邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: MDaemon防垃圾邮件的问题 [打印本页]

作者: yudong118 时间: 2009-1-14 17:54
标题: MDaemon防垃圾邮件的问题
在防垃圾邮件上出了点问题,日志中的发件者已经添加到黑名单中了,但是每天还可以接受到对方发送来的邮件,望大家帮忙分析下.以下是日志和一些信息.

Wed 2009-01-14 17:30:33: ---- End SPF results
Wed 2009-01-14 17:30:33: --> 250 <79999...wsrt@you.com>, Sender ok
Wed 2009-01-14 17:30:33: <-- RCPT to:<john_liu@bbb.com>
Wed 2009-01-14 17:30:33: 执行 DNS-BL 查询（121.34.107.147 - 正在连接 IP）
Wed 2009-01-14 17:30:33: *  sbl-xbl.spamhaus.org - 失败
Wed 2009-01-14 17:30:33: *  bl.spamcop.net - 失败
Wed 2009-01-14 17:30:33: *  cblless.anti-spam.org.cn - 失败
Wed 2009-01-14 17:30:33: *  cbl.anti-spam.org.cn - 失败
Wed 2009-01-14 17:30:33: ---- 结束 DNS-BL 结果
Wed 2009-01-14 17:30:33: --> 250 <john_liu@bbb.com>, Recipient ok
Wed 2009-01-14 17:30:33: <-- Data
Wed 2009-01-14 17:30:33: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000008131.tmp
Wed 2009-01-14 17:30:33: --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2009-01-14 17:30:34: Message size: 1138 bytes
Wed 2009-01-14 17:30:34: Performing DomainKeys lookup (Sender: 79999...wsrt@you.com)
Wed 2009-01-14 17:30:34: *  File: c:\mdaemon\queues\temp\md50000008131.tmp
Wed 2009-01-14 17:30:34: *  Message-ID: n/a
Wed 2009-01-14 17:30:34: *  Querying for policy: you.com
Wed 2009-01-14 17:30:34: * Querying: _domainkey.you.com ...
Wed 2009-01-14 17:30:34: * DNS: 名称服务器报告域名未知
Wed 2009-01-14 17:30:34: *  Result: pass
Wed 2009-01-14 17:30:34: ---- End DomainKeys results
Wed 2009-01-14 17:30:34: Performing DKIM lookup
Wed 2009-01-14 17:30:34: *  File: c:\mdaemon\queues\temp\md50000008131.tmp
Wed 2009-01-14 17:30:34: *  Message-ID: n/a
Wed 2009-01-14 17:30:34: *  Result: neutral
Wed 2009-01-14 17:30:34: ---- End DKIM results
Wed 2009-01-14 17:30:34: Passing message through Spam Filter (Size: 1138)...
Wed 2009-01-14 17:30:34: *  3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Wed 2009-01-14 17:30:34: *  1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
Wed 2009-01-14 17:30:34: *    [score: 0.4916]
Wed 2009-01-14 17:30:34: ---- End SpamAssassin results
Wed 2009-01-14 17:30:34: Spam Filter score/req: 4.70/12.0
Wed 2009-01-14 17:30:34: 邮件创建 successful：c:\mdaemon\queues\inbound\md50000041547.msg
Wed 2009-01-14 17:30:34: --> 250 Ok, message saved <Message-ID: >
Wed 2009-01-14 17:30:34: <-- Quit
Wed 2009-01-14 17:30:34: --> 221 See ya in cyberspace
Wed 2009-01-14 17:30:34: SMTP 会话成功（进/出字节：1241/397）
Wed 2009-01-14 17:30:34: ----------

作者: wxhsh 时间: 2009-1-15 11:11
标题: 回复 1楼 yudong118 的帖子
首先DNS已被劫持，导致基于DNS的安全设定全部失效，其次，黑名单默认会加100分启发值，看来也没起作用。

作者: yudong118 时间: 2009-1-15 14:55
标题: 回复 2楼 wxhsh 的帖子
输入不存在的域名会自动转到114页面上去了 DNS黑名单失效不能理解  我查看了今天的日志  黑名单是起作用的

