要怎麼設定規則??最近常收到的垃圾信[email protected]

cupidsun

最近常有這樣的規則的垃圾信
[email protected]
[email protected]

March Fun大大在
垃圾信反制教學班
Hotmail 隨機帳號攻擊之反制
有
*.*@hotmail.com這樣的規則
但是封鎖帳號開頭
*.*@*.com 或 *.*@*.org
風險太大了....
例如中國信託的email帳號
[email protected]
影響層面太大...
有沒有什麼好的規則呢?

-------------------------------
Mon 2005-05-16 13:12:26: Session 7992; child 1; thread 896
Mon 2005-05-16 13:12:24: Accepting SMTP connection from [220.165.205.47 : 4530]
Mon 2005-05-16 13:12:24: Looking up PTR record for 220.165.205.47 (47.205.165.220.IN-ADDR.ARPA)
Mon 2005-05-16 13:12:25: Name server reports domain name unknown
Mon 2005-05-16 13:12:25: --> 220 mail.aaaa.com.tw ESMTP MDaemon 7.2.1; Mon, 16 May 2005 13:12:25 +0800
Mon 2005-05-16 13:12:25: <-- HELO cbrendabrenda.com
Mon 2005-05-16 13:12:25: --> 250 mail.aaaa.com.tw Hello cbrendabrenda.com, pleased to meet you
Mon 2005-05-16 13:12:26: <-- MAIL FROM:<[email protected]>
Mon 2005-05-16 13:12:26: --> 250 <[email protected]>, Sender ok
Mon 2005-05-16 13:12:26: <-- RCPT TO:<[email protected]>
Mon 2005-05-16 13:12:26: --> 250 <[email protected]>, Recipient ok
Mon 2005-05-16 13:12:26: <-- DATA
Mon 2005-05-16 13:12:26: Creating temp file (SMTP): c:\mdaemon\temp\md50000004048.tmp
Mon 2005-05-16 13:12:26: --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2005-05-16 13:12:26: Message creation successful: c:\mdaemon\inbound\md50000097962.msg
Mon 2005-05-16 13:12:26: --> 250 Ok, message saved <Message-

MarchFun

這樣是有點難...如果都是假的網域，沒有規則可循。

不過有一句...
Mon 2005-05-16 13:12:25: Name server reports domain name unknown

名稱伺服器已回報找不到該網域，但信還是進來，可見你沒有開啟反查的功能；有開的話這封信是不會通過的。

cupidsun

謝謝大大說明

上面貼的問題是我昨天按照「垃圾信反制教學班」
中的文章進行設定之前的問題。
昨天設定規則後垃圾信件確實少了很多... :)


但是接踵而來的是該收到卻沒有收到的信.....
下面這段是yahoo webmail寄的信件
應該在反查的時候就發生了
Performing lookup on yahoo.com.tw (looking for 202.43.200.236)
501 This server will not accept forged credentials; you are not 'yahoo.com.tw'

同樣的情況還出現在滿多信件的...
會不會擋了垃圾信...
正常的信也被擋了
---------------------
Tue 2005-05-17 10:55:47: Accepting SMTP connection from [202.43.200.236 : 40692]
Tue 2005-05-17 10:55:47: Looking up PTR record for 202.43.200.236 (236.200.43.202.IN-ADDR.ARPA)
Tue 2005-05-17 10:55:47: D=236.200.43.202.IN-ADDR.ARPA TTL=(20) PTR=[web17908.mail.tpe.yahoo.com]
Tue 2005-05-17 10:55:47: Gathering A-records for PTR hosts
Tue 2005-05-17 10:55:47: D=web17908.mail.tpe.yahoo.com TTL=(30) A=[202.43.200.236]
Tue 2005-05-17 10:55:47: --> 220 mail.aaaa.com.tw ESMTP MDaemon 7.2.1; Tue, 17 May 2005 10:55:47 +0800
Tue 2005-05-17 10:55:47: <-- HELO web17908.mail.tpe.yahoo.com
Tue 2005-05-17 10:55:47: Performing lookup on web17908.mail.tpe.yahoo.com (looking for 202.43.200.236)
Tue 2005-05-17 10:55:47: D=web17908.mail.tpe.yahoo.com TTL=(30) A=[202.43.200.236]
Tue 2005-05-17 10:55:47: --> 250 mail.aaaa.com.tw Hello web17908.mail.tpe.yahoo.com, pleased to meet you
Tue 2005-05-17 10:55:47: <-- MAIL FROM:<[email protected]>
Tue 2005-05-17 10:55:47: Performing lookup on yahoo.com.tw (looking for 202.43.200.236)
Tue 2005-05-17 10:55:47: D=yahoo.com.tw TTL=(76) A=[202.43.195.13]
Tue 2005-05-17 10:55:47: P=001 D=yahoo.com.tw TTL=(76) MX=[mx4.mail.tw.yahoo.com] {202.43.201.250}
Tue 2005-05-17 10:55:47: P=001 D=yahoo.com.tw TTL=(76) MX=[mx3.mail.tw.yahoo.com] {202.43.200.11}
Tue 2005-05-17 10:55:47: --> 501 This server will not accept forged credentials; you are not 'yahoo.com.tw'
Tue 2005-05-17 10:55:47: SMTP session terminated (Bytes in/out: 70/238)
Tue 2005-05-17 10:55:47: ----------

MarchFun

只要通不過反查的都會被擋下，不過正常的 yahoo 應該是沒有問題的。

任何事都必須有所取捨，就看你們自己的需求了。

would

真的很不錯喎……又學會了一招！多謝

cupidsun

我最後設定可以收到yahoo web mail的設定值為
Security
Reverse Lookup：
V. Perform reverse PTR record lookup on inbound SMTP connections
V. Perform lookup on HELO/EHLO domain
　　V. Refuse to accept mail if a lookup returns "domain not found"
V. Perform lookup on value passed in the MAIL command
　　V. Refuse to accept mail if a lookup returns "domain not found"
V. Insert "X-Lookup-Warning" header into suspicious messages

這樣就不會把yahoo的mail擋掉了

luke999

那如果是 501 This server will not accept forged credentials; you are not '1.2.3.4' 1.2.3.4為自己的ip 這需要怎麼設定入排除名單！？