關於SMTP入站日誌的詳解二

我會盡量多找些有特點的日誌，供大家分享

 

第一段日誌，是一段發件方是黑名單：

Thu 2011-08-25 00:02:10: Session 4162; child 2; thread 3372

Thu 2011-08-25 00:01:47: Accepting SMTP connection from [115.117.168.134:21944]

Thu 2011-08-25 00:01:47: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:01:47 +0800

Thu 2011-08-25 00:01:47: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:01:47: <-- EHLO ibgh.com

Thu 2011-08-25 00:01:47: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:01:52: --> 250-mail.lenovots.com Hello ibgh.com, pleased to meet you

Thu 2011-08-25 00:01:52: --> 250-ETRN

Thu 2011-08-25 00:01:52: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:01:52: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:01:52: --> 250-8BITMIME

Thu 2011-08-25 00:01:52: --> 250-STARTTLS

Thu 2011-08-25 00:01:52: --> 250 SIZE

Thu 2011-08-25 00:01:55: <-- MAIL FROM:<nacha.notification [email protected]>

Thu 2011-08-25 00:01:55: Performing PTR lookup (134.168.117.115.IN-ADDR.ARPA)

Thu 2011-08-25 00:01:55: *  D=134.168.117.115.IN-ADDR.ARPA TTL=(1439) PTR=[115.117.168.134.static-delhi.vsnl.net.in]

Thu 2011-08-25 00:01:55: *  Gathering A records...

Thu 2011-08-25 00:02:07: ---- End PTR results

Thu 2011-08-25 00:02:07: Performing IP lookup (nacha.com)

Thu 2011-08-25 00:02:08: *  D=nacha.com TTL=(60) A=[202.94.150.163]

Thu 2011-08-25 00:02:08: *  P=010 S=000 D=nacha.com TTL=(59) MX=[mail9.jcity.com] {211.18.210.13}

Thu 2011-08-25 00:02:08: ---- End IP lookup results

Thu 2011-08-25 00:02:08: Performing SPF lookup (nacha.com / 115.117.168.134)

Thu 2011-08-25 00:02:09: *  Policy: v=spf1 redirect=jcity.com

Thu 2011-08-25 00:02:09: *  Evaluating redirect=jcity.com:

Thu 2011-08-25 00:02:09: *  Evaluating redirect=jcity.com: performing lookup

Thu 2011-08-25 00:02:09: *    Policy: v=spf1 ip4:211.18.210.0/28 ip4:203.179.86.144/28 ip4:211.9.59.48/28 ip4:219.118.188.80/28 ip4:203.179.83.32/28 ip4:202.94.150.160/28 ip4:61.195.151.208/28 ip4:218.42.158.80/28 ip4:115.31.194.127 ip4:115.31.194.128 ~all

Thu 2011-08-25 00:02:09: *    Evaluating ip4:211.18.210.0/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:203.179.86.144/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:211.9.59.48/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:219.118.188.80/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:203.179.83.32/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:202.94.150.160/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:61.195.151.208/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:218.42.158.80/28: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:115.31.194.127: no match

Thu 2011-08-25 00:02:09: *    Evaluating ip4:115.31.194.128: no match

Thu 2011-08-25 00:02:09: *    Evaluating ~all: match

Thu 2011-08-25 00:02:09: *  Result: softfail

Thu 2011-08-25 00:02:09: ---- End SPF results

Thu 2011-08-25 00:02:09: --> 250 <[email protected]>, Sender ok

Thu 2011-08-25 00:02:10: <-- RCPT TO:[email protected]

檢查RBL

Thu 2011-08-25 00:02:10: 執行 DNS-BL 查詢（115.117.168.134 - 正在連接 IP）

Thu 2011-08-25 00:02:10: *  zen.spamhaus.org - 失敗 - 127.0.0.11

Thu 2011-08-25 00:02:10: ---- 結束 DNS-BL 結果

Thu 2011-08-25 00:02:10: --> 550 Your mail server: 115.117.168.134 was listed on RBL by Spamhaus, please contact your system admnistrator, or visit http://zen.spamhaus.org

Thu 2011-08-25 00:02:10: SMTP session terminated (Bytes in/out: 99/425)

發現對方郵箱被加入黑名單，退信並返回信息

 

 

第二段日誌，DNS解析失敗：

Thu 2011-08-25 00:05:21: Session 4186; child 2; thread 4016

Thu 2011-08-25 00:05:14: Accepting SMTP connection from [58.19.99.70:57492]

