新装 MD9.55，客户发邮件进来不稳定，各位大虾帮看下日志，分析下

南宫问天 · 发表于 2007-7-11 09:31:28

同样的发件人，收件人，时间也差不多，为什么有2种结果呢？
Tue 2007-07-10 16:00:35: Session 3337; child 1; thread 2276
Tue 2007-07-10 15:58:45: Accepting SMTP connection from [213.75.38.116 : 58287]
Tue 2007-07-10 15:58:45: Performing PTR lookup (116.38.75.213.IN-ADDR.ARPA)
Tue 2007-07-10 15:58:45: *  D=116.38.75.213.IN-ADDR.ARPA TTL=(184) PTR=[hpsmtp-eml16.kpnxchange.com]
Tue 2007-07-10 15:58:45: *  Gathering A records...
Tue 2007-07-10 15:58:45: *  D=hpsmtp-eml16.kpnxchange.com TTL=(184) A=[213.75.38.116]
Tue 2007-07-10 15:58:45: ---- End PTR results
Tue 2007-07-10 15:58:45: --> 220 mail.toplight.net ESMTP MDaemon 9.5.1; Tue, 10 Jul 2007 15:58:45 +0800
Tue 2007-07-10 15:58:46: <-- EHLO hpsmtp-eml16.kpnxchange.com
Tue 2007-07-10 15:58:46: Performing IP lookup (hpsmtp-eml16.kpnxchange.com)
Tue 2007-07-10 15:58:46: *  D=hpsmtp-eml16.kpnxchange.com TTL=(184) A=[213.75.38.116]
Tue 2007-07-10 15:58:46: ---- End IP lookup results
Tue 2007-07-10 15:58:46: --> 250-mail.toplight.net Hello hpsmtp-eml16.kpnxchange.com, pleased to meet you
Tue 2007-07-10 15:58:46: --> 250-ETRN
Tue 2007-07-10 15:58:46: --> 250-AUTH=LOGIN
Tue 2007-07-10 15:58:46: --> 250-AUTH LOGIN CRAM-MD5
Tue 2007-07-10 15:58:46: --> 250-8BITMIME
Tue 2007-07-10 15:58:46: --> 250 SIZE 0
Tue 2007-07-10 15:58:49: <-- MAIL FROM:<remal011@planet.nl>
Tue 2007-07-10 15:58:49: Performing IP lookup (planet.nl)
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.18]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.22]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.26]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.30]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.34]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.38]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.42]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.46]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.50]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.54]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.58]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.59]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.64]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.65]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.76]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.77]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.82]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.83]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.10]
Tue 2007-07-10 15:58:57: *  D=planet.nl TTL=(59) A=[213.75.12.14]
Tue 2007-07-10 15:58:57: *  P=010 S=000 D=planet.nl TTL=(480) MX=[mail.wxs.nl] {195.121.6.51}
Tue 2007-07-10 15:58:57: ---- End IP lookup results
Tue 2007-07-10 15:58:57: --> 250 <remal011@planet.nl>, Sender ok
Tue 2007-07-10 15:58:58: <-- RCPT TO:<kai@mail.toplight.net>
Tue 2007-07-10 15:58:58: --> 250 <kai@mail.toplight.net>, Recipient ok
Tue 2007-07-10 15:58:59: <-- DATA
Tue 2007-07-10 15:58:59: Creating temp file (SMTP): c:\mdaemon\temp\md50000004316.tmp
Tue 2007-07-10 15:58:59: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2007-07-10 16:00:09: Message size: 55146 bytes
Tue 2007-07-10 16:00:09: Performing DomainKeys lookup (Sender: sandra@remalux.nl)
Tue 2007-07-10 16:00:09: *  File: c:\mdaemon\temp\md50000004316.tmp
Tue 2007-07-10 16:00:09: *  Message-ID: [email=012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8]012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 16:00:09: *  Querying for policy: remalux.nl
Tue 2007-07-10 16:00:09: * Querying: _domainkey.remalux.nl ...
Tue 2007-07-10 16:00:15: * DNS: The name server refuses to honor queries from this location
Tue 2007-07-10 16:00:15: *  Result: pass
Tue 2007-07-10 16:00:15: ---- End DomainKeys results
Tue 2007-07-10 16:00:15: Performing DKIM lookup
Tue 2007-07-10 16:00:15: *  File: c:\mdaemon\temp\md50000004316.tmp
Tue 2007-07-10 16:00:15: *  Message-ID: [email=012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8]012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 16:00:15: *  Result: neutral
Tue 2007-07-10 16:00:15: ---- End DKIM results
Tue 2007-07-10 16:00:15: Passing message through AntiVirus (Size: 55146)...
Tue 2007-07-10 16:00:15: *  Message is clean (no viruses found)
Tue 2007-07-10 16:00:15: ---- End AntiVirus results
Tue 2007-07-10 16:00:18: Passing message through Outbreak Protection...
Tue 2007-07-10 16:00:18: *  Message-ID: [email=012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8]012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 16:00:18: *  Reference-ID: str=0001.0A090206.46933C9D.00F4,ss=1,vtr=str,vl=0,fgs=0
Tue 2007-07-10 16:00:18: *  Spam/phishing threat level: 1 - Clean
Tue 2007-07-10 16:00:18: *  Virus threat level: 0 - Clean
Tue 2007-07-10 16:00:18: ---- End Outbreak Protection results
Tue 2007-07-10 16:00:18: Passing message through Spam Filter (Size: 55146)...
Tue 2007-07-10 16:00:19: ---- Start SpamAssassin results
Tue 2007-07-10 16:00:19: 02.0 points, 10.0 required;
Tue 2007-07-10 16:00:19: *  2.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
Tue 2007-07-10 16:00:19: *    [score: 0.5018]
Tue 2007-07-10 16:00:19: ---- End SpamAssassin results
Tue 2007-07-10 16:00:19: Spam Filter score/req: 2.00/20.0
Tue 2007-07-10 16:00:19: Message creation successful: c:\mdaemon\inbound\md50000002874.msg
Tue 2007-07-10 16:00:19: --> 250 Ok, message saved <Message-ID: [email=012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8]012d01c7c2c8$25528040$0f01a8c0@rmxrc2ngzay6g8[/email]>
Tue 2007-07-10 16:00:35: <-- QUIT
Tue 2007-07-10 16:00:35: --> 221 See ya in cyberspace
Tue 2007-07-10 16:00:35: SMTP session successful (Bytes in/out: 55260/460)
Tue 2007-07-10 16:00:35: ----------

