數碼中文坊

 取回密碼
 我要註冊
檢視: 5476|回覆: 7

擋掉的廣告信去了那裡了?

[複製連結]
發表於 2005-8-17 22:36:51 | 顯示全部樓層 |閱讀模式

馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。

你需要 登入 才可以下載或檢視,沒有帳號?我要註冊

x
請問一下,mdaemon可以把擋掉的廣告信寄到一個指定的信箱嗎?
而不是直接的刪掉。

還有被擋掉的病毒信是直接殺掉了,還是…

請大大們解答了。

謝謝 smil3dbd4d6422f04.gif
發表於 2005-8-17 22:43:23 | 顯示全部樓層
這全都要看你的需要而定囉!理論上都可以做到。
 樓主| 發表於 2005-8-18 01:00:13 | 顯示全部樓層
引言 (March Fun @ 2005/8/17 - 22:43)
這全都要看你的需要而定囉!理論上都可以做到。

請問一下,站長,是另外要設參數,還是mdaemon設定的選項就有了呢?
我找不到說。

我用的是mdaemon mail server pro 8.1.1
發表於 2005-8-18 10:58:38 | 顯示全部樓層
這必須要利用 Content Filter 來做。所以並不能百分之百的轉寄。
肖像被遮蔽
發表於 2005-8-19 09:33:48 | 顯示全部樓層
提示: 作者被封鎖或刪除 內容自動遮蔽
發表於 2005-8-19 12:03:18 | 顯示全部樓層
是否退回也還是得看你的設定。像我們這裏都直接刪,不退回。因為大部份的垃圾信都是假的地址,如果設定成退回的話...郵件伺服器一整天都要忙於重試這些無效的地址。

如果每封設定要重試三天,那三天下來要累積多少?...呵呵呵! smiles-a006.gif
 樓主| 發表於 2005-8-22 01:04:33 | 顯示全部樓層
引言 (March Fun @ 2005/8/19 - 12:03)
是否退回也還是得看你的設定。像我們這裏都直接刪,不退回。因為大部份的垃圾信都是假的地址,如果設定成退回的話...郵件伺服器一整天都要忙於重試這些無效的地址。

如果每封設定要重試三天,那三天下來要累積多少?...呵呵呵! smiles-a006.gif

對喔。
可以設成還是收下來,但在標題標示**SPAM**嗎?
對企業來說,如果誤刪郵件的話,事情可大可小!
發表於 2005-8-22 08:09:10 | 顯示全部樓層
目前我觀察到的log約可分成二種廣告信,
第一種是不合法寄件人,他可能是自已用廣告信發信機,所以他沒有合法的網域,而且email也是用隨機命名,這種廣告信被MDAEMON收下來之後,只要正查、反查且查無此人之後,MDAEMON就直接踢掉。

第二種是合法寄件人,他可能是用YAHOO、GMAIL、HOTMAIL這類免費信箱,當然也有人會用HINET、SEEDNET付費信箱,在前面的查詢都通過之後,會開始進行評分動作,首先如果你有設定DBL查詢,這就會是第一個評分,然後是針對信件內容的分析,然後它會加總起來,這時你就可以設定多少分數以上是在信件標題標明"廣告信"字言,多少分數以上是直接踢掉,內定是5分以上標註SPAM,12分以上是踢掉。

