數碼中文坊

 取回密碼
 我要註冊
檢視: 6979|回覆: 8

[已解決] 詢問累積Remote Queue垃圾信問題

[複製連結]
發表於 2008-11-12 14:34:17 | 顯示全部樓層 |閱讀模式

馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。

你需要 登入 才可以下載或檢視,沒有帳號?我要註冊

x
我的Remote Queue裡面有許多待寄送的信件(最高達一萬多封信),檢查後發現都是垃圾信件,我已經取消Mail Relay的功能也啟動POP Before SMTP的功能,不知是那邊還需要設定才能解決此問題麻煩各位。

SMTP-(OUT) LOG
Mon 2008-11-10 14:22:20: ----------
Mon 2008-11-10 14:22:20: Session 2154; child 1
Mon 2008-11-10 14:22:17: Parsing Message <c:\mdaemon\queues\remote\pd50000038601.msg>
Mon 2008-11-10 14:22:17: From: [email protected]
Mon 2008-11-10 14:22:17: To: [email protected]
Mon 2008-11-10 14:22:17: Subject: [***SPAM*** Score/Req: 27.1/5.0] ★◆★我也曾經是卡奴(經驗分享)★◆★Gwen
Mon 2008-11-10 14:22:17: Message-ID: <[email protected]>
Mon 2008-11-10 14:22:17: Route slip host: yahoo.com.tw
Mon 2008-11-10 14:22:17: Route slip port: 25
Mon 2008-11-10 14:22:17: MX-record resolution of [yahoo.com.tw] in progress (DNS Server: 192.168.123.250)...
Mon 2008-11-10 14:22:17: *  P=005 S=000 D=yahoo.com.tw TTL=(1) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Mon 2008-11-10 14:22:17: *  P=005 S=001 D=yahoo.com.tw TTL=(1) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Mon 2008-11-10 14:22:17: Attempting MX: P=005 S=000 D=yahoo.com.tw TTL=(1) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Mon 2008-11-10 14:22:17: Attempting SMTP connection to [203.188.197.10 : 25]
Mon 2008-11-10 14:22:17: Waiting for connection...
Mon 2008-11-10 14:22:17: Connection established (192.168.123.250 : 1482 -> 203.188.197.10 : 25)
Mon 2008-11-10 14:22:17: Waiting for protocol initiation...
Mon 2008-11-10 14:22:18: <-- 220 mta111.mail.tp2.yahoo.com ESMTP YSmtp service ready
Mon 2008-11-10 14:22:18: --> EHLO timhome.idv.tw
Mon 2008-11-10 14:22:18: <-- 250-mta111.mail.tp2.yahoo.com
Mon 2008-11-10 14:22:18: <-- 250-8BITMIME
Mon 2008-11-10 14:22:18: <-- 250-SIZE 31981568
Mon 2008-11-10 14:22:18: <-- 250 PIPELINING
Mon 2008-11-10 14:22:18: --> MAIL From:<[email protected]> SIZE=3537
Mon 2008-11-10 14:22:18: <-- 250 sender <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:18: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:18: --> RCPT To:<[email protected]>
Mon 2008-11-10 14:22:19: <-- 250 recipient <[email protected]> ok
Mon 2008-11-10 14:22:19: --> DATA
Mon 2008-11-10 14:22:19: <-- 354 go ahead
Mon 2008-11-10 14:22:19: Sending <c:\mdaemon\queues\remote\pd50000038601.msg> to [203.188.197.10]
Mon 2008-11-10 14:22:19: Transfer Complete.
Mon 2008-11-10 14:22:20: <-- 451 Message temporarily deferred - [70]
Mon 2008-11-10 14:22:20: --> QUIT
Mon 2008-11-10 14:22:20: Attempting MX: P=005 S=001 D=yahoo.com.tw TTL=(1) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Mon 2008-11-10 14:22:20: Attempting SMTP connection to [203.188.197.9 : 25]
Mon 2008-11-10 14:22:20: Waiting for connection...
Mon 2008-11-10 14:22:20: Connection established (192.168.123.250 : 1489 -> 203.188.197.9 : 25)
Mon 2008-11-10 14:22:20: Waiting for protocol initiation...
Mon 2008-11-10 14:22:20: <-- 453 Mail from 61.56.143.238 not allowed - [90]
Mon 2008-11-10 14:22:20: --> QUIT
Mon 2008-11-10 14:22:20: Socket connection closed by the other side (how rude!)
Mon 2008-11-10 14:22:20: This message is 0 minutes old; it has 60 minutes left in this queue
Mon 2008-11-10 14:22:20: SMTP session terminated (Bytes in/out: 752/4000)
發表於 2008-11-13 10:31:25 | 顯示全部樓層
請檢查一下 SMTP In 的 log,看看這封信是來自於哪裏。
 樓主| 發表於 2008-11-14 01:08:52 | 顯示全部樓層
感謝 MarchFun 回覆
您的意思是說從SMTP In 的 log 才看對方的來源IP以後,使用IP SCREENING把對方的來信 IP 封鎖是嗎??

