That's right! GFW changed the email content to aaazzzaaazzzaaazzzaaazzzaaazzzaaazzz.

Source: Internet
Author: User
Tags spamassassin qmail
That's right! GFW changed the email content to aaazzzaaazzzaaazzzaaazzzaaazzz published on 14:12:37 today, wflovemcx, a member of the 5dmail Forum, mentioned an email with "frequently received content as" Taobao! How can this problem be solved ?" . In fact, at the beginning of the year, I met similar emails, but I didn't care too much about them. I thought it was spam. But when I proposed it again today, it attracted my attention. I checked it online and got an unfortunate result -- Caused by GFW. That's right. What's wrong with the last GFW asking us to try please? When we mention 551 user not local; please try <forward-path> and 5.5.0 SMTP; 551 user not local; please try <forward-path>, the answer is the same, or it! Great GFW turned the email into aaazzzaaazzzaaazzzaaazzzaaazzzaaazzz!

Next, let me sort out some information for your convenience:1. Problem:A. text description: If you have recently sent emails to foreign countries, you will receive more than one email, and you will also receive some aaazzzaaazzz emails!
These emails are neither spam nor virus, and are sent by normal users !!
The customer reported that every day he received a letter from his/her mailbox containing aaazzzaaazzzaaazzzaaazzzaaazzz.
B. Example of mail content:

From: <xiongdd@suns.cn>
To: <undisclosed-recipients:>
Date: Fri, 13 Oct 2006 06:40:41 + 0900
Message-ID: <200610122140.k9CLefQI006396@outgw.electric.co.jp>
Mime-type: 1.0
Content-Type: text/plain;
Charset = "iso-2022-jp"
Content-transfer-encoding: 7bit
X-mailer: Microsoft Office outlook 11
X-mimeole: produced by Microsoft mimeole v6.00.2900.2962
Thread-index: acburxf6lfrcnxfgsjgjb72bbtc36w =

Aaazzzaaazzzaaazzzaaazzzaaazzz

Return-path: <>;
Delivered-to: zhao@xxxx.com.cn
Received: (Qmail 1951 invoked by uid 690); 20 May 2005 16:02:38-0000
Date: 20 May 2005 16:02:38-0000
Message-ID: <20050520160238.1949.qmail@xxxx.com.cn>;
From: xxxx.com.cn@xxxx.com.cn
Cc: Recipient List not shown :;
Delivered-to: ncc@xxxx.com.cn
Received: (Qmail 1941 invoked from network); 20 May 2005 16:02:38-0000
Received: from unknown (Helo mail.pvsx.com) (222.222.222.222)
By 0 with SMTP; 20 May 2005 16:02:38-0000

Aaazzzaaazzzaaazzzaaazzzaaazzz

Return-path: <cdahl_hs at ccopley. Demon. co. uk>
Received: From spamassassin-daemon.saruman.ncf.ca by Saruman. NCF. ca
(IPlanet Messaging Server 5.2 patch 2 (built Jul 14 2004 ))
ID <0ifj00f19kvcbi at Saruman. NCF. Ca> for ba600 at IMS-MS-daemon; Tue,
26 Apr 2005 03:02:01-0400 (EDT)
Received: From azzit.de ([222.137.59.225])
By Saruman. NCF. Ca (iPlanet Messaging Server 5.2 patch 2 (built Jul 14 2004 ))
With ESMTP id <0ifj00fnhkv3or at Saruman. NCF. Ca> for ba600 at NCF. ca
(Orcpt ba600 at Freenet. Carleton. ca); Tue, 26 Apr 2005 03:01:59-0400 (EDT)
Date: Tue, 26 Apr 2005 03:01:59-0400 (EDT)
Date-warning: Date header was inserted by Saruman. NCF. ca
From: cdahl_hs at ccopley. Demon. co. uk
Message-ID: <0ifj00fnlkvaor at Saruman. NCF. Ca>
X-spam-checker-version: spamassassin 3.0.1 (2004-10-22) on Smeagol. NCF. ca
X-spam-status: No, score = 3.1 required = 4.5 tests = missing_subject, no_real_name,
Tracker_id autolearn = disabled version = 3.0.1
X-spam-level :***
Original-recipient: rfc822; ba600 at Freenet. Carleton. ca
Status: RO
X-status: RC
X-kmail-encryptionstate: N
X-kmail-signaturestate: N
X-kmail-MDN-sent:

