關於信任主機設定問題

johnson_csy · 發表於 2010-4-16 16:01:19

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。

你需要登入才可以下載或檢視，沒有帳號？我要註冊

x

各位大大..新人小弟目前碰到一個問題,我的MAIL Server 是(v10.1.1) pro
在trusted IP 內需要建入 *.*.*.*這樣外部的寄來的信才會收的到...
若不這樣設...要發給我們公司的信的寄件者,就必需一一建入他們公司的IP...這是正常的嗎..
有什麼地方需要修改呢...

因為之前Trusted IP是空白的未設任何IP...防火牆那會將外部IP都轉成對應的內部IP...所以沒發生.
但這樣造成無法使用IP來封鎖垃圾信,因為所有IP皆來自防火牆設的IP ,但最近垃圾信滿多的想針對IP來封鎖..
所以更動了防火牆的設定.才發現這個問題...

順便再請問封鎖IP有幾種作法呢...

感謝

MarchFun · 發表於 2010-4-16 17:15:13

當然是不正常，但要看看 Log 才能找出問題。

johnson_csy · 發表於 2010-4-19 09:55:28

本文章最後由 johnson_csy 於 2010-4-19 03:52 PM 編輯

高手你好:這是更改設定後...對方mail過來被檔的log
Fri 2010-04-16 10:54:48: ----------
Fri 2010-04-16 10:54:53: Session 9766; child 1; thread 2716
Fri 2010-04-16 10:54:48: Accepting SMTP connection from [202.181.220.6:64647]
Fri 2010-04-16 10:54:48: --> 220-ms1.******-asia.com ESMTP MDaemon 10.1.1; Fri, 16 Apr 2010 10:54:48 +0800
Fri 2010-04-16 10:54:48: --> 220-Unauthorized relay prohibited.
Fri 2010-04-16 10:54:48: --> 220 All transactions and IP addresses are logged.
Fri 2010-04-16 10:54:48: <-- EHLO Thunder.tw.#####.net
Fri 2010-04-16 10:54:48: --> 250-ms1.******-asia.com Hello Thunder.tw.cnlink.net, pleased to meet you
Fri 2010-04-16 10:54:48: --> 250-VRFY
Fri 2010-04-16 10:54:48: --> 250-EXPN
Fri 2010-04-16 10:54:48: --> 250-ETRN
Fri 2010-04-16 10:54:48: --> 250-AUTH=LOGIN
Fri 2010-04-16 10:54:48: --> 250-AUTH LOGIN CRAM-MD5
Fri 2010-04-16 10:54:48: --> 250-8BITMIME
Fri 2010-04-16 10:54:48: --> 250-STARTTLS
Fri 2010-04-16 10:54:48: --> 250 SIZE 30720000
Fri 2010-04-16 10:54:48: <-- STARTTLS
Fri 2010-04-16 10:54:48: --> 220 Begin TLS negotiation
Fri 2010-04-16 10:54:48: SSL negotiation successful (TLS 1.0, 1024 bit key exchange, 128 bit RC4 encryption)
Fri 2010-04-16 10:54:48: <-- EHLO Thunder.tw.#####.net
Fri 2010-04-16 10:54:48: --> 250-ms1.******-asia.com Hello Thunder.tw.cnlink.net, pleased to meet you
Fri 2010-04-16 10:54:48: --> 250-VRFY
Fri 2010-04-16 10:54:48: --> 250-EXPN
Fri 2010-04-16 10:54:48: --> 250-ETRN
Fri 2010-04-16 10:54:48: --> 250-AUTH=LOGIN
Fri 2010-04-16 10:54:48: --> 250-AUTH LOGIN CRAM-MD5
Fri 2010-04-16 10:54:48: --> 250-8BITMIME
Fri 2010-04-16 10:54:48: --> 250 SIZE 30720000
Fri 2010-04-16 10:54:48: <-- MAIL From:<sam@tw.#####.net> SIZE=46641
Fri 2010-04-16 10:54:48: Performing PTR lookup (6.220.181.202.IN-ADDR.ARPA)
Fri 2010-04-16 10:54:48: *  D=6.0-255.220.181.202.IN-ADDR.ARPA TTL=(46) PTR=[thunder.tw.#####.net]
Fri 2010-04-16 10:54:48: *  Gathering A records...
Fri 2010-04-16 10:54:48: *  D=thunder.tw.#####.net TTL=(60) A=[202.181.220.6]
Fri 2010-04-16 10:54:48: ---- End PTR results
Fri 2010-04-16 10:54:48: Performing IP lookup (Thunder.tw.#####.net)
Fri 2010-04-16 10:54:48: *  D=Thunder.tw.#####.net TTL=(60) A=[202.181.220.6]
Fri 2010-04-16 10:54:48: ---- End IP lookup results
Fri 2010-04-16 10:54:48: Performing IP lookup (tw.cnlink.net)
Fri 2010-04-16 10:54:48: *  P=010 S=000 D=tw.#####.net TTL=(60) MX=[thunder.tw.#####.net] {202.181.220.6}
Fri 2010-04-16 10:54:48: ---- End IP lookup results
Fri 2010-04-16 10:54:48: Performing SPF lookup (tw.#####.net / 202.181.220.6)
Fri 2010-04-16 10:54:49: *  Result: none; no SPF record in DNS
Fri 2010-04-16 10:54:49: ---- End SPF results
Fri 2010-04-16 10:54:49: --> 250 <sam@tw.#####.net>, Sender ok
Fri 2010-04-16 10:54:49: <-- RCPT To:<johnson.c@******-asia.com>
Fri 2010-04-16 10:54:49: Performing DNS-BL lookup (202.181.220.6 - connecting IP)
Fri 2010-04-16 10:54:49: *  opm.blitzed.org - passed
Fri 2010-04-16 10:54:49: *  bl.spamcop.net - passed
Fri 2010-04-16 10:54:49: *  0451.com - passed
Fri 2010-04-16 10:54:49: *  *.mailserver.idv.tw - passed
Fri 2010-04-16 10:54:49: *  *.pomailer.com - passed
Fri 2010-04-16 10:54:49: *  *@mailserver.idv.tw - passed
Fri 2010-04-16 10:54:49: *  *@kimo.com.tw - passed
Fri 2010-04-16 10:54:49: *  *@abc.com.* - passed
Fri 2010-04-16 10:54:50: *  *@h8h.com.* - passed
Fri 2010-04-16 10:54:50: *  *@seznam.cz - passed
Fri 2010-04-16 10:54:50: *  *@null.com - passed
Fri 2010-04-16 10:54:50: *  *@t-online.de - passed
Fri 2010-04-16 10:54:50: *  *@sohu.com - passed
Fri 2010-04-16 10:54:50: *  *@mailfb.com - passed
Fri 2010-04-16 10:54:50: *  *.zapto.org - passed
Fri 2010-04-16 10:54:51: *  *.dion.ne.jp - passed
Fri 2010-04-16 10:54:51: *  zen.spamhaus.org - passed
Fri 2010-04-16 10:54:51: *  *@whistlerdream.com - passed
Fri 2010-04-16 10:54:51: *  *@kp.org - passed
Fri 2010-04-16 10:54:51: *  *@morgan-company.com - passed
Fri 2010-04-16 10:54:51: *  *@copyprintfax.com - passed
Fri 2010-04-16 10:54:51: *  *@accuchex.com - passed
Fri 2010-04-16 10:54:51: *  *@palmsource.com - passed
Fri 2010-04-16 10:54:51: *  *@catolico.com - passed
Fri 2010-04-16 10:54:52: *  *@echemistre.com - passed
Fri 2010-04-16 10:54:52: *  *@sulainet.com - passed
Fri 2010-04-16 10:54:52: *  *@boiiom.com - passed
Fri 2010-04-16 10:54:52: *  bpbill.com - passed
Fri 2010-04-16 10:54:52: *  peppercom.com - passed
Fri 2010-04-16 10:54:52: *  arqmia.com - passed
Fri 2010-04-16 10:54:52: *  themindgroup.com - passed
Fri 2010-04-16 10:54:53: *  advsol.com - passed
Fri 2010-04-16 10:54:53: *  hughburchill.net - failed - 66.150.161.140
Fri 2010-04-16 10:54:53: ---- End DNS-BL results
Fri 2010-04-16 10:54:53: 'Recipient unknown' given and connection dropped to divert future spam
Fri 2010-04-16 10:54:53: --> 550 <johnson.c@******-asia.com>, Recipient unknown
Fri 2010-04-16 10:54:53: SMTP session terminated (Bytes in/out: 517/1342)

johnson_csy · 發表於 2010-4-19 10:20:28

Hello Machfun 高手..
因為今天太多垃圾信...
所以我把信任主機的 host IP *.*.*.*拿掉...
看了log ....感覺好像是DNS-BL 及 SPF 的問題..
所以我先把DNS-BL 取消
再將 SPF/Sender ID 的 Verify Sending host using SPF 及 Verify PRA using Sender ID 功能取消
感覺好像可以用了...
只是把 SPF的這二個功能取消會不會有什麼問題呢....

