伟大的GFW,它不是一个人

      继前段时间的河蟹外国网站之后,我们伟大的防火墙终于再次为我们带来的激动人心的暑假资料片—邮箱封锁战!

国内的邮箱几乎全部出现了被退信的情况,并经过一些分析,是被某些东西给堵住了。当我们还为Google Mail里插入广告的问题而担心隐私的时候,我们伟大的祖国却监视着没一封出入这个国家的电子邮件。是不是以后电子邮件首发也要备案了?独裁啊,专治啊!!哦,我的天。现在我终于知道加密的重要性了,OpenBSD,我来了!以后坚决使用带Secrue的东西,ssh啊,https啊,不带坚决不能用了!!

附上相关分析:

5dmail上的技术分析:

今天,5dmail论坛上的会员wflovemcx 提了一个“经常收到内容为“aaazzzaaazzzaaazzzaaazzzaaazzz”的邮件!如何解决?”的问题。其实早在年初我就遇到过类似的邮件,当时并没有太在意,以为是垃圾邮件。但是当今天再一次提出来时引起了我的重视。到网上查了一下,得到一个很不幸的结果--墙造成。没错,和上次墙让我们的邮件 Please try?提到551 User not local; please try <forward-path>5.5.0 smtp;551 User not local; please try <forward-path>信息出现的答案是一样,还是它!伟大的墙让邮件变成了aaazzzaaazzzaaazzzaaazzzaaazzz!

下面请让我把找到的一些信息整理一下,方便大家了解:

1.问题现像:
A.文字描述:最近发往国外的邮件,用户会重复收到多封,还有用户收到一些aaazzzaaazzz内容的信件!
这些既不是垃圾邮件也不是病毒邮件,都是由正常用户发出的!!
客户反映每天都收到单位邮箱的的信,内容就有aaazzzaaazzzaaazzzaaazzzaaazzz。
B.邮件内容的几个例子:
From: <xiongdd@suns.cn>
To: <undisclosed-recipients:>
Date: Fri, 13 Oct 2006 06:40:41 +0900
Message-ID: <200610122140.k9CLefQI006396@outgw.electric.co.jp>
MIME-Version: 1.0
Content-Type: text/plain;
charset=”iso-2022-jp”
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: AcbuRxF6LfrCnxfGSJGJB72BBtc36w==

aaazzzaaazzzaaazzzaaazzzaaazzz

Return-Path: <>;
Delivered-To: zhao@xxxx.com.cn
Received: (qmail 1951 invoked by uid 690); 20 May 2005 16:02:38 -0000
Date: 20 May 2005 16:02:38 -0000
Message-ID: <20050520160238.1949.qmail@xxxx.com.cn>;
From: xxxx.com.cn@xxxx.com.cn
Cc: recipient list not shown: ;
Delivered-To: ncc@xxxx.com.cn
Received: (qmail 1941 invoked from network); 20 May 2005 16:02:38 -0000
Received: from unknown (HELO mail.pvsx.com) (222.222.222.222)
by 0 with SMTP; 20 May 2005 16:02:38 -0000

aaazzzaaazzzaaazzzaaazzzaaazzz

Return-path: <cdahl_hs at ccopley.demon.co.uk>
Received: from spamassassin-daemon.saruman.ncf.ca by saruman.ncf.ca
(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
id <0IFJ00F19KVCBI at saruman.ncf.ca> for ba600 at ims-ms-daemon; Tue,
26 Apr 2005 03:02:01 -0400 (EDT)
Received: from azzit.de ([222.137.59.225])
by saruman.ncf.ca (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
with ESMTP id <0IFJ00FNHKV3OR at saruman.ncf.ca> for ba600 at ncf.ca
(ORCPT ba600 at freenet.carleton.ca); Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date: Tue, 26 Apr 2005 03:01:59 -0400 (EDT)
Date-warning: Date header was inserted by saruman.ncf.ca
From: cdahl_hs at ccopley.demon.co.uk
Message-id: <0IFJ00FNLKVAOR at saruman.ncf.ca>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on smeagol.ncf.ca
X-Spam-Status: No, score=3.1 required=4.5 tests=MISSING_SUBJECT,NO_REAL_NAME,
TRACKER_ID autolearn=disabled version=3.0.1
X-Spam-Level: ***
Original-recipient: rfc822;ba600 at freenet.carleton.ca
Status: RO
X-Status: RC
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:

aaazzzaaazzzaaazzzaaazzzaaazzz

C.接收到的邮件图片:

这个说法是说在Windows中(windows explore),选择一个文件然后“右键->发送到->邮件接收者”这样的方式发送的邮件会出现这个问题(如下图)。但是连作者自己也说“不是每次都这样,搞不懂!”,但是我猜没有附件的邮件也会有这个问题吧!

