[go: up one dir, main page]

CN109379365A - A kind of method and system solving mail bomb - Google Patents

A kind of method and system solving mail bomb Download PDF

Info

Publication number
CN109379365A
CN109379365A CN201811272654.4A CN201811272654A CN109379365A CN 109379365 A CN109379365 A CN 109379365A CN 201811272654 A CN201811272654 A CN 201811272654A CN 109379365 A CN109379365 A CN 109379365A
Authority
CN
China
Prior art keywords
mail
bomb
account
solving
size
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811272654.4A
Other languages
Chinese (zh)
Inventor
邵宛岩
范渊
龙文洁
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811272654.4A priority Critical patent/CN109379365A/en
Publication of CN109379365A publication Critical patent/CN109379365A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of methods for solving mail bomb, method includes the following steps: getting target account after the addressee information of present period, it is first determined the corresponding total mail size of the e-mail messages.Then, judge whether total mail size is greater than threshold value Quota Threshold, if it is, determining that target account meets with mail bomb.At this point, can count to addressee information, the initiation account of mail bomb is determined, then will initiate account and be added in the blacklist for rejecting mail.It can avoid the case where causing the inbox of user to be paralysed because meeting with mail bomb, improve the stability of mail service, ensured the mail service of user.The invention also discloses a kind of system for solving mail bomb and readable storage medium storing program for executing and a kind of mail audit server, have corresponding technical effect.

Description

A kind of method and system solving mail bomb
Technical field
The present invention relates to e-mail technique field, more particularly to a kind of method for solving mail bomb, system and can Read storage medium and a kind of mail audit server.
Background technique
In the information interconnected network epoch, mail bomb, that is, e-mail bomb (E-Mail Bomb).Refer specifically to mail transmission Mail is continuously mailed to the same receiver in a short period of time using special e-mail software by person, These count inbox in face of the large capacity mail in terms of necessarily and can't bear the heavy load, final " explosion is dead ".
Currently, e-mail bomb attack prevention mainly takes Spam filtering method and mail revene lookup method etc. to arrange It applies.Wherein, the limitation that filtrating mail method is bypassed there are spam and normal email is reported by mistake, e.g., by mail When bomb attacks, still there is a large amount of spam to enter user mail service clearance;Revene lookup method is only able to verify that identity, nothing Method prevents attacker that different approach is taken to initiate mail bomb attack.
In conclusion the problems such as how efficiently solving mail bomb, is that current those skilled in the art are urgently to be solved Technical problem.
Summary of the invention
The object of the present invention is to provide a kind of method, system and readable storage medium storing program for executing and a kind of mail for solving mail bomb Audit server, fast and effeciently to solve the problems, such as mail bomb.
In order to solve the above technical problems, the invention provides the following technical scheme:
A method of solving mail bomb, comprising:
Target account is obtained in the addressee information of present period, and determines the corresponding total mail size of the addressee information;
Judge whether total mail size is greater than default Quota Threshold;
If it is, determining that the target account meets with mail bomb;
The addressee information is counted, determines the initiation account of the mail bomb;
The initiation account is added in the blacklist for rejecting mail.
Preferably, the addressee information is counted, determines the initiation account of the mail bomb, comprising:
The addressee information is counted, determines the first most account of mail traffic volume, and by first account It is determined as the initiation account;
And/or
Determine corresponding second account in the most target area of mail traffic volume and the target area, and by described second Account is determined as the initiation account.
Preferably, the corresponding total mail size of the addressee information is determined, comprising:
The addressee information is parsed, determines the mail size for each mail that the target account receives;
The mail size of each mail is added up, total mail size is obtained.
Preferably, after determining that the target account meets with mail bomb, further includes:
Obtain the use in the target account current time corresponding mail quota space and mail quota space Rate;
If the utilization rate is greater than preset threshold, increase mail quota space.
