sendmail用s8自带的8.11.6,/var/log/syslog:如下:
Oct 21 08:45:19 xnjc sendmail[3934]: [ID 801593 mail.info] h9L0jJw03934:
from=<05zlj1005@ms45.hinet.net>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170]
Oct 21 08:45:20 xnjc sendmail[3935]: [ID 801593 mail.notice] h9L0jJw03935: ruleset=check_rcpt,
arg1=<ados9155@ms73.hinet.net>, relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170],
reject=550 5.7.1 <ados9155@ms73.hinet.net>... Relaying denied
Oct 21 08:45:20 xnjc sendmail[3935]: [ID 801593 mail.info] h9L0jJw03935:
from=<05zlj1005@ms45.hinet.net>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170]
Oct 21 08:45:20 xnjc sendmail[3936]: [ID 801593 mail.notice] h9L0jKw03936: ruleset=check_rcpt,
arg1=<ados9155@ms73.hinet.net>, relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170],
reject=550 5.7.1 <ados9155@ms73.hinet.net>... Relaying denied
Oct 21 08:45:20 xnjc sendmail[3936]: [ID 801593 mail.info] h9L0jKw03936:
from=<05zlj1005@ms45.hinet.net>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170]
Oct 21 08:45:21 xnjc sendmail[3937]: [ID 801593 mail.notice] h9L0jKw03937: ruleset=check_rcpt, arg1=<ados9155@ms73.hinet.net>, relay=KH218-187-183-170.adsl.pl.apol.com.tw [218.187.183.170], reject=550 5.7.1 <ados9155@ms73.hinet.net>... Relaying denied
处理的办法
STEP 1.
首先你要让你的服务器恢复正常,你可以在你的前端的硬件防火墙或着路由器上面把来自218.187.183.170的IP deny掉,这样你就不会收到来自dsl.pl.apol.com.tw的信了,当然你也可以在邮件服务器主机上用TCP WARPPER或者NET SCREEN做IP的过滤,但是不建议你这么做,会很浪费你的邮件服务器的资源。
STEP 2.
然后我们开始找出那个猪头并收拾他!我们需要做的是找到他注册域的ISP管理员的EMAIL,然后干掉他。
当然你可以直接查找他发信的用户来找到我们需要的信息
例如这条记录Oct 21 08:45:19 xnjc sendmail[3934]: [ID 801593 mail.info] h9L0jJw03934:
from=<05zlj1005@ms45.hinet.net>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
你可以直接查用户05zlj1005或者他的关键句柄ms45
$whois 05zlj1005
$whois \!ms45
但是这样查是没有什么意义的,我们发现那个猪头使用随机数字生成用户,你查不到什么,当然也不排除你遇到十分弱智的猪。所以我们可以查站点的IP地址反向跟踪得到其真实的域名。
哪个猪头可能在哪里注册呢??非洲??欧洲??米国???就先假设他在米国注册的,我们就需要查找北美的INTERNET注册机构,他的IP是218.187.183.170,我们需要查218.187.183.子网。
$whois -h whois.arin.net 218.187.183
这时你发现这个猪头可能没有在北美注册。没有关系,他回返回218.187.183.子网的注册地是apnic(亚太地区)
嘿嘿!!我们就去亚太区查他
$whois -h whois.apnic.net '-T inetnum -r 218.187.183'
.....
.....
admin-c: AA000-APNIC
tech-c : AA000-APNIC
tech-c : AA000
......
AA000就是这个子网管理员的关键句柄,接着查....
$whois -h whois.apnic.net '-r AA00'
person:John Doe
..........
e-Mail:john@doe.com
这个就是管理域的联系人的EMAIL当然还有电话什么的......你可以把LOG抓下来投诉他给你发垃圾邮件的行为。让管理员收拾他!
最常用的几个顶级INTERNET注册机构
北美 whois.arin.net
欧洲 whois.ripe.net
亚太地区 whois.apnic.net
.........
别的你自己找吧~~~~~~~ ^_^
| sunmarmot 回复于:2003-10-23 15:29:40 |
| [img:c55c902518]http://joke.tom.com/img/assets/1/jyw1980.jpg[/img:c55c902518] |
| duxf 回复于:2003-10-23 15:37:03 |
| 当然你也可以在邮件服务器主机上用TCP WARPPER或者NET SCREEN做IP的过滤
怎么做? |
| 陈小奚 回复于:2003-10-23 15:39:52 |
| 这样也太麻烦了点?而且查到了也还只是报告一下,倒不如加个antispam直接。 |
| gyns56 回复于:2003-10-23 16:02:54 |
| 看文章长见识,不顶对不起楼主,我顶!
另外,那位陈小奚网友可以讲讲antispam吗? |
| hitdwb 回复于:2003-10-23 18:10:13 |
| 我也顶。写的好 |
| sunmarmot 回复于:2003-10-24 10:02:51 |
| 当然你也可以用antispam做咯,但只是做DENY,和在路由上面做是一个效果
Home | Programming Resources | * General FAQ* Home Page Builder 2.0* HTML for the Conceptually Challenged* The CareWare IdeaExcel 7.0 SpreadsheetsHome Page Builder 2.0 -- HelpInterlibrary Loan Request Form KitPerl / CGI Scripts, C++ ProgramsTCP/IP Utilities Version 2.0The Anti-Spam Home PageWhere did my files go?Whois Utility The Anti-Spam Home Page The spam problem is not going away, it's getting worse! Learn how to stop junk e-mail. -- P. Lutus -- Message Page -- Tired of wading through all that junk mail? Learn how to stop the spammers -- here are instructions to automatically filter your e-mail, defend your site from exploitation by the spammers, and get involved! Use these links to choose the section you are interested in: General discussion Definition of spam Rules of the spam game What to do if you are on a site that permits spam How to alert a site that they are hosting a spammer How to identify a Spammer Spam do's and don'ts Write your congressional representatives How to report fraudulent e-mail E-mail filtering techniques How to edit sendmail.cf How to filter e-mail addresses and sites How to stop e-mail forwarding on your site How to test the changes in sendmail The spammer master lists Credits Other anti-spam resources General Discussion Here are the facts: According to some estimates, there are 50 million Americans with Internet accounts. Nearly all accounts have e-mail service. It costs virtually nothing to send an e-mail. There is no meaningful regulation of e-mail. This is a recipe for exploitation, and you are the target. All an advertiser has to do is obtain your e-mail address – after that, he can spam you again and again. I recently received two "spam" e-mails. The first offered to put a phone sex telephone number on my site – "Your choice of Straight, Gay, or Fetish lines available" – the second offered to sell me a list of 25 million e-mail addresses. As I read these messages, it struck me that, unless I fought back, I would be daily forced to look into the human sewer that spam e-mail represents, and I would be just one among millions of victims.
本文关键:[原创]如何防止邮件服务器的垃圾邮件并收拾给你发垃圾的猪头
相关方案
本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器) 
|