|
|
馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。
你需要 登入 才可以下載或檢視,沒有帳號?我要註冊
x
跟 HiNet 合作的 Xuite.net 的某個郵件主機似乎沒有關閉 Open Relay,被用來丟垃圾信。
因為發信的 IP 列在 Xuite.net DNS 的 SPF 記錄中(看紅色字),所以可以確定是來自 Xuite.net 。也有可能是內鬼在搞鬼。
我猜這個主機一般可能不是用來對外發信,它的發信主機前面有 smtp 字樣(看藍色字)。
想了辦天,我的做法是 mail.xuite.net 這個主機名稱先封起來再觀察。
Session 861; child 1; thread 5604
Tue 2007-05-22 18:25:26: [861:1] Accepting SMTP connection from [210.242.46.153 : 27305]
Tue 2007-05-22 18:25:26: [861:1] Performing PTR lookup (153.46.242.210.IN-ADDR.ARPA)
Tue 2007-05-22 18:25:26: [861:1] * D=153.46.242.210.IN-ADDR.ARPA TTL=(611) PTR=[smtp3.mail.xuite.net]
Tue 2007-05-22 18:25:26: [861:1] * Gathering A records...
Tue 2007-05-22 18:25:26: [861:1] * D=smtp3.mail.xuite.net TTL=(1245) A=[210.242.46.153]
Tue 2007-05-22 18:25:26: [861:1] ---- End PTR results
Tue 2007-05-22 18:25:26: [861:1] --> 220 suma.tw ESMTP MDaemon 9.5.5; Tue, 22 May 2007 18:25:26 +0800
Tue 2007-05-22 18:25:26: [861:1] <-- EHLO mail.xuite.net
Tue 2007-05-22 18:25:26: [861:1] Performing IP lookup (mail.xuite.net)
Tue 2007-05-22 18:25:26: [861:1] * D=mail.xuite.net TTL=(935) A=[210.242.46.168]
Tue 2007-05-22 18:25:26: [861:1] ---- End IP lookup results
Tue 2007-05-22 18:25:26: [861:1] --> 250-suma.tw Hello smtp3.mail.xuite.net (may be forged), pleased to meet you
Tue 2007-05-22 18:25:26: [861:1] --> 250-ETRN
Tue 2007-05-22 18:25:26: [861:1] --> 250-AUTH=LOGIN
Tue 2007-05-22 18:25:26: [861:1] --> 250-AUTH LOGIN CRAM-MD5
Tue 2007-05-22 18:25:26: [861:1] --> 250-8BITMIME
Tue 2007-05-22 18:25:26: [861:1] --> 250 SIZE 51200000
Tue 2007-05-22 18:25:26: [861:1] <-- MAIL FROM:<[email protected]> BODY=8BITMIME SIZE=2048
Tue 2007-05-22 18:25:26: [861:1] Performing IP lookup (xuite.net)
Tue 2007-05-22 18:25:27: [861:1] * D=xuite.net TTL=(9) A=[210.242.18.210]
Tue 2007-05-22 18:25:27: [861:1] * P=010 S=000 D=xuite.net TTL=(55) MX=[mail.xuite.net] {210.242.46.168}
Tue 2007-05-22 18:25:27: [861:1] ---- End IP lookup results
Tue 2007-05-22 18:25:27: [861:1] Performing SPF lookup (xuite.net / 210.242.46.153)
Tue 2007-05-22 18:25:27: [861:1] * Policy: v=spf1 a:sender.epost.hinet.net ip4:210.242.18.0/24 ip4:210.242.41.0/24 ip4:210.242.46.0/24
Tue 2007-05-22 18:25:27: [861:1] * Evaluating a:sender.epost.hinet.net: no match
Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.18.0/24: no match
Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.41.0/24: no match
Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.46.0/24: match
Tue 2007-05-22 18:25:27: [861:1] * Result: pass
Tue 2007-05-22 18:25:27: [861:1] ---- End SPF results
Tue 2007-05-22 18:25:27: [861:1] --> 250 <[email protected]>, Sender ok
Tue 2007-05-22 18:25:27: [861:1] <-- RCPT TO:<[email protected]>
Tue 2007-05-22 18:25:27: [861:1] --> 250 <[email protected]>, Recipient ok
Tue 2007-05-22 18:25:27: [861:1] <-- DATA
Tue 2007-05-22 18:25:27: [861:1] Creating temp file (SMTP): d:\mdaemon\temp\42\md50000000001.tmp
Tue 2007-05-22 18:25:27: [861:1] --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2007-05-22 18:25:27: [861:1] Message size: 1786 bytes
Tue 2007-05-22 18:25:27: [861:1] Passing message through AntiVirus (Size: 1786)...
Tue 2007-05-22 18:25:27: [861:1] * Message is clean (no viruses found)
Tue 2007-05-22 18:25:27: [861:1] ---- End AntiVirus results
Tue 2007-05-22 18:25:27: [861:1] Message creation successful: d:\mdaemon\inbound\42\md50000000615.msg
Tue 2007-05-22 18:25:27: [861:1] --> 250 Ok, message saved <Message-ID: [email protected]>
Tue 2007-05-22 18:25:27: [861:1] Sender triggered a spam trap; message will route to bayesian spam folder
Tue 2007-05-22 18:25:27: [861:1] Sender triggered a spam trap; 210.242.46.153 added to dynamic screening systemTue 2007-05-22 18:25:27: [861:1] <-- QUIT
Tue 2007-05-22 18:25:27: [861:1] --> 221 See ya in cyberspace
Tue 2007-05-22 18:25:27: [861:1] SMTP session successful (Bytes in/out: 1919/465)
可以確定一定是垃圾信,因為它寄到我的垃圾信陷阱帳號中(看咖啡色字)。 |
|
發表於 2007-5-23 14:49:58
發表於 2007-5-24 10:18:29
樓主