ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
查看: 3074|回复: 1
打印 上一主题 下一主题

[求助] 如何屏蔽这类假 HELO 类的垃圾邮件?每一次都用不同的IP及假HELO来欺骗SPF.

[复制链接]
跳转到指定楼层
顶楼
发表于 2007-8-3 09:47:38 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
(我的郵址域名已替换成 "我的郵址域名")

Fri 2007-08-03 08:58:12: ----------
Fri 2007-08-03 08:58:39: Session 687; child 1; thread 788
Fri 2007-08-03 08:58:34: Accepting SMTP connection from [70.60.197.57 : 3427]
Fri 2007-08-03 08:58:34: --> 220 我的郵址域名 ESMTP MDaemon 7.2.5; Fri, 03 Aug 2007 08:58:34 +0800
Fri 2007-08-03 08:58:34: <-- HELO rrcs-70-60-197-57.midsouth.biz.rr.com
Fri 2007-08-03 08:58:34: --> 250 我的郵址域名 Hello rrcs-70-60-197-57.midsouth.biz.rr.com, pleased to meet you
Fri 2007-08-03 08:58:34: <-- MAIL From:<ijipc@sematech.org>
Fri 2007-08-03 08:58:34: Performing lookup on sematech.org (looking for 70.60.197.57)
Fri 2007-08-03 08:58:35: D=sematech.org TTL=(1440) A=[192.73.53.32]
Fri 2007-08-03 08:58:35: P=001 D=sematech.org TTL=(1440) MX=[mail.global.frontbridge.com]
Fri 2007-08-03 08:58:35: D=sematech.org TTL=(1440) A=[192.73.53.32]
Fri 2007-08-03 08:58:35: Performing SPF lookup (70.60.197.57 trying to send as ijipc@sematech.org)
Fri 2007-08-03 08:58:36: *  policy: v=spf1 ip4:192.73.53.5 ip4:192.73.53.7 ip4:192.73.53.16 include:spf.frontbridge.com ~all
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.5: no match
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.7: no match
Fri 2007-08-03 08:58:36: *  evaluating ip4:192.73.53.16: no match
Fri 2007-08-03 08:58:36: *  evaluating include:spf.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *    policy: v=spf1 include:spfa.frontbridge.com include:spfb.frontbridge.com -all
Fri 2007-08-03 08:58:36: *    evaluating include:spfa.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *      policy: v=spf1 ip4:12.129.199.32/27 ip4:206.16.192.224/27 ip4:216.148.222.32/27
ip4:63.161.60.0/25 ip4:207.46.163.0/24 ip4:12.129.219.64/26 ip4:62.209.45.160/27 ip4:213.199.154.0/25 ip4:217.117.146.224/27
ip4:12.129.219.152/29 ip4:65.55.251.0/26 -al
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.199.32/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:206.16.192.224/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:216.148.222.32/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:63.161.60.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:207.46.163.0/24: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.64/26: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:62.209.45.160/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:213.199.154.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:217.117.146.224/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.152/29: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:65.55.251.0/26: no match
Fri 2007-08-03 08:58:36: *      evaluating -all: match
Fri 2007-08-03 08:58:36: *    evaluating include:spfa.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *    evaluating include:spfb.frontbridge.com: performing lookup
Fri 2007-08-03 08:58:36: *      policy: v=spf1 ip4:131.107.0.0/16 ip4:12.129.219.128/27 ip4:12.129.20.19 ip4:207.46.51.64/26
ip4:213.199.154.0/25 -all
Fri 2007-08-03 08:58:36: *      evaluating ip4:131.107.0.0/16: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.219.128/27: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:12.129.20.19: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:207.46.51.64/26: no match
Fri 2007-08-03 08:58:36: *      evaluating ip4:213.199.154.0/25: no match
Fri 2007-08-03 08:58:36: *      evaluating -all: match
Fri 2007-08-03 08:58:36: *    evaluating include:spfb.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *    evaluating -all: match
Fri 2007-08-03 08:58:36: *  evaluating include:spf.frontbridge.com: no match
Fri 2007-08-03 08:58:36: *  evaluating ~all: match
Fri 2007-08-03 08:58:36: SPF result: softfail
Fri 2007-08-03 08:58:36: Spam Blocker is checking 70.60.197.57 (connecting IP)
Fri 2007-08-03 08:58:36: * sbl-xbl.spamhaus.org - passed
Fri 2007-08-03 08:58:36: * bl.spamcop.net - passed
Fri 2007-08-03 08:58:36: Spam Blocker is finished
Fri 2007-08-03 08:58:36: --> 250 <ijipc@sematech.org>, Sender ok
Fri 2007-08-03 08:58:36: <-- RCPT TO:<xue@我的郵址域名>
Fri 2007-08-03 08:58:37: --> 250 <xue@我的郵址域名>, Recipient ok
Fri 2007-08-03 08:58:37: <-- DATA
Fri 2007-08-03 08:58:37: Creating temp file (SMTP): c:\mdaemon\temp\md50000000073.tmp
Fri 2007-08-03 08:58:37: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2007-08-03 08:58:37: Passing message through the spam filter...
Fri 2007-08-03 08:58:37: Applying spam filter to message
Fri 2007-08-03 08:58:38: Spam filter score/req: -0.80/3.0
Fri 2007-08-03 08:58:38: Message creation successful: c:\mdaemon\inbound\md50000596396.msg
Fri 2007-08-03 08:58:38: --> 250 Ok, message saved <Message-ID: <[email=003001c7d569$65f0f100$8d8fa4b0@qlxje.buc]003001c7d569$65f0f100$8d8fa4b0@qlxje.buc[/email]>>
Fri 2007-08-03 08:58:39: <-- QUIT
Fri 2007-08-03 08:58:39: --> 221 See ya in cyberspace
Fri 2007-08-03 08:58:39: SMTP session successful (Bytes in/out: 1331/381)
Fri 2007-08-03 08:58:39: ----------

