■Fortigateのスパムフィルタを試してみる。その2
以下の続き。
Fortigateのスパムフィルタの正規表現、ワイルドカードを試してみる。
http://labunix.hateblo.jp/entry/20150618/1434636238
■正規表現にする必要の無いルールはデフォルトのワイルドカードに修正しておく。
config spamfilter bwl
edit 1
set name "default"
config entries
edit 1
set type email
set action clear
set email-pattern "@nonespam.example.jp" <---
next
end
next
end
■Fortigateを通るはずの無い「root@localhost」を追加する。
config spamfilter bwl
edit 1
set name "default"
config entries
edit 4
set type email
set email-pattern "root@localhost" <---
next
end
next
end
■前回のテスト用のスクリプトをちょっと修正。
$ cat spamtestmail2.sh
RCPT_TO=labunix@myhome.example.jp
TARGET=192.168.1.250
echo 'sample@nonespam.example.jp
root@localhost
sample@nonespam.example.jp
sample@mail.nonespam.example.jp
sample@nonenonespam.example.jp
sample@spam.example.jp
sample@mail.spam.example.jp
sample@nospam.example.jp' | \
for domainlist in `xargs`;do \
(sleep 1;echo "ehlo localhost"; \
sleep 1;echo "mail from:${domainlist}"; \
sleep 1;echo "rcpt to:"${RCPT_TO}; \
sleep 1;echo "data"; \
sleep 1;echo "Subject: Hello,"`date '+%Y/%m/%d %H:%M:%S'`; \
sleep 1;echo "http://blacklist.com"; \
sleep 1;echo "."; \
sleep 1;echo "quit"; \
) | telnet $TARGET 25
done
unset TARGET RCPT_TO domainlist
exit 0
■テストメールを送信。
$ ./spamtestmail2.sh > /dev/null
$ grep -A 1 "^Return\|^Subject" /var/spool/mail/labunix | \
nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$"
Return-Path: <sample@nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost>
Subject: [Spam] Hello,2015/06/20 22:34:17
Return-Path: <sample@nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp>
Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:41
Return-Path: <sample@spam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:49
Return-Path: <sample@mail.spam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:34:57
Return-Path: <sample@nospam.example.jp>
Subject: [Spam] Hello,2015/06/20 22:35:05
$ grep -A 1 "X-SpamInfo\|X-Quarantine-ID\|^Return\|^Subject" /var/spool/mail/labunix | \
nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$"
Return-Path: <sample@nonespam.example.jp>
X-Quarantine-ID: <4mhZX2UjudMo>
Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost>
X-Quarantine-ID: <mBTJOcgk82Rw>
Subject: [Spam] Hello,2015/06/20 22:34:17
X-SpamInfo: email-address,
Status: O
Return-Path: <sample@nonespam.example.jp>
X-Quarantine-ID: <zLXaP6PzO7tA>
Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp>
X-Quarantine-ID: <qNI8_iQUmbYZ>
Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp>
X-Quarantine-ID: <OUxAy8807-zw>
Subject: [Spam] Hello,2015/06/20 22:34:41
X-SpamInfo: email-address,
Status: O
Return-Path: <sample@spam.example.jp>
X-Quarantine-ID: <trrV8Q2wt4Ac>
Subject: [Spam] Hello,2015/06/20 22:34:49
X-SpamInfo: email-address,
Return-Path: <sample@mail.spam.example.jp>
X-Quarantine-ID: <NSN0AEX1sGF4>
Subject: [Spam] Hello,2015/06/20 22:34:57
X-SpamInfo: email-address,
Return-Path: <sample@nospam.example.jp>
X-Quarantine-ID: <EUJ3KvlvtOuq>
Subject: [Spam] Hello,2015/06/20 22:35:05
X-SpamInfo: email-address,
■数が多くなると見やすい方が良い。
はてブロだと崩れているけど、コンソールだと綺麗に揃う。
$ grep -A 1 "^Return\|^Subject" /var/spool/mail/labunix | \
nkf -w | grep -v "^-\|^X-Original-To\|^X-Virus-Scanned\|^http\|^\$" | \
awk '{if($1=="Return-Path:"){printf "\n%-50s",$0}else{printf ",%s",$0}}';echo
Return-Path: <sample@nonespam.example.jp> ,Subject: Hello,2015/06/20 22:34:09
Return-Path: <root@localhost> ,Subject: [Spam] Hello,2015/06/20 22:34:17
Return-Path: <sample@nonespam.example.jp> ,Subject: Hello,2015/06/20 22:34:25
Return-Path: <sample@mail.nonespam.example.jp> ,Subject: Hello,2015/06/20 22:34:33
Return-Path: <sample@nonenonespam.example.jp> ,Subject: [Spam] Hello,2015/06/20 22:34:41
Return-Path: <sample@spam.example.jp> ,Subject: [Spam] Hello,2015/06/20 22:34:49
Return-Path: <sample@mail.spam.example.jp> ,Subject: [Spam] Hello,2015/06/20 22:34:57
Return-Path: <sample@nospam.example.jp> ,Subject: [Spam] Hello,2015/06/20 22:35:05