附上垃圾邮件日志，各位看下有办法防吗？

zjsxlitc · 发表于 2010-9-7 10:49:57

就这周开始的，经常有部份人收到垃圾邮件。邮件内容大概如下：
=============================================以下为垃圾邮件内容

HYDROCODONE BRAND Watson 540 10mg/mg

Buy Your HYDROCODONE Online
30 Pills - $260, 60 Pills - $479, 90 Pills - $656, 120 Pills - $838.
NoPRESCRIPTION REQUIRED

Safe, Easy and Discreet Delivery! Order Now!

==============================================以上为垃圾邮件内容

我查了下，相关日志如下：
SMTP(IN)中相关如下：
ue 2010-09-07 00:37:58: ----------
Tue 2010-09-07 00:38:58: Session 1785; child 1; thread 2896
Tue 2010-09-07 00:37:44: Accepting SMTP connection from [92.7.188.171:2351]
Tue 2010-09-07 00:37:44: Performing PTR lookup (171.188.7.92.IN-ADDR.ARPA)
Tue 2010-09-07 00:37:54: *  DNS: 10 second wait for DNS response exceeded
Tue 2010-09-07 00:37:54: *  D=171.188.7.92.IN-ADDR.ARPA TTL=(1440) PTR=[host-92-7-188-171.as43234.net]
Tue 2010-09-07 00:37:54: *  Gathering A records...
Tue 2010-09-07 00:37:55: ---- End PTR results
Tue 2010-09-07 00:37:55: --> 220 huge.com.cn ESMTP MDaemon 10.1.1; Tue, 07 Sep 2010 00:37:55 +0800
Tue 2010-09-07 00:37:57: <-- EHLO zxcdj
Tue 2010-09-07 00:37:57: Performing IP lookup (zxcdj)
Tue 2010-09-07 00:38:07: *  DNS: 10 second wait for DNS response exceeded
Tue 2010-09-07 00:38:07: *  Error: *  名称服务器报告未知的域名
Tue 2010-09-07 00:38:07: ---- End IP lookup results
Tue 2010-09-07 00:38:07: --> 250-huge.com.cn Hello host-92-7-188-171.as43234.net, pleased to meet you
Tue 2010-09-07 00:38:07: --> 250-ETRN
Tue 2010-09-07 00:38:07: --> 250-AUTH=LOGIN
Tue 2010-09-07 00:38:07: --> 250-AUTH LOGIN CRAM-MD5
Tue 2010-09-07 00:38:07: --> 250-8BITMIME
Tue 2010-09-07 00:38:07: --> 250 SIZE
Tue 2010-09-07 00:38:08: <-- MAIL FROM: <adella.bibife@gbg.com>
Tue 2010-09-07 00:38:08: Performing IP lookup (gbg.com)
Tue 2010-09-07 00:38:09: *  D=gbg.com TTL=(60) A=[98.174.154.185]
Tue 2010-09-07 00:38:09: *  P=000 S=001 D=gbg.com TTL=(42) MX=[gbg.com.1.0001.arsmtp.com] {204.232.236.158}
Tue 2010-09-07 00:38:09: *  P=010 S=000 D=gbg.com TTL=(42) MX=[gbg.com.2.0001.arsmtp.com] {204.232.236.159}
Tue 2010-09-07 00:38:09: ---- End IP lookup results
Tue 2010-09-07 00:38:09: Performing SPF lookup (gbg.com / 92.7.188.171)
Tue 2010-09-07 00:38:09: *  Result: none; no SPF record in DNS
Tue 2010-09-07 00:38:09: ---- End SPF results
Tue 2010-09-07 00:38:09: --> 250 <adella.bibife@gbg.com>, Sender ok
Tue 2010-09-07 00:38:16: <-- RCPT TO: <zhaopin@我的邮箱.com>
Tue 2010-09-07 00:38:16: --> 250 <zhaopin@huge.com.cn>, Recipient ok
Tue 2010-09-07 00:38:23: <-- RCPT TO: <lindawang@我的邮箱.com>
Tue 2010-09-07 00:38:23: --> 250 <lindawang@我的邮箱.com>, Recipient ok
Tue 2010-09-07 00:38:25: <-- RCPT TO: <lyj@我的邮箱.com>
Tue 2010-09-07 00:38:25: --> 250 <lyj@我的邮箱.com>, Recipient ok
Tue 2010-09-07 00:38:31: <-- DATA
Tue 2010-09-07 00:38:31: Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:31: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2010-09-07 00:38:39: Message size: 1964 bytes
Tue 2010-09-07 00:38:39: Performing DKIM lookup
Tue 2010-09-07 00:38:39: *  File: d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:39: *  Message-ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:39: *  Result: neutral
Tue 2010-09-07 00:38:39: ---- End DKIM results
Tue 2010-09-07 00:38:39: Performing DomainKeys lookup (Sender: adella.bibife@gbg.com)
Tue 2010-09-07 00:38:39: *  File: d:\mdaemon\queues\temp\md50000004665.tmp
Tue 2010-09-07 00:38:39: *  Message-ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:39: *  Querying for policy: gbg.com
Tue 2010-09-07 00:38:39: * Querying: _domainkey.gbg.com ...
Tue 2010-09-07 00:38:39: * DNS: *  名称服务器报告未知的域名
Tue 2010-09-07 00:38:39: *  Result: neutral
Tue 2010-09-07 00:38:39: ---- End DomainKeys results
Tue 2010-09-07 00:38:39: Passing message through AntiVirus (Size: 1964)...
Tue 2010-09-07 00:38:39: *  邮件清洁（未发现病毒）
Tue 2010-09-07 00:38:39: ---- End AntiVirus results
Tue 2010-09-07 00:38:39: *  Outbreak Protection Error: Still unable to connect to Datacenter
Tue 2010-09-07 00:38:39: Passing message through Spam Filter (Size: 1964)...
Tue 2010-09-07 00:38:54: * -4.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Tue 2010-09-07 00:38:54: *    [score: 0.0000]
Tue 2010-09-07 00:38:54: *  0.0 HTML_MESSAGE BODY: HTML included in message
Tue 2010-09-07 00:38:54: *  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
Tue 2010-09-07 00:38:54: *    dynamic-looking rDNS
Tue 2010-09-07 00:38:54: *  0.5 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
Tue 2010-09-07 00:38:54: ---- End SpamAssassin results
Tue 2010-09-07 00:38:54: Spam Filter score/req: -4.10/12.0
Tue 2010-09-07 00:38:55: 邮件创建 successful：d:\mdaemon\queues\inbound\md50000011143.msg
Tue 2010-09-07 00:38:55: --> 250 Ok, message saved <Message-ID: 4C85268F.418989F0@gbg.com>
Tue 2010-09-07 00:38:58: <-- QUIT
Tue 2010-09-07 00:38:58: --> 221 See ya in cyberspace
Tue 2010-09-07 00:38:58: SMTP session successful (Bytes in/out: 2108/510)

