Französische SA Rules?

Claas Goltz claas.goltz at rock-bunker.de
Fr Jun 23 09:54:23 CEST 2017


Hallo Community,

ich bekomme recht viel Spam in französischer Sprache. Ich habe schon versucht im Internet ein geeignetes Ruleset zu finden, leider erfolglos. Die Mails werden in der Regel mit einem ziemlich guten Score bewertet. Vielleicht hab ich an irgendeiner Stelle auch den falschen Schalter umgelegt. Kennt jemand einen sa update Mirror aus Frankreich?

Vielen Dank für eure Zeit und Hilfe!


amavis, sa rules von heinlein, schaal-it und spamassassin,

postfix main.cf relevanter Teil:

smtpd_restriction_classes = check_greylist, insiders_only
check_greylist = check_policy_service inet:127.0.0.1:10023

smtpd_recipient_restrictions =
# Empfaenger whitelisten?
        check_recipient_access hash:/etc/postfix/access_recipient,
# Hosts und Absender blacklisten?
        check_client_access cidr:/etc/postfix/access_client,
        check_helo_access hash:/etc/postfix/access_helo,
        check_sender_access hash:/etc/postfix/access_sender,
        check_recipient_access hash:/etc/postfix/protected_destinations,
# Keine unsauberen Mails annehmen!
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_invalid_hostname,
# Unsere Kinderchens erlauben!
        permit_sasl_authenticated,
        permit_mynetworks,
# RBL checken!
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client ix.dnsbl.manitu.net,
# Policyd-weight
        check_policy_service inet:127.0.0.1:12525
# Greylisting checken!
        check_client_access regexp:/etc/postfix/check_client_greylist
        reject_unverified_recipient,
# Backup MX erlauben!
        permit_mx_backup,
# Alles andere Relaying verbieten!
        reject_unauth_destination,
# Was jetzt noch ist darf durch!
        permit


Beispiel Header einer franz. Spam Mail:

Header:

