7/26/2007

证实收到'aaazzzaaazzzaaazzzaaazzzaaazzz'的真实原因

(注:域名和IP信息有修改)从sales2@test.com(在大陆)发给construction@recipient.com(在香港,我们分公司),在发件人服务器查到如下日志:
Oct 12 10:43:37 localhost postfix/smtpd[30005]: E50DD4187A5: client=unknown[125.0.0.1], sasl_method=LOGIN, sasl_username=sales2@test.comOct 12 10:43:43 localhost postfix/cleanup[28691]: E50DD4187A5: message-id=<20061012024337.E50DD4187A5@slave.mail51.cn4e.com>Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)Oct 12 10:48:53 localhost postfix/smtp[1140]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=316, status=deferred (conversation with 202.67.0.1[202.67.0.1] timed out while sending MAIL FROM)Oct 12 11:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)Oct 12 11:43:30 localhost postfix/smtp[28474]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=3593, status=deferred (lost connection with 202.67.0.1[202.67.0.1] while sending message body)Oct 12 13:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)Oct 12 13:43:22 localhost postfix/smtp[5424]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=10785, status=bounced (host 202.67.0.1[202.67.0.1] said: 500 error (in reply to MAIL FROM command))Oct 12 13:45:22 localhost postfix/qmgr[17170]: E50DD4187A5: removed
发件人sales2@test.com收到退信

<construction@recipient.com>: host 202.67.0.1[202.67.0.1] said: 500 error (in reply to MAIL FROM command)
在香港的分公司查到如下日志:
Oct 12 10:44:45 hk postfix/smtpd[21468]: 3BCDC2B000F: client=unknown[218.85.0.1]Oct 12 10:44:45 hk postfix/cleanup[22131]: 3BCDC2B000F: message-id=<20061012020145.3BCDC2B000F@hk.com>Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active)Oct 12 10:44:53 hk postfix/smtp[22352]: 3BCDC2B000F: to=<construction@recipient.com>, relay=maildrop, delay=8, status=sent (recipient.com)Oct 12 10:44:53 hk postfix/qmgr[25450]: 3BCDC2B000F: removed
说明这封信已经成功发过去了,但是为什么发件人会收到退信呢?退信是从那来的呢?对比一下这两条日志:
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active) (在发件人服务器上的日志)Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active) (香港收件服务器上的日志)
发件人发送的时候size=36652,而到了香港却被变成了size=475??再看一下construction@recipient.com收到的这封信的内容,如下,竟然是aaazzzaaazzzaaazzzaaazzzaaazzz:Return-Path: <sales2@test.com>Delivered-To: construction@recipient.comReceived: by mail.hk.com (202.67.0.1) (Postfix, from userid 12346) id 3BCDC2B000F; Thu, 12 Oct 2006 10:44:53 +0800 (CST)X-filter: PassedReceived: from unkoown (218.85.0.1) by mail.test.com (Postfix) with ESMTP id E50DD4187A5 for <construction@recipient.com>; Thu, 12 Oct 2006 10:43:56 +0800 (CST)Message-Id: <20061012020145.3BCDC2B000F@hk.com>Date: Thu, 12 Oct 2006 10:44:45 +0800 (HKT)From: sales2@test.comTo: undisclosed-recipients:;aaazzzaaazzzaaazzzaaazzzaaazzz看到这里相信大家也都明白了,在发件人发给香港的时候,被某一“东东”终止了,返回给发件人500 error,同时其把内容更改后发给了收件人,于是就出现发件人收到500 error ,而收件人收到aaazzzaaazzzaaazzzaaazzzaaazzz的奇怪事情。这个“东东”就是GFW了(中国网络防火墙),也证实了前面贴子大家讨论得出的结论都是正确的。

没有评论: