詢問累積Remote Queue垃圾信問題
我的Remote Queue裡面有許多待寄送的信件(最高達一萬多封信),檢查後發現都是垃圾信件,我已經取消Mail Relay的功能也啟動POP Before SMTP的功能,不知是那邊還需要設定才能解決此問題麻煩各位。<BR><BR>SMTP-(OUT) LOG<BR>Mon 2008-11-10 14:22:20: ----------<BR>Mon 2008-11-10 14:22:20: Session 2154; child 1<BR>Mon 2008-11-10 14:22:17: Parsing Message <c:\mdaemon\queues\remote\pd50000038601.msg><BR>Mon 2008-11-10 14:22:17: From: [email protected]<BR>Mon 2008-11-10 14:22:17: To: [email protected]<BR>Mon 2008-11-10 14:22:17: Subject: [***SPAM*** Score/Req: 27.1/5.0] ★◆★我也曾經是卡奴(經驗分享)★◆★Gwen<BR>Mon 2008-11-10 14:22:17: Message-ID: <[email protected]><BR>Mon 2008-11-10 14:22:17: Route slip host: yahoo.com.tw<BR>Mon 2008-11-10 14:22:17: Route slip port: 25<BR>Mon 2008-11-10 14:22:17: MX-record resolution of in progress (DNS Server: 192.168.123.250)...<BR>Mon 2008-11-10 14:22:17: * P=005 S=000 D=yahoo.com.tw TTL=(1) MX= {203.188.197.10}<BR>Mon 2008-11-10 14:22:17: * P=005 S=001 D=yahoo.com.tw TTL=(1) MX= {203.188.197.9}<BR>Mon 2008-11-10 14:22:17: Attempting MX: P=005 S=000 D=yahoo.com.tw TTL=(1) MX= {203.188.197.10}<BR>Mon 2008-11-10 14:22:17: Attempting SMTP connection to <BR>Mon 2008-11-10 14:22:17: Waiting for connection...<BR>Mon 2008-11-10 14:22:17: Connection established (192.168.123.250 : 1482 -> 203.188.197.10 : 25)<BR>Mon 2008-11-10 14:22:17: Waiting for protocol initiation...<BR>Mon 2008-11-10 14:22:18: <-- 220 mta111.mail.tp2.yahoo.com ESMTP YSmtp service ready<BR>Mon 2008-11-10 14:22:18: --> EHLO timhome.idv.tw<BR>Mon 2008-11-10 14:22:18: <-- 250-mta111.mail.tp2.yahoo.com<BR>Mon 2008-11-10 14:22:18: <-- 250-8BITMIME<BR>Mon 2008-11-10 14:22:18: <-- 250-SIZE 31981568<BR>Mon 2008-11-10 14:22:18: <-- 250 PIPELINING<BR>Mon 2008-11-10 14:22:18: --> MAIL From:<[email protected]> SIZE=3537<BR>Mon 2008-11-10 14:22:18: <-- 250 sender <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]><BR>Mon 2008-11-10 14:22:19: <-- 250 recipient <[email protected]> ok<BR>Mon 2008-11-10 14:22:19: --> DATA<BR>Mon 2008-11-10 14:22:19: <-- 354 go ahead<BR>Mon 2008-11-10 14:22:19: Sending <c:\mdaemon\queues\remote\pd50000038601.msg> to <BR>Mon 2008-11-10 14:22:19: Transfer Complete.<BR>Mon 2008-11-10 14:22:20: <-- 451 Message temporarily deferred - <BR>Mon 2008-11-10 14:22:20: --> QUIT<BR>Mon 2008-11-10 14:22:20: Attempting MX: P=005 S=001 D=yahoo.com.tw TTL=(1) MX= {203.188.197.9}<BR>Mon 2008-11-10 14:22:20: Attempting SMTP connection to <BR>Mon 2008-11-10 14:22:20: Waiting for connection...<BR>Mon 2008-11-10 14:22:20: Connection established (192.168.123.250 : 1489 -> 203.188.197.9 : 25)<BR>Mon 2008-11-10 14:22:20: Waiting for protocol initiation...<BR>Mon 2008-11-10 14:22:20: <-- 453 Mail from 61.56.143.238 not allowed - <BR>Mon 2008-11-10 14:22:20: --> QUIT<BR>Mon 2008-11-10 14:22:20: Socket connection closed by the other side (how rude!)<BR>Mon 2008-11-10 14:22:20: This message is 0 minutes old; it has 60 minutes left in this queue<BR>Mon 2008-11-10 14:22:20: SMTP session terminated (Bytes in/out: 752/4000)<BR> 請檢查一下 SMTP In 的 log,看看這封信是來自於哪裏。 感謝 MarchFun 回覆<br>您的意思是說從SMTP In 的 log 才看對方的來源IP以後,使用IP SCREENING把對方的來信 IP 封鎖是嗎??<br><br>想請問一下為什麼我已經取消Mail Relay的功能也啟動POP Before SMTP的功能,還是能透過我的MAIL SERVER傳遞垃圾信??<br> 我要你看 SMTP In 的 log 是因為我懷疑這些垃圾信可能來自於你們內部。 MarchFun您好<br>我擷取了一段SMTP IN LOG貼上來麻煩您看一下,如果還需要其他部分的LOG我在貼上來。<br><br>SMTP IN LOG<br>Mon 2008-11-10 12:26:34: Session 4; child 4; thread 3696<br>Mon 2008-11-10 12:26:01: Accepting SMTP connection from <br>Mon 2008-11-10 12:26:01: Performing PTR lookup (181.54.167.218.IN-ADDR.ARPA)<br>Mon 2008-11-10 12:26:01: * D=181.54.167.218.IN-ADDR.ARPA TTL=(1439) PTR=<br>Mon 2008-11-10 12:26:01: * Gathering A records...