钉子 2006-10-18 15:33
没错还是它!GFW让邮件内容变成了aaazzzaaazzzaaazzzaaazzzaaazzz
[size=2]今天,[/size][url=http://www.5dmail.net/bbs][size=2][color=#000000]5dmail论坛[/color][/size][/url][size=2]上的会员[/size][url=http://www.5dmail.net/bbs/profile-uid-18894.html][size=2][color=#000000]wflovemcx[/color][/size][/url][size=2] 提了一个“[url=http://www.5dmail.net/bbs/thread-158261-1-1.html][color=#800080]经常收到内容为“aaazzzaaazzzaaazzzaaazzzaaazzz”的邮件!如何解决?[/color][/url]”的问题。其实早在年初我就遇到过类似的邮件,当时并没有太在意,以为是垃圾邮件。但是当今天再一次提出来时引起了我的重视。到网上查了一下,得到一个很不幸的结果--[b][color=#ff0000]GFW造成[/color][/b]。没错,和上次[/size][url=http://blog.5dmail.net/user1/1/2006101101444.html][size=2][color=#000000]GFW 让我们的邮件 Please try?[/color][/size][/url][size=2]提到[url=http://www.5dmail.net/bbs/viewthread.php?tid=157760&pid=165283&page=1&extra=page%3D1#pid165283][color=#000000]551 User not local; please try <forward-path>[/color][/url]及[url=http://www.5dmail.net/bbs/thread-157781-1-1.html][color=#000000]5.5.0 smtp;551 User not local; please try <forward-path>[/color][/url]信息出现的答案是一样,还是它![b][color=#ff0000]伟大的[/color][/b][/size][size=2][b][color=#ff0000]GFW让邮件变成了aaazzzaaazzzaaazzzaaazzzaaazzz![/color][/b]
下面请让我把找到的一些信息整理一下,方便大家了解:[/size]
[size=2][/size]
[b][size=2]1.问题现像:[/size][/b]
[size=2][b]A.文字描述[/b]:最近发往国外的邮件,用户会重复收到多封,还有用户收到一些aaazzzaaazzz内容的信件!
这些既不是垃圾邮件也不是病毒邮件,都是由正常用户发出的!!
客户反映每天都收到单位邮箱的的信,内容就有aaazzzaaazzzaaazzzaaazzzaaazzz。
[/size][size=2][b]B.邮件内容的几个例子[/b]:
[/size][size=2]From: <[/size][email=xiongdd@suns.cn][size=2][color=#000000]xiongdd@suns.cn[/color][/size][/email][size=2]>
To: <undisclosed-recipients:>
Date: Fri, 13 Oct 2006 06:40:41 +0900
Message-ID: <[/size][email=200610122140.k9CLefQI006396@outgw.electric.co.jp][size=2][color=#000000]200610122140.k9CLefQI006396@outgw.electric.co.jp[/color][/size][/email][size=2]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: AcbuRxF6LfrCnxfGSJGJB72BBtc36w==
aaazzzaaazzzaaazzzaaazzzaaazzz[/size]
[size=2]Return-Path: <>;
Delivered-To: zhao@xxxx.com.cn
Received: (qmail 1951 invoked by uid 690); 20 May 2005 16:02:38 -0000
Date: 20 May 2005 16:02:38 -0000
Message-ID: <20050520160238.1949.qmail@xxxx.com.cn>;
From: xxxx.com.cn@xxxx.com.cn
Cc: recipient list not shown: ;
Delivered-To: ncc@xxxx.com.cn
Received: (qmail 1941 invoked from network); 20 May 2005 16:02:38 -0000
Received: from unknown (HELO mail.pvsx.com) (222.222.222.222)
by 0 with SMTP; 20 May 2005 16:02:38 -0000
aaazzzaaazzzaaazzzaaazzzaaazzz[/size]
[size=2]Return-path: <[/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]cdahl_hs at ccopley.demon.co.uk[/color][/size][/url][size=2]>
