10 月 26 2010
這兩個月收到了兩封人家轉發(轉寄)訊息的信件,都是讓我不愉快的。 
既然不愉快,我也不覺得我應該客氣,直接來看看這兩封信吧(點圖放大)。
第一封:
第二封:
轉寄信件,協助傳遞訊息固然是好意。
但是… 直接把親朋好友的 E-mail 位址放在收件人,卻是(讓我認為)非常愚蠢的作法。
麻煩那些時常轉寄信件,散播資訊的人注意一下。
轉寄這類的信件,請把親朋好友的 E-mail 位址放在密件副本(Bcc)裡面吧。
PS. 如果我要把 E-mail 位址賣給廣告信件發送者,一個 E-mail 位址算兩塊錢的話,這兩封信件可以讓我的口袋增加個五百塊左右吧?! 
8 月 16 2008
現在許多廣告信件都是亂丟,配合來源位址的偽造,可能造成主機在發信上有所阻礙。
例如這種狀況:
廣告信偽造的寄件位址是 [email protected],寄給 [email protected]。如果 example-host.com 沒有 no-this-user 這個使用者,那信件會被退到 [email protected],久而久之,example-host.com 可能會被 yahoo.com.tw 擋掉。
之前的文章 只提過 exim 上面的擋法,最近是摸出了 Postfix 的設定方式。
smtpd_restriction_classes =
fakemail_yahoo
fakemail_gmail
...
#
fakemail_yahoo = check_client_access pcre:/usr/local/etc/postfix/fake/yahoo
fakemail_gmail = check_client_access pcre:/usr/local/etc/postfix/fake/gmail
#
smtpd_sender_restrictions =
...,
check_sender_access hash:/usr/local/etc/postfix/fake/CHECK,
...yahoo.com fakemail_yahoo yahoo.com.tw fakemail_yahoo gmail.com fakemail_gmail ...
/(^|\.)yahoo\.com$/ DUNNO /./ REJECT Fake address
對了,如果有 MX server 的話,都得一起上,不然沒用。
跑了一段時間後,效果還真的蠻顯著的。 
7 月 18 2008
這兩天在處理 RoundCube 的郵件中文夾檔問題。
原本覺得情況很詭異,因為 Firefox 都很正常,可是 IE 有這兩種狀況:
坦白說,RoundCube 的程式架構實在很難摸,所以追了蠻久的..
我幫忙追問題的 RoundCube 版本是 0.1-STABLE 。
最後追到的解法是去修改 program/steps/mail/get.inc , diff -u 生出來的檔案內容是這樣:
--- program/steps/mail/get.inc.orig 2008-07-18 02:01:46.000000000 +0800
+++ program/steps/mail/get.inc 2008-07-18 15:45:37.000000000 +0800
@@ -106,9 +106,19 @@
}
else
{
- header(sprintf("Content-Disposition: %s; filename="%s";",
+ $HTTP_USER_AGENT = $_SERVER["HTTP_USER_AGENT"];
+
+ if (strstr($HTTP_USER_AGENT, "compatible; MSIE ") !== false &&
+ strstr($HTTP_USER_AGENT, "Opera") === false) {
+ header(sprintf("Content-Disposition: %s; filename="%s";",
+ $_GET["_download"] ? "attachment" : "inline",
+ $part->filename ? rawurlencode(abbreviate_string($part->filename, 55)) :
+ rawurlencode("roundcube.$ctype_secondary")));
+ } else {
+ header(sprintf("Content-Disposition: %s; filename="%s";",
$_GET["_download"] ? "attachment" : "inline",
$part->filename ? abbreviate_string($part->filename, 55) : "roundcube.$ctype_secondary"));
+ }
// turn off output buffering and print part content
$IMAP->get_message_part($MESSAGE["UID"], $part->mime_id, $part, true);關鍵就在… 給 IE 吃的話,要先用 rawurlencode() 處理一遍。 
12 月 19 2007
剛剛發現 anti-spam.org.cn 的 CBL 把 Xuite 的 smtp server 列進去了(IP 是 210.242.46.140)。
所以在 sendmail、Postfix、exim 的設定中把 anti-spam.org.cn 的 RBL 拿掉了。
另外,在 exim 中,把 前一篇 post 的 ACL 擴充成以下這樣:
check_hello:
deny message = HELO/EHLO with wrong IP address.
hosts = !+relay_hosts
log_message = HELO/EHLO my.ip
condition = ${if eq {$sender_helo_name}{###.###.###.###} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
hosts = !+relay_hosts
log_message = HELO/EHLO localhost
condition = ${if match {$sender_helo_name}{localhost} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
log_message = HELO/EHLO none
condition = ${if match {$sender_helo_name}{none} {yes}{no}}
deny message = HELO/EHLO with wrong IP address.
