邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: 如何屏蔽这类假 HELO 类的垃圾邮件?每一次都用不同的IP及假HELO来欺骗SPF. [打印本页]

作者: leeming    时间: 2007-8-3 09:47
标题: 如何屏蔽这类假 HELO 类的垃圾邮件?每一次都用不同的IP及假HELO来欺骗SPF.
(我的郵址域名已替换成 "我的郵址域名")

Fri 2007-08-03 08:58:12: ----------
Fri 2007-08-03 08:58:39: Session 687; child 1; thread 788
Fri 2007-08-03 08:58:34: Accepting SMTP connection from [70.60.197.57 : 3427]
Fri 2007-08-03 08:58:34: --> 220 我的郵址域名 ESMTP MDaemon 7.2.5; Fri, 03 Aug 2007 08:58:34 +0800
Fri 2007-08-03 08:58:34: <-- HELO rrcs-70-60-197-57.midsouth.biz.rr.com
Fri 2007-08-03 08:58:34: --> 250 我的郵址域名 Hello rrcs-70-60-197-57.midsouth.biz.rr.com, pleased to meet you
Fri 2007-08-03 08:58:34: <-- MAIL From:<ijipc@sematech.org>
Fri 2007-08-03 08:58:34: Performing lookup on sematech.org (looking for 70.60.197.57)
Fri 2007-08-03 08:58:35: D=sematech.org TTL=(1440) A=[192.73.53.32]
Fri 2007-08-03 08:58:35: P=001 D=sematech.org TTL=(1440) MX=[mail.global.frontbridge.com]
Fri 2007-08-03 08:58:35: D=sematech.org TTL=(1440) A=[192.73.53.32]
Fri 2007-08-03 08:58:35: Performing SPF lookup (70.60.197.57 trying to send as ijipc@sematech.org)
Fri 2007-08-03 08:58:36: *  policy: v=spf1 ip4:192.73.53.5 ip4:192.73.53.7 ip4:192.73.53.16 include:spf.frontbridge.com ~all
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.5: no match
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.7: no match
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.16: no match
Fri 2007-08-03 08:58:36: *  evaluating include:spf.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *    policy: v=spf1 include:spfa.frontbridge.com include:spfb.frontbridge.com -all
Fri 2007-08-03 08:58:36: *    evaluating include:spfa.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *      policy: v=spf1 ip4:12.129.199.32/27 ip4:206.16.192.224/27 ip4:216.148.222.32/27
ip4:63.161.60.0/25 ip4:207.46.163.0/24 ip4:12.129.219.64/26 ip4:62.209.45.160/27 ip4:213.199.154.0/25 ip4:217.117.146.224/27
ip4:12.129.219.152/29 ip4:65.55.251.0/26 -al
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.199.32/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:206.16.192.224/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:216.148.222.32/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:63.161.60.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:207.46.163.0/24: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.64/26: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:62.209.45.160/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:213.199.154.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:217.117.146.224/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.152/29: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:65.55.251.0/26: no match
Fri 2007-08-03 08:58:36: *      evaluating -all: match
Fri 2007-08-03 08:58:36: *    evaluating include:spfa.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *    evaluating include:spfb.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *      policy: v=spf1 ip4:131.107.0.0/16 ip4:12.129.219.128/27 ip4:12.129.20.19 ip4:207.46.51.64/26
ip4:213.199.154.0/25 -all
Fri 2007-08-03 08:58:36: *      evaluating ip4:131.107.0.0/16: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.128/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.20.19: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:207.46.51.64/26: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:213.199.154.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating -all: match
Fri 2007-08-03 08:58:36: *    evaluating include:spfb.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *    evaluating -all: match
Fri 2007-08-03 08:58:36: *  evaluating include:spf.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *  evaluating ~all: match
Fri 2007-08-03 08:58:36: SPF result: softfail
Fri 2007-08-03 08:58:36: Spam Blocker is checking 70.60.197.57 (connecting IP)
Fri 2007-08-03 08:58:36: * sbl-xbl.spamhaus.org - passed
Fri 2007-08-03 08:58:36: * bl.spamcop.net - passed
Fri 2007-08-03 08:58:36: Spam Blocker is finished
Fri 2007-08-03 08:58:36: --> 250 <ijipc@sematech.org>, Sender ok
Fri 2007-08-03 08:58:36: <-- RCPT TO:<xue@我的郵址域名>
Fri 2007-08-03 08:58:37: --> 250 <xue@我的郵址域名>, Recipient ok
Fri 2007-08-03 08:58:37: <-- DATA
Fri 2007-08-03 08:58:37: Creating temp file (SMTP): c:\mdaemon\temp\md50000000073.tmp
Fri 2007-08-03 08:58:37: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2007-08-03 08:58:37: Passing message through the spam filter...
Fri 2007-08-03 08:58:37: Applying spam filter to message
Fri 2007-08-03 08:58:38: Spam filter score/req: -0.80/3.0
Fri 2007-08-03 08:58:38: Message creation successful: c:\mdaemon\inbound\md50000596396.msg
Fri 2007-08-03 08:58:38: --> 250 Ok, message saved <Message-ID: <[email=003001c7d569$65f0f100$8d8fa4b0@qlxje.buc]003001c7d569$65f0f100$8d8fa4b0@qlxje.buc[/email]>>
Fri 2007-08-03 08:58:39: <-- QUIT
Fri 2007-08-03 08:58:39: --> 221 See ya in cyberspace
Fri 2007-08-03 08:58:39: SMTP session successful (Bytes in/out: 1331/381)
Fri 2007-08-03 08:58:39: ----------

