Mdaemon 8.11 Log中的Host Screening?

勇氣果子 · 發表於 2005-10-31 09:41:53

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。

你需要登入才可以下載或檢視，沒有帳號？我要註冊

x

Mdaemon 8.11 中的Log...
有分Performing PTR lookup 與 Performing IP lookup 兩區塊。
在這兩個區域其中皆有
【HELO mbox.com.tw】、【Hello 203-204-125-89.adsl.static.giga.net.tw】

想請問各位…
我在Security中的Host Screening所設定阻擋的字串…
會在上面哪一個區塊中判斷。

Sat 2005-10-29 05:32:59: Session 8184; child 2; thread 1876
Sat 2005-10-29 05:32:39: Accepting SMTP connection from [203.204.125.89 : 57749]
Sat 2005-10-29 05:32:39: Performing PTR lookup (89.125.204.203.IN-ADDR.ARPA)
Sat 2005-10-29 05:32:39: *　D=89.125.204.203.IN-ADDR.ARPA TTL=(1440) PTR=[203-204-125-89.adsl.static.giga.net.tw]
Sat 2005-10-29 05:32:39: *　Gathering A records...
Sat 2005-10-29 05:32:39: *　D=203-204-125-89.adsl.static.giga.net.tw TTL=(4320) A=[203.204.125.89]
Sat 2005-10-29 05:32:39: ---- End PTR results
Sat 2005-10-29 05:32:39: --> 220 mymail.test.com.tw ESMTP MDaemon 8.1.1; Sat, 29 Oct 2005 05:32:39 +0800
Sat 2005-10-29 05:32:39: <-- XXXX mbox.com.tw
Sat 2005-10-29 05:32:39: --> 500 What? I don't understand that.
Sat 2005-10-29 05:32:39: <-- HELO mbox.com.tw
Sat 2005-10-29 05:32:39: Performing IP lookup (mbox.com.tw)
Sat 2005-10-29 05:32:39: *　D=mbox.com.tw TTL=(10) A=[192.168.0.1]
Sat 2005-10-29 05:32:39: ---- End IP lookup results
Sat 2005-10-29 05:32:39: --> 250 mymail.test.com.tw Hello 203-204-125-89.adsl.static.giga.net.tw (may be forged), pleased to meet you
Sat 2005-10-29 05:32:40: <-- MAIL FROM:<[email protected]>
Sat 2005-10-29 05:32:40: Performing IP lookup (yahoo.com.hk)
Sat 2005-10-29 05:32:40: *　D=yahoo.com.hk TTL=(58) A=[202.43.221.34]
Sat 2005-10-29 05:32:40: *　P=005 D=yahoo.com.hk TTL=(58) MX=[mx4.mail.yahoo.com]
Sat 2005-10-29 05:32:40: *　P=001 D=yahoo.com.hk TTL=(58) MX=[mx3.mail.yahoo.com]
Sat 2005-10-29 05:32:40: *　P=001 D=yahoo.com.hk TTL=(58) MX=[mx2.mail.yahoo.com]
Sat 2005-10-29 05:32:40: *　P=001 D=yahoo.com.hk TTL=(58) MX=[mx1.mail.yahoo.com]
Sat 2005-10-29 05:32:40: *　D=yahoo.com.hk TTL=(58) A=[202.43.221.34]
Sat 2005-10-29 05:32:40: *　D=yahoo.com.hk TTL=(58) A=[202.43.221.34]
Sat 2005-10-29 05:32:40: *　D=yahoo.com.hk TTL=(58) A=[202.43.221.34]
Sat 2005-10-29 05:32:40: *　D=yahoo.com.hk TTL=(58) A=[202.43.221.34]
Sat 2005-10-29 05:32:40: ---- End IP lookup results
Sat 2005-10-29 05:32:40: --> 250 <[email protected]>, Sender ok
Sat 2005-10-29 05:32:40: <-- RCPT TO:<[email protected]>
Sat 2005-10-29 05:32:40: Performing DNS-BL lookup (203.204.125.89 - connecting IP)
Sat 2005-10-29 05:32:40: *　sbl-xbl.spamhaus.org - failed
Sat 2005-10-29 05:32:41: *　opm.blitzed.org - passed
Sat 2005-10-29 05:32:41: *　relays.ordb.org - failed
Sat 2005-10-29 05:32:41: *　bl.spamcop.net - passed
Sat 2005-10-29 05:32:41: ---- End DNS-BL results
Sat 2005-10-29 05:32:41: --> 250 <[email protected]>, Recipient ok
Sat 2005-10-29 05:32:41: <-- DATA
Sat 2005-10-29 05:32:41: Creating temp file (SMTP): d:\mdaemon\temp\md50000008651.tmp
Sat 2005-10-29 05:32:41: --> 354 Enter mail, end with <CRLF>.<CRLF>
Sat 2005-10-29 05:32:46: Message size: 7043 bytes
Sat 2005-10-29 05:32:46: Performing DomainKeys lookup (Sender: [email protected])
Sat 2005-10-29 05:32:46: *　Message-ID: [email protected]
Sat 2005-10-29 05:32:46: *　Querying for policy: yahoo.com.hk
Sat 2005-10-29 05:32:46: *　　Querying: _domainkey.yahoo.com.hk ...
Sat 2005-10-29 05:32:46: *　　DNS: Name server has no records of the requested type for that domain
Sat 2005-10-29 05:32:46: *　Result: pass
Sat 2005-10-29 05:32:46: ---- End DomainKeys results
Sat 2005-10-29 05:32:46: Passing message through AntiVirus (Size: 7043)...
Sat 2005-10-29 05:32:46: *　Message is clean (no viruses found)
Sat 2005-10-29 05:32:46: ---- End AntiVirus results
Sat 2005-10-29 05:32:46: Passing message through Spam Filter (Size: 7043)...
Sat 2005-10-29 05:32:47: *　3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Sat 2005-10-29 05:32:47: *　2.3 TO_MALFORMED To: has a malformed address
Sat 2005-10-29 05:32:47: *　0.0 HTML_WEB_BUGS BODY: Image tag intended to identify you
Sat 2005-10-29 05:32:47: *　1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
Sat 2005-10-29 05:32:47: *　0.2 HTML_FONT_BIG BODY: HTML tag for a big font size
Sat 2005-10-29 05:32:47: *　0.0 HTML_MESSAGE BODY: HTML included in message
Sat 2005-10-29 05:32:47: *　0.2 HTML_90_100 BODY: Message is 90% to 100% HTML
Sat 2005-10-29 05:32:47: *　8.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
Sat 2005-10-29 05:32:47: *　　　[URIs: firstedm.com]
Sat 2005-10-29 05:32:47: *　9.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
Sat 2005-10-29 05:32:47: *　　　[URIs: firstedm.com]
Sat 2005-10-29 05:32:47: *　8.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
Sat 2005-10-29 05:32:47: *　　　[URIs: firstedm.com]
Sat 2005-10-29 05:32:47: ---- End SpamAssassin results
Sat 2005-10-29 05:32:47: Spam Filter score/req: 32.35/12.0
Sat 2005-10-29 05:32:47: Message refused because spam score is too high
Sat 2005-10-29 05:32:47: --> 554 Sorry, message looks like SPAM to me
Sat 2005-10-29 05:32:59: <-- QUIT
Sat 2005-10-29 05:32:59: --> 221 See ya in cyberspace
Sat 2005-10-29 05:32:59: SMTP session terminated (Bytes in/out: 7178/427)
Sat 2005-10-29 05:32:59: ----------