Received: from spamassassin-daemon.saruman.ncf.ca by saruman.ncf.ca
(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
id <[/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]0IFJ00F19KVCBI at saruman.ncf.ca[/color][/size][/url][size=2]> for [/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]ba600 at ims-ms-daemon[/color][/size][/url][size=2]; Tue,
26 Apr 2005 03:02:01 -0400 (EDT)
Received: from azzit.de ([222.137.59.225])
by saruman.ncf.ca (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
with ESMTP id <[/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]0IFJ00FNHKV3OR at saruman.ncf.ca[/color][/size][/url][size=2]> for [/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]ba600 at ncf.ca[/color][/size][/url]
[size=2] (ORCPT [/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]ba600 at freenet.carleton.ca[/color][/size][/url][size=2]); Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date: Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date-warning: Date header was inserted by saruman.ncf.ca
From: [/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]cdahl_hs at ccopley.demon.co.uk[/color][/size][/url]
[size=2]Message-id: <[/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]0IFJ00FNLKVAOR at saruman.ncf.ca[/color][/size][/url][size=2]>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on smeagol.ncf.ca
X-Spam-Status: No, score=3.1 required=4.5 tests=MISSING_SUBJECT,NO_REAL_NAME,
TRACKER_ID autolearn=disabled version=3.0.1
X-Spam-Level: ***
Original-recipient: rfc822;[/size][url=http://www.oclug.on.ca/mailman/listinfo/oclug][size=2][color=#000000]ba600 at freenet.carleton.ca[/color][/size][/url]
[size=2]Status: RO
X-Status: RC
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:
aaazzzaaazzzaaazzzaaazzzaaazzz
[/size]
[size=2][b]C.接收到的邮件图片[/b]:[/size]
[size=2][/size]
[size=2][img]http://blog.5dmail.net/UploadFile/2006-10/1018502851.jpg[/img][/size]
[size=2][/size]
[size=2][b]2.原因分析[/b]:针对这个问题,经过时间的推移在网上曾经出现过好几种解释。主要有以下几种:[/size]
[size=2][b]A.邮件系统本身的原因:[/b]起初比较少网友问到这个问题,而且都会指定自己使用的邮件系统名称,所以大家主要集中考虑是否某个邮件系统的设定问题,甚至有人提到了会不是邮件系统本身设计上的Bug.但是,因为提出这个问题的网友出现在不同的邮件系统中,很快这个说法站不住脚了。
[b]B.防火墙(如Cisco Pix)造成:[/b]当邮件系统本身不是原因后,大家自然而然的想到了病毒,网络防火墙,但是同样的问题出现在了没有任何安全防护的邮件系统环境中。好像这个解释了行不通了。[/size]
[size=2][/size]
[size=2][b]C.通过"发送到->邮件接收者"方式导致[/b]:[/size][url=http://bbs.chinaunix.net/viewthread.php?tid=549297&page=2#pid4258030][size=2][color=#000000]这个说法[/color][/size][/url][size=2]是说在Windows中(windows explore),选择一个文件然后“右键->发送到->邮件接收者"这样的方式发送的邮件会出现这个问题(如下图)。但是连作者自己也说“不是每次都这样,搞不懂!”,但是我猜没有附件的邮件也会有这个问题吧!
