Yahoo本身也是Open Relay?

MarchFun 發表於 2007-12-11 11:48:05

這一陣子一直有來自 Yahoo 伺服器的垃圾信，這些垃圾信真的神通廣大，不如是如何滲透的，竟然可以使用 Yahoo 的郵件伺服器來寄信。我在想是否 Yahoo 內部有內鬼呢？如果不是的話，那 Yahoo 擺那麼的高姿態來對付外面的正規郵件伺服器，把別人嫌得好似各個都是垃圾主機，結果自己也差不了多少。
 
這些被利用 Yahoo 郵件主機其  IP 還真的都是 Yahoo 的：
 
Mon 2007-12-10 10:49:23: Session 75; child 1; thread 5988 Mon 2007-12-10 10:49:02: Accepting SMTP connection from [69.147.95.80:25366] Mon 2007-12-10 10:49:02: --> 220 mail.suma.tw ESMTP MDaemon 9.6.2; Mon, 10 Dec 2007 10:49:02 +0800 Mon 2007-12-10 10:49:03: <-- HELO smtp117.plus.mail.sp1.yahoo.com Mon 2007-12-10 10:49:03: --> 250 mail.suma.tw Hello smtp117.plus.mail.sp1.yahoo.com, pleased to meet you Mon 2007-12-10 10:49:03: <-- MAIL FROM:<<A href="mailto:[email protected]">[email protected]</A>> Mon 2007-12-10 10:49:03: Performing SPF lookup (yahoo.com.hk / 69.147.95.80) Mon 2007-12-10 10:49:03: *  Result: none; no SPF record in DNS Mon 2007-12-10 10:49:03: ---- End SPF results Mon 2007-12-10 10:49:03: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Sender ok Mon 2007-12-10 10:49:03: <-- RCPT TO:<<A href="mailto:[email protected]">[email protected]</A>> Mon 2007-12-10 10:49:03: Performing DNS-BL lookup (69.147.95.80 - connecting IP) Mon 2007-12-10 10:49:11: *  relays.mail-abuse.org - passed Mon 2007-12-10 10:49:11: *  zen.spamhaus.org - passed Mon 2007-12-10 10:49:11: ---- End DNS-BL results Mon 2007-12-10 10:49:11: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Recipient ok Mon 2007-12-10 10:49:11: <-- DATA Mon 2007-12-10 10:49:11: Creating temp file (SMTP): d:\mdaemon\temp\07\md50000000001.tmp Mon 2007-12-10 10:49:11: --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2007-12-10 10:49:11: Message size: 1980 bytes Mon 2007-12-10 10:49:11: Performing DKIM lookup Mon 2007-12-10 10:49:11: *  File: d:\mdaemon\temp\07\md50000000001.tmp Mon 2007-12-10 10:49:11: *  Message-ID: n/a Mon 2007-12-10 10:49:11: *  Result: neutral Mon 2007-12-10 10:49:11: ---- End DKIM results Mon 2007-12-10 10:49:11: Performing DomainKeys lookup (Sender: <A href="mailto:[email protected]">[email protected]</A>) Mon 2007-12-10 10:49:11: *  File: d:\mdaemon\temp\07\md50000000001.tmp Mon 2007-12-10 10:49:11: *  Message-ID: n/a Mon 2007-12-10 10:49:11: *    Querying: s1024._domainkey.yahoo.com.hk ... Mon 2007-12-10 10:49:11: *    Key record: k=rsa; t=y;  n=A 1024 bit key; p=<not logged> Mon 2007-12-10 10:49:11: *    Verification result: bad - (testing) Mon 2007-12-10 10:49:11: *  Querying for policy: yahoo.com.hk Mon 2007-12-10 10:49:11: *    Querying: _domainkey.yahoo.com.hk ... Mon 2007-12-10 10:49:11: *    DNS: *  Name server has no records of the requested type for that domain Mon 2007-12-10 10:49:11: *  Result: pass Mon 2007-12-10 10:49:11: ---- End DomainKeys results Mon 2007-12-10 10:49:11: Performing Sender ID lookup (yahoo.com.hk / 69.147.95.80) Mon 2007-12-10 10:49:21: *  DNS: 10 second wait for DNS response exceeded Mon 2007-12-10 10:49:22: *  Result: none; no SPF record in DNS Mon 2007-12-10 10:49:22: ---- End Sender ID results Mon 2007-12-10 10:49:22: Passing message through AntiVirus (Size: 1980)... Mon 2007-12-10 10:49:22: *  Message is clean (no viruses found) Mon 2007-12-10 10:49:22: ---- End AntiVirus results Mon 2007-12-10 10:49:22: Passing message through Outbreak Protection... Mon 2007-12-10 10:49:22: *  Message-ID: Mon 2007-12-10 10:49:22: *  Reference-ID: str=0001.0A090201.475CA858.007E,ss=1,fgs=0 Mon 2007-12-10 10:49:22: *  Virus result: 0 - Clean Mon 2007-12-10 10:49:22: *  Spam result: 1 - Clean Mon 2007-12-10 10:49:22: *  IWF result: 0 - Clean Mon 2007-12-10 10:49:22: ---- End Outbreak Protection results Mon 2007-12-10 10:49:22: Message creation successful: d:\mdaemon\inbound\05\md50000000880.msg Mon 2007-12-10 10:49:22: --> 250 Ok, message saved <Message-ID: > Mon 2007-12-10 10:49:23: <-- QUIT Mon 2007-12-10 10:49:23: --> 221 See ya in cyberspace Mon 2007-12-10 10:49:23: SMTP session successful (Bytes in/out: 2126/370)

