垃圾邮件和退信

whmartin

最近公司的某一个信箱出现大量的垃圾邮件。
一种是冒充发出去的，另一种就是被退回来的，每天上千封。

1-----------------------
Received: from iidqqxcr.com ([59.28.79.30])
        by 123.com (123.com)
        (MDaemon PRO v9.6.4)
        with ESMTP id md50000244136.msg
        for <leejk1470@nate.com>; Wed, 20 Feb 2008 16:16:04 +0800
X-Spam-Processed: etsc-tech.com, Wed, 20 Feb 2008 16:16:04 +0800
        (not processed: message from valid local sender)
X-MDPtrLookup-Result: hardfail ip=59.28.79.30 (no PTR records found) (123.com)
X-MDHeloLookup-Result: hardfail smtp.helo=iidqqxcr.com (does not exist) (123.com)
X-MDMailLookup-Result: hardfail smtp.mail=info@123.com (does not match 59.28.79.30) (123.com)
X-MDDK-Result: neutral (123.com)
X-MDDKIM-Result: neutral (123.com)
X-MDRemoteIP: 59.28.79.30
X-Return-Path: prvs=19368ac1dd=info@123.com
X-Envelope-From: info@123.com
X-MDaemon-Deliver-To: backup@123.com
Received: from exxyaa.com ([210.74.143.116]) by iidqqxcr.com; Wed, 20 Feb 2008 16:42:36 +0900
From: "捞荐版" <info@123.com>
To: "leejk1470" <leejk1470@nate.com>
Subject: ⒑l傍l楼l傍l牢l磊l拜l刘l公l丰磊丰335777
Date: Wed, 20 Feb 2008 16:42:21 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary= "----=_NEXTPart_DA7_JM30_DSS0VYW8.6RD4WWPM"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: eGroups Message Poster

------=_NEXTPart_DA7_JM30_DSS0VYW8.6RD4WWPM
Content-type: text/html
Content-Transfer-Encoding: base64

DQo8YSBocmVmPSJodHRwOi8vaGl5aS5tM3RoLm9yZyI+PGZvbnQgY29sb3I9Ymx1ZT6/qbHixay4
r6K6tbW3zrGzxeuwqMGku+ctw8rDorHiIL3Dx+jAzCDH1bDdt/wvw+u+98Gkv/jAzCCwocDls/TA
vrTPtNk8L2E+DQo=

------=_NEXTPart_DA7_JM30_DSS0VYW8

以上是第一封，冒充发出去的邮件。

2------------------------
Return-Path: <prvs=1936785c13=123@123.com>
Received: from 123.com by 123.com (via RAW) (MDaemon PRO v9.6.4)
        for <info@123.com>; Wed, 20 Feb 2008 16:16:10 +0800
Date: Wed, 20 Feb 2008 16:16:10 +0800
From: "MDaemon at 123.com"  <123@123.com>
Reply-To: noreply@123.com
Subject: Permanent Delivery Failure
To: info@123.com
X-MDaemon-Deliver-To: backup@123.com
Message-ID: <MDAEMON0273200802201616.AA1610531@123.com>
Mime-Version: 1.0
X-Actual-From: 123@123.com
X-MDDSN-Message: Yes
X-Return-Path: <>
Content-Type: multipart/mixed; boundary="0220-1616-10-PART-BREAK"

   The following data may contain sections which represent BASE64 encoded
   file attachments.  These sections will be unreadable without MIME aware
   tools.  Seek your system administrator if you need help extracting any
   files which may be embedded within this message.

--0220-1616-10-PART-BREAK
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

The attached message had PERMANENT fatal delivery errors!

After one or more unsuccessful delivery attempts the attached message has
been removed from the mail queue on this server.  The number and frequency
of delivery attempts are determined by local configuration parameters.

YOUR MESSAGE WAS NOT DELIVERED TO ONE OR MORE RECIPIENTS!