<br>Mon 2008-11-10 12:26:01: * D=218-167-54-181.dynamic.hinet.net TTL=(41) A=<br>Mon 2008-11-10 12:26:01: ---- End PTR results<br>Mon 2008-11-10 12:26:01: --> 220 timhome.idv.tw ESMTP MDaemon 9.5.5; Mon, 10 Nov 2008 12:26:01 +0800<br>Mon 2008-11-10 12:26:01: <-- HELO 61.56.143.238<br>Mon 2008-11-10 12:26:01: --> 250 timhome.idv.tw Hello 218-167-54-181.dynamic.hinet.net (may be forged), pleased to meet you<br>Mon 2008-11-10 12:26:01: <-- MAIL FROM: <[email protected]><br>Mon 2008-11-10 12:26:01: Performing IP lookup (yahoo.com.tw)<br>Mon 2008-11-10 12:26:02: * D=yahoo.com.tw TTL=(120) A=<br>Mon 2008-11-10 12:26:02: * P=005 S=000 D=yahoo.com.tw TTL=(3) MX= {203.188.197.9}<br>Mon 2008-11-10 12:26:02: * P=005 S=001 D=yahoo.com.tw TTL=(3) MX= {203.188.197.10}<br>Mon 2008-11-10 12:26:02: ---- End IP lookup results<br>Mon 2008-11-10 12:26:02: Performing SPF lookup (yahoo.com.tw / 218.167.54.181)<br>Mon 2008-11-10 12:26:02: * Result: none; no SPF record in DNS<br>Mon 2008-11-10 12:26:02: ---- End SPF results<br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Sender ok<br>Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:02: Performing DNS-BL lookup (218.167.54.181 - connecting IP)<br>Mon 2008-11-10 12:26:02: * zen.spamhaus.org - failed<br>Mon 2008-11-10 12:26:02: * bl.spamcop.net - passed<br>Mon 2008-11-10 12:26:02: * sbl-xbl.spamhaus.org - passed<br>Mon 2008-11-10 12:26:02: ---- End DNS-BL results<br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:02: More than 5 RCPT commands encountered; this session tarpitted with a 10 second initial delay scaling by 1.00<br>Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:13: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:13: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:23: <-- RCPT TO: <[email protected]><br>Mon 2008-11-10 12:26:23: --> 250 <[email protected]>, Recipient ok<br>Mon 2008-11-10 12:26:33: <-- DATA<br>Mon 2008-11-10 12:26:33: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000000001.tmp<br>Mon 2008-11-10 12:26:33: --> 354 Enter mail, end with <CRLF>.<CRLF><br>Mon 2008-11-10 12:26:33: Message size: 999 bytes<br>Mon 2008-11-10 12:26:33: Performing DomainKeys lookup (Sender: [email protected])<br>Mon 2008-11-10 12:26:33: * File: c:\mdaemon\queues\temp\md50000000001.tmp<br>Mon 2008-11-10 12:26:33: * Message-ID: [email protected]<br>Mon 2008-11-10 12:26:33: * Querying for policy: ms96.url.com.tw<br>Mon 2008-11-10 12:26:33: * Querying: _domainkey.ms96.url.com.tw ...<br>Mon 2008-11-10 12:26:33: * DNS: Name server reports domain name unknown<br>Mon 2008-11-10 12:26:33: * Result: pass<br>Mon 2008-11-10 12:26:33: ---- End DomainKeys results<br>Mon 2008-11-10 12:26:33: Performing DKIM lookup<br>Mon 2008-11-10 12:26:33: * File: c:\mdaemon\queues\temp\md50000000001.tmp<br>Mon 2008-11-10 12:26:33: * Message-ID: [email protected]<br>Mon 2008-11-10 12:26:33: * Result: neutral<br>Mon 2008-11-10 12:26:33: ---- End DKIM results<br>Mon 2008-11-10 12:26:33: Passing message through AntiVirus (Size: 999)...<br>Mon 2008-11-10 12:26:34: * Message is clean (no viruses found)<br>Mon 2008-11-10 12:26:34: ---- End AntiVirus results<br>Mon 2008-11-10 12:26:34: Passing message through Outbreak Protection...<br>Mon 2008-11-10 12:26:34: * Message-ID: [email protected]<br>Mon 2008-11-10 12:26:34: * Reference-ID: str=0001.0A150202.4917B800.006E,ss=4,fgs=12<br>Mon 2008-11-10 12:26:34: * Spam/phishing threat level: 4 - Spam<br>Mon 2008-11-10 12:26:34: * Virus threat level: 0 - Clean<br>Mon 2008-11-10 12:26:34: ---- End Outbreak Protection results<br>Mon 2008-11-10 12:26:34: --> 554 Sorry, message looks like spam or phish to me (OP)<br>Mon 2008-11-10 12:26:34: SMTP session terminated (Bytes in/out: 1315/619)<br><br> <P>你確定你有關閉 Open Relay 嗎?看起來像是沒關的樣子。</P><P> </P>
<P>另外,這篇也可以看一下:</P>
<P><A href="http://www.suma.tw/forum/thread-1133-1-1.html">http://www.suma.tw/forum/thread-1133-1-1.html</A></P> MarchFun您好:<br>麻煩您看一下我是關閉下圖的選項不知是否正確,如有不正確請指教我使用的事mdaemon 9.5.5的版本。<br><br><img src="http://www.timhome.idv.tw/3.jpg" border="0"><br> <P>你沒關閉 Open Relay 啦!那第一個選項要勾起來才對!</P> 原來是這樣子,我也要來試試看!!
頁:
[1]