說真的這種機制,目前我尚未遇到踢掉正常信過,至於標註錯誤大都是hinet、yahoo、sonet這些網站自己發出的廣告信,所以也不能算是錯誤。

下面這個例子是想用我們公司的郵件伺服器轉信,當然是被踢掉
-------------------------------------------------------------------------------
Mon 2005-08-22 04:05:05: Session 3178; child 1; thread 23136
Mon 2005-08-22 04:05:04: [3178:1] Accepting SMTP connection from [219.81.148.226 : 3188]
Mon 2005-08-22 04:05:04: [3178:1] Performing PTR lookup (226.148.81.219.IN-ADDR.ARPA)
Mon 2005-08-22 04:05:04: [3178:1] * D=226.148.81.219.IN-ADDR.ARPA TTL=(470) PTR=[219-81-148-226.dynamic.tfn.net.tw]
Mon 2005-08-22 04:05:04: [3178:1] * Gathering A records...
Mon 2005-08-22 04:05:04: [3178:1] * D=219-81-148-226.dynamic.tfn.net.tw TTL=(1308) A=[219.81.148.226]
Mon 2005-08-22 04:05:04: [3178:1] ---- End PTR results
Mon 2005-08-22 04:05:04: [3178:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Mon, 22 Aug 2005 04:05:04 +0800
Mon 2005-08-22 04:05:04: [3178:1] <-- HELO 211.21.191.230
Mon 2005-08-22 04:05:04: [3178:1] --> 250 cfwater.com.tw Hello 219-81-148-226.dynamic.tfn.net.tw (may be forged), pleased to meet you
Mon 2005-08-22 04:05:05: [3178:1] <-- MAIL FROM:<[email protected]>
Mon 2005-08-22 04:05:05: [3178:1] Performing IP lookup (yahoo.com)
Mon 2005-08-22 04:05:05: [3178:1] * D=yahoo.com TTL=(4) A=[66.94.234.13]
Mon 2005-08-22 04:05:05: [3178:1] * P=005 D=yahoo.com TTL=(74) MX=[mx4.mail.yahoo.com] {68.142.202.12}
Mon 2005-08-22 04:05:05: [3178:1] * P=001 D=yahoo.com TTL=(74) MX=[mx3.mail.yahoo.com] {64.156.215.6}
Mon 2005-08-22 04:05:05: [3178:1] * P=001 D=yahoo.com TTL=(74) MX=[mx2.mail.yahoo.com] {67.28.114.35}
Mon 2005-08-22 04:05:05: [3178:1] * P=001 D=yahoo.com TTL=(74) MX=[mx1.mail.yahoo.com] {4.79.181.15}
Mon 2005-08-22 04:05:05: [3178:1] ---- End IP lookup results
Mon 2005-08-22 04:05:05: [3178:1] --> 250 <[email protected]>, Sender ok
Mon 2005-08-22 04:05:05: [3178:1] <-- RCPT TO:<[email protected]>
Mon 2005-08-22 04:05:05: [3178:1] Sender attempted to deliver message to unknown address
Mon 2005-08-22 04:05:05: [3178:1] --> 550 <[email protected]>, Recipient unknown
Mon 2005-08-22 04:05:05: [3178:1] <-- QUIT

Mon 2005-08-22 04:05:05: [3178:1] --> 221 See ya in cyberspace
Mon 2005-08-22 04:05:05: [3178:1] SMTP session terminated (Bytes in/out: 98/287)
Mon 2005-08-22 04:05:05: ----------

下面這個例子是不合法的收信者,也被踢掉
Mon 2005-08-22 04:05:05: ----------
Mon 2005-08-22 04:43:49: Session 3189; child 1; thread 22996
Mon 2005-08-22 04:43:47: [3189:1] Accepting SMTP connection from [221.140.55.39 : 3962]
Mon 2005-08-22 04:43:47: [3189:1] Performing PTR lookup (39.55.140.221.IN-ADDR.ARPA)
Mon 2005-08-22 04:43:48: [3189:1] * Error: Name server reports domain name unknown
Mon 2005-08-22 04:43:48: [3189:1] ---- End PTR results
Mon 2005-08-22 04:43:48: [3189:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Mon, 22 Aug 2005 04:43:48 +0800
Mon 2005-08-22 04:43:48: [3189:1] <-- HELO 211.21.191.230
Mon 2005-08-22 04:43:48: [3189:1] --> 250 cfwater.com.tw Hello 211.21.191.230 (may be forged), pleased to meet you
Mon 2005-08-22 04:43:48: [3189:1] <-- MAIL FROM: <[email protected]>
Mon 2005-08-22 04:43:48: [3189:1] Performing IP lookup (daum.net)
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(747) A=[211.115.77.212]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx9.hanmail.net] {211.43.197.85}
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx8.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx7.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx6.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx5.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx4.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx3.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx2.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx10.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * P=010 D=daum.net TTL=(741) MX=[mx1.hanmail.net]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(737) A=[211.115.77.214]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(690) A=[211.115.77.213]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(701) A=[211.115.115.211]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(752) A=[211.115.77.211]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(747) A=[211.115.77.211]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(737) A=[211.115.115.212]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(737) A=[211.115.77.212]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(671) A=[211.115.115.211]
Mon 2005-08-22 04:43:48: [3189:1] * D=daum.net TTL=(699) A=[211.115.77.212]
Mon 2005-08-22 04:43:48: [3189:1] ---- End IP lookup results
Mon 2005-08-22 04:43:48: [3189:1] --> 250 <[email protected]>, Sender ok
Mon 2005-08-22 04:43:49: [3189:1] <-- RCPT TO: <[email protected]>
Mon 2005-08-22 04:43:49: [3189:1] Sender attempted to deliver message to unknown address
Mon 2005-08-22 04:43:49: [3189:1] --> 550 <[email protected]>, Recipient unknown
Mon 2005-08-22 04:43:49: [3189:1] Error reading from socket!
Mon 2005-08-22 04:43:49: [3189:1] Unexpected socket closure

