真奇怪!! 被當成跳板了!!!!

tungwj

我已經將[This server does not relay mail for foreign domains]打勾了, 也就是關閉了"開放轉信"功能, 還是發現被轉信成功, 真是不解, 況且是經由OUTLOOK我的測試帳號轉寄的, 在我OUTLOOK沒留下任何記錄, 以下是貼過來的LOG, 請注意LOG時間!!

SMTP(in)
Mon 2005-01-31 08:51:04: Session 1; child 1; thread 620
Mon 2005-01-31 08:50:47: Accepting SMTP connection from [211.227.104.112 : 2433]
Mon 2005-01-31 08:50:47: Looking up PTR record for 211.227.104.112 (112.104.227.211.IN-ADDR.ARPA)
Mon 2005-01-31 08:50:47: Name server reports domain name unknown
Mon 2005-01-31 08:50:47: --> 220 MyName.idv.tw ESMTP MDaemon 7.2.2; Mon, 31 Jan 2005 08:50:47 +0800
Mon 2005-01-31 08:50:47: <-- EHLO zzz007
Mon 2005-01-31 08:50:48: Performing lookup on zzz007 (looking for 211.227.104.112)
Mon 2005-01-31 08:50:48: Name server reports domain name unknown
Mon 2005-01-31 08:50:48: --> 250-MyName.idv.tw Hello zzz007, pleased to meet you
Mon 2005-01-31 08:50:48: --> 250-ETRN
Mon 2005-01-31 08:50:48: --> 250-AUTH=LOGIN
Mon 2005-01-31 08:50:48: --> 250-AUTH LOGIN CRAM-MD5
Mon 2005-01-31 08:50:48: --> 250-8BITMIME
Mon 2005-01-31 08:50:48: --> 250 SIZE 0
Mon 2005-01-31 08:50:49: <-- RSET
Mon 2005-01-31 08:50:49: --> 250 RSET? Well, ok.
Mon 2005-01-31 08:50:50: <-- MAIL FROM:<test>
Mon 2005-01-31 08:50:50: Performing lookup on MyName.idv.tw (looking for 211.227.104.112)
Mon 2005-01-31 08:50:50: D=MyName.idv.tw TTL=(1440) A=[203.69.x.x]
Mon 2005-01-31 08:50:50: Spam Blocker is checking 211.227.104.112 (connecting IP)
Mon 2005-01-31 08:50:50: * sbl-xbl.spamhaus.org - passed
Mon 2005-01-31 08:51:00: * relaywatcher.n13mbl.com - passed
Mon 2005-01-31 08:51:00: * opm.blitzed.org - passed
Mon 2005-01-31 08:51:01: * relays.ordb.org - passed
Mon 2005-01-31 08:51:01: * bl.spamcop.net - passed
Mon 2005-01-31 08:51:01: Spam Blocker is finished
Mon 2005-01-31 08:51:01: --> 250 <[email protected]>, Sender ok
Mon 2005-01-31 08:51:02: <-- RCPT TO:<[email protected]>
Mon 2005-01-31 08:51:02: --> 250 <[email protected]>, Recipient ok
Mon 2005-01-31 08:51:02: <-- DATA
Mon 2005-01-31 08:51:02: Creating temp file (SMTP): c:\mdaemon\temp\md50000000001.tmp
Mon 2005-01-31 08:51:02: --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2005-01-31 08:51:03: Message creation successful: c:\mdaemon\inbound\md50000000497.msg
Mon 2005-01-31 08:51:03: --> 250 Ok, message saved <Message-ID: >
Mon 2005-01-31 08:51:04: <-- QUIT
Mon 2005-01-31 08:51:04: --> 221 See ya in cyberspace
Mon 2005-01-31 08:51:04: SMTP session successful (Bytes in/out: 2610/414)
Mon 2005-01-31 08:51:04: ----------

tungwj

SMTP(out)
Mon 2005-01-31 08:51:11: Session 2; child 1
Mon 2005-01-31 08:51:10: Parsing Message <c:\mdaemon\remoteq\pd50000000479.msg>
Mon 2005-01-31 08:51:10: From: test
Mon 2005-01-31 08:51:10: To: [email protected]
Mon 2005-01-31 08:51:10: Subject: =?EUC-KR?B?KLGksO0pv/XB+MGkvPax4iy/rLz2seIsuvG1pSC5q7fhIMO8x+jAzLqlxq5A?=
Mon 2005-01-31 08:51:10: Message-ID:
Mon 2005-01-31 08:51:10: MX-record resolution of [daum.net] in progress (DNS Server: 168.95.1.1)...
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx9.hanmail.net] {211.43.197.170}
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx8.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx7.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx6.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx5.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx4.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx3.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx2.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx10.hanmail.net]
Mon 2005-01-31 08:51:10: P=010 D=daum.net TTL=(21) MX=[mx1.hanmail.net]
Mon 2005-01-31 08:51:10: Attempting MX: P=010 D=daum.net TTL=(21) MX=[mx1.hanmail.net]
Mon 2005-01-31 08:51:10: Attempting SMTP connection to [mx1.hanmail.net : 25]
Mon 2005-01-31 08:51:10: A-record resolution of [mx1.hanmail.net] in progress (DNS Server: 168.95.1.1)...
Mon 2005-01-31 08:51:10: D=mx1.hanmail.net TTL=(145) A=[211.43.197.143]
Mon 2005-01-31 08:51:10: Attempting SMTP connection to [211.43.197.143 : 25]
Mon 2005-01-31 08:51:10: Waiting for socket connection...
Mon 2005-01-31 08:51:10: Socket connection established (203.69.x.x : 1163 -> 211.43.197.143 : 25)
Mon 2005-01-31 08:51:10: Waiting for protocol initiation...
Mon 2005-01-31 08:51:10: <-- 220 rmail-192.hanmail.net ESMTP welcome to HanMail.Net™ ready at Mon, 31 Jan 2005 09:51:06 +0900
Mon 2005-01-31 08:51:10: --> EHLO MyName.idv.tw
Mon 2005-01-31 08:51:10: <-- 250-rmail-192.hanmail.net Hello [203.69.x.x], pleased to meet you
Mon 2005-01-31 08:51:10: <-- 250-ENHANCEDSTATUSCODES
Mon 2005-01-31 08:51:10: <-- 250-PIPELINING
Mon 2005-01-31 08:51:10: <-- 250-8BITMIME
Mon 2005-01-31 08:51:10: <-- 250-SIZE 30720000
Mon 2005-01-31 08:51:10: <-- 250 HELP
Mon 2005-01-31 08:51:10: --> MAIL From:<[email protected]> SIZE=3117
Mon 2005-01-31 08:51:11: <-- 250 2.1.0 <[email protected]>... Sender ok
Mon 2005-01-31 08:51:11: --> RCPT To:<[email protected]>
Mon 2005-01-31 08:51:11: <-- 250 2.1.5 <[email protected]>... Recipient ok
Mon 2005-01-31 08:51:11: --> DATA
Mon 2005-01-31 08:51:11: <-- 354 Enter mail, end with "." on a line by itself
Mon 2005-01-31 08:51:11: Sending <c:\mdaemon\remoteq\pd50000000479.msg> to [211.43.197.143]
Mon 2005-01-31 08:51:11: Transfer Complete.
Mon 2005-01-31 08:51:11: <-- 250 2.0.0 j0V0p6v1006278 Message accepted for delivery
Mon 2005-01-31 08:51:11: --> QUIT
Mon 2005-01-31 08:51:11: <-- 221 2.0.0 rmail-192.hanmail.net closing connection
Mon 2005-01-31 08:51:11: SMTP session successful (Bytes in/out: 509/3233)
Mon 2005-01-31 08:51:11: ----------

tungwj

若要設定認證或先收信後寄信, 對於我公司內眾多"電腦白痴"來講, 這是不可能的!
不知道我還漏了哪裡的設定!?
有人發生類似的情況嗎??
謝謝

MarchFun

我猜是利用你們的真實帳號來寄信。這個就可以解決了：

http://www.suma.tw/modules/ipboar...=&showtopic=881

善用 Trusted Host 輸入信任的 IP，就可以不必顧慮那些電腦白痴會不會了。

tungwj

信任IP無法度啦
台灣有各地分公司、加盟商
有越南分公司、菲律賓辦事處、大陸駐地人員
還有人帶著NoteBook到處跑.........

問題是, 在我本機內正常信件使用Becky!收發信, OutLook僅供測試帳號使用, 為何只有用OutLook的帳號來寄信? 難道是OutLook密碼遭破解!!?? 來改一下密碼試試看有沒有效.

倘若OutLook密碼遭破解, 那使用者可就倒大霉囉

MarchFun

如果設定認證或先收信後寄信這兩項都不能用的話...被冒名寄信的機會是不小的...。

tungwj

密碼改了! 再監控看看

"先收信後寄信"突然覺悟是可行的, 只要把時間設長長的就好了.
因為我公司的那些電腦白痴也只會使用OutLook, 而且一點就開始收信甚至開機自動執行OutLook, 又不會改設定.....

不過, OutLook的帳號密碼被垃圾客解讀, 真的很毛~~~