MarchFun 發表於 2007-12-11 11:52:10

Mon 2007-12-10 12:26:17: Session 93; child 1; thread 692 Mon 2007-12-10 12:26:15: Accepting SMTP connection from [69.147.95.83:47100] Mon 2007-12-10 12:26:15: --> 220 mail.suma.tw ESMTP MDaemon 9.6.2; Mon, 10 Dec 2007 12:26:15 +0800 Mon 2007-12-10 12:26:15: <-- HELO smtp120.plus.mail.sp1.yahoo.com Mon 2007-12-10 12:26:15: --> 250 mail.suma.tw Hello smtp120.plus.mail.sp1.yahoo.com, pleased to meet you Mon 2007-12-10 12:26:15: <-- MAIL FROM:<<A href="mailto:[email protected]">[email protected]</A>> Mon 2007-12-10 12:26:15: Performing SPF lookup (yahoo.com.hk / 69.147.95.83) Mon 2007-12-10 12:26:15: *  Result: none; no SPF record in DNS Mon 2007-12-10 12:26:15: ---- End SPF results Mon 2007-12-10 12:26:15: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Sender ok Mon 2007-12-10 12:26:15: <-- RCPT TO:<<A href="mailto:[email protected]">[email protected]</A>> Mon 2007-12-10 12:26:15: Performing DNS-BL lookup (69.147.95.83 - connecting IP) Mon 2007-12-10 12:26:15: *  relays.mail-abuse.org - passed Mon 2007-12-10 12:26:15: *  zen.spamhaus.org - passed Mon 2007-12-10 12:26:15: ---- End DNS-BL results Mon 2007-12-10 12:26:15: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Recipient ok Mon 2007-12-10 12:26:16: <-- DATA Mon 2007-12-10 12:26:16: Creating temp file (SMTP): d:\mdaemon\temp\11\md50000000001.tmp Mon 2007-12-10 12:26:16: --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2007-12-10 12:26:16: Message size: 1950 bytes Mon 2007-12-10 12:26:16: Performing DKIM lookup Mon 2007-12-10 12:26:16: *  File: d:\mdaemon\temp\11\md50000000001.tmp Mon 2007-12-10 12:26:16: *  Message-ID: n/a Mon 2007-12-10 12:26:16: *  Result: neutral Mon 2007-12-10 12:26:16: ---- End DKIM results Mon 2007-12-10 12:26:16: Performing DomainKeys lookup (Sender: <A href="mailto:[email protected]">[email protected]</A>) Mon 2007-12-10 12:26:16: *  File: d:\mdaemon\temp\11\md50000000001.tmp Mon 2007-12-10 12:26:16: *  Message-ID: n/a Mon 2007-12-10 12:26:16: *    Querying: s1024._domainkey.yahoo.com.hk ... Mon 2007-12-10 12:26:16: *    Key record (cached): k=rsa; t=y;  n=A 1024 bit key; p=<not logged> Mon 2007-12-10 12:26:16: *    Verification result: bad - (testing) Mon 2007-12-10 12:26:16: *  Querying for policy: yahoo.com.hk Mon 2007-12-10 12:26:16: *    Querying: _domainkey.yahoo.com.hk ... Mon 2007-12-10 12:26:16: *    DNS: *  Name server has no records of the requested type for that domain Mon 2007-12-10 12:26:16: *  Result: pass Mon 2007-12-10 12:26:16: ---- End DomainKeys results Mon 2007-12-10 12:26:16: Performing Sender ID lookup (yahoo.com.hk / 69.147.95.83) Mon 2007-12-10 12:26:16: *  Result: none; no SPF record in DNS Mon 2007-12-10 12:26:16: ---- End Sender ID results Mon 2007-12-10 12:26:16: Passing message through AntiVirus (Size: 1950)... Mon 2007-12-10 12:26:16: *  Message is clean (no viruses found) Mon 2007-12-10 12:26:16: ---- End AntiVirus results Mon 2007-12-10 12:26:17: Passing message through Outbreak Protection... Mon 2007-12-10 12:26:17: *  Message-ID: Mon 2007-12-10 12:26:17: *  Reference-ID: str=0001.0A090207.475CBF0F.0015,ss=1,fgs=0 Mon 2007-12-10 12:26:17: *  Virus result: 0 - Clean Mon 2007-12-10 12:26:17: *  Spam result: 1 - Clean Mon 2007-12-10 12:26:17: *  IWF result: 0 - Clean Mon 2007-12-10 12:26:17: ---- End Outbreak Protection results Mon 2007-12-10 12:26:17: Message creation successful: d:\mdaemon\inbound\08\md50000000856.msg Mon 2007-12-10 12:26:17: --> 250 Ok, message saved <Message-ID: > Mon 2007-12-10 12:26:17: <-- QUIT Mon 2007-12-10 12:26:17: --> 221 See ya in cyberspace Mon 2007-12-10 12:26:17: SMTP session successful (Bytes in/out: 2085/359)

MarchFun 發表於 2007-12-18 20:54:54

最近這幾天發現的主機都來自
*.bullet.mail.re4.yahoo.com

隨風浮雲 發表於 2007-12-18 22:40:51

我看了公司的log也是如此，好像只有這個位址有問題。

jtain 發表於 2007-12-19 10:05:58

我所之的消息時 yahoo 被廣告商突破成功，他們還在研究為何會被突破？
不過，已經好幾天了，還沒處理好嗎？

MarchFun 發表於 2007-12-19 10:18:08

這個情形不是好幾天了，是好幾個月囉！

MarchFun 發表於 2008-2-27 11:14:55

最近 Yahoo 的不見了，變成是 Google 被人突破了...這些人真是厲害，為了發廣告信花這麼大功夫。

頁: [1]

數碼中文坊's Archiver

Yahoo本身也是Open Relay?