Aaazzzaaazzzaaazzzaaazzzaaazzz

C. received email Image:2. Cause Analysis: There have been several explanations on the Internet over time. There are mainly the following types:A. Reasons for the email system itself:At first, a few netizens asked this question, and all of them specified their own email system names. Therefore, we mainly consider whether to set up a certain email system, some people even mentioned that it would not be a bug in the design of the email system. however, because the netizens who raised this question appeared in different email systems, this argument soon became untenable.

B. Firewall (such as Cisco PIX) causes:When the email system itself is not the cause, you naturally think of viruses and network firewalls, but the same problem occurs in the mail system environment without any security protection. It seems that this explanation does not work. C. Caused by "send to-> email recipient": In windows ), this problem occurs when you select a file and choose "right-click to send to"> email recipient ). But even the author himself said, "This is not the case every time. I don't understand it !", But I guess there will be this problem in emails without attachments!

D. GFW: This statement seems to have become a consensus, or even called"SMTP images with Chinese Characteristics ", After a very heated discussion, the reason is"GFW filters out incoming and outgoing emails. When sensitive words are found, it sends three forged resets to each of the two sides to terminate the connection. This usually occurs in the middle of data transmission, which interferes with the content. "Even a netizen proposed"Confirm the reason for receiving 'aaazzzaaazzzaaazzzaaazzz' "Content is as follows:

Confirm the reason for receiving 'aaazzzaaazzzaaazzzaaazzz'

(Note: The domain name and IP address information have been modified)
From sales2@test.com (in mainland China) to construction@recipient.com (in Hong Kong, our branch), the following log is found on the sender server: Oct 12 10:43:37 localhost Postfix/smtpd [30005]: e50dd4187a5: client = unknown [125.0.0.1], sasl_method = login, sasl_username = sales2@test.com
Oct 12 10:43:43 localhost Postfix/cleanup [28691]: e50dd4187a5: Message-id = <20061012024337.E50DD4187A5@slave.mail51.cn4e.com>
Oct 12 10:43:44 localhost Postfix/qmgr [17170]: e50dd4187a5: From = <sales2@test.com>, size = 36652, nrcpt = 2 (queue active)
Oct 12 10:48:53 localhost Postfix/SMTP [1140]: e50dd4187a5: To = <construction@recipient.com>, relay = 202.67.0.1 [202.67.0.1], delay = 316, status = deferred (conversation with 202.67.0.1 [202.67.0.1] timed out while sending mail from)
Oct 12 11:43:20 localhost Postfix/qmgr [17170]: e50dd4187a5: From = <sales2@test.com>, size = 36652, nrcpt = 2 (queue active)
Oct 12 11:43:30 localhost Postfix/SMTP [28474]: e50dd4187a5: To = <construction@recipient.com>, relay = 202.67.0.1 [202.67.0.1], delay = 3593, status = deferred (lost connection with 202.67.0.1 [202.67.0.1] while sending message body)
Oct 12 13:43:20 localhost Postfix/qmgr [17170]: e50dd4187a5: From = <sales2@test.com>, size = 36652, nrcpt = 2 (queue active)
Oct 12 13:43:22 localhost Postfix/SMTP [5424]: e50dd4187a5: To = <construction@recipient.com>, relay = 202.67.0.1 [202.67.0.1], delay = 10785, status = bounced (host 202.67.0.1 [202.67.0.1] said: 500 error (In reply to mail from command ))
Oct 12 13:45:22 localhost Postfix/qmgr [17170]: e50dd4187a5: removed the sender sales2@test.com receives the Bounce Message: <construction@recipient.com>: Host 202.67.0.1 [202.67.0.1]
Said: 500 error (In reply to mail from command) in the Hong Kong Branch found the following log: Oct 12 10:44:45 HK Postfix/smtpd [21468]: 3bcdc2b000f: client = unknown [218.85.0.1]
Oct 12 10:44:45 HK Postfix/cleanup [22131]: 3bcdc2b000f: Message-id = <20061012020145.3BCDC2B000F@hk.com>
Oct 12 10:44:45 HK Postfix/qmgr [25450]: 3bcdc2b000f: From = <sales2@test.com>, size = 475, nrcpt = 2 (queue active)
Oct 12 10:44:53 HK Postfix/SMTP [22352]: 3bcdc2b000f: To = <construction@recipient.com>, relay = maildrop, delay = 8, status = sent (recipient.com)
Oct 12 10:44:53 HK Postfix/qmgr [25450]: 3bcdc2b000f: removed indicates that the email has been successfully sent, but why does the sender receive a Bounce Message? Where did the Bounce Message come from? Compare the two logs: Oct 12 10:43:44 localhost Postfix/qmgr [17170]: e50dd4187a5: From = <sales2@test.com>, size = 36652, nrcpt = 2 (queue active) (logs on the sender server)
Oct 12 10:44:45 HK Postfix/qmgr [25450]: 3bcdc2b000f: From = <sales2@test.com>, size = 475, nrcpt = 2 (queue active) (logs on the Hong Kong receiving server) size = 36652 when the sender sends the message, but the size = 475 when the sender arrives in Hong Kong ?? Let's take a look at the content of the letter received by construction@recipient.com, as follows, it turns out to be aaazzzaaazzzaaazzzaaazzz:

Return-path: <sales2@test.com>
Delivered-to: construction@recipient.com
Received: By mail.hk.com (202.67.0.1) (Postfix, from userid 12346)
Id 3bcdc2b000f; Thu, 12 Oct 2006 10:44:53 + 0800 (CST)
X-filter: passed
Received: From unkoown (218.85.0.1)
By mail.test.com (postfix) with esmtp id e50dd4187a5
For <construction@recipient.com>; Thu, 12 Oct 2006 10:43:56 + 0800 (CST)
Message-ID: <20061012020145.3BCDC2B000F@hk.com>
Date: Thu, 12 Oct 2006 10:44:45 + 0800 (HKT)
From: sales2@test.com
To: undisclosed-recipients :;

Aaazzzaaazzzaaazzzaaazzzaaazzz

I believe everyone understands that when the sender sends a message to Hong Kong, it is terminated by a "Dongdong" and 500 error is returned to the sender, at the same time, after the content is changed, it is sent to the recipient, so the sender receives the 500 error, and the recipient receives the strange things of aaazzzaaazzzaaazzzaaazzzaaazzz. This "Dongdong" is GFW (China Network Firewall), and it also confirms that the conclusions discussed in the previous post are correct.

3. solution:Since our GFW is so great and so powerful, what should we do? In fact, the solution is very simple --Encrypted transmissionFor example, you can try the solution "abnormal suspension of domestic emails received by Outlook abroad" provided by winmail I forwarded last time:
A. Use https to log on to Webmail
B. The mail client uses SSL to connect to POP3 and SMTP
Make sure that all the computers in the LAN have the same settings. Otherwise, if there is a problem, all the other computers cannot be connected, because most of them are using an IP address for proxy access. However, this is the client-to-server method. If the server is a server, it may be solved by using a VPN or a foreign forwarder. Of course, this method is not good. You are welcome to propose more convenient and easy-to-use solutions.

P.s: For more information, see the following links. If you do not list moderators one by one, please forgive me. Thank you!
Http://bbs.chinaunix.net/viewthread.php? Tid = 841029
Http://bbs.chinaunix.net/viewthread.php? Tid = 834154 http://bbs.chinaunix.net/viewthread.php? Tid = 549297 http://phorum.study-area.org/printview.php? T = 36733
Http://www.extmail.org/forum/archive/2/0610/2788.html

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.