Fri 2007-08-03 09:17:38: ----------
Fri 2007-08-03 09:18:11: Session 848; child 1; thread 696
Fri 2007-08-03 09:18:03: Accepting SMTP connection from [71.70.85.87 : 2247]
Fri 2007-08-03 09:18:03: --> 220 我的郵址域名 ESMTP MDaemon 7.2.5; Fri, 03 Aug 2007 09:18:03 +0800
Fri 2007-08-03 09:18:04: <-- HELO cpe-071-070-085-087.sc.res.rr.com
Fri 2007-08-03 09:18:04: --> 250 我的郵址域名 Hello cpe-071-070-085-087.sc.res.rr.com, pleased to meet you
Fri 2007-08-03 09:18:04: <-- MAIL From:<tplul@stmk.gv.at>
Fri 2007-08-03 09:18:04: Performing lookup on stmk.gv.at (looking for 71.70.85.87)
Fri 2007-08-03 09:18:06: P=005 D=stmk.gv.at TTL=(2880) MX=[mail2.stmk.gv.at] {192.26.237.56}
Fri 2007-08-03 09:18:06: P=005 D=stmk.gv.at TTL=(2880) MX=[mail1.stmk.gv.at] {192.26.237.55}
Fri 2007-08-03 09:18:06: Performing SPF lookup (71.70.85.87 trying to send as tplul@stmk.gv.at)
Fri 2007-08-03 09:18:08: SPF result: none; no SPF record
Fri 2007-08-03 09:18:08: Spam Blocker is checking 71.70.85.87 (connecting IP)
Fri 2007-08-03 09:18:09: * sbl-xbl.spamhaus.org - passed
Fri 2007-08-03 09:18:09: * bl.spamcop.net - passed
Fri 2007-08-03 09:18:09: Spam Blocker is finished
Fri 2007-08-03 09:18:09: --> 250 <tplul@stmk.gv.at>, Sender ok
Fri 2007-08-03 09:18:09: <-- RCPT TO:<maindesk@我的郵址域名>
Fri 2007-08-03 09:18:09: --> 250 <maindesk@我的郵址域名>, Recipient ok
Fri 2007-08-03 09:18:09: <-- DATA
Fri 2007-08-03 09:18:09: Creating temp file (SMTP): c:\mdaemon\temp\md50000000128.tmp
Fri 2007-08-03 09:18:09: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2007-08-03 09:18:10: Passing message through the spam filter...
Fri 2007-08-03 09:18:10: Applying spam filter to message
Fri 2007-08-03 09:18:10: Spam filter score/req: -0.80/3.0
Fri 2007-08-03 09:18:10: Message creation successful: c:\mdaemon\inbound\md50000596409.msg
Fri 2007-08-03 09:18:10: --> 250 Ok, message saved <Message-ID: <[email=002f01c7d56c$23c55e30$1f8e7d62@woa.clc]002f01c7d56c$23c55e30$1f8e7d62@woa.clc[/email]>>
Fri 2007-08-03 09:18:11: <-- QUIT
Fri 2007-08-03 09:18:11: --> 221 See ya in cyberspace
Fri 2007-08-03 09:18:11: SMTP session successful (Bytes in/out: 1325/378)
Fri 2007-08-03 09:18:11: ----------

收進來后是類似以下內容的垃圾郵件...

Hi. Partner has sent you a greeting card.
See your card as often as you wish during the next 15 days.
SEEING YOUR CARD
If your email software creates links to Web pages, click on your
card's direct www address below while you are connected to the Internet:
http://4.245.5.73/?675c50080d0229e368412571d7d4197
Or copy and paste it into your browser's "Location" box (where Internet
addresses go).
We hope you enjoy your awesome card.
Wishing you the best,
Administrator,
greetingCard.Org
沙发
发表于 2007-9-19 10:03:09 | 只看该作者
准备升级了.
我都烦了一周了
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-11-18 16:49

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
*本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表