johnson_csy · 發表於 2010-4-19 15:25:45

本文章最後由 johnson_csy 於 2010-4-19 03:57 PM 編輯

在把那上述取消後...有些客戶的mail進不來...後來又把
1.反向查詢取消
2.DKIM 的功能都取消...
即可...
這是客戶寄來出錯的session
----------
Mon 2010-04-19 13:59:50: Session 1897; child 2; thread 2124
Mon 2010-04-19 13:59:50: Accepting SMTP connection from [61.218.7.118:3068]
Mon 2010-04-19 13:59:50: --> 220-ms1.******-asia.com ESMTP MDaemon 10.1.1; Mon, 19 Apr 2010 13:59:50 +0800
Mon 2010-04-19 13:59:50: --> 220-Unauthorized relay prohibited.
Mon 2010-04-19 13:59:50: --> 220 All transactions and IP addresses are logged.
Mon 2010-04-19 13:59:50: <-- EHLO liontravel.com
Mon 2010-04-19 13:59:50: --> 250-ms1.******-asia.com Hello liontravel.com, pleased to meet you
Mon 2010-04-19 13:59:50: --> 250-VRFY
Mon 2010-04-19 13:59:50: --> 250-EXPN
Mon 2010-04-19 13:59:50: --> 250-ETRN
Mon 2010-04-19 13:59:50: --> 250-AUTH=LOGIN
Mon 2010-04-19 13:59:50: --> 250-AUTH LOGIN CRAM-MD5
Mon 2010-04-19 13:59:50: --> 250-8BITMIME
Mon 2010-04-19 13:59:50: --> 250-STARTTLS
Mon 2010-04-19 13:59:50: --> 250 SIZE 30720000
Mon 2010-04-19 13:59:50: <-- MAIL From:<yayuanyu@#####.com> SIZE=81544
Mon 2010-04-19 13:59:50: Performing PTR lookup (118.7.218.61.IN-ADDR.ARPA)
Mon 2010-04-19 13:59:50: *  D=118.7.218.61.IN-ADDR.ARPA TTL=(638) PTR=[61-218-7-118.HINET-IP.hinet.net]
Mon 2010-04-19 13:59:50: *  Gathering A records...
Mon 2010-04-19 13:59:50: *  D=61-218-7-118.HINET-IP.hinet.net TTL=(1440) A=[61.218.7.118]
Mon 2010-04-19 13:59:50: ---- End PTR results
Mon 2010-04-19 13:59:50: Performing IP lookup (liontravel.com)
Mon 2010-04-19 13:59:50: *  D=liontravel.com TTL=(25) A=[61.67.145.138]
Mon 2010-04-19 13:59:50: ---- End IP lookup results
Mon 2010-04-19 13:59:50: --> 550 Domain ******-asia.com does not accept mail from 61-218-7-118.HINET-IP.hinet.net
Mon 2010-04-19 13:59:50: SMTP session terminated (Bytes in/out: 69/440)

後來又碰到香港同事的mail不能發內部的...因為香港send e-mail只能用他們SIP公司的
所以取消了
1.POP Before SMTP
2.Authentication is always required when mail is from local account

