|
馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。
你需要 登入 才可以下載或檢視,沒有帳號?我要註冊
x
各位前輩,
小弟公司的Mail server 最近常常收到很多這類型的信件
可以請教幾個問題
1. 這算是被當跳板嗎? (因為寄送公司網域的信件都是無此人的信件)
2. Name server reports domain name unknown 這是....
3. 底下有很多 Evaluating.... 這是正常的嗎?
4. 如果這是假冒Google 寄來的文件 , 那請問要如何阻擋?
謝謝各位前輩
log 如下
----------
Session 497; child 2; thread 2428
Accepting SMTP connection from [52.169.112.170 : 62544]
Performing PTR lookup (170.112.169.52.IN-ADDR.ARPA)
* Error: Name server reports domain name unknown
* No PTR records found
---- End PTR results
--> 220 公司網域.com.tw ESMTP MDaemon 9.5.6; Tue, 08 Nov 2016 02:57:54 +0800
<-- HELO 公司IP
EHLO/HELO response delayed 9 seconds
Tue 2016-11-08 02:58:03: --> 250 公司網域.com.tw Hello 公司IP (may be forged), pleased to meet you
<-- MAIL FROM: <[email protected]>
Performing IP lookup (gmail.com)
* D=gmail.com TTL=(4) A=[74.125.23.18]
* D=gmail.com TTL=(4) A=[74.125.23.83]
* D=gmail.com TTL=(4) A=[74.125.23.19]
* D=gmail.com TTL=(4) A=[74.125.23.17]
* P=005 S=004 D=gmail.com TTL=(37) MX=[gmail-smtp-in.l.google.com]
* P=010 S=003 D=gmail.com TTL=(37) MX=[alt1.gmail-smtp-in.l.google.com]
* P=020 S=001 D=gmail.com TTL=(37) MX=[alt2.gmail-smtp-in.l.google.com]
* P=030 S=000 D=gmail.com TTL=(37) MX=[alt3.gmail-smtp-in.l.google.com]
* P=040 S=002 D=gmail.com TTL=(37) MX=[alt4.gmail-smtp-in.l.google.com]
* D=gmail.com TTL=(2) A=[172.217.25.101]
* D=gmail.com TTL=(1) A=[64.233.187.19]
* D=GMAIL.com TTL=(2) A=[74.125.204.83]
* D=gmail.com TTL=(4) A=[74.125.204.83]
* D=gmail.com TTL=(0) A=[64.233.187.83]
---- End IP lookup results
Performing SPF lookup (gmail.com / 52.169.112.170)
* Policy: v=spf1 redirect=_spf.google.com
* Evaluating redirect=_spf.google.com:
* Evaluating redirect=_spf.google.com: performing lookup
* Policy: v=spf1 include:_netblocks.google.com include:_netblocks2.google.com
include:_netblocks3.google.com ~all
* Evaluating include:_netblocks.google.com: performing lookup
* Policy: v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20
ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20
ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all
* Evaluating ip4:64.18.0.0/20: no match
* Evaluating ip4:64.233.160.0/19: no match
* Evaluating ip4:66.102.0.0/20: no match
* Evaluating ip4:66.249.80.0/20: no match
* Evaluating ip4:72.14.192.0/18: no match
* Evaluating ip4:74.125.0.0/16: no match
* Evaluating ip4:108.177.8.0/21: no match
* Evaluating ip4:173.194.0.0/16: no match
* Evaluating ip4:207.126.144.0/20: no match
* Evaluating ip4:209.85.128.0/17: no match
* Evaluating ip4:216.58.192.0/19: no match
* Evaluating ip4:216.239.32.0/19: no match
* Evaluating ~all: match
* Evaluating include:_netblocks.google.com: no match
* Evaluating include:_netblocks2.google.com: performing lookup
* Policy: v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36
ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
* Evaluating ip6:2001:4860:4000::/36: unknown mechanism
* Evaluating include:_netblocks2.google.com:
* Result: neutral
---- End SPF results
--> 250 <[email protected]>, Sender ok
<-- RCPT TO: <carol715@公司網域.com.tw>
Sender attempted to deliver message to unknown address
--> 550 <carol715@公司網域.com.tw>, Recipient unknown
<-- RCPT TO: <eve@公司網域.com.tw>
Sender attempted to deliver message to unknown address
--> 550 <eve@公司網域.com.tw>, Recipient unknown
<-- QUIT
--> 221 See ya in cyberspace
SMTP session terminated (Bytes in/out: 118/292 |
|