Fri 2007-08-03 09:17:38: ----------
Fri 2007-08-03 09:18:11: Session 848; child 1; thread 696
Fri 2007-08-03 09:18:03: Accepting SMTP connection from [71.70.85.87 : 2247]
Fri 2007-08-03 09:18:03: --> 220 我的郵址域名 ESMTP MDaemon 7.2.5; Fri, 03 Aug 2007 09:18:03 +0800
Fri 2007-08-03 09:18:04: <-- HELO cpe-071-070-085-087.sc.res.rr.com
Fri 2007-08-03 09:18:04: --> 250 我的郵址域名 Hello cpe-071-070-085-087.sc.res.rr.com, pleased to meet you
Fri 2007-08-03 09:18:04: <-- MAIL From:<tplul@stmk.gv.at>
Fri 2007-08-03 09:18:04: Performing lookup on stmk.gv.at (looking for 71.70.85.87)
Fri 2007-08-03 09:18:06: P=005 D=stmk.gv.at TTL=(2880) MX=[mail2.stmk.gv.at] {192.26.237.56}
Fri 2007-08-03 09:18:06: P=005 D=stmk.gv.at TTL=(2880) MX=[mail1.stmk.gv.at] {192.26.237.55}
Fri 2007-08-03 09:18:06: Performing SPF lookup (71.70.85.87 trying to send as tplul@stmk.gv.at)
Fri 2007-08-03 09:18:08: SPF result: none; no SPF record
Fri 2007-08-03 09:18:08: Spam Blocker is checking 71.70.85.87 (connecting IP)
Fri 2007-08-03 09:18:09: * sbl-xbl.spamhaus.org - passed
Fri 2007-08-03 09:18:09: * bl.spamcop.net - passed
Fri 2007-08-03 09:18:09: Spam Blocker is finished
Fri 2007-08-03 09:18:09: --> 250 <tplul@stmk.gv.at>, Sender ok
Fri 2007-08-03 09:18:09: <-- RCPT TO:<maindesk@我的郵址域名>
Fri 2007-08-03 09:18:09: --> 250 <maindesk@我的郵址域名>, Recipient ok
Fri 2007-08-03 09:18:09: <-- DATA
Fri 2007-08-03 09:18:09: Creating temp file (SMTP): c:\mdaemon\temp\md50000000128.tmp
Fri 2007-08-03 09:18:09: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2007-08-03 09:18:10: Passing message through the spam filter...
Fri 2007-08-03 09:18:10: Applying spam filter to message
Fri 2007-08-03 09:18:10: Spam filter score/req: -0.80/3.0
Fri 2007-08-03 09:18:10: Message creation successful: c:\mdaemon\inbound\md50000596409.msg
Fri 2007-08-03 09:18:10: --> 250 Ok, message saved <Message-ID: <[email=002f01c7d56c$23c55e30$1f8e7d62@woa.clc]002f01c7d56c$23c55e30$1f8e7d62@woa.clc[/email]>>
Fri 2007-08-03 09:18:11: <-- QUIT
Fri 2007-08-03 09:18:11: --> 221 See ya in cyberspace
Fri 2007-08-03 09:18:11: SMTP session successful (Bytes in/out: 1325/378)
Fri 2007-08-03 09:18:11: ----------

收進來后是類似以下內容的垃圾郵件...

Hi. Partner has sent you a greeting card.
See your card as often as you wish during the next 15 days.
SEEING YOUR CARD
If your email software creates links to Web pages, click on your
card's direct www address below while you are connected to the Internet:
http://4.245.5.73/?675c50080d0229e368412571d7d4197
Or copy and paste it into your browser's "Location" box (where Internet
addresses go).
We hope you enjoy your awesome card.
Wishing you the best,
Administrator,
greetingCard.Org
作者: sandal    时间: 2007-9-19 10:03
准备升级了.
我都烦了一周了




欢迎光临 邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/) Powered by Discuz! X3.2