以下是antispam日志相关内容：
ue 2010-09-07 00:38:58: (SMTP) Spam Filter processing d:\mdaemon\queues\temp\md50000004665.tmp...
Tue 2010-09-07 00:38:58: *  Message return-path: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: *  Message ID: 4C85268F.418989F0@gbg.com
Tue 2010-09-07 00:38:58: Start SpamAssassin results
Tue 2010-09-07 00:38:58: -4.10 points, 15 required;
Tue 2010-09-07 00:38:58: * -4.7 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Tue 2010-09-07 00:38:58: *    [score: 0.0000]
Tue 2010-09-07 00:38:58: *  0.0 HTML_MESSAGE BODY: HTML included in message
Tue 2010-09-07 00:38:58: *  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
Tue 2010-09-07 00:38:58: *    dynamic-looking rDNS
Tue 2010-09-07 00:38:58: *  0.5 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
Tue 2010-09-07 00:38:58: End SpamAssassin results
以下是antivirus日志相关内容
Tue 2010-09-07 00:35:34: ----------
Tue 2010-09-07 00:38:58: SecurityPlus AntiVirus processing d:\mdaemon\queues\local\md50000021815.msg...
Tue 2010-09-07 00:38:58: * Message return-path: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: * Message from: adella.bibife@gbg.com
Tue 2010-09-07 00:38:58: * Message to: lindawang@我的邮箱.com
Tue 2010-09-07 00:38:58: * Message subject: Now you can buy cializ and Enjoy! 30 pills x 20mg 89.95$, 180 pills x 20mg 289$ nq
Tue 2010-09-07 00:38:58: * Message ID: <4C85268F.418989F0@gbg.com>
Tue 2010-09-07 00:38:58: Start SecurityPlus AntiVirus results
Tue 2010-09-07 00:38:58: * Total attachments scanned : 3 (including multipart/alternatives and message body)
Tue 2010-09-07 00:38:58: * Total attachments infected : 0
Tue 2010-09-07 00:38:58: * Total attachments disinfected: 0
Tue 2010-09-07 00:38:58: * Total errors while scanning  : 0
Tue 2010-09-07 00:38:58: * Total attachments removed : 0
Tue 2010-09-07 00:38:58: End of SecurityPlus AntiVirus results
Tue 2010-09-07 00:38:58: ----------

OP一直不能用：

Tue 2010-09-07 10:16:32: *  Outbreak Protection Error: Still unable to connect to Datacenter

上面的日志中看到，这封邮件的启发式分值是--4.10分，而我这设置的分值是15分。所以MD直接对这封邮件放行了。
各位大哥麻烦看下，这样的邮件，有办法堵住吗？

ccoo · 发表于 2010-9-10 14:36:34

可以试试在内容过滤器里做规则，if the FROM HEADER contains @gbg.com这个域的，执行DELETE the message这个动作

		自动登录	找回密码
密码			会员注册

[求助] 附上垃圾邮件日志，各位看下有办法防吗？