馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。
你需要 登入 才可以下載或檢視,沒有帳號?我要註冊
x
本文章最後由 liskenny 於 2011-12-30 04:41 PM 編輯
近來公司持續接收到垃圾信,觀察了一下似乎是來自同一個地方,但卻又是不同的Source
SMTP-in log如下
Fri 2011-12-30 11:26:36: Session 3574;child 2; thread 4184 Fri 2011-12-30 11:26:31: Accepting SMTPconnection from [67.20.29.147 : 41493] Fri 2011-12-30 11:26:31: --> 220 xxx.com.twESMTP MDaemon 8.1.1; Fri, 30 Dec 2011 11:26:31+0800 Fri 2011-12-30 11:26:32: <-- HELOcable.fidnet.com Fri 2011-12-30 11:26:32: --> 250 xxx.com.twHello cable.fidnet.com, pleased to meet you Fri 2011-12-30 11:26:32: Performing DNS-BLlookup (67.20.29.147 - connecting IP) Fri 2011-12-30 11:26:33: * sbl-xbl.spamhaus.org - failed Fri 2011-12-30 11:26:33: * opm.blitzed.org - passed Fri 2011-12-30 11:26:33: * relays.ordb.org - passed Fri 2011-12-30 11:26:33: * bl.spamcop.net - passed Fri 2011-12-30 11:26:33: * 173.12.217.73 - passed Fri 2011-12-30 11:26:34: * naanet.dk - passed Fri 2011-12-30 11:26:34: * 64.31.61.215 - passed Fri 2011-12-30 11:26:34: * yahoo.com - failed Fri 2011-12-30 11:26:34: ---- End DNS-BLresults Fri 2011-12-30 11:26:34: <-- DATA Fri 2011-12-30 11:26:34: Creating temp file(SMTP): c:\mdaemon\queues\temp\md50000014166.tmp Fri 2011-12-30 11:26:34: --> 354 Entermail, end with <CRLF>.<CRLF> Fri 2011-12-30 11:26:35: Message size: 1622bytes Fri 2011-12-30 11:26:35: Passing messagethrough AntiVirus (Size: 1622)... Fri 2011-12-30 11:26:35: * Message is clean (no viruses found) Fri 2011-12-30 11:26:35: ---- End AntiVirusresults Fri 2011-12-30 11:26:35: Passing messagethrough Spam Filter (Size: 1622)... Fri 2011-12-30 11:26:36: * 3.0 MDAEMON_DNSBL MDaemon: marked byMDaemon's DNSBL Fri 2011-12-30 11:26:36: * 0.1 RCVD_BY_IP Received by mail server withno name Fri 2011-12-30 11:26:36: * 3.4 MIME_BOUND_DIGITS_15 Spam tool pattern inMIME boundary Fri 2011-12-30 11:26:36: * 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com doesnot match 'Received' headers Fri 2011-12-30 11:26:36: * 2.9 SUBJ_ILLEGAL_CHARS Subject contains toomany raw illegal characters Fri 2011-12-30 11:26:36: * 2.1 HEAD_ILLEGAL_CHARS Header contains toomany raw illegal characters Fri 2011-12-30 11:26:36: * 0.0 FROM_ILLEGAL_CHARS From contains too manyraw illegal characters Fri 2011-12-30 11:26:36: * -100USER_IN_WHITELIST_TO address is listed in 'whitelist_to' Fri 2011-12-30 11:26:36: * 6.0 BAYES_80 BODY: Bayesian spam probabilityis 80 to 95% Fri 2011-12-30 11:26:36: * [score: 0.9457] Fri 2011-12-30 11:26:36: * 0.1 MPART_ALT_DIFF BODY: HTML and text partsare different Fri 2011-12-30 11:26:36: * 0.1 HTML_80_90 BODY: Message is 80% to 90%HTML Fri 2011-12-30 11:26:36: * 0.0 HTML_MESSAGE BODY: HTML included inmessage Fri 2011-12-30 11:26:36: * 0.1 HTML_FONT_BIG BODY: HTML tag for a bigfont size Fri 2011-12-30 11:26:36: * 0.0 MIME_QP_LONG_LINE RAW: Quoted-printableline longer than 76 chars Fri 2011-12-30 11:26:36: * 2.4 FORGED_MUA_IMS Forged mail pretending tobe from IMS Fri 2011-12-30 11:26:36: * 2.4 FORGED_IMS_TAGS IMS mailers can't sendHTML in this format Fri 2011-12-30 11:26:36: ---- EndSpamAssassin results Fri 2011-12-30 11:26:36: Spam Filterscore/req: -74.65/12.0 Fri 2011-12-30 11:26:36: Message creationsuccessful: c:\mdaemon\queues\inbound\md50000396742.msg Fri 2011-12-30 11:26:36: <-- QUIT Fri 2011-12-30 11:26:36: --> 