X-mail
X-mail
-
个人空间
相册
- 组别:超级版主
- 性别:
- 生日:1985-7-31
- 来自:letsallinone.com
- 积分:236
- 帖子:236
- 注册:
2008-03-03
|
没错还是它!GFW让邮件内容变成了aaazzzaaazzzaaazzzaaazzzaaazzz
1.问题现像:
A.文字描述:最近发往国外的邮件,用户会重复收到多封,还有用户收到一些aaazzzaaazzz内容的信件!
这些既不是垃圾邮件也不是病毒邮件,都是由正常用户发出的!!
客户反映每天都收到单位邮箱的的信,内容就有aaazzzaaazzzaaazzzaaazzzaaazzz。
B.邮件内容的几个例子:
From: <xiongdd@suns.cn>
To: <undisclosed-recipients:>
Date: Fri, 13 Oct 2006 06:40:41 +0900
Message-ID: <200610122140.k9CLefQI006396@outgw.electric.co.jp>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: AcbuRxF6LfrCnxfGSJGJB72BBtc36w==
aaazzzaaazzzaaazzzaaazzzaaazzzReturn-Path: <>;
Delivered-To: zhao@xxxx.com.cn
Received: (qmail 1951 invoked by uid 690); 20 May 2005 16:02:38 -0000
Date: 20 May 2005 16:02:38 -0000
Message-ID: <20050520160238.1949.qmail@xxxx.com.cn>;
From: xxxx.com.cn@xxxx.com.cn
Cc: recipient list not shown: ;
Delivered-To: ncc@xxxx.com.cn
Received: (qmail 1941 invoked from network); 20 May 2005 16:02:38 -0000
Received: from unknown (HELO mail.pvsx.com) (222.222.222.222)
by 0 with SMTP; 20 May 2005 16:02:38 -0000
aaazzzaaazzzaaazzzaaazzzaaazzzReturn-path: <cdahl_hs at ccopley.demon.co.uk>
Received: from spamassassin-daemon.saruman.ncf.ca by saruman.ncf.ca
(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
id <0IFJ00F19KVCBI at saruman.ncf.ca> for ba600 at ims-ms-daemon; Tue,
26 Apr 2005 03:02:01 -0400 (EDT)
Received: from azzit.de ([222.137.59.225])
by saruman.ncf.ca (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
with ESMTP id <0IFJ00FNHKV3OR at saruman.ncf.ca> for ba600 at ncf.ca(ORCPT ba600 at freenet.carleton.ca); Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date: Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date-warning: Date header was inserted by saruman.ncf.ca
From: cdahl_hs at ccopley.demon.co.ukMessage-id: <0IFJ00FNLKVAOR at saruman.ncf.ca>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on smeagol.ncf.ca
X-Spam-Status: No, score=3.1 required=4.5 tests=MISSING_SUBJECT,NO_REAL_NAME,
TRACKER_ID autolearn=disabled version=3.0.1
X-Spam-Level: ***
Original-recipient: rfc822;ba600 at freenet.carleton.caStatus: RO
X-Status: RC
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:
aaazzzaaazzzaaazzzaaazzzaaazzz
C.接收到的邮件图片: 2.原因分析:针对这个问题,经过时间的推移在网上曾经出现过好几种解释。主要有以下几种:A.邮件系统本身的原因:起初比较少网友问到这个问题,而且都会指定自己使用的邮件系统名称,所以大家主要集中考虑是否某个邮件系统的设定问题,甚至有人提到了会不是邮件系统本身设计上的Bug.但是,因为提出这个问题的网友出现在不同的邮件系统中,很快这个说法站不住脚了。
B.防火墙(如Cisco Pix)造成:当邮件系统本身不是原因后,大家自然而然的想到了病毒,网络防火墙,但是同样的问题出现在了没有任何安全防护的邮件系统环境中。好像这个解释了行不通了。C.通过"发送到->邮件接收者"方式导致:这个说法是说在Windows中(windows explore),选择一个文件然后“右键->发送到->邮件接收者"这样的方式发送的邮件会出现这个问题(如下图)。但是连作者自己也说“不是每次都这样,搞不懂!”,但是我猜没有附件的邮件也会有这个问题吧!
