Imail垃圾邮件问题
从昨天开始的,有6万多封邮件队列卡在spool中,我的Imail服务器SMTP转发设置是no relay。可总是有很多莫名的垃圾邮件,苦恼~~~~黑名单加了N多IP地址了,禁不掉啊!有哪位同仁碰到过类似的情况不?怎么才可以禁掉这些垃圾邮件?
Mail from也是空的~~~
以下是一段日志
syslog中一段:
03:13 16:56 SMTP-(08ec0210000019dd) >MAIL FROM:<>
RCPT TO:<m4726@ms48.hinet.net>
03:13 16:56 SMTPD(0ba7017d00001e0d) looking up ms48.hinet.net in HOSTS
03:13 16:56 SMTP-(08ec0210000019dd) 250 OK
03:13 16:56 SMTPD(0bb201c400001e20) RSET
03:13 16:56 SMTP-(08ec0210000019dd) >RCPT To:<susan@trible.com.tw>
03:13 16:56 SMTP-(08d30210000019b2) Info - Found ms7.hinet.net in skip list
w>
03:13 16:56 SMTP-(08d301c4000019b1) Info - Found ms16.hinet.net in skip list
03:13 16:56 SMTP-(08d101fc000019af) Info - Found ms27.hinet.net in skip list
03:13 16:56 SMTP-(08f201c4000019e6) Info - Found ms32.hinet.net in skip list
03:13 16:56 SMTP-(08ec0210000019dd) 250 Accepted
03:13 16:56 SMTP-(08ec0210000019dd) >DATA
03:13 16:56 SMTP-(08ec0210000019dd) 354 Enter message, ending with "." on a line by itself
72
03:13 16:56 SMTPD(0b97021400001df6) RCPT TO:<sueyear10@yahoo.com.tw>
03:13 16:56 SMTP-(08ec0210000019dd) >.
03:13 16:56 SMTPD(0b97021400001df6) looking up yahoo.com.tw in HOSTS
03:13 16:56 SMTP-(08ca013f000019a4) Info - Found ms31.hinet.net in skip list
03:13 16:56 SMTP-(08f402e6000019ea) rl-recv: connection reset
03:13 16:56 SMTP-(08f402e6000019ea)
03:13 16:56 SMTP-(08f402e6000019ea) closing socket (u)
03:13 16:56 SMTP-(08da01a0000019b9) Info - Found taiwan.com in skip list
03:13 16:56 SMTP-(08f801be000019f3) looking up yahoo.com.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found yahoo.com.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up yahoo.com.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found yahoo.com.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up yahoo.com.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found yahoo.com.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up ms1.hinet.net in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found ms1.hinet.net in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up pchome.com.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found pchome.com.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up kkcity.com.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found kkcity.com.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up ms39.hinet.net in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found ms39.hinet.net in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up home.com in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - DNS Cache full, deleting last item (ms22.hinet.net)
03:13 16:56 SMTP-(08f801be000019f3) Info - Adding home.com to DNS cache - TTL = 6527
03:13 16:56 SMTP-(0000000000000000) Info - Adding Queue file D:\IMail\spool\Q0bb0020700001e1a.SMD
03:13 16:56 SMTP-(08f801be000019f3) looking up seed.net.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found seed.net.tw in DNS Cache
03:13 16:56 SMTP-(08f801be000019f3) looking up forwin.com.tw in HOSTS and MX
03:13 16:56 SMTP-(089801fc00001977) requeuing D:\IMail\spool\Q089801fc00001977.SMD R0 T2
03:13 16:56 SMTP-(089801fc00001977) finished D:\IMail\spool\Q089801fc00001977.SMD status=3
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<sib04637@ms17.hinet.net>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up ms17.hinet.net in HOSTS
03:13 16:56 SMTPD(0bab01fc00001e13) RCPT TO:<miss_tiber@yahoo.com.tw>
03:13 16:56 SMTPD(0bab01fc00001e13) looking up yahoo.com.tw in HOSTS
03:13 16:56 SMTPD(0bb201a400001e1f) RSET
