关于SMTP入站日志的详解二-白红宇

关于SMTP入站日志的详解二

阅读量：6073 次

发布时间：2019-06-20

本文共 6741 字，大约阅读时间需要 22 分钟。

我会尽量多找些有特点的日志，供大家分享

第一段日志，是一段发件方是黑名单：

Thu 2011-08-25 00:02:10: Session 4162; child 2; thread 3372

Thu 2011-08-25 00:01:47: Accepting SMTP connection from [115.117.168.134:21944]

Thu 2011-08-25 00:01:47: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:01:47 +0800

Thu 2011-08-25 00:01:47: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:01:47: <-- EHLO ibgh.com

Thu 2011-08-25 00:01:47: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:01:52: --> 250-mail.lenovots.com Hello ibgh.com, pleased to meet you

Thu 2011-08-25 00:01:52: --> 250-ETRN

Thu 2011-08-25 00:01:52: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:01:52: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:01:52: --> 250-8BITMIME

Thu 2011-08-25 00:01:52: --> 250-STARTTLS

Thu 2011-08-25 00:01:52: --> 250 SIZE

Thu 2011-08-25 00:01:55: <-- MAIL FROM:<nacha.notification center@nacha.com>

Thu 2011-08-25 00:01:55: Performing PTR lookup (134.168.117.115.IN-ADDR.ARPA)

Thu 2011-08-25 00:01:55: * D=134.168.117.115.IN-ADDR.ARPA TTL=(1439) PTR=[115.117.168.134.static-delhi.vsnl.net.in]

Thu 2011-08-25 00:01:55: * Gathering A records...

Thu 2011-08-25 00:02:07: ---- End PTR results

Thu 2011-08-25 00:02:07: Performing IP lookup (nacha.com)

Thu 2011-08-25 00:02:08: * D=nacha.com TTL=(60) A=[202.94.150.163]

Thu 2011-08-25 00:02:08: * P=010 S=000 D=nacha.com TTL=(59) MX=[mail9.jcity.com] {211.18.210.13}

Thu 2011-08-25 00:02:08: ---- End IP lookup results

Thu 2011-08-25 00:02:08: Performing SPF lookup (nacha.com / 115.117.168.134)

Thu 2011-08-25 00:02:09: * Policy: v=spf1 redirect=jcity.com

Thu 2011-08-25 00:02:09: * Evaluating redirect=jcity.com:

Thu 2011-08-25 00:02:09: * Evaluating redirect=jcity.com: performing lookup

Thu 2011-08-25 00:02:09: * Policy: v=spf1 ip4:211.18.210.0/28 ip4:203.179.86.144/28 ip4:211.9.59.48/28 ip4:219.118.188.80/28 ip4:203.179.83.32/28 ip4:202.94.150.160/28 ip4:61.195.151.208/28 ip4:218.42.158.80/28 ip4:115.31.194.127 ip4:115.31.194.128 ~all

Thu 2011-08-25 00:02:09: * Evaluating ip4:211.18.210.0/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:203.179.86.144/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:211.9.59.48/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:219.118.188.80/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:203.179.83.32/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:202.94.150.160/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:61.195.151.208/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:218.42.158.80/28: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:115.31.194.127: no match

Thu 2011-08-25 00:02:09: * Evaluating ip4:115.31.194.128: no match

Thu 2011-08-25 00:02:09: * Evaluating ~all: match

Thu 2011-08-25 00:02:09: * Result: softfail

Thu 2011-08-25 00:02:09: ---- End SPF results

Thu 2011-08-25 00:02:09: --> 250 <center@nacha.com>, Sender ok

Thu 2011-08-25 00:02:10: <-- RCPT TO:

检查RBL

Thu 2011-08-25 00:02:10: 执行 DNS-BL 查询（115.117.168.134 - 正在连接 IP）

Thu 2011-08-25 00:02:10: * zen.spamhaus.org - 失败 - 127.0.0.11

Thu 2011-08-25 00:02:10: ---- 结束 DNS-BL 结果

Thu 2011-08-25 00:02:10: --> 550 Your mail server: 115.117.168.134 was listed on RBL by Spamhaus, please contact your system admnistrator, or visit http://zen.spamhaus.org

Thu 2011-08-25 00:02:10: SMTP session terminated (Bytes in/out: 99/425)

发现对方邮箱被加入黑名单，退信并返回信息

第二段日志，DNS解析失败：

Thu 2011-08-25 00:05:21: Session 4186; child 2; thread 4016

Thu 2011-08-25 00:05:14: Accepting SMTP connection from [58.19.99.70:57492]

Thu 2011-08-25 00:05:14: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:05:14 +0800

Thu 2011-08-25 00:05:14: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:05:15: <-- ehlo ufyts.com

Thu 2011-08-25 00:05:15: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:05:20: --> 250-mail.lenovots.com Hello ufyts.com, pleased to meet you

Thu 2011-08-25 00:05:20: --> 250-ETRN

Thu 2011-08-25 00:05:20: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:05:20: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:05:20: --> 250-8BITMIME

Thu 2011-08-25 00:05:20: --> 250-STARTTLS

Thu 2011-08-25 00:05:20: --> 250 SIZE

Thu 2011-08-25 00:05:20: <-- Rset

Thu 2011-08-25 00:05:20: --> 250 RSET? Well, ok.