 D.GFW造成:这个说明好像成了共识,甚至称之为“有中國特色的 SMTP 現象”,也经过了非常激烈的讨论,理由是“GFW过滤进出邮件,当发现敏感字后往两边各发送三个伪造的reset干掉连接,通常都发生在数据传输中间,所以会干扰到内容。”甚至,有一个网友提出了“证实收到'aaazzzaaazzzaaazzzaaazzzaaazzz'的真实原因”内容如下:
证实收到'aaazzzaaazzzaaazzzaaazzzaaazzz'的真实原因
(注:域名和IP信息有修改)
从sales2@test.com(在大陆)发给construction@recipient.com(在香港,我们分公司),在发件人服务器查到如下日志:
Oct 12 10:43:37 localhost postfix/smtpd[30005]: E50DD4187A5: client=unknown[125.0.0.1], sasl_method=LOGIN, sasl_username=sales2@test.com
Oct 12 10:43:43 localhost postfix/cleanup[28691]: E50DD4187A5: message-id=<20061012024337.E50DD4187A5@slave.mail51.cn4e.com>
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 10:48:53 localhost postfix/smtp[1140]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=316, status=deferred (conversation with 202.67.0.1[202.67.0.1] timed out while sending MAIL FROM)
Oct 12 11:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 11:43:30 localhost postfix/smtp[28474]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=3593, status=deferred (lost connection with 202.67.0.1[202.67.0.1] while sending message body)
Oct 12 13:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 13:43:22 localhost postfix/smtp[5424]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=10785, status=bounced (host 202.67.0.1[202.67.0.1] said: 500 error (in reply to MAIL FROM command))
Oct 12 13:45:22 localhost postfix/qmgr[17170]: E50DD4187A5: removed
发件人sales2@test.com收到退信:
<construction@recipient.com>: host 202.67.0.1[202.67.0.1]
said: 500 error (in reply to MAIL FROM command)
在香港的分公司查到如下日志:
Oct 12 10:44:45 hk postfix/smtpd[21468]: 3BCDC2B000F: client=unknown[218.85.0.1]
Oct 12 10:44:45 hk postfix/cleanup[22131]: 3BCDC2B000F: message-id=<20061012020145.3BCDC2B000F@hk.com>
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active)
Oct 12 10:44:53 hk postfix/smtp[22352]: 3BCDC2B000F: to=<construction@recipient.com>, relay=maildrop, delay=8, status=sent (recipient.com)
Oct 12 10:44:53 hk postfix/qmgr[25450]: 3BCDC2B000F: removed
说明这封信已经成功发过去了,但是为什么发件人会收到退信呢?退信是从那来的呢?对比一下这两条日志:
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active) (在发件人服务器上的日志)
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active) (香港收件服务器上的日志)
发件人发送的时候size=36652,而到了香港却被变成了size=475??再看一下construction@recipient.com收到的这封信的内容,如下,竟然是aaazzzaaazzzaaazzzaaazzzaaazzz:
Return-Path: <sales2@test.com>
Delivered-To: construction@recipient.com
Received: by mail.hk.com (202.67.0.1) (Postfix, from userid 12346)
id 3BCDC2B000F; Thu, 12 Oct 2006 10:44:53 +0800 (CST)
X-filter: Passed
Received: from unkoown (218.85.0.1)
by mail.test.com (Postfix) with ESMTP id E50DD4187A5
for <construction@recipient.com>; Thu, 12 Oct 2006 10:43:56 +0800 (CST)
Message-Id: <20061012020145.3BCDC2B000F@hk.com>
Date: Thu, 12 Oct 2006 10:44:45 +0800 (HKT)
From: sales2@test.com
To: undisclosed-recipients:;
aaazzzaaazzzaaazzzaaazzzaaazzz
看到这里相信大家也都明白了,在发件人发给香港的时候,被某一“东东”终止了,返回给发件人500 error,同时其把内容更改后发给了收件人,于是就出现发件人收到500 error ,而收件人收到aaazzzaaazzzaaazzzaaazzzaaazzz的奇怪事情。这个“东东”就是GFW了(中国网络防火墙),也证实了前面贴子大家讨论得出的结论都是正确的。
3.解决办法:既然我们的GFW这么伟大,这么强大,我们怎么办?其实解决办法很简单--就是加密传输,比如可以试我上次转发的winmail提供的“国外用outlook收取国内邮件异常中止问题”解办法:
A. 使用 https 登陆 webmail
B. 邮件客户端使用SSL方式连接pop3,smtp
而且确保局域网所有电脑都要做同样的设置, 否则一台有问题,其他全部不能连接,因为大都是代理上网使用一个IP进行的。不过这都是客户端对服务器端的方式。服务器以服务器的话,或许用VPN或是国外架一个转发邮件器来解决。当然这个办法不好,欢迎大家提出更多的方便易用的解决办法来。
P.S:文中资料主要参考以下链接整理,不一一列举版权人,请谅解,谢谢!
http://bbs.chinaunix.net/viewthread.php?tid=841029
http://bbs.chinaunix.net/viewthread.php?tid=834154
http://bbs.chinaunix.net/viewthread.php?tid=549297
http://phorum.study-area.org/printview.php?t=36733
http://www.extmail.org/forum/archive/2/0610/2788.html
|