03:13 16:56 SMTPD(0ba9016600001e12) RCPT TO:<nlfawana@seed.net.tw>
03:13 16:56 SMTPD(0ba9016600001e12) looking up seed.net.tw in HOSTS
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<vany@giga.net.tw>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up giga.net.tw in HOSTS
03:13 16:56 SMTPD(0bac01eb00001e15) RCPT TO:<poko735@yahoo.com.tw>
03:13 16:56 SMTP-(08f801be000019f3) Got Attachment Blocking Host03:13 16:56 SMTPD(0baf014300001e19) RCPT TO:<koney7429@yahoo.com.tw>
03:13 16:56 SMTPD(0baf014300001e19) looking up yahoo.com.tw in HOSTS
03:13 16:56 SMTP-(08f801be000019f3) Info - DNS Cache full, deleting last item (titan.seed.net.tw)
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<w0939363373@yahoo.com.tw>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up yahoo.com.tw in HOSTS
03:13 16:56 SMTPD(0ba4013f00001e0b) RCPT TO:<mailer1008@yahoo.com.tw>
03:13 16:56 SMTPD(0ba4013f00001e0b) looking up yahoo.com.tw in HOSTS
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<accepting@ms9.hinet.net>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up ms9.hinet.net in HOSTS
03:13 16:56 SMTPD(0ba2019100001e05) RCPT TO:<sandyn@ms19.hinet.net>
03:13 16:56 SMTPD(0ba2019100001e05) looking up ms19.hinet.net in HOSTS
03:13 16:56 SMTPD(0ba301a000001e0a) RCPT TO:<sib02112@ms15.hinet.net>
03:13 16:56 SMTPD(0ba301a000001e0a) looking up ms15.hinet.net in HOSTS
03:13 16:56 SMTPD(0ba801c100001e0e) D:\IMail\spool\D0ba801c100001e0e.SMD 2789
03:13 16:56 SMTPD(0bac01eb00001e15) RCPT TO:<l401221l@ms26.hinet.net>
03:13 16:56 SMTPD(0bac01eb00001e15) looking up ms26.hinet.net in HOSTS
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<amber0630@yammail.com>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up yammail.com in HOSTS
03:13 16:56 SMTPD(0bb202ec00001e21) RSET
03:13 16:56 SMTPD(0bb2032800001e1e) RCPT TO:<iiid13@ms27.hinet.net>
03:13 16:56 SMTPD(0bb2032800001e1e) looking up ms27.hinet.net in HOSTS
03:13 16:56 SMTPD(0ba3033a00001e06) RCPT TO:<kao0609@ms5.hinet.net>
03:13 16:56 SMTPD(0ba3033a00001e06) looking up ms5.hinet.net in HOSTS
03:13 16:56 SMTP-(08f801be000019f3) Info - Adding forwin.com.tw to DNS cache - TTL = 64
03:13 16:56 SMTP-(08f801be000019f3) looking up giga.net.tw in HOSTS and MX
03:13 16:56 SMTP-(08f801be000019f3) Info - Found giga.net.tw in DNS Cache
03:13 16:56 SMTP-(08ec0210000019dd) 250 OK id=1S7NWm-00056B-Uf
03:13 16:56 SMTP-(08ec0210000019dd) rdeliver trible.com.tw susan@trible.com.tw (1) <> 4882
03:13 16:56 SMTP-(08ec0210000019dd) >QUIT
邮件队列中的一封:
Received: from sww-e037b6e6d84 by channel.com.cn with ESMTP
(SMTPD-8.20) id A5AF050C; Tue, 13 Mar 2012 18:47:11 +0800
Date: Tue, 13 Mar 2012 18:47:02 +0800
From: =?BIG5?B?tr6qtKVj?= <>
To: "r0921652492" <r0921652492@yahoo.com.tw>
Subject: jH **3.12.1844ok**
=?BIG5?B?bKRrpM2zUaqvw+ymqabtoUGoa6TNp+Kmb6q6puel/rLmpfo=?=
Message-ID: <Tue, 13 Mar 2012 18:47:02 +08006891@>
X-Mailer: Microsoft Outlook
MIME-Version: 1.0
Content-Type: text/plain;
charset="Big5"
Content-Transfer-Encoding: base64
Return-Path: <8@ie.yahoo>
本帖最后由 山坛兄弟 于 2012-3-15 10:41 编辑
hinet.net是台湾的类似大陆的ADSL的账号,建议屏蔽掉,在SMTP设置中,勾选“check valid sender”,在域名的antispam中,勾选verify MAIL FROM address,符合的删除,启动SPF功能,如果是FAIL的,直接删除处理。 你的问题不是发到你本机的垃圾邮件的困扰
筛选分析看看,我估计更大的可能是你有帐号外泄被利用在发送垃圾邮件 如果有人发给你垃圾邮件的话,一般是不会堵着队列的,出现队列中6W多封邮件肯定是你有帐号被盗用来发垃圾邮件了,通过日志筛选找到那个帐号吧。
另外,山坛兄的反垃圾策略太霸气了,呵呵 ineedrmb 发表于 2012-4-11 17:08 static/image/common/back.gif
如果有人发给你垃圾邮件的话,一般是不会堵着队列的,出现队列中6W多封邮件肯定是你有帐号被盗用来发垃圾邮 ...
我也同意,這樣設反垃圾策略太容易把正常郵件也給刪除了。 IMail早一点版本上的反垃圾基本可以放弃了。
页:
[1]
