MDaemon日志查看方法——内接邮件
在之前给大家分享了一篇MDaemon日志查看方法—外发邮件,这次给大家讲述的是MDaemon日志查看方法--内接邮件。
“内接邮件(入站)”日志查看步骤
邮件内接(别人发给你)的过程,日志的经过步骤是:
SMTP-(in)---AntiVirus(反病毒检测)---AntiSpam(反垃圾检测)---Content-Filter(内容过滤器检测)---Routing(路由)
但一般查看SMTP-(in)即可,详细步骤如下:
(1)在别人发送邮件给您没有收到的情况下。请收集“发件人地址”、“收件人地址”和“发送时间”。
(2)进入MDaemon/Logs目录下。
(3)打开当天的smtp(in)日志,并按快捷键“Ctrl+F”或“编辑---查找”。输入收件人或发件人进行查找(对照时间)。
(4)以下是smtp(in)日志的具体分析
Sun 2017-03-26 22:17:35.443: 05: Session 165704; child 0001
Sun 2017-03-26 22:17:35.443: 05: Accepting SMTP connection from 14.17.32.31:57526 to 120.27.38.xxx:25
Sun 2017-03-26 22:17:35.444: 03: --> 220 mail.mailstore.cn ESMTP MDaemon 17.0.0; Sun, 26 Mar 2017 22:17:35 +0800
Sun 2017-03-26 22:17:35.484: 02: <-- EHLO smtpbg322.qq.com
Sun 2017-03-26 22:17:35.484: 01: EHLO/HELO response delayed 5 seconds
发送方连接到您们服务器
Sun 2017-03-26 22:17:40.483: 03: --> 250-mail.yuncan.cn Hello smtpbg322.qq.com [14.17.32.31], pleased to meet you
Sun 2017-03-26 22:17:40.483: 03: --> 250-ETRN
Sun 2017-03-26 22:17:40.483: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2017-03-26 22:17:40.483: 03: --> 250-8BITMIME
Sun 2017-03-26 22:17:40.483: 03: --> 250-ENHANCEDSTATUSCODES
Sun 2017-03-26 22:17:40.483: 03: --> 250 SIZE
Sun 2017-03-26 22:17:40.597: 02: <-- MAIL FROM: <xxx@vip.qq.com>
Sun 2017-03-26 22:17:40.597: 05: Performing PTR lookup (31.32.17.14.IN-ADDR.ARPA)
Sun 2017-03-26 22:17:40.672: 05: * D=31.32.17.14.in-addr.arpa TTL=(1440) PTR=[smtpbg322.qq.com]
Sun 2017-03-26 22:17:40.696: 05: * D=smtpbg322.qq.com TTL=(60) A=[14.17.32.31]
Sun 2017-03-26 22:17:40.696: 05: ---- End PTR results
查询发件人的反向解析
Sun 2017-03-26 22:17:40.696: 05: Performing IP lookup (smtpbg322.qq.com)
Sun 2017-03-26 22:17:40.697: 05: * D=smtpbg322.qq.com TTL=(60) A=[14.17.32.31]
Sun 2017-03-26 22:17:40.697: 05: ---- End IP lookup results
Sun 2017-03-26 22:17:40.697: 05: Performing IP lookup (vip.qq.com)
Sun 2017-03-26 22:17:40.697: 05: * D=vip.qq.com TTL=(2) A=[182.254.106.26]
Sun 2017-03-26 22:17:40.698: 05: * P=010 S=001 D=vip.qq.com TTL=(33) MX=[mx3.qq.com] {183.57.48.35}
Sun 2017-03-26 22:17:40.698: 05: * P=020 S=000 D=vip.qq.com TTL=(33) MX=[mx2.qq.com] {14.17.41.170}
Sun 2017-03-26 22:17:40.698: 05: * P=030 S=002 D=vip.qq.com TTL=(33) MX=[mx1.qq.com] {183.57.48.35}
Sun 2017-03-26 22:17:40.698: 05: ---- End IP lookup results
解析发件人的MX记录与A记录(这里是vip.qq.com)
Sun 2017-03-26 22:17:40.698: 09: Performing SPF lookup (vip.qq.com / 14.17.32.31)
Sun 2017-03-26 22:17:40.709: 09: * Policy: v=spf1 include:spf.mail.qq.com ~all
Sun 2017-03-26 22:17:40.709: 09: * Evaluating include:spf.mail.qq.com: performing lookup
Sun 2017-03-26 22:17:40.710: 09: * Policy: v=spf1 include:spf-a.mail.qq.com include:spf-b.mail.qq.com include:spf-c.mail.qq.com include:spf-d.mail.qq.com
Sun 2017-03-26 22:17:40.710: 09: * Evaluating include:spf-a.mail.qq.com: performing lookup
Sun 2017-03-26 22:17:40.710: 09: * Policy: v=spf1 ip4:103.7.28.0/24 ip4:103.7.29.0/24 ip4:112.90.139.0/24 ip4:113.108.23.0/24 ip4:113.108.11.0/24 ip4:113.108.67.0/24 ip4:119.147.16.0/24 ip4:119.147.193.0/24 ip4:119.147.194.0/24 ip4:119.147.20.0/24 ip4:120.196.211.0/24 ip4:59.78.209.0
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:103.7.28.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:103.7.29.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:112.90.139.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:113.108.23.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:113.108.11.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:113.108.67.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:119.147.16.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:119.147.193.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:119.147.194.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:119.147.20.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:120.196.211.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ip4:59.78.209.0/24: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating ~all: match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating include:spf-a.mail.qq.com: no match