Preferably, the target account that obtains is in the addressee information of present period, comprising:
Obtain the mail flow of mail server;
The mail flow is analyzed, the characteristic information of each envelope mail is obtained;Wherein, the characteristic information includes addressee People, mail size, sending time and sender;
The sending time is belonged into the present period, and the mail of the artificial target account of the addressee is true It is set to targeted mails;
The characteristic information of the targeted mails is determined as the addressee information.
Preferably, the mail flow for obtaining mail server, comprising:
IP address and mail service port using the mail server, obtain the mail flows of the mail server Amount.
Preferably, after determining that the target account meets with mail bomb, further includes:
Outputting alarm information.
A kind of mail audit server, comprising:
Memory, for storing computer program;
Processor, when for executing the computer program the step of realization such as method of above-mentioned solution mail bomb.
A kind of system solving mail bomb, comprising:
Such as above-mentioned mail audit server, mail server to be audited and mail transmission/reception database;Wherein, the postal Part audit server obtains the stream of the mail server using the IP address and mail server port of the mail server Amount, and the flow is analyzed, obtain the e-mail messages of each account;The mail transmission/reception database is described for storing E-mail messages.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing The step of processor realizes the method for above-mentioned solution mail bomb when executing.
Using method provided by the embodiment of the present invention, target account is got after the addressee information of present period, The corresponding total mail size of the e-mail messages is determined first.Then, judge whether total mail size is greater than threshold value Quota Threshold, such as Fruit is, it is determined that target account meets with mail bomb.At this point, can count to addressee information, the initiation of mail bomb is determined Then account will be initiated account and is added in the blacklist for rejecting mail.
In this way, the total mail size received by judging present period, can quickly and accurately determine that target account is It is no to suffer from mail bomb.And determine target account meet with mail bomb after, by target account in present period Addressee information is counted, and can determine the initiation account of mail bomb, and the initiation account is added to and rejects mail Blacklist.It, can from the root quickly and effectively since the initiation account of mail bomb is added in the blacklist for rejecting mail Ground solves the problems, such as mail bomb.It can avoid the case where causing the inbox of user to be paralysed because meeting with mail bomb, improve mail The stability of service has ensured the mail service of user.
Correspondingly, it is fried that the embodiment of the invention also provides solution mails corresponding with the method for above-mentioned solution mail bomb The system and readable storage medium storing program for executing of bullet and a kind of mail audit server, have above-mentioned technique effect, details are not described herein.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of implementation flow chart for the method for solving mail bomb in the embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram of mail audit server in the embodiment of the present invention;
Fig. 3 is a kind of concrete structure schematic diagram of mail audit server in the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram for the system for solving mail bomb in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Embodiment one:
Referring to FIG. 1, Fig. 1 is a kind of flow chart for the method for solving mail bomb, this method packet in the embodiment of the present invention Include following steps:
S101, target account is obtained in the addressee information of present period, and determine the corresponding total mail size of addressee information.
In embodiments of the present invention, acceptable pre- first to file present period, the present period is i.e. from current time to history The length of a period of time between moment, the period can be configured according to user demand.For example, present period can be arranged For nearest 1 minute, 5 minutes nearest, nearest hour etc..
Wherein, target account can be the account of any one user in mail service application, that is, the embodiment of the present invention It is provided solve mail bomb method can be applied to mail service be used in all accounts.
Obtaining target account has following two in the mode of the addressee information of present period:
Mode one is directly read, and specific implementation process includes:
It is read directly from the mail transmission/reception database for be stored in advance addressee information and obtains the addressee information of target account.
Mode two is obtained by the flow for intercepting mail server, and specific implementation process includes:
Step 1: obtaining the mail flow of mail server;
Step 2: analysis mail flow, obtains the characteristic information of each envelope mail;Wherein, characteristic information include addressee, Mail size, sending time and sender;
Step 3: sending time is belonged to present period, and the mail of the artificial target account of addressee is determined as targeted mails;
Step 4: the characteristic information of targeted mails is determined as addressee information.
