英文的垃圾邮件越来截止多,帮看看日志

nfore

标题和内容都是英文,我设置分值大于5的加上垃圾邮件的标记,可这些邮件都没有被加上,说明值小于5, 一些中文的垃圾邮件许多都可以被标出,

Mon 2009-05-04 18:09:01: ----------
Mon 2009-05-04 18:09:02: Session 550; child 11; thread 2172
Mon 2009-05-04 18:08:56: 接受 SMTP 连接来自 [87.78.140.200:1700]
Mon 2009-05-04 18:08:56: Performing PTR lookup (200.140.78.87.IN-ADDR.ARPA)
Mon 2009-05-04 18:08:56: *  D=200.140.78.87.IN-ADDR.ARPA TTL=(720) PTR=[xdsl-87-78-140-200.netcologne.de]
Mon 2009-05-04 18:08:56: *  Gathering A records...
Mon 2009-05-04 18:08:57: *  D=xdsl-87-78-140-200.netcologne.de TTL=(60) A=[87.78.140.200]
Mon 2009-05-04 18:08:57: ---- End PTR results
Mon 2009-05-04 18:08:57: --> 220 mail.xxxx.com ESMTP MDaemon 9.6.5; Mon, 04 May 2009 18:08:57 +0800
Mon 2009-05-04 18:08:57: <-- HELO xdsl-87-78-140-200.netcologne.de
Mon 2009-05-04 18:08:57: Performing IP lookup (xdsl-87-78-140-200.netcologne.de)
Mon 2009-05-04 18:08:57: *  D=xdsl-87-78-140-200.netcologne.de TTL=(59) A=[87.78.140.200]
Mon 2009-05-04 18:08:57: ---- End IP lookup results
Mon 2009-05-04 18:08:57: --> 250 mail.xxxx.com Hello xdsl-87-78-140-200.netcologne.de, pleased to meet you
Mon 2009-05-04 18:08:58: <-- MAIL FROM:<>
Mon 2009-05-04 18:08:58: Performing SPF lookup (xdsl-87-78-140-200.netcologne.de / 87.78.140.200)
Mon 2009-05-04 18:08:58: *  Result: none; no SPF record in DNS
Mon 2009-05-04 18:08:58: ---- End SPF results
Mon 2009-05-04 18:08:58: --> 250 <>, Sender ok
Mon 2009-05-04 18:08:59: <-- RCPT TO:<yangy@xxxx.com>
Mon 2009-05-04 18:08:59: --> 250 <yangy@xxxx.com>, Recipient ok
Mon 2009-05-04 18:09:00: <-- DATA
Mon 2009-05-04 18:09:00: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000360967.tmp
Mon 2009-05-04 18:09:00: --> 354 Enter mail, end with <CRLF>.<CRLF>
Mon 2009-05-04 18:09:00: Message size: 727 bytes
Mon 2009-05-04 18:09:00: Performing DKIM lookup
Mon 2009-05-04 18:09:00: *  File: d:\mdaemon\queues\temp\md50000360967.tmp
Mon 2009-05-04 18:09:00: *  Message-ID: [email=001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen]001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen[/email]
Mon 2009-05-04 18:09:00: *  Result: neutral
Mon 2009-05-04 18:09:00: ---- End DKIM results
Mon 2009-05-04 18:09:00: Performing DomainKeys lookup (Sender: daniel.lako@mail2socialist.com)
Mon 2009-05-04 18:09:00: *  File: d:\mdaemon\queues\temp\md50000360967.tmp
Mon 2009-05-04 18:09:00: *  Message-ID: [email=001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen]001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen[/email]
Mon 2009-05-04 18:09:00: *  Querying for policy: mail2socialist.com
Mon 2009-05-04 18:09:00: *    Querying: _domainkey.mail2socialist.com ...
Mon 2009-05-04 18:09:01: *    DNS: *  名称服务器报告未知的域名
Mon 2009-05-04 18:09:01: *  Result: neutral
Mon 2009-05-04 18:09:01: ---- End DomainKeys results
Mon 2009-05-04 18:09:01: Passing message through Spam Filter (Size: 727)...
Mon 2009-05-04 18:09:01: *  3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
Mon 2009-05-04 18:09:01: *  0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address
Mon 2009-05-04 18:09:01: *  1.0 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
Mon 2009-05-04 18:09:01: *      [score: 0.3230]
Mon 2009-05-04 18:09:01: ---- End SpamAssassin results
Mon 2009-05-04 18:09:01: Spam Filter score/req: 4.40/20.0
Mon 2009-05-04 18:09:01: 邮件创建 successful：d:\mdaemon\queues\inbound\md50001293802.msg
Mon 2009-05-04 18:09:01: --> 250 Ok, message saved <Message-ID: [email=001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen]001d01c9cc9a$5de490a0$e9e05c96@comaix8f9379c1opuen[/email]>
Mon 2009-05-04 18:09:02: <-- QUIT
Mon 2009-05-04 18:09:02: --> 221 See ya in cyberspace
Mon 2009-05-04 18:09:02: SMTP 会话成功（进/出字节：804/363）
Mon 2009-05-04 18:09:02: ----------



Tue 2009-05-05 05:49:04: ----------
Tue 2009-05-05 05:49:20: Session 4300; child 1; thread 1300
Tue 2009-05-05 05:49:13: 接受 SMTP 连接来自 [119.121.13.228:1827]
Tue 2009-05-05 05:49:13: Performing PTR lookup (228.13.121.119.IN-ADDR.ARPA)
Tue 2009-05-05 05:49:13: *  Error: *  名称服务器报告未知的域名
Tue 2009-05-05 05:49:13: *  未找到 PTR 记录
Tue 2009-05-05 05:49:13: ---- End PTR results
Tue 2009-05-05 05:49:13: --> 220 mail.xxxx.com ESMTP MDaemon 9.6.5; Tue, 05 May 2009 05:49:13 +0800
Tue 2009-05-05 05:49:14: <-- HELO wergvan
Tue 2009-05-05 05:49:14: Performing IP lookup (wergvan)
Tue 2009-05-05 05:49:14: *  D=wergvan TTL=(2) A=[218.85.156.49]
Tue 2009-05-05 05:49:14: ---- End IP lookup results
Tue 2009-05-05 05:49:14: --> 250 mail.xxxx.com Hello wergvan (may be forged), pleased to meet you
Tue 2009-05-05 05:49:14: <-- MAIL FROM:<>
Tue 2009-05-05 05:49:14: --> 250 <>, Sender ok
Tue 2009-05-05 05:49:15: <-- RCPT TO:<yangy@xxxx.com>
Tue 2009-05-05 05:49:15: --> 250 <yangy@xxxx.com>, Recipient ok
Tue 2009-05-05 05:49:15: <-- DATA
Tue 2009-05-05 05:49:15: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000363417.tmp
Tue 2009-05-05 05:49:15: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2009-05-05 05:49:16: Message size: 743 bytes
Tue 2009-05-05 05:49:16: Performing DKIM lookup
Tue 2009-05-05 05:49:16: *  File: d:\mdaemon\queues\temp\md50000363417.tmp
Tue 2009-05-05 05:49:16: *  Message-ID: [email=000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc]000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc[/email]
Tue 2009-05-05 05:49:16: *  Result: neutral
Tue 2009-05-05 05:49:16: ---- End DKIM results
Tue 2009-05-05 05:49:16: Performing DomainKeys lookup (Sender: haudinn@ofm.org.ar)
Tue 2009-05-05 05:49:16: *  File: d:\mdaemon\queues\temp\md50000363417.tmp
Tue 2009-05-05 05:49:16: *  Message-ID: [email=000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc]000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc[/email]
Tue 2009-05-05 05:49:16: *  Querying for policy: ofm.org.ar
Tue 2009-05-05 05:49:16: *    Querying: _domainkey.ofm.org.ar ...
Tue 2009-05-05 05:49:19: *    DNS: *  名称服务器报告未知的域名
Tue 2009-05-05 05:49:19: *  Result: neutral
Tue 2009-05-05 05:49:19: ---- End DomainKeys results
Tue 2009-05-05 05:49:19: Passing message through Spam Filter (Size: 743)...
Tue 2009-05-05 05:49:19: *  0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address
Tue 2009-05-05 05:49:19: *  0.1 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
Tue 2009-05-05 05:49:19: *      [score: 0.1285]
Tue 2009-05-05 05:49:19: ---- End SpamAssassin results
Tue 2009-05-05 05:49:19: Spam Filter score/req: 0.40/20.0
Tue 2009-05-05 05:49:19: 邮件创建 successful：d:\mdaemon\queues\inbound\md50001294298.msg
Tue 2009-05-05 05:49:19: --> 250 Ok, message saved <Message-ID: [email=000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc]000601c9ccfb$c6178ea0$e5c31aa2@3c30b10dc6cd40cifsqc[/email]>
Tue 2009-05-05 05:49:20: <-- QUIT
Tue 2009-05-05 05:49:20: --> 221 See ya in cyberspace
Tue 2009-05-05 05:49:20: SMTP 会话成功（进/出字节：793/355）
Tue 2009-05-05 05:49:20: ----------

wxhsh

9.6以上用开启安全-反向散射防护可以解决此类空return头垃圾邮件，9.6以下我再另行说明。

nfore

是这样配置吗?

创建新的反向散射保护密钥 是什么意思? 是否需要创建新的?

[ 本帖最后由 nfore 于 2009-5-5 14:47 编辑 ]

wxhsh

就是这样设置。不用创建，第一次设置后会自动创建，可到PEM\_batv\ 下查看rsa.private 是否创建成功。

nfore

原帖由 wxhsh 于 2009-5-5 14:53 发表
就是这样设置。不用创建，第一次设置后会自动创建，可到PEM\_batv\ 下查看rsa.private 是否创建成功。

谢谢 wzhsh,

有两个文件:rsa.private  和  rsa.public

wxhsh

那就可以了，一个是私钥，一个是公钥，设置后对外发一封信，看是否增加一个X-Return-Path邮件头，格式类似：:

1. prvs=1376588cb0=xxx@xxxx.com

复制代码

nfore

原帖由 wxhsh 于 2009-5-5 15:10 发表
那就可以了，一个是私钥，一个是公钥，设置后对外发一封信，看是否增加一个X-Return-Path邮件头，格式类似：:prvs=1376588cb0=xxx@xxxx.com

是的,不过这与我们拒绝垃圾邮件有什么联系呢?

wxhsh

再引用下官方说明：

"反向散射" 指的是用户收到对其从未发送过的邮件的响应邮件。当垃圾邮件或病毒发送的邮件中包含伪造的"返回路径"地址时就会发生反向散射。因此，当其中一封邮件被收件人服务器拒收时，或者如果收件人有与其账户关联的自动应答或"外出"/度假邮件，那么此响应邮件将指向伪造的地址。这会导致海量的伪造投递状态通知 (DSN) 或自动应答邮件撑爆用户的邮箱。不仅如此，垃圾邮件和病毒制造者经常会利用这种现象，有时会用它对邮件服务器发动拒绝服务 (Denial of Service，DoS) 攻击，造成从世界各地的服务器涌入大量无效邮件。

而你这个日志里是空的from，属于最低级别的了。