Sun 2017-03-26 22:17:40.710: 09: * Evaluating include:spf-b.mail.qq.com: performing lookup
Sun 2017-03-26 22:17:40.711: 09: * Policy: v=spf1 ip4:14.17.32.0/24 ip4:14.17.43.0/24 ip4:14.17.44.0/24 ip4:183.60.2.0/24 ip4:183.60.52.0/24 ip4:183.60.61.0/24 ip4:183.60.8.0/24 ip4:183.62.104.0/24 ip4:184.105.206.0/24 ip4:184.105.67.0/24 ip4:203.205.160.0/24 ip4:58.250.132.0/24 ~al
Sun 2017-03-26 22:17:40.711: 09: * Evaluating ip4:14.17.32.0/24: match
Sun 2017-03-26 22:17:40.711: 09: * Evaluating include:spf-b.mail.qq.com: match
Sun 2017-03-26 22:17:40.711: 09: * Evaluating include:spf.mail.qq.com: match
Sun 2017-03-26 22:17:40.711: 09: * Result: pass
Sun 2017-03-26 22:17:40.711: 09: ---- End SPF results
检测发件方域名的SPF记录,SPF是一项反垃圾技术
Sun 2017-03-26 22:17:40.711: 03: --> 250 2.1.0 Sender OK
Sun 2017-03-26 22:17:40.751: 02: <-- RCPT TO: <xxx@yuncan.cn>
邮件发件者、接收者地址
Sun 2017-03-26 22:17:40.905: 05: 执行 DNS-BL 查询(14.17.32.31 - 正在连接 IP)
Sun 2017-03-26 22:17:40.919: 05: * zen.spamhaus.org - 通过
Sun 2017-03-26 22:17:41.306: 05: * www.spamhaus.org - 失败 - 127.0.0.2
Sun 2017-03-26 22:17:41.306: 05: ---- 结束 DNS-BL 结果
对发件方域名或IP地址进行DNS-BL检测,这也是一项反垃圾技术
Sun 2017-03-26 22:17:41.309: 03: --> 250 2.1.5 Recipient OK
Sun 2017-03-26 22:17:41.350: 02: <-- DATA
Sun 2017-03-26 22:17:41.350: 01: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000000073.tmp
Sun 2017-03-26 22:17:41.350: 03: --> 354 Enter mail, end with <CRLF>.<CRLF>
Sun 2017-03-26 22:17:41.623: 01: Message size: 1818 bytes
发件方发送邮件到MDaemon
Sun 2017-03-26 22:17:41.624: 10: Performing DKIM lookup
Sun 2017-03-26 22:17:41.624: 10: * File: c:\mdaemon\queues\temp\md50000000073.tmp
Sun 2017-03-26 22:17:41.624: 10: * Message-ID: <tencent_38B8CD6A5E3C765740033BED@qq.com>
Sun 2017-03-26 22:17:41.638: 10: * DKIM-Signature 1: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vip.qq.com; s=s201512; t=1490537855; b h=From:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:Date:Message-ID; <some tags are not logged>
Sun 2017-03-26 22:17:41.638: 10: * Verification result: good signature
Sun 2017-03-26 22:17:41.638: 10: * Result: pass
Sun 2017-03-26 22:17:41.638: 10: ---- End DKIM results
DKIM的检查
Sun 2017-03-26 22:17:41.641: 19: 正在执行 DMARC 处理
Sun 2017-03-26 22:17:41.641: 19: * 文件: c:\mdaemon\queues\temp\md50000000073.tmp
Sun 2017-03-26 22:17:41.641: 19: * Message-ID: <tencent_38B8CD6A5E3C765740033BED@qq.com>
Sun 2017-03-26 22:17:41.641: 19: * 作者域: vip.qq.com
Sun 2017-03-26 22:17:41.641: 19: * 组织域: qq.com
Sun 2017-03-26 22:17:41.641: 19: * 查询域:_dmarc.vip.qq.com
Sun 2017-03-26 22:17:41.663: 19: * 未找到 DMARC 策略记录
Sun 2017-03-26 22:17:41.663: 19: * 查询域:_dmarc.qq.com
Sun 2017-03-26 22:17:41.688: 19: * 策略记录:v=DMARC1; p=none; rua=mailto:mailauth-reports@qq.com
Sun 2017-03-26 22:17:41.690: 19: * 正在检查验证机制来符合 DMARC
Sun 2017-03-26 22:17:41.690: 19: * SPF: 域“vip.qq.com”已通过 SPF 检查; 而且域符合 DMARC
Sun 2017-03-26 22:17:41.691: 19: * DKIM: 域“vip.qq.com”(来自 d= 签名 #1)已通过验证; 而且域符合 DMARC
Sun 2017-03-26 22:17:41.691: 19: * 结果:pass
Sun 2017-03-26 22:17:41.691: 19: ---- 结束 DMARC 结果
DMARC的检查
Sun 2017-03-26 22:17:41.692: 06: Passing message through AntiVirus (Size: 1818)...
