- 论坛徽章:
- 0
|
是这样的:对方(估计是广告发送者查到的ip地址有在美国有在印度等)利用relay:sdaywedn.com(这个在罗马尼亚)向我的邮件中发大量的带exe文件的垃圾邮件,我的邮件策略为收到带exe文件的邮件会退信,所以造成大量的postmaster@域名发给sdaywedn.com的邮件。
队列中提示:373BB26745C 4929 Wed Jul 16 19:19:40 MAILER-DAEMON
(connect to 93.115.91.27[93.115.91.27]: server refused to talk to me: 421 Too many concurrent SMTP connections; please try again later.)
lighthouse032@sdaywedn.com
邮件头:
*** ENVELOPE RECORDS deferred/6/65675267443 ***
message_size: 4986 288 1 0
message_arrival_time: Wed Jul 16 19:48:10 2014
named_attribute: rewrite_context=local
sender:
named_attribute: client_name=localhost
named_attribute: client_address=127.0.0.1
named_attribute: message_origin=localhost[127.0.0.1]
named_attribute: helo_name=localhost
named_attribute: protocol_name=ESMTP
original_recipient: mechanismstz4@sdaywedn.com
recipient: mechanismstz4@sdaywedn.com
*** MESSAGE CONTENTS deferred/6/65675267443 ***
Received: from localhost (localhost [127.0.0.1])
by 我的域名 (Mail - Group) with ESMTP id 65675267443
for <mechanismstz4@sdaywedn.com>; Wed, 16 Jul 2014 19:48:10 +0800 (CST)
MIME-Version: 1.0
Subject: BANNED (multipart/mixed | application/zip,.zip,order_report.zip |
.exe,.exe-ms,order_report_87438753479534789573498.exe) IN MAIL FROM YOU
In-Reply-To: <20140716114806.648EE267429@我的域名>
Message-ID: <VSCsfxLIJhYaaM@我的域名>
Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1405511290-95943-1"
From: "Content-filter at 我的域名" <postmaster@我的域名>
To: <mechanismstz4@sdaywedn.com>
Date: Wed, 16 Jul 2014 19:48:10 +0800 (CST)
This is a multi-part message in MIME format...
------------=_1405511290-95943-1
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
BANNED CONTENTS ALERT
Our content checker found
banned name: multipart/mixed | application/zip,.zip,order_report.zip | .exe,.exe-ms,order_report_87438753479534789573498.exe
in email presumably from you (<mechanismstz4@sdaywedn.com>),
to the following recipient:
-> sqe@我的域名
According to the 'Received:' trace, the message originated at: [81.218.204.253]
Our internal reference code for your message is 95943-03/CsfxLIJhYaaM.
Delivery of the email was stopped!
The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
To transfer contents that may be considered risky or unwanted
by site policies, or simply too large for mailing, please consider
publishing your content on the web, and only sending an URL of the
document to the recipient.
Depending on the recipient and sender site policies, with a little
effort it might still be possible to send any contents (including
viruses) using one of the following methods:
- encrypted using pgp, gpg or other encryption methods;
- wrapped in a password-protected or scrambled container or archive
(e.g.: zip -e, arj -g, arc g, rar -p, or other methods)
Note that if the contents is not intended to be secret, the
encryption key or password may be included in the same message
for recipient's convenience.
We are sorry for inconvenience if the contents was not malicious.
The purpose of these restrictions is to cut the most common propagation
methods used by viruses and other malware. These often exploit automatic
mechanisms and security holes in more popular mail readers (Microsoft
mail readers and browsers are a common target). By requiring an explicit
and decisive action from the recipient to decode mail, the dangers of
automatic malware propagation is largely reduced.
For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <mechanismstz4@sdaywedn.com>
Received: from sdaywedn.com (bzq-218-204-253.red.bezeqint.net [81.218.204.253])
by 我的域名 (Mail - Group) with ESMTP id 648EE267429
for <sq1@我的域名>; Wed, 16 Jul 2014 19:48:06 +0800 (CST)
Date: Wed, 16 Jul 2014 13:38:00 +0200
From: "Amazon.com" <delivers@amazon.com>
To: <sq1@我的域名>
Subject: Order Details
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------37AD4CEC52A07A8B"
Message-Id: <20140716114806.648EE267429@我的域名>
-------------------------- END HEADERS ------------------------------
------------=_1405511290-95943-1
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
Reporting-MTA: dns; 我的域名
Received-From-MTA: smtp; 我的域名 ([127.0.0.1])
Arrival-Date: Wed, 16 Jul 2014 19:48:09 +0800 (CST)
Final-Recipient: rfc822; sq1@我的域名
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=95943-03 - BANNED: multipart/mixed | application/zip,.zip,order_report.zip | .exe,.exe-ms,order_report_87438753...
Last-Attempt-Date: Wed, 16 Jul 2014 19:48:10 +0800 (CST)
------------=_1405511290-95943-1
Content-Type: text/rfc822-headers
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Undelivered-message headers
Received: from sdaywedn.com (bzq-218-204-253.red.bezeqint.net [81.218.204.253])
by mail.我的域名 (Mail - Group) with ESMTP id 648EE267429
for <sq1@我的域名>; Wed, 16 Jul 2014 19:48:06 +0800 (CST)
Date: Wed, 16 Jul 2014 13:38:00 +0200
From: "Amazon.com" <delivers@amazon.com>
To: <sq1@我的域名>
Subject: Order Details
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------37AD4CEC52A07A8B"
Message-Id: <20140716114806.648EE267429@我的域名>
------------=_1405511290-95943-1--
*** HEADER EXTRACTED deferred/6/65675267443 ***
*** MESSAGE FILE END deferred/6/65675267443 ***
我判断为:"Amazon.com" <delivers@amazon.com>违装利用mechanismstz4@sdaywedn.com给我发的邮件,结果我的服务器拒绝后给mechanismstz4@sdaywedn.com的退信,由于太多了达到了对方的smtp连接上线后被拒绝了。
所以我现在不想拒绝掉sdaywedn.com域名(他是无辜的),我现在想问下:我能否检查来的邮件
delivers@amazon.com必须是amazon.com发出的而不是sdaywedn.com发出的,这个怎么做规则啊, |
|
免费注册
发表于 2014-07-21 10:59
