ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
查看: 4200|回复: 1
打印 上一主题 下一主题

[求助] 附上垃圾邮件日志,各位看下有办法防吗?

[复制链接]
跳转到指定楼层
顶楼
发表于 2010-9-7 10:49:57 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
就这周开始的,经常有部份人收到垃圾邮件。邮件内容大概如下:
=============================================以下为垃圾邮件内容
HYDROCODONE BRAND Watson 540 10mg/mg

Buy Your HYDROCODONE Online
30 Pills - $260, 60 Pills - $479, 90 Pills - $656, 120 Pills - $838.
NoPRESCRIPTION REQUIRED


==============================================以上为垃圾邮件内容

我查了下,相关日志如下:
SMTP(IN)中相关如下:
ue 2010-09-07 00:37:58: ----------
Tue 2010-09-07 00:38:58: Session 1785; child 1; thread 2896
Tue 2010-09-07 00:37:44: Accepting SMTP connection from [92.7.188.171:2351]
Tue 2010-09-07 00:37:44: Performing PTR lookup (171.188.7.92.IN-ADDR.ARPA)
Tue 2010-09-07 00:37:54: *  DNS: 10 second wait for DNS response exceeded
Tue 2010-09-07 00:37:54: *  D=171.188.7.92.IN-ADDR.ARPA TTL=(1440) PTR=[host-92-7-188-171.as43234.net]
Tue 2010-09-07 00:37:54: *  Gathering A records...
Tue 2010-09-07 00:37:55: ---- End PTR results
Tue 2010-09-07 00:37:55: --> 220 huge.com.cn ESMTP MDaemon 10.1.1; Tue, 07 Sep 2010 00:37:55 +0800
Tue 2010-09-07 00:37:57: <-- EHLO zxcdj
Tue 2010-09-07 00:37:57: Performing IP lookup (zxcdj)
Tue 2010-09-07 00:38:07: *  DNS: 10 second wait for DNS response exceeded
Tue 2010-09-07 00:38:07: *  Error: *  名称服务器报告未知的域名
Tue 2010-09-07 00:38:07: ---- End IP lookup results
Tue 2010-09-07 00:38:07: --> 250-huge.com.cn Hello host-92-7-188-171.as43234.net, pleased to meet you
Tue 2010-09-07 00:38:07: --> 250-ETRN
Tue 2010-09-07 00:38:07: --> 250-AUTH=LOGIN
Tue 2010-09-07 00:38:07: --> 250-AUTH LOGIN CRAM-MD5
Tue 2010-09-07 00:38:07: --> 250-8BITMIME
Tue 2010-09-07 00:38:07: --> 250 SIZE
Tue 2010-09-07 00:38:08: <-- MAIL FROM: <adella.bibife@gbg.com>
Tue 2010-09-07 00:38:08: Performing IP lookup (gbg.com)
Tue 2010-09-07 00:38:09: *  D=gbg.com TTL=(60) A=[98.174.154.185]
Tue 2010-09-07 00:38:09: *  P=000 S=001 D=gbg.com TTL=(42) MX=[gbg.com.1.0001.arsmtp.com] {204.232.236.158}
Tue 2010-09-07 00:38:09: *  P=010 S=000 D=gbg.com TTL=(42) MX=[gbg.com.2.0001.arsmtp.com] {204.232.236.159}
Tue 2010-09-07 00:38:09: ---- End IP lookup results
Tue 2010-09-07 00:38:09: Performing SPF lookup (gbg.com / 92.7.188.171)
Tue 2010-09-07 00:38:09: *  Result: none; no SPF record in DNS
Tue 2010-09-07 00:38:09: ---- End SPF results
Tue 2010-09-07 00:38:09: --> 250 <adella.bibife@gbg.com>, Sender ok
Tue 2010-09-07 00:38:16: <-- RCPT TO: <zhaopin@我的邮箱.com>
Tue 2010-09-07 00:38:16: --> 250 <zhaopin@huge.com.cn>, Recipient ok
Tue 2010-09-07 00:38:23: <-- RCPT TO: <lindawang@我的邮箱.com>
Tue 2010-09-07 00:38:23: --> 250 <lindawang@我的邮箱.com>, Recipient ok
Tue 2010-09-07 00:38:25: <-- RCPT TO: <lyj@我的邮箱.com>
Tue 2010-09-07 00:38:25: --> 250 <lyj@我的邮箱.com>, Recipient ok
Tue 2010-09-07 00:38:31: <-- DATA
Tue 2010-09-07 00:38:31: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:31: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2010-09-07 00:38:39: Message size: 1964 bytes
Tue 2010-09-07 00:38:39: Performing DKIM lookup
Tue 2010-09-07 00:38:39: *  File: d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:39: *  Message-ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:39: *  Result: neutral
Tue 2010-09-07 00:38:39: ---- End DKIM results
Tue 2010-09-07 00:38:39: Performing DomainKeys lookup (Sender: adella.bibife@gbg.com)
Tue 2010-09-07 00:38:39: *  File: d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:39: *  Message-ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:39: *  Querying for policy: gbg.com
Tue 2010-09-07 00:38:39: *    Querying: _domainkey.gbg.com ...
Tue 2010-09-07 00:38:39: *    DNS: *  名称服务器报告未知的域名
Tue 2010-09-07 00:38:39: *  Result: neutral
Tue 2010-09-07 00:38:39: ---- End DomainKeys results
Tue 2010-09-07 00:38:39: Passing message through AntiVirus (Size: 1964)...
Tue 2010-09-07 00:38:39: *  邮件清洁(未发现病毒)
Tue 2010-09-07 00:38:39: ---- End AntiVirus results
Tue 2010-09-07 00:38:39: *  Outbreak Protection Error: Still unable to connect to Datacenter
Tue 2010-09-07 00:38:39: Passing message through Spam Filter (Size: 1964)...
Tue 2010-09-07 00:38:54: * -4.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Tue 2010-09-07 00:38:54: *      [score: 0.0000]
Tue 2010-09-07 00:38:54: *  0.0 HTML_MESSAGE BODY: HTML included in message
Tue 2010-09-07 00:38:54: *  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
Tue 2010-09-07 00:38:54: *      dynamic-looking rDNS
Tue 2010-09-07 00:38:54: *  0.5 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
Tue 2010-09-07 00:38:54: ---- End SpamAssassin results
Tue 2010-09-07 00:38:54: Spam Filter score/req: -4.10/12.0
Tue 2010-09-07 00:38:55: 邮件创建 successful:d:\mdaemon\queues\inbound\md50000011143.msg
Tue 2010-09-07 00:38:55: --> 250 Ok, message saved <Message-ID: 4C85268F.418989F0@gbg.com>
Tue 2010-09-07 00:38:58: <-- QUIT
Tue 2010-09-07 00:38:58: --> 221 See ya in cyberspace
Tue 2010-09-07 00:38:58: SMTP session successful (Bytes in/out: 2108/510)