221 See yain cyberspace Fri 2011-12-30 11:26:36: SMTP sessionsuccessful (Bytes in/out: 1723/350) Fri 2011-12-30 11:26:36: ---------- Fri 2011-12-30 13:22:03: ---------- Fri 2011-12-30 13:22:10: Session 3791;child 1; thread 4244 Fri 2011-12-30 13:22:05: Accepting SMTPconnection from [180.247.96.10 : 36465] Fri 2011-12-30 13:22:05: Performing PTRlookup (10.96.247.180.IN-ADDR.ARPA) Fri 2011-12-30 13:22:05: * Error: The name server reports that it ishaving technical problems Fri 2011-12-30 13:22:05: ---- End PTRresults Fri 2011-12-30 13:22:05: --> 220 xxx.com.twESMTP MDaemon 8.1.1; Fri, 30 Dec 2011 13:22:05+0800 Fri 2011-12-30 13:22:06: <-- HELO220.130.205.224 Fri 2011-12-30 13:22:06: --> 250 xxx.com.twHello 220.130.205.224, pleased to meet you Fri 2011-12-30 13:22:06: Performing DNS-BLlookup (180.247.96.10 - connecting IP) Fri 2011-12-30 13:22:06: * sbl-xbl.spamhaus.org - failed Fri 2011-12-30 13:22:07: * opm.blitzed.org - passed Fri 2011-12-30 13:22:07: * relays.ordb.org - passed Fri 2011-12-30 13:22:07: * bl.spamcop.net - failed Fri 2011-12-30 13:22:07: * 173.12.217.73 - passed Fri 2011-12-30 13:22:07: * naanet.dk - passed Fri 2011-12-30 13:22:07: * 64.31.61.215 - passed Fri 2011-12-30 13:22:07: * yahoo.com - failed Fri 2011-12-30 13:22:07: ---- End DNS-BLresults Fri 2011-12-30 13:22:08: <-- DATA Fri 2011-12-30 13:22:08: Creating temp file(SMTP): c:\mdaemon\queues\temp\md50000014548.tmp Fri 2011-12-30 13:22:08: --> 354 Entermail, end with <CRLF>.<CRLF> Fri 2011-12-30 13:22:08: Message size: 2748bytes Fri 2011-12-30 13:22:08: Passing messagethrough AntiVirus (Size: 2748)... Fri 2011-12-30 13:22:08: * Message is clean (no viruses found) Fri 2011-12-30 13:22:08: ---- End AntiVirusresults Fri 2011-12-30 13:22:08: Passing messagethrough Spam Filter (Size: 2748)... Fri 2011-12-30 13:22:09: * 3.0 MDAEMON_DNSBL MDaemon: marked byMDaemon's DNSBL Fri 2011-12-30 13:22:09: * 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern inMIME boundary Fri 2011-12-30 13:22:09: * 3.8 MSGID_SPAM_CAPS Spam tool Message-Id caps variant) Fri 2011-12-30 13:22:09: * 0.1 RCVD_BY_IP Received by mail server withno name Fri 2011-12-30 13:22:09: * 2.9 SUBJ_ILLEGAL_CHARS Subject contains toomany raw illegal characters Fri 2011-12-30 13:22:09: * 0.0 FROM_ILLEGAL_CHARS From contains too manyraw illegal characters Fri 2011-12-30 13:22:09: * -100USER_IN_WHITELIST_TO address is listed in 'whitelist_to' Fri 2011-12-30 13:22:09: * 1.6 BAYES_50 BODY: Bayesian spam probabilityis 40 to 60% Fri 2011-12-30 13:22:09: * [score: 0.5261] Fri 2011-12-30 13:22:09: * 0.0 MIME_QP_LONG_LINE RAW: Quoted-printableline longer than 76 chars Fri 2011-12-30 13:22:09: * 4.1 RCVD_DOUBLE_IP_SPAM Bulk emailfingerprint (double IP) found Fri 2011-12-30 13:22:09: * 0.0 MISSING_MIMEOLE Message hasX-MSMail-Priority, but no X-MimeOLE Fri 2011-12-30 13:22:09: * 0.0 UPPERCASE_50_75 message body is 50-75%uppercase Fri 2011-12-30 13:22:09: ---- EndSpamAssassin results Fri 2011-12-30 13:22:09: Spam Filterscore/req: -80.34/12.0 Fri 2011-12-30 13:22:09: Message creation successful:c:\mdaemon\queues\inbound\md50000396762.msg Fri 2011-12-30 13:22:10: <-- QUIT Fri 2011-12-30 13:22:10: --> 221 See yain cyberspace Fri 2011-12-30 13:22:10: SMTP sessionsuccessful (Bytes in/out: 2857/361) Fri 2011-12-30 13:22:10: ---------- |