拒接茵克软件群发垃圾

2016/5/7 10:50:04      点击:
最近一段时间,从日志分析了下,发现湖北段的IP发垃圾非常的活跃,用的是茵克群发软件,不过要过滤这些垃圾,也是很简单的事情,我们来看看下面从日志中提取的一些信息:
 "27.20.39.244" "RECEIVED: HELO HBDX-22.yinksoft.com
"27.20.111.182" "RECEIVED: HELO HBDX-37.yinksoft.com"
"27.20.36.56" "RECEIVED: HELO HBDX-25.yinksoft.com"
"222.51.68.210" "RECEIVED: HELO CDTT-01.yinksoft.com"
"27.20.121.1" "RECEIVED: HELO HBDX-21.yinksoft.com"
"222.51.69.116" "RECEIVED: HELO CDTT-01.yinksoft.com"
"222.51.68.249" "RECEIVED: HELO CDTT-03.yinksoft.com"
"27.20.61.88" "RECEIVED: HELO HBDX-37.yinksoft.com"
"27.20.110.238" "RECEIVED: HELO HBDX-25.yinksoft.com"
"27.20.163.233" "RECEIVED: HELO HBDX-22.yinksoft.com"
"111.176.75.48" "RECEIVED: HELO HBDX-21.yinksoft.com"
"111.176.79.227" "RECEIVED: HELO HBDX-22.yinksoft.com"
从上面的信息可以分析出,这个软件使用了有规律性的HELO信息,这就给我们提供了方便了。

如果你用的是WINWEBMAIL,可以开启 拒绝 HELO/EHLO 主机名 ,然后把yinksoft.com添加进去,这个群发软件就真的要成傻逼了,再多的垃圾也发不进来,哈哈!再不行,你就把湖北段的那些IP都屏蔽了,看这个鸟人还怎么给你发??

如果是DBMail可以开启RBL过滤,一般的动态IP基本都是在黑名单的,zen.spamhaus.org,dnsbl.sorbs.net ,cbl.abuseat.org 这三个基本就够了

如果是HMAILSERVER,可以使用VB脚本拒绝HELO信息,也可以使用RBL功能。 

目前收集这个软件使用的的IP段如下:
119.36.212.1~119.36.215.255
111.176.0.1~111.176.127.255
113.56.221.1~113.56.255.255
119.36.212.1~119.36.212.255
116.207.0.1~116.207.47.255
183.93.16.1~183.93.120.255
27.20.0.1~27.20.255.255
58.19.188.1~58.19.203.255
58.50.0.1~58.50.127.255