Received: from de-hb-ex02.MYDOMAIN.DE (x.x.0.167) by de-hb-ex01.MYDOMAIN.DE
 (x.x.0.168) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34 via Mailbox
 Transport; Wed, 21 Jun 2017 10:59:35 +0200
Received: from mx0.MYDOMAIN.DE (x.x.100.247) by de-hb-ex02.MYDOMAIN.DE
 (x.x.0.167) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.845.34; Wed, 21
 Jun 2017 10:59:35 +0200
Received: from localhost (localhost [127.0.0.1])
    by de-hb-mx0.MYDOMAIN.DE (Postfix) with ESMTP id 15DB0FF041
    for <mza at MYDOMAIN.DE>; Wed, 21 Jun 2017 11:00:28 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx0.MYDOMAIN.DE
X-Spam-Flag: NO
X-Spam-Score: -1.572
X-Spam-Level:
X-Spam-Status: No, score=-1.572 tagged_above=-999 required=4.5
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, HTML_IMAGE_RATIO_02=0.437, HTML_MESSAGE=0.001,
    SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no
Authentication-Results: de-hb-mx0.MYDOMAIN.DE (amavisd-new);
    dkim=pass (1024-bit key) header.d=mes-offrestendances.com
    header.b=WmumcHNn; dkim=pass (1024-bit key)
    header.d=mes-offrestendances.com header.b=E1p64S94;
    domainkeys=fail (1024-bit key)
    reason="fail (message has been altered)"
    header.from=promotions at mes-offrestendances.com
    header.d=mes-offrestendances.com
Received: from de-hb-mx0.MYDOMAIN.DE ([127.0.0.1])
    by localhost (de-hb-mx0.MYDOMAIN.DE [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id sjIi6xC63gSi for <mza at MYDOMAIN.DE>;
    Wed, 21 Jun 2017 11:00:27 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 (only DNSBL check requested)
Received: from smtp1.mes-offrestendances.com (smtp1.mes-offrestendances.com [163.172.236.148])
    by de-hb-mx0.MYDOMAIN.DE (Postfix) with ESMTPS
    for <mza at MYDOMAIN.DE>; Wed, 21 Jun 2017 11:00:26 +0200 (CEST)
X-QHPSI: clean
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
    d=mes-offrestendances.com; s=default; h=Date:To:From:Reply-To:
    Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type:
    Content-Transfer-Encoding; bh=PLI7Z9vIwbQzcAoiNG+/k2JmnPI=; b=Wm
    umcHNnVgKYu/rtdEjpxY/jEmO2J+HGFL/cnwl6nCqG/xGrOb/9CuocgsUOCuCumN
    wYU/Thhhfx7iIxDquyP7SZZoWHC0L6JLV7Xev4PhkAWCrU298dqBGaoI3ZWB2SYy
    drZB2MkSpJ6MTfqldCAazDebUCbal4QhtMnup8QfM=
Received: (qmail 21141 invoked by uid 0); Wed, 21 Jun 2017 10:55:56 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
    d=mes-offrestendances.com; s=default; x=1498640156; h=DomainKey-Signature:
    Date:To:From:Reply-To:Subject:Message-ID:List-Unsubscribe:
    MIME-Version:Content-Type:Content-Transfer-Encoding; bh=PLI7Z9vI
    wbQzcAoiNG+/k2JmnPI=; b=E1p64S94FvmqcQiYagE4GxC6IMd27mzd77MGNuNQ
    BhB5aE9noDvFyUsNgAKNhmiyfZMI0cDpRFQPMYpoEvFyvAtvTXDurKkMCz5w9cAx
    eqgoeQ+se4O5V/Dww9ff6894Si04qXByg4pJHPg1QYiJW7152Ay4G4m9DezodWnu
    4L8=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=default; d=mes-offrestendances.com;
    b=broCECyg4DKqefx2xuWCCuWGr2XJVz8nbzgwPK8SvHys/FEn3QsKWmoKPPG1nufltkA5Bq0az8bKUdHZuH9e+mgGSokBVwqOzHcS2FNS2wTI+g9b55h//7OvZnYn+IGcnvjImnIqnrXe47cfsFoy00IiRpPP70U1/8LhQ6EIYVM=;
Date: Wed, 21 Jun 2017 10:55:56 +0200
To: mza at MYDOMAIN.DE
From: =?utf-8?B?R8OpbW8=?= <promotions at mes-offrestendances.com>
Reply-To: =?utf-8?B?R8OpbW8=?= <promotions at mes-offrestendances.com>
Subject: =?utf-8?B?TGVzIGpvdXJuw6llcyBjb2xvcsOpZXMgR8OpbW8gISBqdXNxdSfDoCAtNTAlIHBvdXIgZMOpbWFycmVyIGwnw6l0w6k=?=
Message-ID: <mHPm3wSFHNlV3XoyqQLluytSV5LedAMzKO3/jbWjkq7t6x/Hbj37/QZHxw0/DPgP.594a349c09920 at mes-offrestendances.com>
List-Unsubscribe: <http://mes-offrestendances.com/6ib7sqkZDvq4Ygs-022phXo-Z2vcn2XVvnGMjmLllBYh0ZPS9ni12mzkQxBlOCzsFoRih-jceh-a_DDwcmXNNsszjIDLuxe4ENdjAFf9mvJPmYuxK7KvQBMAUpnsACXy3Nij-bUQGAiCgC2X61z4wA==>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_5a38bfd9fe34135610b0f91fe87a5e6f"
Content-Transfer-Encoding: 8bit
Return-Path: promotions at mes-offrestendances.com
X-MS-Exchange-Organization-Network-Message-Id: 4793674a-4435-43f0-1c51-08d4b883d6d1
X-MS-Exchange-Organization-AuthSource: de-hb-ex02.MYDOMAIN.DE
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.3006656