Failed address: leejk1470@nate.com

--- Session Transcript ---
Wed 2008-02-20 16:16:04: Parsing message <xxxxxxxxxxxxxxxxxxxxxxxx\pd50000100814.msg>
Wed 2008-02-20 16:16:04: *  From: info@123.com
Wed 2008-02-20 16:16:04: *  To: leejk1470@nate.com
Wed 2008-02-20 16:16:04: *  Subject: ?l?l?l?l?l?l?l?l?l???335777
Wed 2008-02-20 16:16:04: *  Message-ID:
Wed 2008-02-20 16:16:04: Attempting SMTP connection to [nate.com]
Wed 2008-02-20 16:16:04: Resolving MX records for [nate.com] (DNS Server: 202.103.24.68)...
Wed 2008-02-20 16:16:04: *  P=010 S=000 D=nate.com TTL=(2) MX=[smtp.nate.com] {203.226.255.61}
Wed 2008-02-20 16:16:04: Attempting SMTP connection to [203.226.255.61:25]
Wed 2008-02-20 16:16:04: Waiting for socket connection...
Wed 2008-02-20 16:16:05: *  Connection established (192.168.10.2:3935 -> 203.226.255.61:25)
Wed 2008-02-20 16:16:05: Waiting for protocol to start...
Wed 2008-02-20 16:16:05: <-- 220 mta10.natemail.com ESMTP ARGUS Alpha 0.0.1 is ready to Serve.
Wed 2008-02-20 16:16:05: --> EHLO 123.com
Wed 2008-02-20 16:16:06: <-- 250-mta10.natemail.com
Wed 2008-02-20 16:16:06: <-- 250-8BITMIME
Wed 2008-02-20 16:16:06: <-- 250-PIPELINING
Wed 2008-02-20 16:16:06: <-- 250-HELP
Wed 2008-02-20 16:16:06: <-- 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN
Wed 2008-02-20 16:16:06: <-- 250-DELIVERBY 300
Wed 2008-02-20 16:16:06: <-- 250 SIZE 20971520
Wed 2008-02-20 16:16:06: --> MAIL From:<prvs=19368ac1dd=info@123.com> SIZE=1608
Wed 2008-02-20 16:16:06: <-- 250 MAIL FROM:<prvs=19368ac1dd=info@123.com>OK
Wed 2008-02-20 16:16:06: --> RCPT To:<leejk1470@nate.com>
Wed 2008-02-20 16:16:06: <-- 250 RCPT TO:<leejk1470@nate.com> OK
Wed 2008-02-20 16:16:06: --> DATA
Wed 2008-02-20 16:16:07: <-- 354 Start mail input; end with <CRLF>.<CRLF>
Wed 2008-02-20 16:16:07: Sending <xxxxxxxxxxxxxxxxxxxxxxxx\pd50000100814.msg> to [203.226.255.61]
Wed 2008-02-20 16:16:07: Transfer Complete
Wed 2008-02-20 16:16:07: <-- 541 5.6.0 Your message was rejected by PATTERN FILTER
Wed 2008-02-20 16:16:07: --> QUIT
--- End Transcript ---

--0220-1616-10-PART-BREAK
Content-Type: application/octet-stream; name="md50000001486.eml"
Content-Transfer-Encoding: base64