Tue 2007-07-10 17:01:41: Session 3689; child 3; thread 5628
Tue 2007-07-10 17:01:20: Accepting SMTP connection from [213.75.38.115 : 5578]
Tue 2007-07-10 17:01:20: Performing PTR lookup (115.38.75.213.IN-ADDR.ARPA)
Tue 2007-07-10 17:01:21: *  D=115.38.75.213.IN-ADDR.ARPA TTL=(1440) PTR=[hpsmtp-eml15.kpnxchange.com]
Tue 2007-07-10 17:01:21: *  Gathering A records...
Tue 2007-07-10 17:01:21: *  D=hpsmtp-eml15.kpnxchange.com TTL=(1440) A=[213.75.38.115]
Tue 2007-07-10 17:01:21: ---- End PTR results
Tue 2007-07-10 17:01:21: --> 220 mail.toplight.net ESMTP MDaemon 9.5.1; Tue, 10 Jul 2007 17:01:21 +0800
Tue 2007-07-10 17:01:22: <-- EHLO hpsmtp-eml15.kpnxchange.com
Tue 2007-07-10 17:01:22: Performing IP lookup (hpsmtp-eml15.kpnxchange.com)
Tue 2007-07-10 17:01:22: *  D=hpsmtp-eml15.kpnxchange.com TTL=(1439) A=[213.75.38.115]
Tue 2007-07-10 17:01:22: ---- End IP lookup results
Tue 2007-07-10 17:01:22: --> 250-mail.toplight.net Hello hpsmtp-eml15.kpnxchange.com, pleased to meet you
Tue 2007-07-10 17:01:22: --> 250-ETRN
Tue 2007-07-10 17:01:22: --> 250-AUTH=LOGIN
Tue 2007-07-10 17:01:22: --> 250-AUTH LOGIN CRAM-MD5
Tue 2007-07-10 17:01:22: --> 250-8BITMIME
Tue 2007-07-10 17:01:22: --> 250 SIZE 0
Tue 2007-07-10 17:01:23: <-- MAIL FROM:<remal011@planet.nl>
Tue 2007-07-10 17:01:23: Performing IP lookup (planet.nl)
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.10]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.14]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.18]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.22]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.26]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.30]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.34]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.38]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.42]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.46]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.50]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.54]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.58]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.59]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.64]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.65]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.76]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.77]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.82]
Tue 2007-07-10 17:01:23: *  D=planet.nl TTL=(60) A=[213.75.12.83]
Tue 2007-07-10 17:01:24: *  P=010 S=000 D=planet.nl TTL=(418) MX=[mail.wxs.nl] {195.121.6.51}
Tue 2007-07-10 17:01:24: ---- End IP lookup results
Tue 2007-07-10 17:01:24: --> 250 <remal011@planet.nl>, Sender ok
Tue 2007-07-10 17:01:24: <-- RCPT TO:<kai@mail.toplight.net>
Tue 2007-07-10 17:01:24: --> 250 <kai@mail.toplight.net>, Recipient ok
Tue 2007-07-10 17:01:28: <-- DATA
Tue 2007-07-10 17:01:28: Creating temp file (SMTP): c:\mdaemon\temp\md50000004867.tmp
Tue 2007-07-10 17:01:28: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2007-07-10 17:01:33: Message size: 27938 bytes