Mon 2005-08-22 04:43:49: [3189:1] SMTP session terminated (Bytes in/out: 88/236)
Mon 2005-08-22 04:43:49: ----------

下面這個則是評分過高的寄件者,當然也是踢掉:
Mon 2005-08-22 04:43:49: ----------
Mon 2005-08-22 06:03:02: Session 3220; child 1; thread 23316
Mon 2005-08-22 06:02:58: [3220:1] Accepting SMTP connection from [59.120.160.13 : 4119]
Mon 2005-08-22 06:02:58: [3220:1] Performing PTR lookup (13.160.120.59.IN-ADDR.ARPA)
Mon 2005-08-22 06:02:58: [3220:1] * D=13.160.120.59.IN-ADDR.ARPA TTL=(310) PTR=[59-120-160-13.HINET-IP.hinet.net]
Mon 2005-08-22 06:02:58: [3220:1] * Gathering A records...
Mon 2005-08-22 06:02:58: [3220:1] * D=59-120-160-13.HINET-IP.hinet.net TTL=(639) A=[59.120.160.13]
Mon 2005-08-22 06:02:58: [3220:1] ---- End PTR results
Mon 2005-08-22 06:02:58: [3220:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Mon, 22 Aug 2005 06:02:58 +0800
Mon 2005-08-22 06:02:58: [3220:1] <-- HELO 211.21.191.230
Mon 2005-08-22 06:02:58: [3220:1] --> 250 cfwater.com.tw Hello 59-120-160-13.HINET-IP.hinet.net (may be forged), pleased to meet you
Mon 2005-08-22 06:02:58: [3220:1] <-- MAIL FROM: <[email protected]>
Mon 2005-08-22 06:02:58: [3220:1] Performing IP lookup (yyhmail.com)
Mon 2005-08-22 06:02:58: [3220:1] * D=yyhmail.com TTL=(26) A=[205.158.62.105]
Mon 2005-08-22 06:02:58: [3220:1] * P=020 D=yyhmail.com TTL=(2) MX=[yyhmail-com-bk.mr.outblaze.com] {208.36.123.75}
Mon 2005-08-22 06:02:58: [3220:1] * P=010 D=yyhmail.com TTL=(2) MX=[yyhmail-com.mr.outblaze.com] {205.158.62.177}
Mon 2005-08-22 06:02:58: [3220:1] ---- End IP lookup results
Mon 2005-08-22 06:02:58: [3220:1] --> 250 <[email protected]>, Sender ok
Mon 2005-08-22 06:02:58: [3220:1] <-- RCPT TO: <[email protected]>
Mon 2005-08-22 06:02:58: [3220:1] Performing DNS-BL lookup (59.120.160.13 - connecting IP)
Mon 2005-08-22 06:02:58: [3220:1] * sbl-xbl.spamhaus.org - passed
Mon 2005-08-22 06:02:58: [3220:1] * opm.blitzed.org - passed
Mon 2005-08-22 06:02:59: [3220:1] * relays.ordb.org - passed
Mon 2005-08-22 06:02:59: [3220:1] * bl.spamcop.net - passed
Mon 2005-08-22 06:02:59: [3220:1] ---- End DNS-BL results
Mon 2005-08-22 06:02:59: [3220:1] --> 250 <[email protected]>, Recipient ok
Mon 2005-08-22 06:02:59: [3220:1] <-- DATA
Mon 2005-08-22 06:02:59: [3220:1] Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000000413.tmp
Mon 2005-08-22 06:02:59: [3220:1] --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2005-08-22 06:02:59: [3220:1] Message size: 5591 bytes
Mon 2005-08-22 06:02:59: [3220:1] Passing message through AntiVirus (Size: 5591)...
Mon 2005-08-22 06:02:59: [3220:1] * Message is clean (no viruses found)
Mon 2005-08-22 06:02:59: [3220:1] ---- End AntiVirus results
Mon 2005-08-22 06:02:59: [3220:1] Passing message through Spam Filter (Size: 5591)...
Mon 2005-08-22 06:03:02: [3220:1] * 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
Mon 2005-08-22 06:03:02: [3220:1] * 3.8 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
Mon 2005-08-22 06:03:02: [3220:1] * 2.9 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 HTML_WEB_BUGS BODY: Image tag intended to identify you
Mon 2005-08-22 06:03:02: [3220:1] * 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
Mon 2005-08-22 06:03:02: [3220:1] * 10 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
Mon 2005-08-22 06:03:02: [3220:1] * [score: 1.0000]
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
Mon 2005-08-22 06:03:02: [3220:1] * 0.1 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
Mon 2005-08-22 06:03:02: [3220:1] * 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
Mon 2005-08-22 06:03:02: [3220:1] * 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 HTML_MESSAGE BODY: HTML included in message
Mon 2005-08-22 06:03:02: [3220:1] * 2.1 FRONTPAGE RAW: Frontpage used to create the message
Mon 2005-08-22 06:03:02: [3220:1] * 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
Mon 2005-08-22 06:03:02: [3220:1] * 0.6 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
Mon 2005-08-22 06:03:02: [3220:1] * 3.2 FORGED_MUA_OIMO Forged mail pretending to be from MS Outlook IMO
Mon 2005-08-22 06:03:02: [3220:1] * 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
Mon 2005-08-22 06:03:02: [3220:1] * 0.0 UPPERCASE_50_75 message body is 50-75% uppercase
Mon 2005-08-22 06:03:02: [3220:1] ---- End SpamAssassin results
Mon 2005-08-22 06:03:02: [3220:1] Spam Filter score/req: 30.08/12.0

