終結垃圾郵件(四)
統計分析垃圾信
1. spamstats
直接使用ports安裝
# whereis spamstats
spamstats: /usr/ports/mail/spamstats
# cd /usr/ports/mail/spamstats
# make install clean
……
# spamstats.pl -number 5
File /var/log/maillog : from Mar 31 00:00:00 to Mar 31 19:20:40
Total number of emails processed by the spam filter : 406
Number of spams : 186 ( 45.81%)
Number of clean messages : 220 ( 54.19%)
Average message analysis time : 6.26 seconds
Average spam analysis time : 6.53 seconds
Average clean message analysis time : 6.02 seconds
Average message score : 8.18
Average spam score : 16.72
Average clean message score : 0.33
Total spam volume : 4265 kbytes
Total clean volume : 10 Mbytes
Recipients with highest number of spams : (top 5)
11 spams :
liyu@mail.abc.com.tw
9 spams :
karent@mail.abc.com.tw
5 spams :
cycha@mail.abc.com.tw
4 spams :
scp23ab@mail.abc.com.tw
xmimeea@abc.com.tw
mary@mail.abc.com.tw
john@mail.abc.com.tw
2. sa-stats.pl
直接到http://www.rulesemporium.com/programs/sa-stats.txt下載, 這是一個perl的script, 所以不用安裝, 直接可以使用; 記得改檔名, 改權限; 它會列出垃圾信規則的排行榜
fb54-ibm1# cd /usr/local/www/apache22/cgi-bin
fb54-ibm1# ls
mailgraph.cgi printenv sa-stats.pl sa-stats31.pl test test-cgi
fb54-ibm1# ./sa-stats.pl
Email: 455 Autolearn: 128 AvgScore: 7.92 AvgScanTime: 6.27 sec
Spam: 224 Autolearn: 107 AvgScore: 16.35 AvgScanTime: 6.51 sec
Ham: 231 Autolearn: 21 AvgScore: -0.26 AvgScanTime: 6.02 sec
Time Spent Running SA: 0.79 hours
Time Spent Processing Spam: 0.41 hours
Time Spent Processing Ham: 0.39 hours
TOP SPAM RULES FIRED
----------------------------------------------------------------------
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
----------------------------------------------------------------------
1 HTML_MESSAGE 181 81.10 80.80 81.39
2 SUBJ_ILLEGAL_CHARS 130 30.55 58.04 3.90
3 MIME_HTML_ONLY 117 41.54 52.23 31.17
4 DNS_FROM_RFC_ABUSE 87 26.15 38.84 13.85
5 MPART_ALT_DIFF 79 22.20 35.27 9.52
6 RCVD_NUMERIC_HELO 73 16.48 32.59 0.87
7 HTML_IMAGE_RATIO_02 71 20.22 31.70 9.09
8 FORGED_MUA_OUTLOOK 67 14.73 29.91 0.00
9 RCVD_HELO_IP_MISMATCH 65 14.29 29.02 0.00
10 DNS_FROM_RFC_WHOIS 60 15.16 26.79 3.90
11 MISSING_MIMEOLE 58 12.97 25.89 0.43
12 UNPARSEABLE_RELAY 56 16.26 25.00 7.79
13 FROM_ILLEGAL_CHARS 51 11.21 22.77 0.00
14 MIME_BASE64_TEXT 51 18.46 22.77 14.29
15 MIME_HTML_ONLY_MULTI 48 11.21 21.43 1.30
16 MSGID_SPAM_CAPS 43 9.45 19.20 0.00
17 NO_REAL_NAME 42 20.44 18.75 22.08
18 RCVD_IN_WHOIS_INVALID 40 9.67 17.86 1.73
19 HEAD_ILLEGAL_CHARS 39 9.67 17.41 2.16
20 HTML_SHORT_LINK_IMG_1 38 8.35 16.96 0.00
----------------------------------------------------------------------
1. spamstats
直接使用ports安裝
# whereis spamstats
spamstats: /usr/ports/mail/spamstats
# cd /usr/ports/mail/spamstats
# make install clean
……
# spamstats.pl -number 5
File /var/log/maillog : from Mar 31 00:00:00 to Mar 31 19:20:40
Total number of emails processed by the spam filter : 406
Number of spams : 186 ( 45.81%)
Number of clean messages : 220 ( 54.19%)
Average message analysis time : 6.26 seconds
Average spam analysis time : 6.53 seconds
Average clean message analysis time : 6.02 seconds
Average message score : 8.18
Average spam score : 16.72
Average clean message score : 0.33
Total spam volume : 4265 kbytes
Total clean volume : 10 Mbytes
Recipients with highest number of spams : (top 5)
11 spams :
liyu@mail.abc.com.tw
9 spams :
karent@mail.abc.com.tw
5 spams :
cycha@mail.abc.com.tw
4 spams :
scp23ab@mail.abc.com.tw
xmimeea@abc.com.tw
mary@mail.abc.com.tw
john@mail.abc.com.tw
2. sa-stats.pl
直接到http://www.rulesemporium.com/programs/sa-stats.txt下載, 這是一個perl的script, 所以不用安裝, 直接可以使用; 記得改檔名, 改權限; 它會列出垃圾信規則的排行榜
fb54-ibm1# cd /usr/local/www/apache22/cgi-bin
fb54-ibm1# ls
mailgraph.cgi printenv sa-stats.pl sa-stats31.pl test test-cgi
fb54-ibm1# ./sa-stats.pl
Email: 455 Autolearn: 128 AvgScore: 7.92 AvgScanTime: 6.27 sec
Spam: 224 Autolearn: 107 AvgScore: 16.35 AvgScanTime: 6.51 sec
Ham: 231 Autolearn: 21 AvgScore: -0.26 AvgScanTime: 6.02 sec
Time Spent Running SA: 0.79 hours
Time Spent Processing Spam: 0.41 hours
Time Spent Processing Ham: 0.39 hours
TOP SPAM RULES FIRED
----------------------------------------------------------------------
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
----------------------------------------------------------------------
1 HTML_MESSAGE 181 81.10 80.80 81.39
2 SUBJ_ILLEGAL_CHARS 130 30.55 58.04 3.90
3 MIME_HTML_ONLY 117 41.54 52.23 31.17
4 DNS_FROM_RFC_ABUSE 87 26.15 38.84 13.85
5 MPART_ALT_DIFF 79 22.20 35.27 9.52
6 RCVD_NUMERIC_HELO 73 16.48 32.59 0.87
7 HTML_IMAGE_RATIO_02 71 20.22 31.70 9.09
8 FORGED_MUA_OUTLOOK 67 14.73 29.91 0.00
9 RCVD_HELO_IP_MISMATCH 65 14.29 29.02 0.00
10 DNS_FROM_RFC_WHOIS 60 15.16 26.79 3.90
11 MISSING_MIMEOLE 58 12.97 25.89 0.43
12 UNPARSEABLE_RELAY 56 16.26 25.00 7.79
13 FROM_ILLEGAL_CHARS 51 11.21 22.77 0.00
14 MIME_BASE64_TEXT 51 18.46 22.77 14.29
15 MIME_HTML_ONLY_MULTI 48 11.21 21.43 1.30
16 MSGID_SPAM_CAPS 43 9.45 19.20 0.00
17 NO_REAL_NAME 42 20.44 18.75 22.08
18 RCVD_IN_WHOIS_INVALID 40 9.67 17.86 1.73
19 HEAD_ILLEGAL_CHARS 39 9.67 17.41 2.16
20 HTML_SHORT_LINK_IMG_1 38 8.35 16.96 0.00
----------------------------------------------------------------------
留言