It is illustrated for ease of description, below combining aforementioned four step.
The mode of the mail flow of mail server is obtained, is concretely taken using the IP address of mail server and mail It is engaged in port, obtaining the mail flow of mail server.Mail protocol can be utilized by analyzing mail flow, be divided the mail flow Analysis, obtains the characteristic information of each envelope mail, this feature information includes addressee, mail size, sending time and sender.So Afterwards, sending time is belonged in present period scope, and the mail of the artificial target account of addressee determines targeted mails, then by mesh The characteristic information of mark mail determines addressee information.For corresponding entire application, i.e., the flow information of acquisition is analyzed, obtained After the characteristic information of each envelope mail, classification processing is carried out according to addressee's difference.
Target account is got after the addressee information of present period, can determine that the corresponding total mail of addressee information is big It is small.Specifically, parsing to addressee information, the mail size for each mail that target account receives is determined;It will be each The mail size of mail adds up, and obtains total mail size.That is, being carried out to the mail that the same account receives big Small statistics obtains the corresponding total mail size of each account.
S102, judge whether total mail size is greater than default Quota Threshold.
After determining total mail size, total mail size and default Quota Threshold can be subjected to size relation judgement.I.e. Judge whether total mail size is greater than threshold value Quota Threshold.Wherein preset Quota Threshold can according to the length of present period, and After there is mail bomb, it is contemplated that the mail size total amount that may reach in present period.For example, if present period is N minutes, it is contemplated that when meeting with mail bomb, the minimum rate with million/minute of x of the mail size received increases, therefore, can will be pre- Establishing sets threshold value and is set as nx million.During specific implementation, timer task, some account institute in the statistics predetermined time can be created Whether received mail size is greater than default Quota Threshold.
After obtaining judging result, if so, the operation of S103 is thened follow the steps, if it is not, then without operation.
S103, determine that target account meets with mail bomb.
When mail size is greater than threshold value Quota Threshold, it may be determined that target account meets with mail bomb.That is, due to occurring Mail bomb just causes total mail size of the present period of target account to be greater than default Quota Threshold.Preferably, there is postal When part bomb, exportable warning information.It is performed corresponding processing so that user sees after warning information, as user can close receipts The service function of part case, to avoid there is the case where inbox explosion.
S104, addressee information is counted, determines the initiation account of mail bomb.
After determining that target account meets with mail bomb, addressee information is counted, and then from statistical result Determine the initiation account of mail bomb.Specifically, determining that the mode of the initiation account of mail bomb has following two, in reality In application process, one of which can be selected or two kinds combine.
Mode one, the initiation account that mail bomb is determined based on traffic volume: counting addressee information, determines that mail is sent out The first most account of the amount of sending, and the first account is determined as to initiate account.As it can be seen that from this mode, it is only necessary to count to mesh The first most account of the volume of mail of account transmission is marked, can determine the initiation account.Wherein, volume of mail at most refers to mail The most or accumulative mail size of quantity is most.
Mode two determines the initiation account of mail bomb based on region: determine the most target area of mail traffic volume and Corresponding second account in target area, and the second account is determined as to initiate account.As it can be seen that being first determined whether out from this mode Then the most destination address of volume of mail is determined as the second account for belonging to target area to initiate account.
It should be noted that determining that initiating account is an account using aforesaid way one, and determined in mode two Initiation account out can be one or more accounts.Mode one can solve single illegal user and be thrown in a manner of an account The case where putting mail bomb, mode two can solve single or multiple illegal users, and that mail is launched in a manner of at least one account is fried The case where bullet.It is considered that both of these case may occur at random in practical application, it therefore, can be by the two in being actually used in It is used in combination with.For example, usage mode one determines the first account, and usage mode two determines at least one second account First account and the second account are then determined as the initiation account of mail bomb by family.
S105, initiation account is added in the blacklist for rejecting mail.