Profitez en vite... 	 Consultez cet e-mail en ligne http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkd6Oj-0T0XaTBxOJgBmZZ6fF2ghEG-nW92_RqgnMPIBA==  
[GÉMO] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkgSQmpocAulCJj9UorPArJUmbsukB-XwrFSBJT1KQQUA==
Femme http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZElahL7MpS8_2yAY4bP8XbzbBzyAqBM60eoSJps0e-DopA==  |  Homme http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnWZZZBteHTUISpbvT1_8YN5sezeUvC1PZxDwpQQEFjCQ==  |  Bébé http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkB63iQkait8OVWnQBYmGb-JJ6GXmzXlI5oiRrJck8hgw==  |  Fille http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZElRLbt2NEVtwyZy4s4cLTC9GAiPIykkGFayAHZgijHbag==  |  Garçon http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkO-MRxunuS03jki60Jxnz1Ig4-WSmGOI3ctO45S1HX9A==  |  Chaussures http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEmvA5A-01AkYqQysyhzSg9aSSzZ6iw79xYhNF6QXrlMng==  |  Promos http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnojgFJZymXbGDLP_1IlEoTyxBaoESrFzwL3E8Pkh7zGQ==  |  Magasins http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEm6vVrXywRTIimlD2F51UZNyelchIdEUePgGzlT_1BT0w==

Recevez tous les bons plans GÉMO en vous abonnant à la newsletter !

? Je m'abonne ! http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnkb76KlnP3x4oIRkxmSZewz0beiHfSbMRsjByLc-j9bA==

[Du 2 au 25 juin en magasins et sur gemo.fr] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEl3bGftb-TesIbmc9XclIbpfA-9nxSjTjqd_D7jUy-hKA==
[Les journées colorées en magasins et sur gemo.fr] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEl7iO0vXPd54p1JHtsPpHOazeM6v1DG8EaKumdKwm8owQ==
[Jusqu'à -50% sur toute une sélection d'articles] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnbFPQzIM92WQirXmL_pr5FpOF2nWAx-jrezPFttL4Zbw==
[Les journées colorées] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEltzkiBMGQ50oQBwC0b61fEUCXdxgeRXZ0mpyzFw_76vA== 	 [Les journées colorées] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnv4Ax-g9u-ogA1BTE-cbqswInQSTK_ytuOe5XlbLTOTA==
Profitez en vite... 	 Consultez cet e-mail en ligne http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkd6Oj-0T0XaTBxOJgBmZZ6fF2ghEG-nW92_RqgnMPIBA==  
[GÉMO] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkgSQmpocAulCJj9UorPArJUmbsukB-XwrFSBJT1KQQUA==
Femme http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZElahL7MpS8_2yAY4bP8XbzbBzyAqBM60eoSJps0e-DopA==  |  Homme http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnWZZZBteHTUISpbvT1_8YN5sezeUvC1PZxDwpQQEFjCQ==  |  Bébé http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkB63iQkait8OVWnQBYmGb-JJ6GXmzXlI5oiRrJck8hgw==  |  Fille http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZElRLbt2NEVtwyZy4s4cLTC9GAiPIykkGFayAHZgijHbag==  |  Garçon http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEkO-MRxunuS03jki60Jxnz1Ig4-WSmGOI3ctO45S1HX9A==  |  Chaussures http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEmvA5A-01AkYqQysyhzSg9aSSzZ6iw79xYhNF6QXrlMng==  |  Promos http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnojgFJZymXbGDLP_1IlEoTyxBaoESrFzwL3E8Pkh7zGQ==  |  Magasins http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEm6vVrXywRTIimlD2F51UZNyelchIdEUePgGzlT_1BT0w==

Recevez tous les bons plans GÉMO en vous abonnant à la newsletter !

? Je m'abonne ! http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnkb76KlnP3x4oIRkxmSZewz0beiHfSbMRsjByLc-j9bA==

[Du 2 au 25 juin en magasins et sur gemo.fr] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEl3bGftb-TesIbmc9XclIbpfA-9nxSjTjqd_D7jUy-hKA==
[Les journées colorées en magasins et sur gemo.fr] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEl7iO0vXPd54p1JHtsPpHOazeM6v1DG8EaKumdKwm8owQ==
[Jusqu'à -50% sur toute une sélection d'articles] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnbFPQzIM92WQirXmL_pr5FpOF2nWAx-jrezPFttL4Zbw==
[Les journées colorées] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEltzkiBMGQ50oQBwC0b61fEUCXdxgeRXZ0mpyzFw_76vA== 	 [Les journées colorées] http://mes-offrestendances.com/ee_42ltz2w6c0-aUm0BPzO8Y5wDRMagykVE8UmHRZEnv4Ax-g9u-ogA1BTE-cbqswInQSTK_ytuOe5XlbLTOTA==
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20170623/5f357f81/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users