想請問一下為什麼我已經取消Mail Relay的功能也啟動POP Before SMTP的功能,還是能透過我的MAIL SERVER傳遞垃圾信??
發表於 2008-11-14 01:23:17 | 顯示全部樓層
我要你看 SMTP In 的 log 是因為我懷疑這些垃圾信可能來自於你們內部。
 樓主| 發表於 2008-11-15 09:07:42 | 顯示全部樓層
MarchFun您好
我擷取了一段SMTP IN LOG貼上來麻煩您看一下,如果還需要其他部分的LOG我在貼上來。

SMTP IN LOG
Mon 2008-11-10 12:26:34: Session 4; child 4; thread 3696
Mon 2008-11-10 12:26:01: Accepting SMTP connection from [218.167.54.181 : 4936]
Mon 2008-11-10 12:26:01: Performing PTR lookup (181.54.167.218.IN-ADDR.ARPA)
Mon 2008-11-10 12:26:01: *  D=181.54.167.218.IN-ADDR.ARPA TTL=(1439) PTR=[218-167-54-181.dynamic.hinet.net]
Mon 2008-11-10 12:26:01: *  Gathering A records...
Mon 2008-11-10 12:26:01: *  D=218-167-54-181.dynamic.hinet.net TTL=(41) A=[218.167.54.181]
Mon 2008-11-10 12:26:01: ---- End PTR results
Mon 2008-11-10 12:26:01: --> 220 timhome.idv.tw ESMTP MDaemon 9.5.5; Mon, 10 Nov 2008 12:26:01 +0800
Mon 2008-11-10 12:26:01: <-- HELO 61.56.143.238
Mon 2008-11-10 12:26:01: --> 250 timhome.idv.tw Hello 218-167-54-181.dynamic.hinet.net (may be forged), pleased to meet you
Mon 2008-11-10 12:26:01: <-- MAIL FROM: <[email protected]>
Mon 2008-11-10 12:26:01: Performing IP lookup (yahoo.com.tw)
Mon 2008-11-10 12:26:02: *  D=yahoo.com.tw TTL=(120) A=[202.43.195.13]
Mon 2008-11-10 12:26:02: *  P=005 S=000 D=yahoo.com.tw TTL=(3) MX=[mx1.mail.tw.yahoo.com] {203.188.197.9}
Mon 2008-11-10 12:26:02: *  P=005 S=001 D=yahoo.com.tw TTL=(3) MX=[mx2.mail.tw.yahoo.com] {203.188.197.10}
Mon 2008-11-10 12:26:02: ---- End IP lookup results
Mon 2008-11-10 12:26:02: Performing SPF lookup (yahoo.com.tw / 218.167.54.181)
Mon 2008-11-10 12:26:02: *  Result: none; no SPF record in DNS
Mon 2008-11-10 12:26:02: ---- End SPF results
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Sender ok
Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:02: Performing DNS-BL lookup (218.167.54.181 - connecting IP)
Mon 2008-11-10 12:26:02: *  zen.spamhaus.org - failed
Mon 2008-11-10 12:26:02: *  bl.spamcop.net - passed
Mon 2008-11-10 12:26:02: *  sbl-xbl.spamhaus.org - passed
Mon 2008-11-10 12:26:02: ---- End DNS-BL results
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:02: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:02: More than 5 RCPT commands encountered; this session tarpitted with a 10 second initial delay scaling by 1.00
Mon 2008-11-10 12:26:02: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:13: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:13: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:23: <-- RCPT TO: <[email protected]>