UmVjZWl2ZWQ6IGZyb20gaWlkcXF4Y3IuY29tIChbNTkuMjguNzkuMzBdKQ0K
CWJ5IGV0c2MtdGVjaC5jb20gKGV0c2MtdGVjaC5jb20pDQoJKE1EYWVtb24g
UFJPIHY5LjYuNCkNCgl3aXRoIEVTTVRQIGlkIG1kNTAwMDAyNDQxMzYubXNn
DQoJZm9yIDxsZWVqazE0NzBAbmF0ZS5jb20+OyBXZWQsIDIwIEZlYiAyMDA4
IDE2OjE2OjA0ICswODAwDQpYLVNwYW0tUHJvY2Vzc2VkOiBldHNjLXRlY2gu
Y29tLCBXZWQsIDIwIEZlYiAyMDA4IDE2OjE2OjA0ICswODAwDQoJKG5vdCBw
cm9jZXNzZWQ6IG1lc3NhZ2UgZnJvbSB2YWxpZCBsb2NhbCBzZW5kZXIpDQpY
LU1EUHRyTG9va3VwLVJlc3VsdDogaGFyZGZhaWwgaXA9NTkuMjguNzkuMzAg
KG5vIFBUUiByZWNvcmRzIGZvdW5kKSAoZXRzYy10ZWNoLmNvbSkNClgtTURI
ZWxvTG9va3VwLVJlc3VsdDogaGFyZGZhaWwgc210cC5oZWxvPWlpZHFxeGNy
LmNvbSAoZG9lcyBub3QgZXhpc3QpIChldHNjLXRlY2guY29tKQ0KWC1NRE1h
aWxMb29rdXAtUmVzdWx0OiBoYXJkZmFpbCBzbXRwLm1haWw9aW5mb0BldHNj
LXRlY2guY29tIChkb2VzIG5vdCBtYXRjaCA1OS4yOC43OS4zMCkgKGV0c2Mt
dGVjaC5jb20pDQpYLU1EREstUmVzdWx0OiBuZXV0cmFsIChldHNjLXRlY2gu
Y29tKQ0KWC1NRERLSU0tUmVzdWx0OiBuZXV0cmFsIChldHNjLXRlY2guY29t
KQ0KWC1NRFJlbW90ZUlQOiA1OS4yOC43OS4zMA0KWC1SZXR1cm4tUGF0aDog
cHJ2cz0xOTM2OGFjMWRkPWluZm9AZXRzYy10ZWNoLmNvbQ0KWC1FbnZlbG9w
ZS1Gcm9tOiBpbmZvQGV0c2MtdGVjaC5jb20NClgtTURhZW1vbi1EZWxpdmVy
LVRvOiBsZWVqazE0NzBAbmF0ZS5jb20NClJlY2VpdmVkOiBmcm9tIGV4eHlh
YS5jb20gKFsyMTAuNzQuMTQzLjExNl0pIGJ5IGlpZHFxeGNyLmNvbTsgV2Vk
LCAyMCBGZWIgMjAwOCAxNjo0MjozNiArMDkwMA0KRnJvbTogIsDMvPaw5iIg
PGluZm9AZXRzYy10ZWNoLmNvbT4NClRvOiAibGVlamsxNDcwIiA8bGVlamsx
NDcwQG5hdGUuY29tPg0KU3ViamVjdDogorpssPhswqVssPhswM5swNpssN1s
wfVsuatst+HA2rfhMzM1Nzc3DQpEYXRlOiBXZWQsIDIwIEZlYiAyMDA4IDE2
OjQyOjIxICswOTAwDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBl
OiBtdWx0aXBhcnQvbWl4ZWQ7Ym91bmRhcnk9ICItLS0tPV9ORVhUUGFydF9E
QTdfSk0zMF9EU1MwVllXOC42UkQ0V1dQTSINClgtUHJpb3JpdHk6IDMNClgt
TVNNYWlsLVByaW9yaXR5OiBOb3JtYWwNClgtTWFpbGVyOiBlR3JvdXBzIE1l
c3NhZ2UgUG9zdGVyDQoNCi0tLS0tLT1fTkVYVFBhcnRfREE3X0pNMzBfRFNT
MFZZVzguNlJENFdXUE0NCkNvbnRlbnQtdHlwZTogdGV4dC9odG1sDQpDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCg0KRFFvOFlTQm9jbVZt
UFNKb2RIUndPaTh2YUdsNWFTNXRNM1JvTG05eVp5SStQR1p2Ym5RZ1kyOXNi
M0k5WW14MVpUNi9xYkhpeGF5NA0KcjZLNnRiVzN6ckd6eGV1d3FNR2t1K2N0
dzhyRG9ySGlJTDNEeCtqQXpDREgxYkRkdC93dncrdSs5OEdrdi9qQXpDQ3dv
Y0Rscy9UQQ0KdnJUUHROazhMMkUrRFFvPQ0KDQotLS0tLS09X05FWFRQYXJ0
X0RBN19KTTMwX0RTUzBWWVc4LjZSRDRXV1BNLS0NCg0K

--0220-1616-10-PART-BREAK--


以上是被退回来的信。
其中，为了安全，我隐去公司的域名，用123代替，请大家帮我看看到底是哪里出了问题。

lwz_08

最近大部分人都反映有大量垃圾邮件.
建议你将垃圾邮件设定收紧,并启动PTR查询

whmartin

能说得详细些么？我最近开了叶贝斯的垃圾学习，而且开了那个爆发的设置，这个是最近几天出现的。而且比较严重。

wxhsh

可能要启用9.6的反向散射防护试试。

whmartin

原帖由 wxhsh 于 2008-2-22 08:51 发表
可能要启用9.6的反向散射防护试试。

这个我也开启了，而且现在还有一个问题，当我的用户发送邮件时候如果写错了对方的地址，也会产生大量的回信，很搞不清楚，就算是回信，应该也是一封就足够了吧？