Thu 2009-01-15 11:59:50: *  P=001 S=000 D=you.com TTL=(4) MX=[mail.you.com] {127.0.0.1}
Thu 2009-01-15 11:59:50: ---- End IP lookup results
Thu 2009-01-15 11:59:50: Performing SPF lookup (you.com / 220.231.221.155)
Thu 2009-01-15 11:59:50: *  Result: none; no SPF record in DNS
Thu 2009-01-15 11:59:50: ---- End SPF results
Thu 2009-01-15 11:59:50: --> 250 <79999...wsrt@you.com>, Sender ok
Thu 2009-01-15 11:59:50: <-- RCPT to:<bbb@bbb.com>
Thu 2009-01-15 11:59:50: 执行 DNS-BL 查询（220.231.221.155 - 正在连接 IP）
Thu 2009-01-15 11:59:50: *  sbl-xbl.spamhaus.org - 失败
Thu 2009-01-15 11:59:50: *  bl.spamcop.net - 通过
Thu 2009-01-15 11:59:50: *  cblless.anti-spam.org.cn - 失败
Thu 2009-01-15 11:59:50: *  cbl.anti-spam.org.cn - 通过
Thu 2009-01-15 11:59:50: ---- 结束 DNS-BL 结果
Thu 2009-01-15 11:59:50: --> 250 <panvane@pcflorens.com>, Recipient ok
Thu 2009-01-15 11:59:50: <-- Data
Thu 2009-01-15 11:59:50: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000010460.tmp
Thu 2009-01-15 11:59:50: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2009-01-15 11:59:50: Message size: 1099 bytes
Thu 2009-01-15 11:59:50: Performing DomainKeys lookup (Sender: 79999...wsrt@you.com)
Thu 2009-01-15 11:59:50: *  File: c:\mdaemon\queues\temp\md50000010460.tmp
Thu 2009-01-15 11:59:50: *  Message-ID: n/a
Thu 2009-01-15 11:59:50: *  Querying for policy: you.com
Thu 2009-01-15 11:59:50: * Querying: _domainkey.you.com ...
Thu 2009-01-15 11:59:50: * DNS: 名称服务器报告域名未知
Thu 2009-01-15 11:59:50: *  Result: pass
Thu 2009-01-15 11:59:50: ---- End DomainKeys results
Thu 2009-01-15 11:59:50: Performing DKIM lookup
Thu 2009-01-15 11:59:50: *  File: c:\mdaemon\queues\temp\md50000010460.tmp
Thu 2009-01-15 11:59:50: *  Message-ID: n/a
Thu 2009-01-15 11:59:50: *  Result: neutral
Thu 2009-01-15 11:59:50: ---- End DKIM results
Thu 2009-01-15 11:59:50: Passing message through Spam Filter (Size: 1099)...
Thu 2009-01-15 11:59:51: *  3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Thu 2009-01-15 11:59:51: *  100 USER_IN_BLACKLIST From: address is in the blacklist
Thu 2009-01-15 11:59:51: * 10 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
Thu 2009-01-15 11:59:51: *    [score: 0.9971]
Thu 2009-01-15 11:59:51: ---- End SpamAssassin results
Thu 2009-01-15 11:59:51: Spam Filter score/req: 113.00/12.0
Thu 2009-01-15 11:59:51: Message refused because spam score is too high
Thu 2009-01-15 11:59:51: --> 554 Sorry, message looks like SPAM to me
Thu 2009-01-15 11:59:51: <-- Quit
Thu 2009-01-15 11:59:51: --> 221 See ya in cyberspace
Thu 2009-01-15 11:59:51: SMTP 会话终止（in/out 字节： 1201/400）
Thu 2009-01-15 11:59:51: ----------

[ 本帖最后由 yudong118 于 2009-1-15 15:36 编辑 ]

作者: wxhsh 时间: 2009-1-15 15:15
标题: 回复 3楼 yudong118 的帖子
我只是针对你第一个记录的分析而说，不过本人向来不建议手工黑名单防护。

作者: yudong118 时间: 2009-1-15 15:38

原帖由 wxhsh 于 2009-1-15 15:15 发表
我只是针对你第一个记录的分析而说，不过本人向来不建议手工黑名单防护。

谢谢你了现在是封杀住了,启用灰名单可以不?

作者: wxhsh 时间: 2009-1-15 15:42
标题: 回复 5楼 yudong118 的帖子

，这是我另一个极不推荐使用的功能。

作者: yudong118 时间: 2009-1-15 15:52

原帖由 wxhsh 于 2009-1-15 15:42 发表
，这是我另一个极不推荐使用的功能。

我现在主要是靠DNS-BL来封杀LJ邮件,外加贝叶斯学习和黑名单. 再就没有什么方法了!
您还有好点的封杀LJ邮件的方法?

作者: yudong118 时间: 2009-1-15 17:49
我把DNS换成 61.144.56.100 劫持不存在了

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/)