非常激烈的讨论,理由是“墙过滤进出邮件,当发现敏感字后往两边各发送三个伪造的reset干掉连接,通常都发生在数据传输中间,所以会干扰到内容。”甚至,有一个网友提出了“证实收到’aaazzzaaazzzaaazzzaaazzzaaazzz’的真实原因”内容如下:

证实收到’aaazzzaaazzzaaazzzaaazzzaaazzz’的真实原因

(注:域名和IP信息有修改)
sales2@test.com(在大陆)发给construction@recipient.com(在香港,我们分公司),在发件人服务器查到如下日志:
Oct 12 10:43:37 localhost postfix/smtpd[30005]: E50DD4187A5: client=unknown[125.0.0.1], sasl_method=LOGIN, sasl_username=sales2@test.com
Oct 12 10:43:43 localhost postfix/cleanup[28691]: E50DD4187A5: message-id=<20061012024337.E50DD4187A5@slave.mail51.cn4e.com>
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 10:48:53 localhost postfix/smtp[1140]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=316, status=deferred (conversation with 202.67.0.1[202.67.0.1] timed out while sending MAIL FROM)
Oct 12 11:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 11:43:30 localhost postfix/smtp[28474]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=3593, status=deferred (lost connection with 202.67.0.1[202.67.0.1] while sending message body)
Oct 12 13:43:20 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active)
Oct 12 13:43:22 localhost postfix/smtp[5424]: E50DD4187A5: to=<construction@recipient.com>, relay=202.67.0.1[202.67.0.1], delay=10785, status=bounced (host 202.67.0.1[202.67.0.1] said: 500 error (in reply to MAIL FROM command))
Oct 12 13:45:22 localhost postfix/qmgr[17170]: E50DD4187A5: removed
发件人sales2@test.com收到退信:
<construction@recipient.com>: host 202.67.0.1[202.67.0.1]
said: 500 error (in reply to MAIL FROM command)
在香港的分公司查到如下日志:
Oct 12 10:44:45 hk postfix/smtpd[21468]: 3BCDC2B000F: client=unknown[218.85.0.1]
Oct 12 10:44:45 hk postfix/cleanup[22131]: 3BCDC2B000F: message-id=<20061012020145.3BCDC2B000F@hk.com>
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active)
Oct 12 10:44:53 hk postfix/smtp[22352]: 3BCDC2B000F: to=<construction@recipient.com>, relay=maildrop, delay=8, status=sent (recipient.com)
Oct 12 10:44:53 hk postfix/qmgr[25450]: 3BCDC2B000F: removed
说明这封信已经成功发过去了,但是为什么发件人会收到退信呢?退信是从那来的呢?对比一下这两条日志:
Oct 12 10:43:44 localhost postfix/qmgr[17170]: E50DD4187A5: from=<sales2@test.com>, size=36652, nrcpt=2 (queue active) (在发件人服务器上的日志)
Oct 12 10:44:45 hk postfix/qmgr[25450]: 3BCDC2B000F: from=<sales2@test.com>, size=475, nrcpt=2 (queue active) (香港收件服务器上的日志)
发件人发送的时候size=36652,而到了香港却被变成了size=475??再看一下construction@recipient.com收到的这封信的内容,如下,竟然是aaazzzaaazzzaaazzzaaazzzaaazzz:

Return-Path: <sales2@test.com>
Delivered-To: construction@recipient.com
Received: by mail.hk.com (202.67.0.1) (Postfix, from userid 12346)
id 3BCDC2B000F; Thu, 12 Oct 2006 10:44:53 +0800 (CST)
X-filter: Passed
Received: from unkoown (218.85.0.1)
by mail.test.com (Postfix) with ESMTP id E50DD4187A5
for <construction@recipient.com>; Thu, 12 Oct 2006 10:43:56 +0800 (CST)
Message-Id: <20061012020145.3BCDC2B000F@hk.com>
Date: Thu, 12 Oct 2006 10:44:45 +0800 (HKT)
From: sales2@test.com
To: undisclosed-recipients:;

aaazzzaaazzzaaazzzaaazzzaaazzz

看到这里相信大家也都明白了,在发件人发给香港的时候,被某一“东东”终止了,返回给发件人500 error,同时其把内容更改后发给了收件人,于是就出现发件人收到500 error ,而收件人收到aaazzzaaazzzaaazzzaaazzzaaazzz的奇怪事情。这个“东东”就是墙了(中国网络防火墙),也证实了前面贴子大 家讨论得出的结论都是正确的。

3.解决办法:既然我们的墙这么伟大,这么强大,我们怎么办?其实解决办法很简单--就是加密传输,比如可以试我上次转发的winmail提供的“国外用outlook收取国内邮件异常中止问题”解办法:
A. 使用 https 登陆 webmail
B. 邮件客户端使用SSL方式连接pop3,smtp
而且确保局域网所有电脑都要做同样的设置, 否则一台有问题,其他全部不能连接,因为大都是代理上网使用一个IP进行的。不过这都是客户端对服务器端的方式。服务器以服务器的话,或许用VPN或是国 外架一个转发邮件器来解决。当然这个办法不好,欢迎大家提出更多的方便易用的解决办法来。

P.S:文中资料主要参考以下链接整理,不一一列举版权人,请谅解,谢谢!

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *