After ScrolloutF1 starts running, it will analyze the received or sent emails, and deliver the emails determined as spam to the quarantine mailbox. Next, we will analyze a spam score in order to adjust the Level or add it to the whitelist.
Content analysis details: (25.1 points, 5.0 required) //Total score, this email is rated 25.1 points, my filtering requirement is that less than 5 points are safe emails, 7 points are delivered to the user's mailbox but marked as spam, see Isolation options in http://www.8win.net/2018/04/255.html .
pts rule name description //Score rule name description
---- -------------- -------- ------------------------------------------------------ --------
1.0 SO_PUB_URIBL_DOMAIN_40 URL's domain address is listed in //Score 1 point, URL rule contains qq.com URL filter takes effect
reputation-domain-40.rbl.scrolloutf1.com
[URIs: qq.com]
0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL //The score is 0.1 points, the IP address is valid in the SBL list connection filter
[122.190.106.138 listed in zen.spamhaus.org]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL //The score is 0.4 points, the IP address is in the XBL list connection filter takes effect
2.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL //The score is 2.3 points, the IP address is in the PBL list connection filter 1.5 RCVD_IN_SORBS_WEB
RBL: SORBS: sender is an abusable web server //Score 1.5, the IP address is in the SORBS list The connection filter is in effect
[122.190.106.138 listed in dnsbl.sorbs.net]
4.0 SO_PUB_URIBL_DOMAIN_10 URL's domain address is listed in // Score 4, the domain name is valid in the URLBL list connection filter
reputation-domain-10.rbl.scrolloutf1.com
[URIs: incose.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL // Score 2.7, the IP address is connected in the PSBL list Filter in effect
[122.190.106.138 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net //Rating 1.3 IP address in SPAMCOP list connection filter takes effect
[Blocked - see < http://www.spamcop.net/bl.shtml?122.190.106.138 > ]
0.8 SO_RDNS_UNKNOWN Unspecified hostname //Unspecified host, no SPF parsing. The hostname filter takes effect
0.0 HTML_MESSAGE BODY: HTML included in message //The HTML body filter is inserted into the mail content to take effect
1.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags //The HTML in the email contains unconfirmed content Body filter takes effect
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large //The font in HTML is too large Body filter takes effect
4.5 BAYES_80 BODY: Bayes spam probability is 80 to 95% //Bayes It is judged that the probability of spam is 80%-95%. Spam trap score takes effect
[score: 0.9405]
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word //HTML font definition is abnormal Body filter takes effect
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS //No reverse resolution, host name filter takes effect
1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily //Unnecessary BASE64 encoding, Body filter takes effect
2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers //OE headers are delivered directly, this email is delivered directly by command, which means that it is sent using third-party software or command line Yes, remember that the old version of FOXMAIL also has a mode of express mail that is used. Header and attachments filter takes effect