首页 > 系统运维 > smtp劫持
您的足迹
  • 你没有浏览过任何文章或者你没有开启cookies。

smtp劫持

前一阵同事反应给本公司同事发信,对方未有收到 ,查看日志发现下列异常之处,如下红色部分:

116.214.122.25  [B6607B90] 20:10:17 Connected
116.214.122.25  [B6607B90] 20:10:17 >>> 220 mail3.sheriy.com ESMTP  MailServer V15; Wed, 24 Aug 2011 20:10:17 +0800
116.214.122.25 [B6607B90] 20:10:17 <<< EHLO hkhkgsmtp.docomointertouch.com
116.214.122.25 [B6607B90] 20:10:17 >>> 250-mail3.sheriy.com Hello hkhkgsmtp.docomointertouch.com [116.214.122.25], pleased to meet you.
116.214.122.25 [B6607B90] 20:10:17 <<< STARTTLS
116.214.122.25 [B6607B90] 20:10:17 >>> 220 2.0.0 Ready to start TLS
116.214.122.25 [B6607B90] 20:10:17 <<< EHLO hkhkgsmtp.docomointertouch.com
116.214.122.25 [B6607B90] 20:10:17 >>> 250-mail3.sheriy.com Hello hkhkgsmtp.docomointertouch.com [116.214.122.25], pleased to meet you.
116.214.122.25  [B6607B90] 20:10:17 <<< MAIL From:<fanfan@sheriy.com> SIZE=12615
116.214.122.25  [B6607B90] 20:10:17 >>> 250 2.1.0 <fanfan@sheriy.com>... Sender ok
116.214.122.25  [B660
7B90] 20:10:17 <<< RCPT To:<shudan@sheriy.com> ORCPT=rfc822;shudan@sheriy.com
116.214.122.25 [B6607B90] 20:10:17 >>> 550 5.7.1 <fanfan@sheriy.com> Access to <shudan@sheriy.com> not allowed
116.214.122.25 [B6607B90] 20:10:17 <<< RCPT To:<bbb@sheriy.com> ORCPT=rfc822;bbb@sheriy.com
116.214.122.25 [B6607B90] 20:10:17 >>> 550 5.7.1 <fanfan@sheriy.com> Access to <bbb@sheriy.com> not allowed
116.214.122.25  [B6607B90] 20:10:17 <<< RSET
116.214.122.25  [B6607B90] 20:10:17 >>> 250 2.0.0 Reset state
116.214.122.25  [B6607B90] 20:10:17 <<< RSET
116.214.122.25  [B6607B90] 20:10:17 >>> 250 2.0.0 Reset state
116.214.122.25  [B6607B90] 20:10:18 <<< MAIL From:<> SIZE=13639
116.214.122.25  [B6607B90] 20:10:18 >>> 250 2.1.0 <>... Sender ok
116.214.122.25  [B6607B90] 20:10:18 <<< RCPT To:<fanfan@sheriy.com>
116.214.122.25  [B6607B90] 20:10:18 >>> 250 2.1.5 <fanfan@sheriy.com>... Recipient ok
116.214.122.25  [B6607B9
0] 20:10:18 <<< DATA
116.214.122.25  [B6607B90] 20:10:18 >>> 354 Enter mail, end with "." on a line by itself
116.214.122.25  [B6607B90] 20:10:18 <<< 15684 bytes (overall data transfer speed=1815277778 B/s)
116.214.122.25  [B6607B90] 20:10:31 *** <> <fanfan@sheriy.com> 1 15679 00:00:13 OK IMJ00118
116.214.122.25  [B6607B90] 20:10:31 >>> 250 2.6.0 15679 bytes received in 00:00:13; Message id IMJ00118 accepted for delivery
116.214.122.25  [B6607B90] 20:10:31 <<< QUIT
116.214.122.25  [B6607B90] 20:10:31 >>> 221 2.0.0 mail3.sheriy.com closing connection
116.214.122.25  [B6607B90] 20:10:31 Disconnected

我们注意蓝色字体部分,通常遇到此错误,一般是客户端未设置SMTP用户名密码认证造成的,但在我们检查过同事客户端之后发现,已经设置了认证选项。我们再SMTP认证HELO部分,发现上来认证的IP是:116.214.122.25,上,再whois看一下这个IP是香港 的,而我的同事根本没去过香港啊。后来得知同事原来住在外面酒店里面,我们基本上可以肯定酒店的网络SMTP劫持了(本地域又没认证,直接拒绝)。但又想到 为什么信件被拒绝了之后,同事没有收到退信呢?我们发现当SMTP被劫持了之后,退信的发件人域变成@docomointertouch.com进垃圾箱了,伤不起。。。

  1. 还没有评论
评论提交中, 请稍候...

留言

可以使用的标签: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackbacks & Pingbacks ( 0 )
  1. 还没有 trackbacks
Feed