这是一个创建于 4188 天前的主题,其中的信息可能已经有所发展或是发生改变。
我们自己搭建了一个小站,在用户注册的时候使用了邮件发送验证链接的功能。邮件服务器当然使用的就是QQ企业邮箱。然后大概在2周之前的样子,我们观察到一个特别奇怪的现象。就是通过465端口发送的邮件,里面的验证链接居然在发送的2s之后被一个机器人莫名其妙的访问了。
于是我们展开一系列的查log活动,以下是被点击url的log记录。(以下是我们反复注册,但不点验证链接的结果)
["06/Jul/2014:02:39:13 +0800",404,"-","180.153.206.30 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.64 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",301,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.69 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:14 +0800",200,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:10 +0800",301,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",200,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",404,"-","101.226.51.230 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",301,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",200,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",404,"-","180.153.206.16 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",301,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:04 +0800",200,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",301,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",404,"-","101.226.66.191 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:34 +0800",200,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",301,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",200,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",301,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",404,"-","101.226.33.239 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",200,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",404,"-","180.153.214.188 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",301,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",200,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:04 +0800",301,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",404,"-","112.65.193.14 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",200,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",301,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",200,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:09 +0800",404,"-","112.64.235.90 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",301,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",200,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:24:57 +0800",404,"-","101.226.33.227 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-032455-CST HTTP/1.1","-"]
本来网站使用的人就不多,都是一些爱好者来注册玩的,所以之前一直没有注意这个问题。但是有朋友反映说需要验证的链接已经失效,于是我们才开始去查找原因。
虽然现在这个问题通过在验证码里面加上ip信息来过滤了,但是作为邮件服务器如果存在某种反垃圾机制是需要扫描和访问链接的话,这样是不是合理的?
不知道v2ex有多少朋友使用QQ企业邮箱,可以一起来交流一下。也很想知道大家的解决方案。
PS:我们用桌面客户端软件发送的邮件,链接都会被点击,只要你的链接是新的,以前没有在邮件中出现过的。
于是我们展开一系列的查log活动,以下是被点击url的log记录。(以下是我们反复注册,但不点验证链接的结果)
["06/Jul/2014:02:39:13 +0800",404,"-","180.153.206.30 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.64 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",301,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.69 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:14 +0800",200,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:10 +0800",301,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",200,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",404,"-","101.226.51.230 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",301,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",200,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",404,"-","180.153.206.16 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",301,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:04 +0800",200,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",301,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",404,"-","101.226.66.191 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:34 +0800",200,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",301,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",200,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",301,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",404,"-","101.226.33.239 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",200,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",404,"-","180.153.214.188 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",301,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",200,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:04 +0800",301,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",404,"-","112.65.193.14 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",200,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",301,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",200,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:09 +0800",404,"-","112.64.235.90 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",301,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",200,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:24:57 +0800",404,"-","101.226.33.227 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-032455-CST HTTP/1.1","-"]
本来网站使用的人就不多,都是一些爱好者来注册玩的,所以之前一直没有注意这个问题。但是有朋友反映说需要验证的链接已经失效,于是我们才开始去查找原因。
虽然现在这个问题通过在验证码里面加上ip信息来过滤了,但是作为邮件服务器如果存在某种反垃圾机制是需要扫描和访问链接的话,这样是不是合理的?
不知道v2ex有多少朋友使用QQ企业邮箱,可以一起来交流一下。也很想知道大家的解决方案。
PS:我们用桌面客户端软件发送的邮件,链接都会被点击,只要你的链接是新的,以前没有在邮件中出现过的。
15 条回复 2014-07-28 17:46:48 +08:00
 | 1 bobopu 2014-07-07 13:53:48 +08:00 via Android 腾讯企业邮箱会把邮件内的链接自动加上他们的所谓安全检测链接再跳转,同时不忘在此时推广他们坑爹的安全管家。 |
 | 2 lanbing 2014-07-07 13:54:43 +08:00 从QQ企业邮箱发出的每个链接都会被扫描,一直都有这个问题。 |
| 3 lanbing 2014-07-07 13:57:32 +08:00 180.153.206.32 - - [07/Jul/2014:13:50:19 +0800] "GET /2 HTTP/1.1" 301 284 "-" "Mozilla/4.0" |
 | 6 Actrace 2014-07-07 14:25:29 +08:00 |
1
 | 9 kt1any 2014-07-07 14:55:21 +08:00 很早就有这个问题了,qq邮箱会对收到的自动爬一遍,以前有位仁兄写验证的链接点一次就失效,然后用户死活验证不成功…… |
 | 10 chenillen 2014-07-07 15:10:46 +08:00 原是致。太坑爹了 |
 | 11 abscon 2014-07-07 20:00:41 +08:00 via Android 初夜权,哦不,是初阅权 |
 | 12 missdeer 2014-07-07 22:56:52 +08:00 via iPhone 哇擦这么坑爹啊,我还正准备用呢 |
 | 13 googlefans 2014-07-08 11:01:01 +08:00 很明显邮件被扫描了。。。 因为看到那些精准的垃圾广告邮件 就基本可以确定了。。 |
 | 14 mxi1 2014-07-12 14:18:19 +08:00 我正打算使用qq的企业邮箱呢~ 请问现在还有靠谱的免费(或者便宜的)企业邮箱托管服务么? |
 | 15 jiequfengzi 2014-07-28 17:46:48 +08:00 你可以一起腾讯的企业邮箱了,很垃圾 |
Select Language