Sun 2017-03-26 22:17:41.718: 06: * 邮件清洁(未发现病毒)
Sun 2017-03-26 22:17:41.718: 06: ---- End AntiVirus results
对发件方发送过来的邮件进行反病毒检测
Sun 2017-03-26 22:17:41.719: 11: Passing message through ClamAV Plugin (c:\mdaemon\queues\temp\md50000000073.tmp)...
Sun 2017-03-26 22:17:41.719: 11: * Message-ID: <tencent_38B8CD6A5E3C765740033BED@qq.com>
Sun 2017-03-26 22:17:41.728: 11: * Virus result: 0 - clean
ClamAV的检查
Sun 2017-03-26 22:17:42.549: 11: Passing message through Outbreak Protection...
Sun 2017-03-26 22:17:42.549: 11: * Message-ID: <tencent_38B8CD6A5E3C765740033BED@qq.com>
Sun 2017-03-26 22:17:42.549: 11: * Reference-ID: str=0001.0A150207.58D7CD86.02CD,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Sun 2017-03-26 22:17:42.549: 11: * Virus result: 0 - Clean
Sun 2017-03-26 22:17:42.549: 11: * Spam result: 1 - Clean
Sun 2017-03-26 22:17:42.549: 11: * IWF result: 0 - Clean
Sun 2017-03-26 22:17:42.549: 11: ---- End Outbreak Protection results
系统方面的检测
Sun 2017-03-26 22:17:42.549: 07: Passing message through Spam Filter (Size: 1839)...
Sun 2017-03-26 22:17:42.750: 07: * 3.0 MDAEMON_DNSBL MDaemon: marked by MDaemon's DNSBL
Sun 2017-03-26 22:17:42.750: 07: * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
Sun 2017-03-26 22:17:42.750: 07: * (xxx[at]vip.qq.com)
Sun 2017-03-26 22:17:42.750: 07: * -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
Sun 2017-03-26 22:17:42.750: 07: * 0.0 HTML_MESSAGE BODY: HTML included in message
Sun 2017-03-26 22:17:42.750: 07: * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Sun 2017-03-26 22:17:42.750: 07: * 0.0 TVD_SPACE_ENC_FM_MIME Space ratio & encoded subject & MIME needed
Sun 2017-03-26 22:17:42.750: 07: * 0.0 TVD_SPACE_ENCODED Space ratio & encoded subject
Sun 2017-03-26 22:17:42.750: 07: ---- End SpamAssassin results
Sun 2017-03-26 22:17:42.793: 07: Spam Filter score/req: 3.00/12.0(前面的分小于后面的分)
Sun 2017-03-26 22:17:42.834: 01: 邮件创建 successful:c:\mdaemon\queues\inbound\md50000002034.msg
Sun 2017-03-26 22:17:42.834: 03: --> 250 2.6.0 Ok, message saved <Message-ID: <tencent_38B8CD6A5E3C765740033BED@qq.com>>
Sun 2017-03-26 22:17:42.836: 02: <-- QUIT
Sun 2017-03-26 22:17:42.836: 03: --> 221 2.0.0 See ya in cyberspace
计算邮件的分值(评分机制)
Sun 2017-03-26 22:17:42.836: 01: SMTP session successful (Bytes in/out: 1919/450)
如果最后提示SMTP session successful那表明邮件已经接收成功了,已经到达您邮箱。