Mon 2008-11-10 12:26:23: --> 250 <[email protected]>, Recipient ok
Mon 2008-11-10 12:26:33: <-- DATA
Mon 2008-11-10 12:26:33: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000000001.tmp
Mon 2008-11-10 12:26:33: --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2008-11-10 12:26:33: Message size: 999 bytes
Mon 2008-11-10 12:26:33: Performing DomainKeys lookup (Sender: [email protected])
Mon 2008-11-10 12:26:33: *  File: c:\mdaemon\queues\temp\md50000000001.tmp
Mon 2008-11-10 12:26:33: *  Message-ID: [email protected]
Mon 2008-11-10 12:26:33: *  Querying for policy: ms96.url.com.tw
Mon 2008-11-10 12:26:33: *    Querying: _domainkey.ms96.url.com.tw ...
Mon 2008-11-10 12:26:33: *    DNS: Name server reports domain name unknown
Mon 2008-11-10 12:26:33: *  Result: pass
Mon 2008-11-10 12:26:33: ---- End DomainKeys results
Mon 2008-11-10 12:26:33: Performing DKIM lookup
Mon 2008-11-10 12:26:33: *  File: c:\mdaemon\queues\temp\md50000000001.tmp
Mon 2008-11-10 12:26:33: *  Message-ID: [email protected]
Mon 2008-11-10 12:26:33: *  Result: neutral
Mon 2008-11-10 12:26:33: ---- End DKIM results
Mon 2008-11-10 12:26:33: Passing message through AntiVirus (Size: 999)...
Mon 2008-11-10 12:26:34: *  Message is clean (no viruses found)
Mon 2008-11-10 12:26:34: ---- End AntiVirus results
Mon 2008-11-10 12:26:34: Passing message through Outbreak Protection...
Mon 2008-11-10 12:26:34: *  Message-ID: [email protected]
Mon 2008-11-10 12:26:34: *  Reference-ID: str=0001.0A150202.4917B800.006E,ss=4,fgs=12
Mon 2008-11-10 12:26:34: *  Spam/phishing threat level: 4 - Spam
Mon 2008-11-10 12:26:34: *  Virus threat level: 0 - Clean
Mon 2008-11-10 12:26:34: ---- End Outbreak Protection results
Mon 2008-11-10 12:26:34: --> 554 Sorry, message looks like spam or phish to me (OP)
Mon 2008-11-10 12:26:34: SMTP session terminated (Bytes in/out: 1315/619)

發表於 2008-11-16 21:13:27 | 顯示全部樓層

你確定你有關閉 Open Relay 嗎?看起來像是沒關的樣子。

 

另外,這篇也可以看一下:

http://www.suma.tw/forum/thread-1133-1-1.html

 樓主| 發表於 2008-11-16 21:58:46 | 顯示全部樓層
MarchFun您好:
麻煩您看一下我是關閉下圖的選項不知是否正確,如有不正確請指教我使用的事mdaemon 9.5.5的版本。


發表於 2008-11-17 11:28:22 | 顯示全部樓層

你沒關閉 Open Relay 啦!那第一個選項要勾起來才對!

發表於 2009-3-6 10:13:46 | 顯示全部樓層
原來是這樣子,我也要來試試看!!
你需要登入後才可以回覆 登入 | 我要註冊

本版積分規則

Archiver|禁閉室|手機版|數碼中文坊

GMT+8, 2024-3-29 04:19 PM

Powered by Discuz! X3.4 Licensed

© 2001-2023 Discuz! Team.

快速回覆 返回頂端 返回清單