Thu 2011-08-25 00:05:20: <-- Mail from:<fyf@ufyts.com>

Thu 2011-08-25 00:05:20: Performing PTR lookup (70.99.19.58.IN-ADDR.ARPA)

Thu 2011-08-25 00:05:21: * Error: * 名称服务器报告未知的域名

Thu 2011-08-25 00:05:21: * No PTR records found

Thu 2011-08-25 00:05:21: ---- End PTR results

检查DNS与MX

Thu 2011-08-25 00:05:21: Performing IP lookup (ufyts.com)

Thu 2011-08-25 00:05:21: * Error: * 名称服务器报告未知的域名

Thu 2011-08-25 00:05:21: ---- End IP lookup results

没有解析，退信并返回信息451

Thu 2011-08-25 00:05:21: --> 451 <ufyts.com> is invalid or DNS says does not exist

Thu 2011-08-25 00:05:21: SMTP session terminated (Bytes in/out: 49/335)

第三段日志，未知的收件人名称：

Thu 2011-08-25 00:07:05: Session 4198; child 2; thread 2560

Thu 2011-08-25 00:06:51: Accepting SMTP connection from [123.89.199.240:1848]

Thu 2011-08-25 00:06:51: --> 220-mail.lenovots.com ESMTP MDaemon 10.1.2; Thu, 25 Aug 2011 00:06:51 +0800

Thu 2011-08-25 00:06:51: --> 220 Novots Technologies Limited

Thu 2011-08-25 00:06:51: <-- ehlo zwag.com

Thu 2011-08-25 00:06:51: EHLO/HELO response delayed 5 seconds

Thu 2011-08-25 00:06:56: --> 250-mail.lenovots.com Hello zwag.com, pleased to meet you

Thu 2011-08-25 00:06:56: --> 250-ETRN

Thu 2011-08-25 00:06:56: --> 250-AUTH=LOGIN

Thu 2011-08-25 00:06:56: --> 250-AUTH LOGIN CRAM-MD5

Thu 2011-08-25 00:06:56: --> 250-8BITMIME

Thu 2011-08-25 00:06:56: --> 250-STARTTLS

Thu 2011-08-25 00:06:56: --> 250 SIZE

Thu 2011-08-25 00:06:56: <-- Rset

Thu 2011-08-25 00:06:56: --> 250 RSET? Well, ok.

Thu 2011-08-25 00:06:58: <-- Mail from:<fd@zwag.com>

Thu 2011-08-25 00:06:58: Performing PTR lookup (240.199.89.123.IN-ADDR.ARPA)

Thu 2011-08-25 00:07:01: * Error: * 名称服务器报告未知的域名

Thu 2011-08-25 00:07:01: * No PTR records found

Thu 2011-08-25 00:07:01: ---- End PTR results

Thu 2011-08-25 00:07:01: Performing IP lookup (zwag.com)

Thu 2011-08-25 00:07:02: * D=zwag.com TTL=(120) A=[209.62.20.188]

Thu 2011-08-25 00:07:02: ---- End IP lookup results

Thu 2011-08-25 00:07:02: Performing SPF lookup (zwag.com / 123.89.199.240)

Thu 2011-08-25 00:07:03: * Result: none; no SPF record in DNS

Thu 2011-08-25 00:07:03: ---- End SPF results

Thu 2011-08-25 00:07:03: --> 250 <fd@zwag.com>, Sender ok

Thu 2011-08-25 00:07:03: <-- RCPT to:<EMailrecruiting@lenovots.com>

Thu 2011-08-25 00:07:03: 发件人试图投递邮件到未知地址

未知收件人地址，退信并返回信息550

Thu 2011-08-25 00:07:03: --> 550 <EMailrecruiting@lenovots.com>, Recipient unknown

Thu 2011-08-25 00:07:05: <-- Quit

Thu 2011-08-25 00:07:05: --> 221 See ya in cyberspace

Thu 2011-08-25 00:07:05: SMTP session terminated (Bytes in/out: 92/390)

转载于:https://blog.51cto.com/lanou/649090

你可能感兴趣的文章

神经网络建模的一些感悟；

查看>>

FTPS (FTP over SSL) vs. SFTP (SSH 文件传输协议): 我们如何做出选择

查看>>

steam账号分享工具、迅游账号分享工具说明：

JPA + Hibernate + PostgreSQL + Maven基本配置示例

BZOJ 4128 Matrix ——BSGS

查看>>

Math（初学）

查看>>

读书笔记之：鸟哥的Linux私房菜——基础学习篇（第三版）（13-17章）

第186天：js深入理解构造函数和原型对象

查看>>

页面自动刷新

查看>>