MarchFun · 發表於 2005-10-31 12:15:22

Host Screen 是擋 HELO mbox.com.tw 這個部份。

勇氣果子 · 發表於 2005-11-1 12:27:34

嗯… 是這樣呀。
好~

謝謝站長。

勇氣果子 · 發表於 2005-11-4 09:21:59

引言 (March Fun @ 2005/10/31 - 12:15)

Host Screen 是擋 HELO mbox.com.tw 這個部份。

我想再請問一下問題…

因為我用一般的工具軟體去查這個ip的hostname
它反解回來的位置卻是203-204-125-89.adsl.static.giga.net.tw

那為什麼MDaemon在做hostname HELO的時候…
卻解成…

Sat 2005-10-29 05:32:59: Session 8184; child 2; thread 1876
Sat 2005-10-29 05:32:39: Accepting SMTP connection from [203.204.125.89 : 57749]
Sat 2005-10-29 05:32:39: Performing PTR lookup (89.125.204.203.IN-ADDR.ARPA)
Sat 2005-10-29 05:32:39: *　D=89.125.204.203.IN-ADDR.ARPA TTL=(1440) PTR=[203-204-125-89.adsl.static.giga.net.tw]
Sat 2005-10-29 05:32:39: *　Gathering A records...
Sat 2005-10-29 05:32:39: *　D=203-204-125-89.adsl.static.giga.net.tw TTL=(4320) A=[203.204.125.89]
Sat 2005-10-29 05:32:39: ---- End PTR results
Sat 2005-10-29 05:32:39: --> 220 mymail.test.com.tw ESMTP MDaemon 8.1.1; Sat, 29 Oct 2005 05:32:39 +0800
Sat 2005-10-29 05:32:39: <-- XXXX mbox.com.tw
Sat 2005-10-29 05:32:39: --> 500 What? I don't understand that.
Sat 2005-10-29 05:32:39: <-- HELO mbox.com.tw

MarchFun · 發表於 2005-11-4 10:23:58

這方面的東西我不是太了解，不過依我的推斷，203-204-125-89.adsl.static.giga.net.tw 這類的名稱是 ISP 中原始名稱，也就是在未對應到某個網域時的預設名稱。

依我的經驗，在 HELLO 時有時會出現類似 203-204-125-89.adsl.static.giga.net.tw 的格式，那應該就是它沒有申請網域名稱，所以以原始格式出現。一旦這個 IP 對應（申請）到某個網域，則 HELLO 時就會以該網域名稱出現。

以上是我的推測。如果有更了解的朋友不妨告訴我們究竟是不是這樣。

		自動登入	取回密碼
密碼			我要註冊

Mdaemon 8.11 Log中的Host Screening?

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。

瀏覽過的版區