Tue 2007-07-10 17:01:33: Performing DomainKeys lookup (Sender: sandra@remalux.nl)
Tue 2007-07-10 17:01:33: *  File: c:\mdaemon\temp\md50000004867.tmp
Tue 2007-07-10 17:01:33: *  Message-ID: [email=029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8]029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 17:01:33: *  Querying for policy: remalux.nl
Tue 2007-07-10 17:01:33: * Querying: _domainkey.remalux.nl ...
Tue 2007-07-10 17:01:33: * DNS: The name server refuses to honor queries from this location
Tue 2007-07-10 17:01:33: *  Result: pass
Tue 2007-07-10 17:01:33: ---- End DomainKeys results
Tue 2007-07-10 17:01:33: Performing DKIM lookup
Tue 2007-07-10 17:01:33: *  File: c:\mdaemon\temp\md50000004867.tmp
Tue 2007-07-10 17:01:33: *  Message-ID: [email=029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8]029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 17:01:33: *  Result: neutral
Tue 2007-07-10 17:01:33: ---- End DKIM results
Tue 2007-07-10 17:01:33: Passing message through AntiVirus (Size: 27938)...
Tue 2007-07-10 17:01:33: *  Message is clean (no viruses found)
Tue 2007-07-10 17:01:33: ---- End AntiVirus results
Tue 2007-07-10 17:01:36: Passing message through Outbreak Protection...
Tue 2007-07-10 17:01:36: *  Message-ID: [email=029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8]029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 17:01:36: *  Reference-ID: str=0001.0A090201.46934AFA.0008,ss=1,fgs=0
Tue 2007-07-10 17:01:36: *  Spam/phishing threat level: 1 - Clean
Tue 2007-07-10 17:01:36: *  Virus threat level: 0 - Clean
Tue 2007-07-10 17:01:36: ---- End Outbreak Protection results
Tue 2007-07-10 17:01:36: Passing message through Spam Filter (Size: 27938)...
Tue 2007-07-10 17:01:38: ---- Start SpamAssassin results
Tue 2007-07-10 17:01:38: 35.1 points, 10.0 required;
Tue 2007-07-10 17:01:38: *  0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
Tue 2007-07-10 17:01:38: *  2.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
Tue 2007-07-10 17:01:38: *    [score: 0.5000]
Tue 2007-07-10 17:01:38: *  8.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
Tue 2007-07-10 17:01:38: *    [URIs: toplight.cn]
Tue 2007-07-10 17:01:38: *  8.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
Tue 2007-07-10 17:01:38: *    [URIs: toplight.cn]
Tue 2007-07-10 17:01:38: *  8.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
Tue 2007-07-10 17:01:38: *    [URIs: toplight.cn]
Tue 2007-07-10 17:01:38: *  9.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
Tue 2007-07-10 17:01:38: *    [URIs: toplight.cn]
Tue 2007-07-10 17:01:38: ---- End SpamAssassin results
Tue 2007-07-10 17:01:38: Spam Filter score/req: 35.10/20.0
Tue 2007-07-10 17:01:38: Message refused because spam score is too high
Tue 2007-07-10 17:01:38: --> 554 Sorry, message looks like SPAM to me
Tue 2007-07-10 17:01:41: <-- QUIT
Tue 2007-07-10 17:01:41: --> 221 See ya in cyberspace
Tue 2007-07-10 17:01:41: SMTP session terminated (Bytes in/out: 28053/419)
Tue 2007-07-10 17:01:41: ----------