log_message = HELO/EHLO no dot
condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
acceptcheck_mail:
deny message = $sender_host_address is listed in $dnslist_domain
hosts = !+relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
sbl.spamhaus.org : \
list.dsbl.org
deny message = Invalid mail-from envelope header
hosts = !+relay_hosts
!authenticated = *
log_message = Invalid mail-from envelope header
condition = ${if match {$sender_address} {\\.} {no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Yahoo
senders = *@yahoo.com
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Yahoo
senders = *@yahoo.com.tw
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake MSN
senders = *@msn.com
condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake AOL
senders = *@aol.com
condition = ${if match {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Gmail
senders = *@gmail.com
condition = ${if match {$sender_host_name}{\Ngoogle.com$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@msa.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@umail.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Hinet
senders = *@cm1.hinet.net
condition = ${if match {$sender_host_name}{\Nhinet.net$\N}{no}{yes}}
deny message = Fake mail address.
hosts = !+relay_hosts
!authenticated = *
log_message = Fake Xuite
senders = *@xuite.net
condition = ${if match {$sender_host_name}{\Nxuite.net$\N}{no}{yes}}
acceptcheck_data:
deny message = Message SHOULD have Message-ID.
hosts = !+relay_hosts
!authenticated = *
log_message = No Message-ID
condition = ${if !def:h_Message-ID: {1}}
deny message = Message SHOULD have Date.
hosts = !+relay_hosts
!authenticated = *
log_message = No Date
condition = ${if !def:h_Date: {1}}
accept
話說… 前一篇 post 的 ACL 加上去之後, reject log 的檔案大小爆跳成原本的三倍多。
12 月 17 2007
在網路上看了一堆網頁,也摸索了好一陣子,剛才弄出這些設定:
check_hello:
deny message = HELO/EHLO with my ip address. You are not me.
log_message = HELO/EHLO my.ip
condition = ${if eq {$sender_helo_name}{###.###.###.###} {yes}{no}}deny message = Fine, then the mail I accept is also none
log_message = HELO/EHLO none
condition = ${if match {$sender_helo_name}{none} {yes}{no}}accept
check_mail:
deny message = $sender_host_address is listed in $dnslist_domain
hosts = !+relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
sbl.spamhaus.org : \
list.dsbl.org : \
cbl.anti-spam.org.cndeny message = Fake Yahoo, so you must be spam.
log_message = Fake Yahoo
senders = *@yahoo.com
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}deny message = Fake hotmail, so you must be spam.
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}deny message = Fake MSN, so you must be spam.
log_message = Fake MSN
senders = *@msn.com
condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}deny message = Fake AOL, so you must be spam.
log_message = Fake AOL
senders = *@aol.com
condition = ${if match {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}deny message = Fake Gmail, so you must be spam.
log_message = Fake Gmail
senders = *@gmail.com
condition = ${if match {$sender_host_name}{\Ngoogle.com$\N}{no}{yes}}accept
check_data:
deny message = Message SHOULD have Message-ID: but does not
condition = ${if !def:h_Message-ID: {1}}deny message = Message SHOULD have Date: but does not
condition = ${if !def:h_Date: {1}}accept
要讓 exim 在 HELO(或 EHLO)、MAIL 與 DATA 指令時作檢查,設定檔裡面要有這三行:
acl_smtp_mail = check_mail
acl_smtp_helo = check_hello
acl_smtp_data = check_data
目前在 log 看到的成效還不錯。
參考網址:
12 月 12 2007
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cblless.anti-spam.org.cn,
在 sendmail 中,我是用這些設定:
FEATURE(`dnsbl”, `bl.spamcop.net”, `”550 Spam blocked, see: http://spamcop.net/bl.shtml?”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `sbl.spamhaus.org”, `”550 Spam blocked, see: http://www.spamhaus.org/query/bl?ip=”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `list.dsbl.org”, `”550 Spam blocked, see: http://dsbl.org/listing?”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `cblless.anti-spam.org.cn”, `”550 Spam blocked, see: http://anti-spam.org.cn/services/rblquery.php?IP=”$&{client_addr}”)dnl
剛剛收到一封信件,說 Hinet 的信箱被擋了。
查詢 mailog 之後看到這些:
Dec 12 15:27:45 #### sm-mta[56538]: lBC7RiVG056538: ruleset=check_rcpt, arg1=< ####@####.####>, relay=msr14.hinet.net [168.95.4.114], reject=550 5.7.1 < ####@####.####>… Spam blocked, see: http://anti-spam.org.cn/services/rblquery.php?IP=168.95.4.114
Dec 12 10:26:55 #### sm-mta[42224]: ruleset=check_relay, arg1=msr28.hinet.net, arg2=127.0.8.5, relay=msr28.hinet.net [168.95.4.128], reject=550 5.7.1 Spam blocked, see: http://anti-spam.org.cn/services/rblquery.php?IP=168.95.4.128
anti-spam.org.cn 有以下這幾種名單:
可供應用的黑名單有這些(這些黑名單都已經把 BML 剔除了):
其中,CBL- 就是這篇文章上面的設定用到的。
在 anti-spam.org.cn 的首頁 中,把 Hinet 的這兩台 mail server 丟進去作黑名單查詢,可以發現,這兩台 mail server 被誤判,放進 CDL 名單。
我覺得, Hinet 的 mail server 應該被放進 BML ,不過 anti-spam.org.cn 並沒有這樣作。
目前,因應 Hinet 的 mail server 還存在於 CDL 中,我們大概只能委屈一點,單純地使用 CBL 名單了。
所以,剛剛把 Postfix 的設定調成這樣:
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cbl.anti-spam.org.cn,
sendmail 則是用這些:
FEATURE(`dnsbl”, `bl.spamcop.net”, `”550 Spam blocked, see: http://spamcop.net/bl.shtml?”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `sbl.spamhaus.org”, `”550 Spam blocked, see: http://www.spamhaus.org/query/bl?ip=”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `list.dsbl.org”, `”550 Spam blocked, see: http://dsbl.org/listing?”$&{client_addr}”)dnl
FEATURE(`dnsbl”, `cbl.anti-spam.org.cn”, `”550 Spam blocked, see: http://anti-spam.org.cn/”)dnl
話說,有沒有哪位大大用過其他的 DNSBL ,覺得還不錯的呀?
麻煩推薦一下吧~
12 月 8 2007
收到回信了…
Hello,
Thank you for writing to Yahoo! Mail.
We appreciate your report as your input helps us to identify ways to
constantly maintain and improve our service. We apologize for any
inconvenience this has caused you. If you notice any further
difficulties when delivering to Yahoo! Mail accounts, after waiting a
reasonable amount of time, please let us know by replying directly to
this email. However please note the following:If you are receiving the error code “421 Message from x.x.x.x
temporarily deferred” or “451 Message temporarily deferred – 4.16.50” in
your SMTP logs, this indicates that the message you attempted to send
was not accepted by Yahoo! Mail servers. It is not a permanent error;
your system will automatically re-try later. If, after attempting to
deliver to Yahoo! and receive the 4.16.50 error repeatedly and conform
to the best sending practices outlined in the following page, we
encourage you to apply for prioritized sending at the link below.Recommended Best Practices:
http://help.yahoo.com/help/us/mail/defer/defer-01.html
Prioritized Delivery (Please note that this form can also be used by
senders whose mailings are being directed to the Bulk Folder):http://help.yahoo.com/l/us/yahoo/mail/yahoomail/postmaster/bulk.html
If you are receiving a separate error than that above, please provide
the text of any error messages you may have received. Also, providing
the specific IP address of the mail server that experienced the delivery
issue will help us to troubleshoot the issue more efficiently.For assistance with delivery issues to Yahoo! Mail, please visit:
http://postmaster.yahoo.com/
We appreciate your patience while we work to improve and maintain our
service.Thank you again for contacting Yahoo! Mail.
Regards,
Samuel Cyprian
Yahoo! Customer Care
42488450
Original Message Follows:
————————-Mail-Id: w1.help.tpc.yahoo.com-/l/us/yahoo/mail/postmaster/defer.html-1196670703-23
“Name:” : Joe Horn
“Email Address:” : ##我的Gmail信箱##
“Domains” : ###.com.tw
“Subject:” : Email not accepted for policy reasons
“IP Addresses:” : ###.###.###.1
###.###.###.2
“Error Codes:” :
host mx2.mail.tw.yahoo.com[203.188.197.10] refused to
talk to me: 421 Message from (###.###.###.1) temporarily deferred –
4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.htmlhost mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421
Message from (###.###.###.2) temporarily deferred – 4.16.50.
“Contents:” :
“Additional Info:” : Our company provide web hosting service for EC site owner.
Recently, we receive complaint from our customer.
They said that their customer who using Yahoo! mailbox couldn't
receive product order notification, but Gmail is okay.Could you please help us to solve this problem?
