可以毫无难度的伪造一封回复邮件，无非是主题加个"RE"。
因此，在MD9.6中增加了“反向散射防护”功能来减少此概率，但此功能只有拒绝设置，而没有验证成功后跳过SA或减少分值的选项。

tdk

这是为什么？ 未知？
Tue 2008-03-11 08:54:51: *  Querying for policy: hengkun.com
Tue 2008-03-11 08:54:51: *    Querying: _domainkey.hengkun.com ...
Tue 2008-03-11 08:54:51: *    DNS: *  名称服务器报告未知的域名
Tue 2008-03-11 08:54:51: *  Result: neutral
Tue 2008-03-11 08:54:51: ---- End DomainKeys results

wxhsh

原帖由 tdk 于 2008-3-11 15:02 发表
这是为什么？ 未知？
Tue 2008-03-11 08:54:51: *  Querying for policy: hengkun.com
Tue 2008-03-11 08:54:51: *    Querying: _domainkey.hengkun.com ...
Tue 2008-03-11 08:54:51: *    DNS: *  名称服务器报 ...

这个是很正常的问题，相信国内没有多少人会去做DKIM记录的，很多人甚至连SPF都没做呢（包括本人），再说没有自己的DNS服务器一般域名服务商也不开放TEXT类型记录的，想做都没办法。

nfore

To wxhsh;
我的域名有做SPF，请问DKIM如何做？如果能做到的话，我想去做一下。