| 上一篇文章 :: 下一篇文章 |
| 發表人 |
內容 |
Pasino
一級
註冊時間: 2005-09-19
文章: 4
來自: 中華民國
|
 發表於: 星期四 二月 09, 2006 1:46 pm 文章標題: 請教一封關於CBL的回信 |
 |
|
請問小弟的RaidenMAILD Server前幾天被CBL Blocked,而我也上去做了remove,這樣來回Block<=>Remove兩三次後,小弟便去信CBL詢問,底下是CBL的回信:
The IP 61.59.38.154 was detected most recently at:
2006:02:08 ~06:30 UTC+/- 15 minutes
sending email in such a way as to strongly indicate that the IP itself
was operating an open http or socks proxy, or a trojan spam package.
You will need to examine the machine for a spam trojan or open
proxy. Up-to-date anti-virus tools are essential.
If the IP is a NAT firewall, we strongly recommend configuring the
firewall to prevent machines on your network connecting to the Internet
on port 25, except for machines that are supposed to be mail servers.
Useful links:
http://www.ftc.gov/secureyourserver/
http://spamlinks.net (see "Securing your System" and "proxies")
http://www.fr2.cyberabuse.org/?page=abuse-proxy
For more information on securing NAT firewalls/gateways, please
see http://cbl.abuseat.org/nat.html
Note that 61.59.38.154 was connecting to our servers and identifying
itself via HELO as "61.59.38.154". Which is quite suspicious
in and of itself.
This is USUALLY spamware, but in some rare circumstances, it can be a
misconfiguration in your mail server. The CBL attempts to distinguish
real mail server software from malware SMTP clients by expecting users
to name their mail server[s] to indicate who _they_ are, not their
provider and be consistent with Internet protocol standards.
Use of a bare IP address in the HELO is a violation of
RFC2821 section 4.1.1.1, which says that the HELO value MUST
be either a fully qualified domain name (such as "mail01.example.com")
or an IP address enclosed in square brackets (such as "[61.59.38.154]").
You will need to investigate and fix this.
If this is a simple configuration error, if you set
your mail server to claim to be, for example,
mail.<your domain>
You won't be relisted unless except via viruses or spam compromises.
Notes on specific software:
1) It has been reported that Lyris ListManager (particularly older
versions) is occasionally auto-configured in such a way to cause this
problem. On Windows, this can be resolved by using the "lyris.exe" (or
"lm.exe" in later versions thusly:
lyris.exe helotext <desired HELO name>
2) It has been reported that sendmail's "milter-sender" package
occasionally does this (usually something to do with having DNS
resolution problems at the time). At the time of writing, the
latest version of milter-sender permits you to set the HELO
explicitly, and thus avoid this problem.
3) If you're running a MultiTech firewall filter (eg: "RouteFinder
VPN"), or Plesk - both of which use qmail, or just "bare" qmail,
check the file /var/qmail/control/helohost and /var/qmail/control/me
(directory location may vary depending on operating system).
To be certain that things are set correctly, edit both the "me" and
"localhost" files to have your mail server's fully qualified domain
name. If localhost file doesn't exist, correcting the "me" setting
should suffice on its own. Now restart qmail.
4) Older versions of ZAEP (a challenge/response tool) installations
appear to default to doing this. According to the release notes
at http://www.zaep.com/releasenotes.asp, ZAEP version 4.1.0.0
released on Sept 26th fixes this problem. Please upgrade.
This entry has already been delisted from the CBL. Unless otherwise
stated, the CBL will relist this IP if the underlying issues are not
resolved, and the CBL detects the same thing again.
--
Ray, CBL Team
小弟想請教的是這封信的重點是不是指明小弟沒設主機名稱?(原先小弟是留空白,結果MX反查會變成61.59.38.154沒錯)現在小弟已經設定成PTR查詢的紀錄了。
之前小弟一直拼命掃毒、查Adware都沒問題,況且小弟先前是設定成SMTP Relay=On; IP限制=On;啟動SMTP Auth身份驗證,確定沒有Open Relay(CBL不管Open relay),也沒有Proxy Server及Open-proxy。煩請各位朋友幫忙解惑,謝謝。 |
|
| 回頂端 |
|
 |
Arnor
究極の素還尊
註冊時間: 2001-11-07
文章: 13008
來自: TAIWAN
|
| 發表於: 星期四 二月 09, 2006 2:14 pm 文章標題: |
|
|
Note that 61.59.38.154 was connecting to our servers and identifying
itself via HELO as "61.59.38.154". Which is quite suspicious
in and of itself.
它說你的主機名用自己的IP, 顯而易見是相當令人懷疑的.
你的網域是什麼?
MX 記錄可不是要指向個 IP, 而是應該要指向一個 A 記錄.
_________________
*若是想問問題的話, 請務必不要塗改任何 IP, 網域資料, 您若不願貼上IP或網域, 請改以電子郵件來詢問. 謝謝您的配合.*
*若是回報疑似軟體的運行或邏輯或資料處理有誤的問題, 小弟很樂意去了解您的情況, 但請務必以最新版來做回報, 如果以郵件詢問, 請參考 http://www.raidenmaild.com/tw/feedback.html 的說明, 最好標題加個 RaidenMAILD 字樣, 才不致會遺漏了您的信唷. 謝謝您的配合^^*
*在版上發文請遵守網路禮儀, 並請持著虛心敘述問題請教他人, 凡發現違反的文, 均一律刪除為優先, 不另行通知喔.
*與使用者教學相長腦力激盪是我輩成就感的來源, 誠心希望您能不吝指教.
*雷電MAILD 知識庫文件 http://www.raidenmaild.com/tw/kb/
素還尊
Team John Long.
Email: arnor@raidenmaild.com
公司網站 http://www.raidenmaild.com/company/ |
|
| 回頂端 |
|
|
Pasino
一級
註冊時間: 2005-09-19
文章: 4
來自: 中華民國
|
| 發表於: 星期四 二月 09, 2006 2:35 pm 文章標題: |
|
|
素大,我的網域名稱是caster.com.cn,公司沒有架設DNS Server,這域名是在大陸申請的,但是老闆要把主機放在台灣,有請大陸那邊的域名商代為設定MX紀錄,我想這MX紀錄應該是大陸域名商沒有設定好吧,我會再跟他們聯繫的。
如果CBL說的是主機名稱這問題的話,那是不是設定成PTR查詢的結果[h154-61-59-38.seed.net.tw]?或者是我打上mail.caster.com.cn就可以了呢?謝謝素大 |
|
| 回頂端 |
|
|
蛋頭
小霸王
註冊時間: 2005-04-20
文章: 258
來自: 中華民國
|
| 發表於: 星期四 二月 09, 2006 3:10 pm 文章標題: |
|
|
| Pasino 寫到: | 素大,我的網域名稱是caster.com.cn,公司沒有架設DNS Server,這域名是在大陸申請的,但是老闆要把主機放在台灣,有請大陸那邊的域名商代為設定MX紀錄,我想這MX紀錄應該是大陸域名商沒有設定好吧,我會再跟他們聯繫的。
如果CBL說的是主機名稱這問題的話,那是不是設定成PTR查詢的結果[h154-61-59-38.seed.net.tw]?或者是我打上mail.caster.com.cn就可以了呢?謝謝素大 |
MX is hostname, not IP!
