邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: dns劫持造成URIBL_BLACK误判，垃圾指数增加 [打印本页]

作者: ares 时间: 2008-10-10 10:03
标题: dns劫持造成URIBL_BLACK误判，垃圾指数增加
最近sina.com tom.com发往本地邮件，都出现了
Fri 2008-10-10 09:50:17: *  3.0 URIBL_BLACK Contains a URL listed in the URIBL.com blacklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
Fri 2008-10-10 09:50:17: *  9.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
Fri 2008-10-10 09:50:17: *  9.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
已经把sina.com.cn加白名单，还是被判垃圾，URIBL.com blacklist在那里可以手工设定，三项加起来都垃圾指数20多，头大的
我的系统 2003+iis+mssql+md9.51
故障原因是dns劫持造成spam误判
最快解决方法，建议更换dns
我用移动的dns目前测试正常
211.136.112.50
211.136.150.66
211.136.11.50
211.136.17.107

Fri 2008-10-10 09:50:17: Session 5585; child 4; thread 5356
Fri 2008-10-10 09:50:13: 接受 SMTP 连接来自 [202.108.3.47 ：64064]
Fri 2008-10-10 09:50:13: --> 220 cybermart.com.cn ESMTP MAIL ready
Fri 2008-10-10 09:50:13: <-- EHLO mail3-47.sinamail.sina.com.cn
Fri 2008-10-10 09:50:13: --> 250-xxx Hello mail3-47.sinamail.sina.com.cn, pleased to meet you
Fri 2008-10-10 09:50:13: --> 250-ETRN
Fri 2008-10-10 09:50:13: --> 250-AUTH=LOGIN
Fri 2008-10-10 09:50:13: --> 250-AUTH LOGIN
Fri 2008-10-10 09:50:13: --> 250-8BITMIME
Fri 2008-10-10 09:50:13: --> 250 SIZE 20000000
Fri 2008-10-10 09:50:13: <-- MAIL FROM:<xxx@sina.com> SIZE=2054
Fri 2008-10-10 09:50:13: Performing IP lookup (sina.com)
Fri 2008-10-10 09:50:13: *  D=sina.com TTL=(0) A=[71.5.7.191]
Fri 2008-10-10 09:50:13: *  P=010 S=000 D=sina.com TTL=(0) MX=[freemx2.sinamail.sina.com.cn] {218.30.115.106}
Fri 2008-10-10 09:50:13: *  P=010 S=001 D=sina.com TTL=(0) MX=[freemx3.sinamail.sina.com.cn] {60.28.2.248}
Fri 2008-10-10 09:50:13: *  P=010 S=002 D=sina.com TTL=(0) MX=[freemx1.sinamail.sina.com.cn] {202.108.3.242}
Fri 2008-10-10 09:50:13: ---- End IP lookup results
Fri 2008-10-10 09:50:13: --> 250 <xxx@sina.com>, Sender ok
Fri 2008-10-10 09:50:13: <-- RCPT TO:<xxx@xxx.com.cn>
Fri 2008-10-10 09:50:13: --> 250 <xxx@xxx.com.cn>, Recipient ok
Fri 2008-10-10 09:50:13: <-- DATA
Fri 2008-10-10 09:50:13: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000009194.tmp
Fri 2008-10-10 09:50:13: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2008-10-10 09:50:14: Message size: 2054 bytes
Fri 2008-10-10 09:50:14: Passing message through AntiVirus (Size: 2054)...
Fri 2008-10-10 09:50:14: *  邮件清洁（未发现病毒）
Fri 2008-10-10 09:50:14: ---- End AntiVirus results
Fri 2008-10-10 09:50:14: Passing message through Outbreak Protection...
Fri 2008-10-10 09:50:14: *  Message-ID: 20081010015009.D65BE13682E@mail3-47.sinamail.sina.com.cn
Fri 2008-10-10 09:50:14: *  Reference-ID: str=0001.0A150201.48EEB4D3.0007,ss=1,fgs=0
Fri 2008-10-10 09:50:14: *  Virus result: 0 - Clean
Fri 2008-10-10 09:50:14: *  Spam result: 1 - Clean
Fri 2008-10-10 09:50:14: *  IWF result: (requires MDaemon 9.60 or higher)
Fri 2008-10-10 09:50:14: ---- End Outbreak Protection results
Fri 2008-10-10 09:50:14: Passing message through Spam Filter (Size: 2054)...
Fri 2008-10-10 09:50:17: ---- Start SpamAssassin results
Fri 2008-10-10 09:50:17: 25.6 points, 5.5 required;
Fri 2008-10-10 09:50:17: *  4.0 MD_XMRCVD_PIPE MD_XMRCVD_PIPE
Fri 2008-10-10 09:50:17: *  0.0 HTML_MESSAGE BODY: HTML included in message
Fri 2008-10-10 09:50:17: *  0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
Fri 2008-10-10 09:50:17: *  3.0 URIBL_BLACK Contains a URL listed in the URIBL.com blacklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
Fri 2008-10-10 09:50:17: *  9.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
Fri 2008-10-10 09:50:17: *  9.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
Fri 2008-10-10 09:50:17: *    [URIs: sina.com.cn]
Fri 2008-10-10 09:50:17: ---- End SpamAssassin results
Fri 2008-10-10 09:50:17: Spam Filter score/req: 25.60/7.6
Fri 2008-10-10 09:50:17: Message refused because spam score is too high
Fri 2008-10-10 09:50:17: --> 554 Sorry, message looks like SPAM to me
Fri 2008-10-10 09:50:17: <-- QUIT
Fri 2008-10-10 09:50:17: --> 221 See ya in cyberspace
Fri 2008-10-10 09:50:17: SMTP 会话终止（in/out 字节： 2182/383）

[ 本帖最后由 ares 于 2008-10-10 10:36 编辑 ]

作者: wxhsh 时间: 2008-10-10 10:07
标题: 回复 1楼 ares 的帖子
http://www.5dmail.net/bbs/thread-178542-1-2.html

作者: ares 时间: 2008-10-10 10:28
标题: 解决
刚刚看了http://www.5dmail.net/bbs/thread-173837-1-1.html

换了dns，就没有问题了，哎，还有那个dns不叫劫持，是电信作了个114搜索引擎，电信把一切无法解析的地址都扔给114那个地址了，真是无语

作者: wxhsh 时间: 2008-10-10 10:30
标题: 回复 3楼 ares 的帖子
其实这就叫劫持，导致DNS-BL功能无效。

作者: dennishan 时间: 2008-10-10 11:41
电信要增值，要做门户，做这个很正常。
再说电信DNS没说给服务器用，就提供上网用户DNS服务。

作者: lake 时间: 2008-10-13 11:10
能不能把好的DNS server共享一下？

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/BBS/)