Thu 2011-08-25 00:05:14: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:05:14 +0800

Thu 2011-08-25 00:05:14: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:05:15: <-- ehlo ufyts.com

Thu 2011-08-25 00:05:15: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:05:20: --> 250-mail.lenovots.com Hello ufyts.com, pleased to meet you

Thu 2011-08-25 00:05:20: --> 250-ETRN

Thu 2011-08-25 00:05:20: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:05:20: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:05:20: --> 250-8BITMIME

Thu 2011-08-25 00:05:20: --> 250-STARTTLS

Thu 2011-08-25 00:05:20: --> 250 SIZE

Thu 2011-08-25 00:05:20: <-- Rset

Thu 2011-08-25 00:05:20: --> 250 RSET? Well, ok.

Thu 2011-08-25 00:05:20: <-- Mail from:<[email protected]>

Thu 2011-08-25 00:05:20: Performing PTR lookup (70.99.19.58.IN-ADDR.ARPA)

Thu 2011-08-25 00:05:21: *  Error: *  名稱服務器報告未知的域名

Thu 2011-08-25 00:05:21: *  No PTR records found

Thu 2011-08-25 00:05:21: ---- End PTR results

檢查DNS與MX

Thu 2011-08-25 00:05:21: Performing IP lookup (ufyts.com)

Thu 2011-08-25 00:05:21: *  Error: *  名稱服務器報告未知的域名

Thu 2011-08-25 00:05:21: ---- End IP lookup results

沒有解析，退信並返回信息451

Thu 2011-08-25 00:05:21: --> 451 <ufyts.com> is invalid or DNS says does not exist

Thu 2011-08-25 00:05:21: SMTP session terminated (Bytes in/out: 49/335)

 

 

第三段日誌，未知的收件人名稱：

Thu 2011-08-25 00:07:05: Session 4198; child 2; thread 2560

Thu 2011-08-25 00:06:51: Accepting SMTP connection from [123.89.199.240:1848]

Thu 2011-08-25 00:06:51: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:06:51 +0800

Thu 2011-08-25 00:06:51: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:06:51: <-- ehlo zwag.com

Thu 2011-08-25 00:06:51: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:06:56: --> 250-mail.lenovots.com Hello zwag.com, pleased to meet you

Thu 2011-08-25 00:06:56: --> 250-ETRN

Thu 2011-08-25 00:06:56: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:06:56: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:06:56: --> 250-8BITMIME

Thu 2011-08-25 00:06:56: --> 250-STARTTLS

Thu 2011-08-25 00:06:56: --> 250 SIZE

Thu 2011-08-25 00:06:56: <-- Rset

Thu 2011-08-25 00:06:56: --> 250 RSET? Well, ok.

Thu 2011-08-25 00:06:58: <-- Mail from:<[email protected]>

Thu 2011-08-25 00:06:58: Performing PTR lookup (240.199.89.123.IN-ADDR.ARPA)

Thu 2011-08-25 00:07:01: *  Error: *  名稱服務器報告未知的域名

Thu 2011-08-25 00:07:01: *  No PTR records found

Thu 2011-08-25 00:07:01: ---- End PTR results

Thu 2011-08-25 00:07:01: Performing IP lookup (zwag.com)

Thu 2011-08-25 00:07:02: *  D=zwag.com TTL=(120) A=[209.62.20.188]

Thu 2011-08-25 00:07:02: ---- End IP lookup results

Thu 2011-08-25 00:07:02: Performing SPF lookup (zwag.com / 123.89.199.240)

Thu 2011-08-25 00:07:03: *  Result: none; no SPF record in DNS

Thu 2011-08-25 00:07:03: ---- End SPF results

Thu 2011-08-25 00:07:03: --> 250 <[email protected]>, Sender ok

Thu 2011-08-25 00:07:03: <-- RCPT to:<[email protected]>

Thu 2011-08-25 00:07:03: 發件人試圖投遞郵件到未知地址

未知收件人地址，退信並返回信息550

Thu 2011-08-25 00:07:03: --> 550 <[email protected]>, Recipient unknown

Thu 2011-08-25 00:07:05: <-- Quit

Thu 2011-08-25 00:07:05: --> 221 See ya in cyberspace

Thu 2011-08-25 00:07:05: SMTP session terminated (Bytes in/out: 92/390)