[img]http://blog.5dmail.net/UploadFile/2006-10/1018869932.jpg[/img][/size]
[size=2][b]D.GFW造成:这个说明好像成了共识,甚至称之为“[/b]有中國特色的 SMTP 現象[b]”,也经过了[url=http://bbs.chinaunix.net/viewthread.php?tid=838622&extra=page%3D1%26filter%3Ddigest&page=1][color=#000000]非常激烈的讨论[/color][/url],理由是“[/b][size=13px]GFW过滤进出邮件,当发现敏感字后往两边各发送三个伪造的reset干掉连接,通常都发生在数据传输中间,所以会干扰到内容。[/size][b]”甚至,有一个网友提出了“[/b][size=13px][url=http://bbs.chinaunix.net/viewthread.php?tid=841029][color=#000000]证实收到'aaazzzaaazzzaaazzzaaazzzaaazzz'的真实原因[/color][/url][/size][/size][b][size=2]”内容如下:
[/size][/b][size=13px]
[size=2]证实收到'aaazzzaaazzzaaazzzaaazzzaaazzz'的真实原因
(注:域名和IP信息有修改)
从[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2](在大陆)发给[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2](在香港,我们分公司),在发件人服务器查到如下日志:[/size]
[size=2]Oct 12 10:43:37 localhost postfix/smtpd[30005]: E50DD4187A5: client=unknown[125.0.0.1], sasl_method=LOGIN, sasl_username=sales2@test.com
Oct 12 10:43:43 localhost postfix/cleanup[28691]: E50DD4187A5: message-id=<[/size][email=20061012024337.E50DD4187A5@slave.mail51.cn4e.com][size=2][color=#000000]20061012024337.E50DD4187A5@slave.mail51.cn4e.com[/color][/size][/email][size=2]>
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=36652, nrcpt=2 (queue active)
Oct 12 10:48:53 localhost postfix/smtp[1140]: E50DD4187A5: to=<[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>, relay=202.67.0.1[202.67.0.1], delay=316, status=deferred (conversation with 202.67.0.1[202.67.0.1] timed out while sending MAIL FROM)
Oct 12 11:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=36652, nrcpt=2 (queue active)
Oct 12 11:43:30 localhost postfix/smtp[28474]: E50DD4187A5: to=<[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>, relay=202.67.0.1[202.67.0.1], delay=3593, status=deferred (lost connection with 202.67.0.1[202.67.0.1] while sending message body)
Oct 12 13:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=36652, nrcpt=2 (queue active)
Oct 12 13:43:22 localhost postfix/smtp[5424]: E50DD4187A5: to=<[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>, relay=202.67.0.1[202.67.0.1], delay=10785, status=bounced (host 202.67.0.1[202.67.0.1] said: 500 error (in reply to MAIL FROM command))
Oct 12 13:45:22 localhost postfix/qmgr[17170]: E50DD4187A5: removed[/size]
[size=2]发件人[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]收到退信:[/size]
[size=2]<[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>: host 202.67.0.1[202.67.0.1]
said: 500 error (in reply to MAIL FROM command)[/size]
[size=2]在香港的分公司查到如下日志:[/size]
[size=2]Oct 12 10:44:45 hk postfix/smtpd[21468]: 3BCDC2B000F: client=unknown[218.85.0.1]
Oct 12 10:44:45 hk postfix/cleanup[22131]: 3BCDC2B000F: message-id=<[/size][email=20061012020145.3BCDC2B000F@hk.com][size=2][color=#000000]20061012020145.3BCDC2B000F@hk.com[/color][/size][/email][size=2]>
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=475, nrcpt=2 (queue active)
Oct 12 10:44:53 hk postfix/smtp[22352]: 3BCDC2B000F: to=<[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>, relay=maildrop, delay=8, status=sent (recipient.com)
Oct 12 10:44:53 hk postfix/qmgr[25450]: 3BCDC2B000F: removed[/size]
[size=2]说明这封信已经成功发过去了,但是为什么发件人会收到退信呢?退信是从那来的呢?对比一下这两条日志:[/size]
[size=2]Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=36652, nrcpt=2 (queue active) (在发件人服务器上的日志)
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>, size=475, nrcpt=2 (queue active) (香港收件服务器上的日志)[/size]
