我们自己搭建了一个小站,在用户注册的时候使用了邮件发送验证链接的功能。邮件服务器当然使用的就是QQ企业邮箱。然后大概在2周之前的样子,我们观察到一个特别奇怪的现象。就是通过465端口发送的邮件,里面的验证链接居然在发送的2s之后被一个机器人莫名其妙的访问了。
于是我们展开一系列的查log活动,以下是被点击url的log记录。(以下是我们反复注册,但不点验证链接的结果)
["06/Jul/2014:02:39:13 +0800",404,"-","180.153.206.30 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.64 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",301,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:13 +0800",404,"-","101.226.89.69 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-0239415-CST HTTP/1.1","-"]
["06/Jul/2014:02:39:14 +0800",200,"-","101.226.33.217 Shanghai","Mozilla/4.0","GET /verify/20140706-0239415-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:10 +0800",301,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",200,"-","101.226.33.218 Shanghai","Mozilla/4.0","GET /verify/20140706-024210-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:42:11 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024210-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",404,"-","101.226.51.230 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",301,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST HTTP/1.1","-"]
["06/Jul/2014:02:44:45 +0800",200,"-","101.226.65.105 Shanghai","Mozilla/4.0","GET /verify/20140706-024445-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",404,"-","180.153.206.16 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:03 +0800",301,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST HTTP/1.1","-"]
["06/Jul/2014:02:45:04 +0800",200,"-","101.226.51.228 Shanghai","Mozilla/4.0","GET /verify/20140706-024503-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",301,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:33 +0800",404,"-","101.226.66.191 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-024831-CST HTTP/1.1","-"]
["06/Jul/2014:02:48:34 +0800",200,"-","101.226.89.116 Shanghai","Mozilla/4.0","GET /verify/20140706-024831-CST/ HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",404,"-","112.65.193.13 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",301,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST HTTP/1.1","-"]
["06/Jul/2014:02:59:19 +0800",200,"-","180.153.201.64 Shanghai","Mozilla/4.0","GET /verify/20140706-025919-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",301,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",404,"-","101.226.33.239 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030006-CST HTTP/1.1","-"]
["06/Jul/2014:03:00:06 +0800",200,"-","101.226.33.223 Shanghai","Mozilla/4.0","GET /verify/20140706-030006-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",404,"-","180.153.214.188 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",301,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST HTTP/1.1","-"]
["06/Jul/2014:03:05:46 +0800",200,"-","180.153.163.189 Shanghai","Mozilla/4.0","GET /verify/20140706-030546-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:04 +0800",301,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",404,"-","112.65.193.14 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030904-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:05 +0800",200,"-","180.153.163.186 Shanghai","Mozilla/4.0","GET /verify/20140706-030904-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",301,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:09:08 +0800",200,"-","101.226.33.201 Shanghai","Mozilla/4.0","GET /verify/20140706-030908-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:09:09 +0800",404,"-","112.64.235.90 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-030908-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",301,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST HTTP/1.1","-"]
["06/Jul/2014:03:24:55 +0800",200,"-","101.226.89.123 Shanghai","Mozilla/4.0","GET /verify/20140706-032455-CST/ HTTP/1.1","-"]
["06/Jul/2014:03:24:57 +0800",404,"-","101.226.33.227 Shanghai","Mozilla/4.0","GET /message.html?code=20140706-032455-CST HTTP/1.1","-"]
本来网站使用的人就不多,都是一些爱好者来注册玩的,所以之前一直没有注意这个问题。但是有朋友反映说需要验证的链接已经失效,于是我们才开始去查找原因。
虽然现在这个问题通过在验证码里面加上ip信息来过滤了,但是作为邮件服务器如果存在某种反垃圾机制是需要扫描和访问链接的话,这样是不是合理的?
不知道v2ex有多少朋友使用QQ企业邮箱,可以一起来交流一下。也很想知道大家的解决方案。
PS:我们用桌面客户端软件发送的邮件,链接都会被点击,只要你的链接是新的,以前没有在邮件中出现过的。