以下是antispam日志相关内容:
ue 2010-09-07 00:38:58: (SMTP) Spam Filter processing d:\mdaemon\queues\temp\md50000004665.tmp...
Tue 2010-09-07 00:38:58: *  Message return-path: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: *  Message ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:58: Start SpamAssassin results
Tue 2010-09-07 00:38:58: -4.10 points, 15 required;
Tue 2010-09-07 00:38:58: * -4.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Tue 2010-09-07 00:38:58: *      [score: 0.0000]
Tue 2010-09-07 00:38:58: *  0.0 HTML_MESSAGE BODY: HTML included in message
Tue 2010-09-07 00:38:58: *  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
Tue 2010-09-07 00:38:58: *      dynamic-looking rDNS
Tue 2010-09-07 00:38:58: *  0.5 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
Tue 2010-09-07 00:38:58: End SpamAssassin results
以下是antivirus日志相关内容
Tue 2010-09-07 00:35:34: ----------
Tue 2010-09-07 00:38:58: SecurityPlus AntiVirus processing d:\mdaemon\queues\local\md50000021815.msg...
Tue 2010-09-07 00:38:58: * Message return-path: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: * Message from: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: * Message to: lindawang@我的邮箱.com
Tue 2010-09-07 00:38:58: * Message subject: Now you can buy cializ and Enjoy! 30 pills x 20mg 89.95$, 180 pills x 20mg 289$ nq
Tue 2010-09-07 00:38:58: * Message ID: <4C85268F.418989F0@gbg.com>
Tue 2010-09-07 00:38:58: Start SecurityPlus AntiVirus results
Tue 2010-09-07 00:38:58: * Total attachments scanned    : 3 (including multipart/alternatives and message body)
Tue 2010-09-07 00:38:58: * Total attachments infected   : 0
Tue 2010-09-07 00:38:58: * Total attachments disinfected: 0
Tue 2010-09-07 00:38:58: * Total errors while scanning  : 0
Tue 2010-09-07 00:38:58: * Total attachments removed    : 0
Tue 2010-09-07 00:38:58: End of SecurityPlus AntiVirus results
Tue 2010-09-07 00:38:58: ----------

OP一直不能用:

Tue 2010-09-07 10:16:32: *  Outbreak Protection Error: Still unable to connect to Datacenter

上面的日志中看到,这封邮件的启发式分值是--4.10分,而我这设置的分值是15分。所以MD直接对这封邮件放行了。
各位大哥麻烦看下,这样的邮件,有办法堵住吗?







沙发
发表于 2010-9-10 14:36:34 | 只看该作者
可以试试在内容过滤器里做规则,if  the FROM HEADER contains  @gbg.com这个域的,执行DELETE the message这个动作
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-12-27 22:58

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
*本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表