Mon 2005-08-22 06:03:02: [3220:1] Message refused because spam score is too high
Mon 2005-08-22 06:03:02: [3220:1] --> 554 Sorry, message looks like SPAM to me
Mon 2005-08-22 06:03:02: [3220:1] <-- QUIT
Mon 2005-08-22 06:03:02: [3220:1] --> 221 See ya in cyberspace
Mon 2005-08-22 06:03:02: [3220:1] SMTP session terminated (Bytes in/out: 5703/366)
Mon 2005-08-22 06:03:02: ----------

下面這個則是我們公司根本沒有這號人物,也就是智慧學習設陷阱,當然也是被踢掉:
Mon 2005-08-22 06:03:02: ----------
Mon 2005-08-22 07:49:22: Session 3256; child 1; thread 23648
Mon 2005-08-22 07:49:22: [3256:1] Accepting SMTP connection from [211.185.3.5 : 51909]
Mon 2005-08-22 07:49:22: [3256:1] Performing PTR lookup (5.3.185.211.IN-ADDR.ARPA)
Mon 2005-08-22 07:49:22: [3256:1] * Error: Name server reports domain name unknown
Mon 2005-08-22 07:49:22: [3256:1] ---- End PTR results
Mon 2005-08-22 07:49:22: [3256:1] --> 220 cfwater.com.tw ESMTP MDaemon 8.1.1; Mon, 22 Aug 2005 07:49:22 +0800
Mon 2005-08-22 07:49:22: [3256:1] <-- HELO 211.21.191.230
Mon 2005-08-22 07:49:22: [3256:1] --> 250 cfwater.com.tw Hello 211.21.191.230 (may be forged), pleased to meet you
Mon 2005-08-22 07:49:22: [3256:1] <-- MAIL FROM: <[email protected]>
Mon 2005-08-22 07:49:22: [3256:1] Performing IP lookup (ms25.hinet.net)
Mon 2005-08-22 07:49:22: [3256:1] * D=ms25.hinet.net TTL=(1440) A=[168.95.4.25]
Mon 2005-08-22 07:49:22: [3256:1] * P=000 D=ms25.hinet.net TTL=(1440) MX=[ms25a.hinet.net] {168.95.5.25}
Mon 2005-08-22 07:49:22: [3256:1] ---- End IP lookup results
Mon 2005-08-22 07:49:22: [3256:1] --> 250 <[email protected]>, Sender ok
Mon 2005-08-22 07:49:22: [3256:1] <-- RCPT TO: <[email protected]>
Mon 2005-08-22 07:49:22: [3256:1] Sender attempted to deliver message to unknown address

Mon 2005-08-22 07:49:22: [3256:1] --> 550 <[email protected]>, Recipient unknown
Mon 2005-08-22 07:49:22: [3256:1] <-- QUIT
Mon 2005-08-22 07:49:22: [3256:1] --> 221 See ya in cyberspace
Mon 2005-08-22 07:49:22: [3256:1] SMTP session terminated (Bytes in/out: 102/270)
Mon 2005-08-22 07:49:22: ----------

smil3dbd4e5e7563a.gif

每天收這些垃圾信,只是浪費頻寬而已,政府應該訂定法律,把這些人關起來才對。 smiles-a012.gif
你需要登入後才可以回覆 登入 | 我要註冊

本版積分規則

Archiver|禁閉室|手機版|數碼中文坊

GMT+8, 2024-3-28 04:40 PM

Powered by Discuz! X3.4 Licensed

© 2001-2023 Discuz! Team.

快速回覆 返回頂端 返回清單