论坛首页 › WinWebMail › 【已解决】下面这封垃圾邮件，如何彻底封杀

maoyan123 发表于 2012-2-7 10:23:27

【已解决】下面这封垃圾邮件，如何彻底封杀

本帖最后由 山坛兄弟 于 2012-2-10 13:25 编辑

邮件头信息：

邮件头信息
Received: from 110.53.30.194 (HELO XVNUZMKR.NET); Tue, 7 Feb 2012 10:12:43 +0800
Received: from umpkz (unknown )
    by xvnuzmkr with SMTP id yqc4Iau4XiNuAoN7.1
    for <hr_soft@zaixin.com>; Tue, 14 Feb 2012 10:21:03 +0800
Date: Tue, 14 Feb 2012 10:20:50 +0800
From: "vbycmap" gzu@xvnuzmkr.net

最开始的IP应该是110.53.30.194，但是这个我估计是动态IP，单纯封IP作用不大

那么他的主题是：新【国 际 贸 易 术 语 通 则】应o对o策o略这个也是三天两头换主题

请问有什么好的办法能杜绝这个垃圾邮件？

山坛兄弟 发表于 2012-2-7 10:51:16

请提供一下完整的邮件头或者发送EML格式的附件给我，我帮你分析一下。这样的群发邮件一般都是有规律的。
我的邮箱：antispams####qq.com（把####换成@）

山坛兄弟 发表于 2012-2-7 10:58:33

晕死了，zaixin.com这个域名下的邮局根本就没有对发信人的有效性进行检查，任意不存在的邮箱域名都可以发信给你，这样垃圾邮件不多才怪呢！

"TCPIP"        3020        "2012-02-07 10:53:20.885"        "DNS - MX Lookup: zaixin.com"
"TCPIP"        3020        "2012-02-07 10:53:20.965"        "DNS - MX Result: 1 IP addresses were found."
"DEBUG"        3020        "2012-02-07 10:53:20.965"        "SD::_InitiateExternalConnection"
"DEBUG"        3020        "2012-02-07 10:53:20.965"        "Creating session 16"
"TCPIP"        3020        "2012-02-07 10:53:20.975"        "Connecting to 118.144.74.15..."
"DEBUG"        3100        "2012-02-07 10:53:21.115"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:21.115"        "118.144.74.15"        "RECEIVED: 220 ESMTP on WinWebMail ready.http://www.winwebmail.com"
"SMTPC"        3100        16        "2012-02-07 10:53:21.115"        "118.144.74.15"        "SENT: HELO localhost"
"DEBUG"        3100        "2012-02-07 10:53:21.115"        "SMTPClientConnection::~_ParseASCII() - 2"
"DEBUG"        3100        "2012-02-07 10:53:21.175"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:21.175"        "118.144.74.15"        "RECEIVED: 250 HELO"
"SMTPC"        3100        16        "2012-02-07 10:53:21.175"        "118.144.74.15"        "SENT: MAIL FROM:<admin@testmail.com.cn>"
"DEBUG"        3100        "2012-02-07 10:53:21.175"        "SMTPClientConnection::~_ParseASCII() - 4"
"TCPIP"        3104        "2012-02-07 10:53:21.466"        "TCPConnection - Posting AcceptEx on 0.0.0.0:143"
"DEBUG"        3104        "2012-02-07 10:53:21.466"        "Creating session 17"
"DEBUG"        3084        "2012-02-07 10:53:21.666"        "Closing TCP/IP socket"
"DEBUG"        3084        "2012-02-07 10:53:21.666"        "Ending session 17"
"TCPIP"        3104        "2012-02-07 10:53:22.267"        "TCPConnection - Posting AcceptEx on 0.0.0.0:143"
"DEBUG"        3104        "2012-02-07 10:53:22.267"        "Creating session 18"
"DEBUG"        3108        "2012-02-07 10:53:22.347"        "Reading message from database"
"DEBUG"        3104        "2012-02-07 10:53:22.407"        "Closing TCP/IP socket"
"DEBUG"        3096        "2012-02-07 10:53:22.417"        "Ending session 18"
"TCPIP"        3104        "2012-02-07 10:53:22.467"        "TCPConnection - Posting AcceptEx on 0.0.0.0:143"
"DEBUG"        3104        "2012-02-07 10:53:22.467"        "Creating session 19"
"DEBUG"        3076        "2012-02-07 10:53:22.517"        "Closing TCP/IP socket"
"DEBUG"        3076        "2012-02-07 10:53:22.517"        "Ending session 19"
"DEBUG"        3100        "2012-02-07 10:53:29.788"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:29.788"        "118.144.74.15"        "RECEIVED: 250 OK"
"DEBUG"        3100        "2012-02-07 10:53:29.788"        "SMTPClientConnection::~_ParseASCII() - 6"
"SMTPC"        3100        16        "2012-02-07 10:53:29.788"        "118.144.74.15"        "SENT: RCPT TO:<hr_soft@zaixin.com>"
"DEBUG"        3100        "2012-02-07 10:53:29.848"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:29.848"        "118.144.74.15"        "RECEIVED: 250 OK, recipient accepted"
"SMTPC"        3100        16        "2012-02-07 10:53:29.848"        "118.144.74.15"        "SENT: DATA"
"DEBUG"        3100        "2012-02-07 10:53:29.848"        "SMTPClientConnection::~_ParseASCII() - 7"
"DEBUG"        3100        "2012-02-07 10:53:29.918"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:29.918"        "118.144.74.15"        "RECEIVED: 354 Send checkpointed message, ending in CRLF.CRLF"
"SMTPC"        3100        16        "2012-02-07 10:53:29.918"        "118.144.74.15"        "SENT: ."
"DEBUG"        3100        "2012-02-07 10:53:38.550"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:38.550"        "118.144.74.15"        "RECEIVED: 250 RCP:a5ab1999 RCID:20120207105323953_04045~742a0211"
"SMTPC"        3100        16        "2012-02-07 10:53:38.550"        "118.144.74.15"        "SENT: QUIT"
"DEBUG"        3100        "2012-02-07 10:53:38.550"        "SMTPClientConnection::~_ParseASCII() - 9"
"DEBUG"        3100        "2012-02-07 10:53:38.620"        "SMTPClientConnection::_ParseASCII()"
"SMTPC"        3100        16        "2012-02-07 10:53:38.620"        "118.144.74.15"        "RECEIVED: 221 Closing connection"

maoyan123 发表于 2012-2-7 11:16:47

请问要怎么检查呀？我是根据要求设置的

山坛兄弟 发表于 2012-2-7 11:23:09

maoyan123 发表于 2012-2-7 11:16 static/image/common/back.gif
请问要怎么检查呀？我是根据要求设置的

配置很有问题。所以垃圾邮件自然很多。

maoyan123 发表于 2012-2-7 11:53:54

邮局根本就没有对发信人的有效性进行检查，这个是在那里配置的？

其他配置都是按照要求该打勾的都打勾了

查看完整版本: 【已解决】下面这封垃圾邮件，如何彻底封杀