Thanks.“Information Passed In”:
————————
“from_url” : http://help.yahoo.com/l/us/yahoo/mail/original/abuse/abuse-60.html
————————While Viewing: http://help.yahoo.com/l/us/yahoo/mail/original/abuse/abuse-60.html
Form Name: http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html
Yahoo ID:
Other ID:
Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.1.11)
Gecko/20071127 Firefox/2.0.0.11REMOTE_ADDR: 59.113.162.14
REMOTE_HOST: 59.113.162.14
Date Originated: Monday December 3, 2007 – 00:31:43
——-
一看就知道,又是在打官腔… :x
我把 ###.###.###.1 跟 ###.###.###.2 這兩個 IP 丟到 DNSBL 測試網站測試過,通通都是正常的。
而且,這兩台機器的網域都有 SPF 設定。
Yahoo 不使用開放架構,自行建置黑名單,回報後又沒給理由,著實令人頭疼。
我的研判,原因可能是「spammer 使用偽造的 Yahoo 信箱位址當作 From,丟信到 mail server,mail server 查不到收件人,嘗試退信,就回彈到 Yahoo 去」,所以在 mail server 上面改了些設定。
###.###.###.1 跟 ###.###.###.2 這兩個 IP 分別使用 Exim 跟 Postfix 作 MTA 。
我對 Exim 不熟,所以只調整了 Postfix 的 rule ,在 main.cf 用了這些設定(大部分是原本就有的):
#
bounce_queue_lifetime = 1h
maximal_queue_lifetime = 3d
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_auth_clients = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
#
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
permit_mx_backup,
check_recipient_access regexp:/usr/local/etc/postfix/access_regex,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unknown_reverse_client_hostname
#
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_client_access regexp:/usr/local/etc/postfix/access_regex,
reject_unknown_reverse_client_hostname,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cblless.anti-spam.org.cn,
permit
#
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain
在 /usr/local/etc/postfix/access_regex 這個檔案裡面則是塞了這些:
/dsl\./ REJECT
/\.dsl/ REJECT
/dynamic\./ REJECT
/\.dynamic/ REJECT
/-dynamic/ REJECT
/dynamic-/ REJECT
/\.dynamicIP\./ REJECT
/\.dyn/ REJECT
/dyn\./ REJECT
/dyn-/ REJECT
/-dyn/ REJECT
/dynpool/ REJECT
另外,建議有相同困擾的人,運用 Gmail 信箱當作 mail 溝通管道。
PHP 的系統可以考慮導入 libgmailer 。
有人跟我說,要人家放棄 Yahoo 的信箱很難,因為Y拍的店主都得用 Yahoo 的信箱。
可是… 露天+搜尋引擎關鍵字廣告不好用嗎? 而且,目前露天還不會向店長勒索!
12 月 3 2007
之前是處理 server 發信到 Hotmail 被吞掉的問題,最近是在處理 server 無法把信件丟到 Yahoo 信箱的問題。
server 的 mailog 有這兩種訊息:
前幾天循著訊息中的網址發訊息給 Yahoo,問題到現在依然無解。
Neo 也在約一週前貼出 這篇 Blog post。
拜託,行行好。
為了讓自己能接到訂單通知函、註冊認證信,別再用 Yahoo 跟 Hotmail 的信箱進行帳號註冊與購物啦。
Gmail 不是很好嗎? 註冊一個 Gmail 上網註冊、購物用,省去你們的麻煩,也不會讓我們頭痛。
而且,Gmail 信箱裡面的垃圾信數量絕對比 Yahoo 跟 Hotmail 的還少啦。
5 月 3 2007
8 月 29 2013
[FreeBSD] 讓 Postfix 使用 Gmail 的 SMTP server 送信
數月前,我在 Amazon EC2 開了一個跑 FreeBSD 的 Micro Instance 來 maintain ports。
我認為這台虛擬機器隨時都可以重造,所以我在 Security Groups 的設定中只幫 Inbound 綁了幾個特定的 IP,讓我可以 ssh 登入就好。
於是我就讓這台虛擬機器跑 Postfix,透過 gmail 的 SMTP server 幫我送 PR 。
目前在網路上找到的說明,大多都會提到 SSL/TLS certificate 的設定,我倒是跳過了這段,而且就目前看來是運作良好。
步驟大致如下:
其中 TLS 選項一定要勾。
PS1. 以上的設定只適合單人用機,因為所有外寄的郵件都會透過同一個 gmail 位址寄出。 :p
PS2. 記得刪掉 /usr/local/etc/postfix/gmail_passwd ,或是作 chmod 。
By Joe Horn • FreeBSD, Mail 0 • Tags: FreeBSD, Gmail, Postfix