redif · 发表于 2007-7-11 10:18:12

这个应该是认为是垃圾邮件，拒绝　了
Tue 2007-07-10 17:01:38: Spam Filter score/req: 35.10/20.0
Tue 2007-07-10 17:01:38: Message refused because spam score is too high
Tue 2007-07-10 17:01:38: --> 554 Sorry, message looks like SPAM to me
Tue 2007-07-10 17:01:41: <-- QUIT
Tue 2007-07-10 17:01:41: --> 221 See ya in cyberspace
Tue 2007-07-10 17:01:41: SMTP session terminated (Bytes in/out: 28053/419)
Tue 2007-07-10 17:01:41: ----------

wxhsh · 发表于 2007-7-11 10:19:06

蛮正常的，就是你几乎所有反垃圾措施都开了，会误杀一片的。

南宫问天 · 发表于 2007-7-11 11:26:32

呵呵，反垃圾措施开了不少，还是有垃圾邮件。。。
不知道上面2位有没仔细看日志，第二封被拒绝是因为一个和发件人所在域名（remalux.nl
）不相干的域名（toplight.cn）列入了block list中。
注：toplight.cn是我们的一个域名，但不是邮件服务器用的，我们用的toplight.net,这才是我郁闷和感到不解的地方

wxhsh · 发表于 2007-7-11 11:37:11

也没什么好不解的，这是邮服做正文扫描出邮件含有“toplight.cn”的链接，让对方邮件里去掉它就行了，唉。

南宫问天 · 发表于 2007-7-11 12:51:25

这样啊。。。
郁闷，邮件内容里含在block list上的域名也会被挡掉。。。
贝叶斯和block list联手了不成，唉
加白名单看来也没用。。。

[ 本帖最后由南宫问天于 2007-7-11 12:56 编辑 ]

wxhsh · 发表于 2007-7-11 13:21:10

打开SpamAssassin\rules\80_MDaemon_scores.cf
找到：
############################################################################
# SURBL scores - Adjust scores to your needs or delete to use SA defaults
############################################################################
score URIBL_SBL          4.0
score URIBL_SC_SURBL    8.0
score URIBL_WS_SURBL    9.0
score URIBL_OB_SURBL    9.5
score URIBL_PH_SURBL    8.0
score URIBL_AB_SURBL    8.0
score URIBL_JP_SURBL    8.0

自己把分值改小点吧。

[ 本帖最后由 wxhsh 于 2007-7-11 13:42 编辑 ]

南宫问天 · 发表于 2007-7-11 13:45:18

我看了下我这边的设置值是2.5。。。相对于因block list 而增加的33来说似乎微不足道
而且看上面的日志似乎 Outbreak Protection 检查是通过的，并没有因此项检查而加分
Tue 2007-07-10 17:01:36: Passing message through Outbreak Protection...
Tue 2007-07-10 17:01:36: *  Message-ID: [email=029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8]029901c7c2d0$d78ce630$0f01a8c0@rmxrc2ngzay6g8[/email]
Tue 2007-07-10 17:01:36: *  Reference-ID: str=0001.0A090201.46934AFA.0008,ss=1,fgs=0
Tue 2007-07-10 17:01:36: *  Spam/phishing threat level: 1 - Clean
Tue 2007-07-10 17:01:36: *  Virus threat level: 0 - Clean
Tue 2007-07-10 17:01:36: ---- End Outbreak Protection results

wxhsh · 发表于 2007-7-11 13:46:13

我刚才分析错了，帖子更新了，按我上面的方法再试试。

南宫问天 · 发表于 2007-7-11 13:47:22

原帖由 wxhsh 于 2007-7-11 13:21 发表
打开SpamAssassin\rules\80_MDaemon_scores.cf
找到：
############################################################################
# SURBL scores - Adjust scores to your needs or delete to use SA ...

啊，好东东，这个也能改，先谢下，马上去研究下

		自动登录	找回密码
密码			会员注册

[求助] 新装 MD9.55，客户发邮件进来不稳定，各位大虾帮看下日志，分析下

回复 #2 redif 的帖子

回复 #4 南宫问天的帖子

评分

回复 #8 南宫问天的帖子

[求助] 新装 MD9.55，客户发邮件进来不稳定，各位大虾帮看下日志，分析下

回复 #2 redif 的帖子

回复 #4 南宫问天 的帖子

评分

回复 #8 南宫问天 的帖子

回复 #4 南宫问天的帖子

回复 #8 南宫问天的帖子