[size=2]发件人发送的时候size=36652,而到了香港却被变成了size=475??再看一下[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]收到的这封信的内容,如下,竟然是aaazzzaaazzzaaazzzaaazzzaaazzz:
Return-Path: <[/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email][size=2]>
Delivered-To: [/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email]
[size=2]Received: by mail.hk.com (202.67.0.1) (Postfix, from userid 12346)
id 3BCDC2B000F; Thu, 12 Oct 2006 10:44:53 +0800 (CST)
X-filter: Passed
Received: from unkoown (218.85.0.1)
by mail.test.com (Postfix) with ESMTP id E50DD4187A5
for <[/size][email=construction@recipient.com][size=2][color=#000000]construction@recipient.com[/color][/size][/email][size=2]>; Thu, 12 Oct 2006 10:43:56 +0800 (CST)
Message-Id: <[/size][email=20061012020145.3BCDC2B000F@hk.com][size=2][color=#000000]20061012020145.3BCDC2B000F@hk.com[/color][/size][/email][size=2]>
Date: Thu, 12 Oct 2006 10:44:45 +0800 (HKT)
From: [/size][email=sales2@test.com][size=2][color=#000000]sales2@test.com[/color][/size][/email]
[size=2]To: undisclosed-recipients:;
aaazzzaaazzzaaazzzaaazzzaaazzz
看到这里相信大家也都明白了,在发件人发给香港的时候,被某一“东东”终止了,返回给发件人500 error,同时其把内容更改后发给了收件人,于是就出现发件人收到500 error ,而收件人收到aaazzzaaazzzaaazzzaaazzzaaazzz的奇怪事情。这个“东东”就是GFW了(中国网络防火墙),也证实了前面贴子大家讨论得出的结论都是正确的。
[b]3.解决办法:[/b]既然我们的GFW这么伟大,这么强大,我们怎么办?其实解决办法很简单--[b][color=#ff0000]就是加密传输[/color][/b],比如可以试我上次转发的winmail提供的“[/size][url=http://www.5dmail.net/bbs/thread-154414-1-5.html][size=2][color=#000000]国外用outlook收取国内邮件异常中止问题[/color][/size][/url][size=2]”解办法:
A. 使用 https 登陆 webmail
B. 邮件客户端使用SSL方式连接pop3,smtp
而且确保局域网所有电脑都要做同样的设置, 否则一台有问题,其他全部不能连接,因为大都是代理上网使用一个IP进行的。不过这都是客户端对服务器端的方式。服务器以服务器的话,或许用VPN或是国外架一个转发邮件器来解决。当然这个办法不好,欢迎大家提出更多的方便易用的解决办法来。
P.S:文中资料主要参考以下链接整理,不一一列举版权人,请谅解,谢谢!
[/size][url=http://bbs.chinaunix.net/viewthread.php?tid=841029][size=2][color=#000000]http://bbs.chinaunix.net/viewthread.php?tid=841029[/color][/size][/url]
[url=http://bbs.chinaunix.net/viewthread.php?tid=834154][size=2][color=#000000]http://bbs.chinaunix.net/viewthread.php?tid=834154[/color][/size][/url]
[size=2][color=#800080][url=http://bbs.chinaunix.net/viewthread.php?tid=549297]http://bbs.chinaunix.net/viewthread.php?tid=549297[/url][/color][/size]
[size=2][url=http://phorum.study-area.org/printview.php?t=36733][color=#800080]http://phorum.study-area.org/printview.php?t=36733[/color][/url]
[url=http://www.extmail.org/forum/archive/2/0610/2788.html][color=#800080]http://www.extmail.org/forum/archive/2/0610/2788.html[/color][/url][/size]
[/size]
Ronaldo 2006-10-19 10:46
可恶的GFW啊,偶最想上的就是wiki的网站,但是一直都被它封了.
atong999888 2006-10-19 18:56
我也是深受其害, 特别是那个恶心500 error, 每天得重复一次又一次跟用户解释.
砸锅卖铁 2006-10-19 21:57
回复 #4 atong999888 的帖子
atong真惨,每天都出现。。。
我还好,只出现过一次
hylaking 2006-11-2 14:15
RE: 没错还是它!GFW让邮件内容变成了aaazzzaaazzzaaazzzaaazzzaaazzz
伟大的钉子!
slzhang_0 2006-11-15 18:22
菜鸟最爱看的贴
davidzhang 2006-11-18 22:51
我也受到困扰,原来如此
loneliness88 2006-11-22 12:51
学习中!
feitianxiang 2006-11-22 19:45
这个问题,我一直是百思不得其解,原来是这样?
晕死,我说这几天怎么很多怪现象很多。
autuman 2007-7-17 11:25
GFW...
很好很强大。。。
太好太强大。。。
:victory:
lucky_gong 2007-7-17 11:28
原来这样.那现在邮件出551是不是都和GWF有关呢?因为党十七大快要召开,所以监控得更紧,客人好多邮件都发不出去也收不到,郁闷:(
atong999888 2007-10-21 19:53
现在还有这个问题吗
lily800704 2007-10-25 16:42
这两天又出现这个问题了。郁闷中..
cindysen1222 2007-11-1 12:50
:(
对哦。。
xlas 2008-4-23 09:21
学习中..551 User not local; please try <forward-path>及5.5.0 smtp;551 User not local; please try <forward-path>
我经常是这种情况User not local...
恶心的半死.
