GOOGLE 的轉信垃圾信
本文章最後由 隨風浮雲 於 2009-9-10 01:58 PM 編輯GOOGLE的 GMAIL 提供了一個便利的轉信管道,只要你付費,它就能提供一個給垃圾信發信者很好用的平台,因為GMAIL使用者愈來愈多,所以一般郵件伺服器不太可能會針對 GMAIL 的發信主機、IP、發信郵件地址來封鎖,讓我們看一下下面這個例子:
Thu 2009-09-10 11:29:23: Session 9499; child 1; thread 1944
Thu 2009-09-10 11:28:19: Accepting SMTP connection from
Thu 2009-09-10 11:28:19: Performing PTR lookup (142.212.85.209.IN-ADDR.ARPA)
Thu 2009-09-10 11:28:19: *D=142.212.85.209.IN-ADDR.ARPA TTL=(1324) PTR=
Thu 2009-09-10 11:28:19: *Gathering A records...
Thu 2009-09-10 11:28:19: *D=mail-vw0-f142.google.com TTL=(1380) A=
Thu 2009-09-10 11:28:19: ---- End PTR results
Thu 2009-09-10 11:28:19: --> 220 company.com.tw ESMTP MAIL ready
Thu 2009-09-10 11:28:19: <-- EHLO mail-vw0-f142.google.com
Thu 2009-09-10 11:28:19: Performing IP lookup (mail-vw0-f142.google.com)
Thu 2009-09-10 11:28:19: *D=mail-vw0-f142.google.com TTL=(1340) A=
Thu 2009-09-10 11:28:19: ---- End IP lookup results
Thu 2009-09-10 11:28:19: EHLO/HELO response delayed 10 seconds
Thu 2009-09-10 11:28:29: --> 250-company.com.tw Hello mail-vw0-f142.google.com, pleased to meet you
從上面的HELO段看來,就是一般的GMAIL主機來信,完全沒有異狀。
Thu 2009-09-10 11:28:29: --> 250-ETRN
Thu 2009-09-10 11:28:29: --> 250-AUTH=LOGIN
Thu 2009-09-10 11:28:29: --> 250-AUTH LOGIN CRAM-MD5
Thu 2009-09-10 11:28:29: --> 250-8BITMIME
Thu 2009-09-10 11:28:29: --> 250 SIZE 0
Thu 2009-09-10 11:28:29: <-- MAIL FROM:<grbounce-ZI6zAgUAAABqs8cT52krMJoC9vgr3s_V=Johndoe=company.com.tw@googlegroups.com>
在這個地方,垃圾信發信程式很巧妙的用了一個語法把收信人的EMAIL地址放到了寄件人地址中,
但是當你用OUTLOOK或其它收信程式收到的信件,不仔細觀察的話,你又看不到寄件人的實際EMAIL
Thu 2009-09-10 11:28:29: Performing IP lookup (googlegroups.com)
Thu 2009-09-10 11:28:30: *D=googlegroups.com TTL=(35) A=
Thu 2009-09-10 11:28:30: *D=googlegroups.com TTL=(35) A=
Thu 2009-09-10 11:28:30: *P=005 S=000 D=googlegroups.com TTL=(28) MX= {209.85.222.206}
Thu 2009-09-10 11:28:30: *P=010 S=001 D=googlegroups.com TTL=(28) MX= {209.85.211.205}
Thu 2009-09-10 11:28:30: *P=010 S=002 D=googlegroups.com TTL=(28) MX= {209.85.223.208}
Thu 2009-09-10 11:28:30: ---- End IP lookup results
Thu 2009-09-10 11:28:30: --> 250 <grbounce-ZI6zAgUAAABqs8cT52krMJoC9vgr3s_V=Johndoe=company.com.tw@googlegroups.com>, Sender ok
Thu 2009-09-10 11:28:30: <-- RCPT TO:<[email protected]>
Thu 2009-09-10 11:28:30: Performing DNS-BL lookup (209.85.212.142 - connecting IP)
Thu 2009-09-10 11:28:30: *sbl-xbl.spamhaus.org - passed
Thu 2009-09-10 11:28:50: *opm.blitzed.org - timed out (10 second wait)
Thu 2009-09-10 11:28:50: *relays.ordb.org - failed
Thu 2009-09-10 11:28:51: *bl.spamcop.net - passed
Thu 2009-09-10 11:28:51: *cblless.anti-spam.org.cn - passed
Thu 2009-09-10 11:28:51: ---- End DNS-BL results
Thu 2009-09-10 11:28:51: --> 250 <[email protected]>, Recipient ok
Thu 2009-09-10 11:28:51: <-- DATA
Thu 2009-09-10 11:28:51: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000005213.tmp
不管你如何正查反查,或是查DNS-BL,他就是一個合法的主機,評分機制也拿它沒辦法
Thu 2009-09-10 11:28:51: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2009-09-10 11:28:51: Message size: 3125 bytes
Thu 2009-09-10 11:28:51: Passing message through AntiVirus (Size: 3125)...
Thu 2009-09-10 11:28:51: *Message is clean (no viruses found)
Thu 2009-09-10 11:28:51: ---- End AntiVirus results
Thu 2009-09-10 11:28:52: Passing message through Outbreak Protection...
Thu 2009-09-10 11:28:52: *Message-ID: 2d8c3502-5b62-40f6-8fc6-6f27be23b80c@k13g2000prh.googlegroups.com
Thu 2009-09-10 11:28:52: *Reference-ID: str=0001.0A150201.4AA87270.00B1,ss=1,fgs=0
Thu 2009-09-10 11:28:52: *Virus result: 0 - Clean
Thu 2009-09-10 11:28:52: *Spam result: 1 - Clean
Thu 2009-09-10 11:28:52: *IWF result: (requires MDaemon 9.60 or higher)
Thu 2009-09-10 11:28:52: ---- End Outbreak Protection results
Thu 2009-09-10 11:28:52: Passing message through Spam Filter (Size: 3125)...
Thu 2009-09-10 11:28:52: *2.3 X_IP Message has X-IP header
Thu 2009-09-10 11:28:52: *3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Thu 2009-09-10 11:28:52: *1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
Thu 2009-09-10 11:28:52: *
Thu 2009-09-10 11:28:52: ---- End SpamAssassin results
Thu 2009-09-10 11:28:52: Spam Filter score/req: 7.00/10.0
唯一會加分的大概就是巴比倫辨識系統,但是這傢伙不知從那裏來的業務,每天都換不同的主旨以及不同的內容,而且也很聰明的不會超過10分,所以我們公司的使用者還都是可以看到它發出來的信件。
Thu 2009-09-10 11:28:52: Message creation successful: c:\mdaemon\queues\inbound\md50000136730.msg
Thu 2009-09-10 11:28:52: --> 250 Ok, message saved <Message-ID: 2d8c3502-5b62-40f6-8fc6-6f27be23b80c@k13g2000prh.googlegroups.com>
Thu 2009-09-10 11:29:23: <-- QUIT
Thu 2009-09-10 11:29:23: --> 221 See ya in cyberspace
Thu 2009-09-10 11:29:23: SMTP session successful (Bytes in/out: 3298/497)
Thu 2009-09-10 11:29:23: ----------
目前消極的做法是把 *[email protected] 加入到限制郵件位址以及黑名單中,理論上是不會有那個笨旦用這個EMAIL。
對這個也是頭痛很久了,雖然消極,但不失是個好方法!
頁:
[1]