ASSP Extreme Ban 带来的极度头痛

ASSP Extreme Ban 带来的极度头痛

我的服务器上有一个本地用户,截至今天,他无法从任何设备发送电子邮件。只有 Webmail(不接触任何设备)可以使用。

以下是我在日志中收到的各种电子邮件失败信息。

Dec-04-12 19:52:47 75966-05166 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [Test];
Dec-04-12 19:52:47 75966-05166 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 1980, surpassing extreme level of 500 -- [Test] -> spam/Test__1.eml;
Dec-04-12 19:52:48 75968-05169 111.111.111.111 <[email protected]> to: [email protected] [scoring:10] -- IP in HELO does not match connection: '[192.168.0.10]' -- [Re Demo Feedbacks for End of November Sales];
Dec-04-12 19:52:48 75968-05169 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [Re Demo Feedbacks for End of November Sales];
Dec-04-12 19:52:48 75968-05169 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 2020, surpassing extreme level of 500 -- [Re Demo Feedbacks for End of November Sales] ->spam/Re_Demo_Feedbacks_for_End_of_N__2.eml;
Dec-04-12 19:52:57 75977-05179 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [test];
Dec-04-12 19:52:57 75977-05179 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 2040, surpassing extreme level of 500 -- [test] -> spam/test__3.eml;

…………….

Dec-04-12 19:55:35 76135-05338 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [test];
Dec-04-12 19:55:35 76135-05338 [MsgID] 111.111.111.111 <[email protected]> to: [email protected] [scoring] (Message-ID not valid: 'E8472A91545B44FBAE413F6D8760C7C3@bts');
Dec-04-12 19:55:35 76135-05338 [InvalidHELO] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- Invalid HELO: 'bts' -- [test] -> discarded/test__4.eml;

注意:111.111.111.111 是用户家庭 IP 地址的替代

以下是其中一条消息的标题

X-Assp-Score: 10 (HELO contains IP: '[192.168.0.10]')
X-Assp-Score: 10 (IP in HELO does not match connection: '[192.168.0.10]')
X-Assp-Score: 20 (No Spoofing Allowed)
X-Assp-Score: 10 (bombSubjectRe: 'sale')
X-Assp-Score: 20 (blacklisted HELO '[192.168.0.10]')
X-Assp-Score: 45 (DNSBLcache: failed, 111.111.111.111 listed in safe.dnsbl.sorbs.net)
X-Assp-DNSBLcache: failed, 174.0.35.31 listed in safe.dnsbl.sorbs.net
X-Assp-Received-SPF: fail (cache) ip=174.0.35.31 [email protected]
    helo=[192.168.0.10]
X-Assp-Score: 10 (SPF fail)
X-Assp-Envelope-From: [email protected]
X-Assp-Intended-For: [email protected]
X-Assp-Version: 1.7.5.7(1.0.07) on ASSP.nospam
X-Assp-ID: ASSP.nospam (77953-07232)
X-Assp-Spam: YES
X-Assp-Original-Subject: Re: Demo Feedbacks for End of November Sales
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore (125) over limit (50)
X-Assp-Message-Totalscore: 125
Received: from [192.168.0.10] ([111.111.111.111] helo=[192.168.0.10]) with
    IPv4:25 by ASSP.nospam; 4 Dec 2012 20:25:52 -0700
Content-Type: multipart/alternative; boundary=Apple-Mail-40FE7453-4BE7-4AD6-B297-FB81DAA554EC
Content-Transfer-Encoding: 7bit
Subject: Re: Demo Feedbacks for End of November Sales
References: <003c01cdd22e$eafbc6f0$c0f354d0$@com>
From: Some User <[email protected]>
In-Reply-To: <003c01cdd22e$eafbc6f0$c0f354d0$@com>
Message-Id: <[email protected]>
Date: Tue, 4 Dec 2012 19:32:28 -0700
To: External User <[email protected]>
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (10A523)

为什么本地发件人在我们的本地服务器上被禁止了,我该如何解决这个问题?

答案1

是不是只有我一个人这么想,或者标题并没有确切地告诉你为什么该用户的邮件被拒绝?

X-Assp-Spam-Reason:MessageScore(125)超出限制(50)

他的邮件被评为垃圾邮件,分数太高。具体原因也列在标题的后面...

X-Assp-Score: 10 (HELO contains IP: '[192.168.0.10]')
X-Assp-Score: 10 (IP in HELO does not match connection: '[192.168.0.10]')
X-Assp-Score: 20 (No Spoofing Allowed)
X-Assp-Score: 10 (bombSubjectRe: 'sale')
X-Assp-Score: 20 (blacklisted HELO '[192.168.0.10]')
X-Assp-Score: 45 (DNSBLcache: failed, 111.111.111.111 listed in safe.dnsbl.sorbs.net)
X-Assp-DNSBLcache: failed, 174.0.35.31 listed in safe.dnsbl.sorbs.net
X-Assp-Received-SPF: fail (cache) ip=174.0.35.31 [email protected]
    helo=[192.168.0.10]
X-Assp-Score: 10 (SPF fail)

包含 IP 的 HELO 为 +10,IP 与连接 IP 不匹配为 +10,无欺骗为 +20,sale主题中的单词为 +10,列入黑名单的 HELO(再次使用该 IP)为 +20,列入黑名单的 IP(safe.dnsbl.sorbs.net)为 +45,SPF 失败为 +10。总计为 125,大于垃圾邮件阈值 50。

我觉得很清楚。我遗漏了什么吗?

编辑:

针对您的评论,

我发现两个问题,第一个是你的外部 IP 在SORBS-DUHL黑名单,但它给我的返回代码很奇怪,而且似乎是你唯一的黑名单……所以我会联系他们,礼貌地询问到底发生了什么。那里的垃圾邮件分数为 125 分中的 45 分。

第二个问题似乎是您的 ASSP 配置为将来自私有 IP(192.168.0.10)的任何邮件都评为垃圾邮件,而由于您的用户在发生这种情况时在家(根据您的评论),他可能位于某个 SOHO 路由器或交换机后面,这些路由器或交换机为其 PC 分配了一个私有 IP(192.168.0.10)。这至少是 125 个垃圾邮件分数中的 40 分,也可能是 60 分或 70 分 - 我不能肯定地说为什么会发生 SPF 失败和欺骗失败,但我怀疑它们都与此用户试图从您的域发送邮件有关,但使用的 IP 地址对于来自您公司网络的邮件无效。

不管怎样,我能想到的唯一解决方案是整理用户的家庭网络,以便他的 PC 能够看到他自己的外部 ISP 提供的 IP 地址,或者更改垃圾邮件过滤器的规则以适应该用户。我建议选择不需要支持某些用户的家庭网络的选项。或者,想想告诉用户他的家庭设置与您的邮件设置不兼容,他必须自己处理、修复或使用网络邮件。实际上,这就是我要做的,因为这样工作量较少,而且我通常不想为一个用户更改整个垃圾邮件过滤方案。

因此,一封通常得分为 10 分(因为sale主题中包含)的邮件,由于上述任一问题得分都超过了阈值。因此,看起来您必须解决我们在此处看到的黑名单和 IP 问题,才能让邮件从本地发件人可靠地流出。

相关内容