邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: 有没有关于老版本防护SMTP攻击的方法啊 [打印本页]

作者: soee 时间: 2008-6-23 14:48
标题: 有没有关于老版本防护SMTP攻击的方法啊
最近常常受到SMTP攻击.
发信进来的域名都是奇奇怪怪的那种,有没有很好的方式设置能阻档这类攻击啊.

设置了RBL好像会把正常的邮件也挡掉的.

作者: soee 时间: 2008-6-23 14:51
已经解决,分析了日志,直接把YAHOO.COM拉黑名单,OK了.汗啊

Mon 2008-06-23 00:58:16: <-- MAIL FROM: <szpvkrs@yahoo.com>
Mon 2008-06-23 00:58:16: Performing IP lookup (yahoo.com)
Mon 2008-06-23 00:58:16: *  D=yahoo.com TTL=(0) A=[206.190.60.37]
Mon 2008-06-23 00:58:16: *  D=yahoo.com TTL=(0) A=[68.180.206.184]
Mon 2008-06-23 00:58:16: *  P=001 S=000 D=yahoo.com TTL=(14) MX=[a.mx.mail.yahoo.com] {209.191.118.103}
Mon 2008-06-23 00:58:16: *  P=001 S=001 D=yahoo.com TTL=(14) MX=[b.mx.mail.yahoo.com] {66.196.97.250}
Mon 2008-06-23 00:58:16: *  P=001 S=002 D=yahoo.com TTL=(14) MX=[c.mx.mail.yahoo.com] {216.39.53.3}
Mon 2008-06-23 00:58:16: *  P=001 S=003 D=yahoo.com TTL=(14) MX=[d.mx.mail.yahoo.com] {66.196.82.7}
Mon 2008-06-23 00:58:16: *  P=001 S=004 D=yahoo.com TTL=(14) MX=[e.mx.mail.yahoo.com] {216.39.53.1}
Mon 2008-06-23 00:58:16: *  P=001 S=005 D=yahoo.com TTL=(14) MX=[f.mx.mail.yahoo.com] {209.191.88.247}
Mon 2008-06-23 00:58:16: *  P=001 S=006 D=yahoo.com TTL=(14) MX=[g.mx.mail.yahoo.com] {206.190.53.191}
Mon 2008-06-23 00:58:16: ---- End IP lookup results
Mon 2008-06-23 00:58:16: --> 250 <szpvkrs@yahoo.com>, Sender ok
Mon 2008-06-23 00:58:16: <-- RCPT TO: <ulicecha@ms48.hinet.net>
Mon 2008-06-23 00:58:16: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:58:17: <-- RCPT TO: <ulienlia@ms48.hinet.net>
Mon 2008-06-23 00:58:17: More than 5 RCPT commands encountered; this session tarpitted with a 10 second initial delay scaling by 1.00
Mon 2008-06-23 00:58:17: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:58:27: <-- RCPT TO: <ulihua@ms48.hinet.net>
Mon 2008-06-23 00:58:27: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:58:38: <-- RCPT TO: <uline@ms48.hinet.net>
Mon 2008-06-23 00:58:38: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:58:48: <-- RCPT TO: <ulip@ms48.hinet.net>
Mon 2008-06-23 00:58:48: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:58:58: <-- RCPT TO: <ulite17@ms48.hinet.net>
Mon 2008-06-23 00:58:58: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:59:17: <-- RCPT TO: <ulka@ms48.hinet.net>
Mon 2008-06-23 00:59:17: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:59:37: <-- RCPT TO: <ullenha@ms48.hinet.net>
Mon 2008-06-23 00:59:37: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:59:48: <-- RCPT TO: <ullh@ms48.hinet.net>
Mon 2008-06-23 00:59:48: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 00:59:58: <-- RCPT TO: <ulliswe@ms48.hinet.net>
Mon 2008-06-23 00:59:58: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:00:08: <-- RCPT TO: <ulliw@ms48.hinet.net>
Mon 2008-06-23 01:00:08: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:00:18: <-- RCPT TO: <ullrich@ms48.hinet.net>
Mon 2008-06-23 01:00:18: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:00:29: <-- RCPT TO: <ully@ms48.hinet.net>
Mon 2008-06-23 01:00:29: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:00:40: <-- RCPT TO: <ulmu@ms48.hinet.net>
Mon 2008-06-23 01:00:40: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:00:53: <-- RCPT TO: <ulnd@ms48.hinet.net>
Mon 2008-06-23 01:00:53: --> 451 Greylisting enabled, try again in 5 minutes
Mon 2008-06-23 01:01:05: <-- RSET
Mon 2008-06-23 01:01:05: --> 250 RSET? Well, ok.

作者: heieye104 时间: 2008-6-23 16:14
这样的话从YAHOO进来的正常邮件也收不到了

作者: dennishan 时间: 2008-6-24 10:43
这个不是黑名单，是灰地址，您的版本也不算太低：）
451 Greylisting enabled
yahoo的邮件会在几分钟后进来的，不必担心。

作者: wangbuliao213 时间: 2008-6-27 10:04
这样做yahoo.com的邮件可以进来吗？？？
要是真的进来了，请分享一下邮件进来的过程！很好奇······

作者: soee 时间: 2008-6-27 12:42
我是在MD里把YAHOO直接加了黑名单.现在没有垃圾邮件反弹了.

作者: soee 时间: 2008-6-27 12:42
是志只是说明YAHOO的邮件在用公司的邮服做垃圾邮件反弹.

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/)