香港出錯時的session
Session 1973; child 3; thread 2500
Mon 2010-04-19 14:03:16: Accepting SMTP connection from [65.55.111.82:1570]
Mon 2010-04-19 14:03:16: --> 220-ms1.******-asia.com ESMTP MDaemon 10.1.1; Mon, 19 Apr 2010 14:03:16 +0800
Mon 2010-04-19 14:03:16: --> 220-Unauthorized relay prohibited.
Mon 2010-04-19 14:03:16: --> 220 All transactions and IP addresses are logged.
Mon 2010-04-19 14:03:16: <-- EHLO blu0-omc2-s7.blu0.hotmail.com
Mon 2010-04-19 14:03:16: --> 250-ms1.******-asia.com Hello blu0-omc2-s7.blu0.hotmail.com, pleased to meet you
Mon 2010-04-19 14:03:16: --> 250-VRFY
Mon 2010-04-19 14:03:16: --> 250-EXPN
Mon 2010-04-19 14:03:16: --> 250-ETRN
Mon 2010-04-19 14:03:16: --> 250-AUTH=LOGIN
Mon 2010-04-19 14:03:16: --> 250-AUTH LOGIN CRAM-MD5
Mon 2010-04-19 14:03:16: --> 250-8BITMIME
Mon 2010-04-19 14:03:16: --> 250-STARTTLS
Mon 2010-04-19 14:03:16: --> 250 SIZE 30720000
Mon 2010-04-19 14:03:17: <-- MAIL FROM:<johnson_csy@#####.com> SIZE=3259
Mon 2010-04-19 14:03:17: Performing PTR lookup (82.111.55.65.IN-ADDR.ARPA)
Mon 2010-04-19 14:03:17: *  D=82.111.55.65.IN-ADDR.ARPA TTL=(60) PTR=[blu0-omc2-s7.blu0.#####.com]
Mon 2010-04-19 14:03:17: *  Gathering A records...
Mon 2010-04-19 14:03:17: *  D=blu0-omc2-s7.blu0.#####.com TTL=(60) A=[65.55.111.82]
Mon 2010-04-19 14:03:17: ---- End PTR results
Mon 2010-04-19 14:03:17: Performing IP lookup (blu0-omc2-s7.blu0.#####.com)
Mon 2010-04-19 14:03:17: *  D=blu0-omc2-s7.blu0.#####.com TTL=(60) A=[65.55.111.82]
Mon 2010-04-19 14:03:17: ---- End IP lookup results
Mon 2010-04-19 14:03:17: Performing IP lookup (#####.com)
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(26) A=[64.4.20.186]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(26) A=[64.4.20.169]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(26) A=[64.4.20.174]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(26) A=[64.4.20.184]
Mon 2010-04-19 14:03:17: *  P=005 S=000 D=#####.com TTL=(17) MX=[mx4.#####.com]
Mon 2010-04-19 14:03:17: *  P=005 S=001 D=#####.com TTL=(17) MX=[mx1.#####.com] {65.54.188.94}
Mon 2010-04-19 14:03:17: *  P=005 S=002 D=#####.com TTL=(17) MX=[mx2.#####.com]
Mon 2010-04-19 14:03:17: *  P=005 S=003 D=#####.com TTL=(17) MX=[mx3.#####.com]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(46) A=[64.4.20.169]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(8) A=[64.4.20.186]
Mon 2010-04-19 14:03:17: *  D=#####.com TTL=(56) A=[64.4.20.184]
Mon 2010-04-19 14:03:17: ---- End IP lookup results
Mon 2010-04-19 14:03:17: --> 250 <johnson_csy@#####.com>, Sender ok
Mon 2010-04-19 14:03:17: <-- RCPT TO:<esther.c@******-asia.com>
Mon 2010-04-19 14:03:17: --> 451 Greylisting enabled, try again in 15 minutes
Mon 2010-04-19 14:03:17: <-- RSET
Mon 2010-04-19 14:03:17: --> 250 RSET? Well, ok.
Mon 2010-04-19 14:03:18: <-- QUIT
Mon 2010-04-19 14:03:18: --> 221 See ya in cyberspace
Mon 2010-04-19 14:03:18: SMTP session terminated (Bytes in/out: 132/507)

johnson_csy · 發表於 2010-4-19 15:30:38

不好意思也取消了..Reverse Lookups 內的
perform reverse PTR record lookup on inbound SMTP connections 選項

感覺一些防治垃圾信功能己被我關閉了一大半........

隨風浮雲 · 發表於 2010-4-20 10:25:37

Fri 2010-04-16 10:54:48: Performing SPF lookup (tw.#####.net / 202.181.220.6)
Fri 2010-04-16 10:54:49: * Result: none; no SPF record in DNS
Fri 2010-04-16 10:54:49: ---- End SPF results

這段是你開啟 SPF 認證確認，基本上SPF的認證已經很少人用了，可以關掉。

Fri 2010-04-16 10:54:53: 'Recipient unknown' given and connection dropped to divert future spam
Fri 2010-04-16 10:54:53: --> 550 <johnson.c@******-asia.com>, Recipient unknown

收信人是未知的，所以寄信給你的人，他email名字打錯了，所以MDAEMON把它歸類到垃圾信。

Mon 2010-04-19 13:59:50: --> 550 Domain ******-asia.com does not accept mail from 61-218-7-118.HINET-IP.hinet.net

你的郵件信箱不接受這個IP或是域名，請你自行查你的IP 或域名黑名單中，是否把它列進去了。

Mon 2010-04-19 14:03:17: --> 451 Greylisting enabled, try again in 15 minutes

你開啟了灰名單功能，所以信件要等15分鐘，再次投遞就可以正常寄信了。

以上三個功能並非MDEAMON獨有，你可能從未碰過郵件伺服器，所以會有以上困擾。

基本上MDEAMON安裝完成後的設定值，已經符合大部份人的需求，你不需再開啟或關閉相關防堵垃圾信值。

你唯一要做的是先觀察一個月的SMTP(in)及SMTP(out)的LOG資料，建立你們公司專屬的域名/IP/郵件地址黑名單及白單，
這樣才能防止垃圾郵件的入侵。

johnson_csy · 發表於 2010-5-3 09:42:32

感謝二位高手的協助...讓新人小弟受益良多:)

		自動登入	取回密碼
密碼			我要註冊

[已解決] 關於信任主機設定問題

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。