読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

Fortigateのスパムフィルタを試してみる。その2

■Fortigateのスパムフィルタを試してみる。その2
 以下の続き。

 Fortigateのスパムフィルタの正規表現、ワイルドカードを試してみる。
 http://labunix.hateblo.jp/entry/20150618/1434636238

■正規表現にする必要の無いルールはデフォルトのワイルドカードに修正しておく。

# show spamfilter bwl | grep -f @nonespam
config spamfilter bwl
    edit 1
        set name "default"
            config entries
                edit 1
                    set type email
                    set action clear
                    set email-pattern "@nonespam.example.jp" <---
                next
            end
    next
end

■Fortigateを通るはずの無い「root@localhost」を追加する。

# show spamfilter bwl | grep -f root
config spamfilter bwl
    edit 1
        set name "default"
            config entries
                edit 4
                    set type email
                    set email-pattern "root@localhost" <---
                next
            end
    next
end

■前回のテスト用のスクリプトをちょっと修正。

$ cat spamtestmail2.sh 
#!/bin/bash

RCPT_TO=labunix@myhome.example.jp
TARGET=192.168.1.250

echo 'sample@nonespam.example.jp
     root@localhost
     sample@nonespam.example.jp
     sample@mail.nonespam.example.jp
     sample@nonenonespam.example.jp
     sample@spam.example.jp
     sample@mail.spam.example.jp
     sample@nospam.example.jp' | \
for domainlist in `xargs`;do \
  (sleep 1;echo "ehlo localhost"; \
   sleep 1;echo "mail from:${domainlist}"; \
   sleep 1;echo "rcpt to:"${RCPT_TO}; \
   sleep 1;echo "data"; \
   sleep 1;echo "Subject: Hello,"`date '+%Y/%m/%d %H:%M:%S'`; \
   sleep 1;echo "http://blacklist.com"; \
   sleep 1;echo "."; \
   sleep 1;echo "quit"; \
  ) | telnet $TARGET 25
done

unset TARGET RCPT_TO domainlist
exit 0

■テストメールを送信。

$ ./spamtestmail2.sh > /dev/null
$ grep -A 1 "^Return\|^Subject" /var/spool/mail/labunix | \
  nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$"
Return-Path: <sample@nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost>
Subject: [Spam] Hello,2015/06/20 22:34:17
Return-Path: <sample@nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:41
Return-Path: <sample@spam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:49
Return-Path: <sample@mail.spam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:57
Return-Path: <sample@nospam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:35:05

$ grep -A 1 "X-SpamInfo\|X-Quarantine-ID\|^Return\|^Subject" /var/spool/mail/labunix | \
  nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$"
Return-Path: <sample@nonespam.example.jp>
X-Quarantine-ID: <4mhZX2UjudMo>
Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost>
X-Quarantine-ID: <mBTJOcgk82Rw>
Subject: [Spam] Hello,2015/06/20 22:34:17
X-SpamInfo: email-address, 
Status: O
Return-Path: <sample@nonespam.example.jp>
X-Quarantine-ID: <zLXaP6PzO7tA>
Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp>
X-Quarantine-ID: <qNI8_iQUmbYZ>
Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp>
X-Quarantine-ID: <OUxAy8807-zw>
Subject: [Spam] Hello,2015/06/20 22:34:41
X-SpamInfo: email-address, 
Status: O
Return-Path: <sample@spam.example.jp>
X-Quarantine-ID: <trrV8Q2wt4Ac>
Subject: [Spam] Hello,2015/06/20 22:34:49
X-SpamInfo: email-address, 
Return-Path: <sample@mail.spam.example.jp>
X-Quarantine-ID: <NSN0AEX1sGF4>
Subject: [Spam] Hello,2015/06/20 22:34:57
X-SpamInfo: email-address, 
Return-Path: <sample@nospam.example.jp>
X-Quarantine-ID: <EUJ3KvlvtOuq>
Subject: [Spam] Hello,2015/06/20 22:35:05
X-SpamInfo: email-address, 

■数が多くなると見やすい方が良い。
 はてブロだと崩れているけど、コンソールだと綺麗に揃う。

$ grep -A 1 "^Return\|^Subject" /var/spool/mail/labunix | \
  nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$" | \
  awk '{if($1=="Return-Path:"){printf "\n%-50s",$0}else{printf ",%s",$0}}';echo

Return-Path: <sample@nonespam.example.jp>         ,Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost>                     ,Subject: [Spam] Hello,2015/06/20 22:34:17
Return-Path: <sample@nonespam.example.jp>         ,Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp>    ,Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp>     ,Subject: [Spam] Hello,2015/06/20 22:34:41
Return-Path: <sample@spam.example.jp>             ,Subject: [Spam] Hello,2015/06/20 22:34:49
Return-Path: <sample@mail.spam.example.jp>        ,Subject: [Spam] Hello,2015/06/20 22:34:57
Return-Path: <sample@nospam.example.jp>           ,Subject: [Spam] Hello,2015/06/20 22:35:05