Author: Hagen.GoO 转载请联系作者
MSN_contact: wantm009@hotmail.com
Keyword:eastday,eastday mail,免费邮件,东方网,
Quote:
前日注册了东方网 eastday.com 的免费邮件。不用不知道,一用挺失望。
Received: from mail5.eastday.com [61.129.65.20] by MyDomain.COM with ESMTP
(SMTP*) id A69B0554; Mon, 02 Apr 2007 20:27:07 +0800
Disposition-notification-to: *@eastday.com
Received: from computer ([125.119.108.135])
by mail5.eastday.com (iPlanet Messaging Server 5.2
HotFix 2.04 (built Feb 8 2005)) with ESMTPA id <0JFV00D34ELFXM@mail5.eastday.com> for
*@MyDomain.COM; Mon, 02 Apr 2007 20:27:16 +0800 (CST)
我从 125.119.108.135 的机器上,通过 Outlook Express 6.0 ,使用 eastday.com 的帐号给我 *@MyDomain.COM 的邮箱发送邮件。这是 *@MyDomain.COM 上得到的邮件头。
分析此邮件头,发现问题有3:
1、eastday.com SMTP 送出的 EHLO/HELO 主机名 “mail5.eastday.com”无法正常解析。D:\>nslookup -querytype=a mail5.eastday.com 168.95.1.1
Server: dns.hinet.net
Address: 168.95.1.1
*** dns.hinet.net can't find
mail5.eastday.com: Non-existent domain
D:\>nslookup -querytype=a mail5.eastday.com ns.eastday.com
Server: NS.eastday.com
Address: 202.101.43.8
*** NS.eastday.com can't find mail5.eastday.com:
Non-existent domain
由于中国电信(特指上海电信和杭州电信)公然违反 ICANN 相关协定,随意篡改域名解析,破坏互联网基础设施和架构,所以为了排除干扰,我特地使用了中华电信的 DNS 递归服务器,得到 mail5.eastday.com 无法解析的回复。当直接使用负责 eastday.com 域的 NS,同样得到无法解析的回复,所以可以证明这条主机记录根本是不存在的。
经过简单测试 eastday.com 外发的 SMTP 服务器还有一台 mail4.eastday.com ,也同样有这样的问题。
解决方法,添加2条A记录:
mail5.eastday.com. IN A 61.129.65.20
mail4.eastday.com. IN A 61.129.65.19
2、eastday.com 配置错误了 SPF。
D:\>nslookup -querytype=txt eastday.com ns.eastday.com
Server: NS.eastday.com
Address: 202.101.43.8
eastday.com text =
"v=spf1 mx include:smtp2.eastday.com ~all"
eastday.com nameserver = NEWNS2.eastday.com
eastday.com nameserver = NS.eastday.com
eastday.com nameserver = NS2.eastday.com
eastday.com nameserver = NEWNS.eastday.com
NS.eastday.com internet address = 202.101.43.8
NS2.eastday.com internet address = 61.129.65.3
NEWNS.eastday.com internet address = 61.129.65.5
NEWNS2.eastday.com internet address = 61.129.65.4
D:\>nslookup -querytype=txt smtp2.eastday.com ns.eastday.com
Server: NS.eastday.com
Address: 202.101.43.8
eastday.com primary name server = NS.eastday.com
responsible mail addr = Administrator.eastday.com
serial = 2007033001
refresh = 900 (15 mins)
retry = 300 (5 mins)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
从 "v=spf1 mx include:smtp2.eastday.com ~all" 可以看出,管理员许可该域外发 SMTP 为 mx 对应的,61.129.65.17, 61.129.65.50 以及 smtp2.eastday.com 子域的 SPF 所包含的 SMTP,并且对除此以外的外发服务器,给出的是“~all”,即“SoftFail”。
由于外发的 mail4.eastday.com,mail5.eastday.com 即 61.129.65.20,61.129.65.19,不能匹配 mx 的 61.129.65.17 和 61.129.65.50,所以接受方 MTA 程序会继而查询 smtp2.eastday.com 子域的 SPF 记录。从“nslookup -querytype=txt smtp2.eastday.com ns.eastday.com”命令的结果可以清楚看到,smtp2.eastday.com 并没有配置 SPF 记录,按照 RFC 4408 http://www.ietf.org/rfc/rfc4408.txt 的标准,这类情况将被判处“PermError”,虽然 RFC 4408 并没有明确给出“PermError”结果的处理动作,但绝大多数 MTA 都是采取拒绝邮件或直接当垃圾邮件处理的。参 http://www.openspf.org/SPF_Record_Syntax 。
解决方法,修正 SPF 记录:
eastday.com. IN TXT "v=spf1 ip4:61.129.65.20
ip4:61.129.65.19 mx -all"
3、eastday.com 当前的 SMTP 外发服务器,正列在多个 RBL 中。D:\>nslookup -querytype=all 20.65.129.61.dnsbl.sorbs.net 168.95.1.1
Server: dns.hinet.net
Address: 168.95.1.1
20.65.129.61.dnsbl.sorbs.net internet address = 127.0.0.6
20.65.129.61.dnsbl.sorbs.net text =
"Escalated Listing (Spam or Spam Support) See: http://www.sorbs.net/lookup.shtml?61.129.65.20"
dnsbl.sorbs.net nameserver = rbldns9.sorbs.net
dnsbl.sorbs.net nameserver = sorbs.bl.xs4all.nl
dnsbl.sorbs.net nameserver = rbldns0.sorbs.net
dnsbl.sorbs.net nameserver = rbldns1.sorbs.net
dnsbl.sorbs.net nameserver = rbldns2.sorbs.net
dnsbl.sorbs.net nameserver = rbldns3.sorbs.net
dnsbl.sorbs.net nameserver = rbldns4.sorbs.net
dnsbl.sorbs.net nameserver = rbldns5.sorbs.net
dnsbl.sorbs.net nameserver = rbldns6.sorbs.net
dnsbl.sorbs.net nameserver = rbldns7.sorbs.net
dnsbl.sorbs.net nameserver = rbldns8.sorbs.net
上述查询可以看出 61.129.62.20 正列在 dnsbl.sorbs.net 的黑名单中。在 sorbs.net 的网站上可以明确看到该段 IP 列在黑名单已有半年有余。
解决方法,
管理员做好 SPAM 控制,然后写信去说明情况,申请退出 RBL。
附上截图,立此存据。