請您的大陸域名商將 MX Record 設成 mail.caster.com.cn (前題是您的 MAil Server 的 Hostname 是 mail.caster.com.cn)
另外 PTR Record 與 MX Record 都是屬於 DNS 伺服器的一筆資料, 各有其功用! |
|
| 回頂端 |
|
|
Pasino
一級
註冊時間: 2005-09-19
文章: 4
來自: 中華民國
|
| 發表於: 星期四 二月 09, 2006 3:41 pm 文章標題: |
|
|
嗯,小弟會盡快請大陸那邊的域名商修改MX紀錄。
至於針對CBL這部分,小弟是否在RaidenMAILD的網域設定當中的[主機名稱]設定成PTR紀錄或者是mail.caster.com.cn,還是說這邊是可以輸入我們想要填寫的其他字元呢?感謝您的回覆 |
|
| 回頂端 |
|
|
Arnor
究極の素還尊
註冊時間: 2001-11-07
文章: 13008
來自: TAIWAN
|
| 發表於: 星期四 二月 09, 2006 4:25 pm 文章標題: |
|
|
> set q=mx
> caster.com.cn
Server: dns.hinet.net
Address: 168.95.1.1
Non-authoritative answer:
caster.com.cn MX preference = 10, mail exchanger = 61.59.38.154
com.cn nameserver = cns.cernet.net
com.cn nameserver = sld-ns2.cnnic.net.cn
com.cn nameserver = sld-ns4.cnnic.net.cn
com.cn nameserver = a.dns.cn
com.cn nameserver = b.dns.cn
com.cn nameserver = c.dns.cn
cns.cernet.net internet address = 202.112.0.24
cns.cernet.net AAAA IPv6 address = 2001:da8:1:100::20
sld-ns2.cnnic.net.cn internet address = 202.97.16.197
sld-ns4.cnnic.net.cn internet address = 61.145.114.119
a.dns.cn AAAA IPv6 address = 2001:dc7::1
a.dns.cn internet address = 203.119.25.1
b.dns.cn internet address = 203.119.26.1
c.dns.cn internet address = 203.119.27.1
>
就是蛋頭所講的問題
你可以在 maild 的 [網域設定]->[Host name] 先自己加上你主機的網名
總歸就是
建一個A記錄指向Server
建一個MX 記錄指向這個 A記錄
然後 maild 的 [網域設定]->[Host name] 就是設這個 A 記錄
_________________
*若是想問問題的話, 請務必不要塗改任何 IP, 網域資料, 您若不願貼上IP或網域, 請改以電子郵件來詢問. 謝謝您的配合.*
*若是回報疑似軟體的運行或邏輯或資料處理有誤的問題, 小弟很樂意去了解您的情況, 但請務必以最新版來做回報, 如果以郵件詢問, 請參考 http://www.raidenmaild.com/tw/feedback.html 的說明, 最好標題加個 RaidenMAILD 字樣, 才不致會遺漏了您的信唷. 謝謝您的配合^^*
*在版上發文請遵守網路禮儀, 並請持著虛心敘述問題請教他人, 凡發現違反的文, 均一律刪除為優先, 不另行通知喔.
*與使用者教學相長腦力激盪是我輩成就感的來源, 誠心希望您能不吝指教.
*雷電MAILD 知識庫文件 http://www.raidenmaild.com/tw/kb/
素還尊
Team John Long.
Email: arnor@raidenmaild.com
公司網站 http://www.raidenmaild.com/company/ |
|
| 回頂端 |
|
|
蛋頭
小霸王
註冊時間: 2005-04-20
文章: 258
來自: 中華民國
|
| 發表於: 星期四 二月 09, 2006 4:30 pm 文章標題: |
|
|
| Pasino 寫到: | 嗯,小弟會盡快請大陸那邊的域名商修改MX紀錄。
至於針對CBL這部分,小弟是否在RaidenMAILD的網域設定當中的[主機名稱]設定成PTR紀錄或者是mail.caster.com.cn,還是說這邊是可以輸入我們想要填寫的其他字元呢?感謝您的回覆 |
在 RMAILD [伺服器設定]-->[網域設定]頁面的[郵件網域名]欄位, 輸入:
caster.com.cn
針對CBL這部分, 它指的是您的 MX Record 使用 IP, 這是不符合規定的,
與上述 RMAID [網域設定]頁面設定無關ㄟ! (這點, 素大不是給您回覆了嗎?) |
|
| 回頂端 |
|
|
Pasino
一級
註冊時間: 2005-09-19
文章: 4
來自: 中華民國
|
| 發表於: 星期五 二月 17, 2006 11:15 am 文章標題: |
|
|
| 感謝素大及蛋頭的不吝指教,目前已克服CBL的問題,也一併將MX的問題給修復了,謝謝大家。 |
|
| 回頂端 |
|
|
|
|
您 無法 在這個版面發表文章
您 無法 在這個版面回覆文章
您 無法 在這個版面編輯文章
您 無法 在這個版面刪除文章
您 無法 在這個版面進行投票
|
Powered by phpBB © 2001-2007 phpBB Group
 |
