|
馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。
你需要 登入 才可以下載或檢視,沒有帳號?我要註冊
x
跟 HiNet 合作的 Xuite.net 的某個郵件主機似乎沒有關閉 Open Relay,被用來丟垃圾信。 因為發信的 IP 列在 Xuite.net DNS 的 SPF 記錄中(看紅色字),所以可以確定是來自 Xuite.net 。也有可能是內鬼在搞鬼。
我猜這個主機一般可能不是用來對外發信,它的發信主機前面有 smtp 字樣(看藍色字)。
想了辦天,我的做法是 mail.xuite.net 這個主機名稱先封起來再觀察。
Session 861; child 1; thread 5604 Tue 2007-05-22 18:25:26: [861:1] Accepting SMTP connection from [210.242.46.153 : 27305] Tue 2007-05-22 18:25:26: [861:1] Performing PTR lookup (153.46.242.210.IN-ADDR.ARPA) Tue 2007-05-22 18:25:26: [861:1] * D=153.46.242.210.IN-ADDR.ARPA TTL=(611) PTR=[smtp3.mail.xuite.net] Tue 2007-05-22 18:25:26: [861:1] * Gathering A records... Tue 2007-05-22 18:25:26: [861:1] * D=smtp3.mail.xuite.net TTL=(1245) A=[210.242.46.153] Tue 2007-05-22 18:25:26: [861:1] ---- End PTR results Tue 2007-05-22 18:25:26: [861:1] --> 220 suma.tw ESMTP MDaemon 9.5.5; Tue, 22 May 2007 18:25:26 +0800 Tue 2007-05-22 18:25:26: [861:1] <-- EHLO mail.xuite.net Tue 2007-05-22 18:25:26: [861:1] Performing IP lookup (mail.xuite.net) Tue 2007-05-22 18:25:26: [861:1] * D=mail.xuite.net TTL=(935) A=[210.242.46.168] Tue 2007-05-22 18:25:26: [861:1] ---- End IP lookup results Tue 2007-05-22 18:25:26: [861:1] --> 250-suma.tw Hello smtp3.mail.xuite.net (may be forged), pleased to meet you Tue 2007-05-22 18:25:26: [861:1] --> 250-ETRN Tue 2007-05-22 18:25:26: [861:1] --> 250-AUTH=LOGIN Tue 2007-05-22 18:25:26: [861:1] --> 250-AUTH LOGIN CRAM-MD5 Tue 2007-05-22 18:25:26: [861:1] --> 250-8BITMIME Tue 2007-05-22 18:25:26: [861:1] --> 250 SIZE 51200000 Tue 2007-05-22 18:25:26: [861:1] <-- MAIL FROM:<[email protected]> BODY=8BITMIME SIZE=2048 Tue 2007-05-22 18:25:26: [861:1] Performing IP lookup (xuite.net) Tue 2007-05-22 18:25:27: [861:1] * D=xuite.net TTL=(9) A=[210.242.18.210] Tue 2007-05-22 18:25:27: [861:1] * P=010 S=000 D=xuite.net TTL=(55) MX=[mail.xuite.net] {210.242.46.168} Tue 2007-05-22 18:25:27: [861:1] ---- End IP lookup results Tue 2007-05-22 18:25:27: [861:1] Performing SPF lookup (xuite.net / 210.242.46.153) Tue 2007-05-22 18:25:27: [861:1] * Policy: v=spf1 a:sender.epost.hinet.net ip4:210.242.18.0/24 ip4:210.242.41.0/24 ip4:210.242.46.0/24 Tue 2007-05-22 18:25:27: [861:1] * Evaluating a:sender.epost.hinet.net: no match Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.18.0/24: no match Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.41.0/24: no match Tue 2007-05-22 18:25:27: [861:1] * Evaluating ip4:210.242.46.0/24: match Tue 2007-05-22 18:25:27: [861:1] * Result: pass Tue 2007-05-22 18:25:27: [861:1] ---- End SPF results Tue 2007-05-22 18:25:27: [861:1] --> 250 <[email protected]>, Sender ok Tue 2007-05-22 18:25:27: [861:1] <-- RCPT TO:<[email protected]> Tue 2007-05-22 18:25:27: [861:1] --> 250 <[email protected]>, Recipient ok Tue 2007-05-22 18:25:27: [861:1] <-- DATA Tue 2007-05-22 18:25:27: [861:1] Creating temp file (SMTP): d:\mdaemon\temp\42\md50000000001.tmp Tue 2007-05-22 18:25:27: [861:1] --> 354 Enter mail, end with <CRLF>.<CRLF> Tue 2007-05-22 18:25:27: [861:1] Message size: 1786 bytes Tue 2007-05-22 18:25:27: [861:1] Passing message through AntiVirus (Size: 1786)... Tue 2007-05-22 18:25:27: [861:1] * Message is clean (no viruses found) Tue 2007-05-22 18:25:27: [861:1] ---- End AntiVirus results Tue 2007-05-22 18:25:27: [861:1] Message creation successful: d:\mdaemon\inbound\42\md50000000615.msg Tue 2007-05-22 18:25:27: [861:1] --> 250 Ok, message saved <Message-ID: [email protected]> Tue 2007-05-22 18:25:27: [861:1] Sender triggered a spam trap; message will route to bayesian spam folder Tue 2007-05-22 18:25:27: [861:1] Sender triggered a spam trap; 210.242.46.153 added to dynamic screening systemTue 2007-05-22 18:25:27: [861:1] <-- QUIT Tue 2007-05-22 18:25:27: [861:1] --> 221 See ya in cyberspace Tue 2007-05-22 18:25:27: [861:1] SMTP session successful (Bytes in/out: 1919/465)
可以確定一定是垃圾信,因為它寄到我的垃圾信陷阱帳號中(看咖啡色字)。 |
|