After the initiation account for determining mail bomb, it can will initiate account and be added in the blacklist for rejecting mail.It will After the initiation account of mail bomb is added in the blacklist for rejecting mail, mail bomb can be solved the problems, such as.
Using method provided by the embodiment of the present invention, target account is got after the addressee information of present period, The corresponding total mail size of the e-mail messages is determined first.Then, judge whether total mail size is greater than threshold value Quota Threshold, such as Fruit is, it is determined that target account meets with mail bomb.At this point, can count to addressee information, the initiation of mail bomb is determined Then account will be initiated account and is added in the blacklist for rejecting mail.
In this way, the total mail size received by judging present period, can quickly and accurately determine that target account is It is no to suffer from mail bomb.And determine target account meet with mail bomb after, by target account in present period Addressee information is counted, and can determine the initiation account of mail bomb, and the initiation account is added to and rejects mail Blacklist.It, can from the root quickly and effectively since the initiation account of mail bomb is added in the blacklist for rejecting mail Ground solves the problems, such as mail bomb.It can avoid the case where causing the inbox of user to be paralysed because meeting with mail bomb, improve mail The stability of service has ensured the mail service of user.
It preferably, can also mail quota space to target account after determining that target account meets with mail bomb It is adjusted, to avoid the case where making the inbox of target account that can not normally receive other mails because of mail bomb.Tool Body the realization process includes:
Step 1: obtaining the use in target account current time corresponding mail quota space and mail quota space Rate;
Step 2: increasing mail quota space if utilization rate is greater than preset threshold.
It is illustrated for ease of description, below combining above-mentioned two step.
Since under normal conditions, due to that can be user configuration mail quota space, which uses mail In storage rough draft mail, the memory space of the mail and other e-mail messages that have sent mail, received.And there is mail After bomb, the corresponding spam of mail bomb often occupies a large amount of memory space, to avoid normal email because of mail Quota insufficient space and lead to not receive the case where.Therefore, mail quota space size, the Yi Jipei at current time can be obtained The utilization rate of volume space size.And then judge whether utilization rate is greater than preset threshold, wherein preset threshold can carry out according to demand Setting, such as 60% or 80% percentage.If it is greater than then carrying out dilatation to mail configuration space, if it is less than or be equal to default Threshold value, then can be without operation.
Embodiment two:
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of mail audit servers, hereafter retouch A kind of mail audit server stated with it is above-described it is a kind of solve mail bomb method can correspond to each other reference.
Shown in Figure 2, which includes:
Memory D1, for storing computer program;
Processor D2 realizes the method for the solution mail bomb of above method embodiment when for executing computer program Step.
Specifically, referring to FIG. 3, be a kind of concrete structure schematic diagram of mail audit server provided in this embodiment, The mail audit server can generate bigger difference because configuration or performance are different, may include at one or more Device (central processing units, CPU) 322 (for example, one or more processors) and memory 332 is managed, The storage medium 330 of one or more storage application programs 342 or data 344 (such as deposit by one or more magnanimity Store up equipment).Wherein, memory 332 and storage medium 330 can be of short duration storage or persistent storage.It is stored in storage medium 330 Program may include one or more modules (diagram does not mark), each module may include in data processing equipment Series of instructions operation.Further, central processing unit 322 can be set to communicate with storage medium 330, examine in mail Count the series of instructions operation executed in storage medium 330 on server 301.
Mail audit server 301 can also include one or more power supplys 326, one or more it is wired or Radio network interface 350, one or more input/output interfaces 358, and/or, one or more operating systems 341.For example, Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
Step in the method as described above for solving mail bomb can be realized by the structure of mail audit server.
Embodiment three:
Corresponding to above method embodiment and mail audit server embodiment, the embodiment of the invention also provides one kind The system for solving mail bomb, the system described below for solving mail bomb and the above-described method for solving mail bomb Reference can be corresponded to each other with mail audit server.
Shown in Figure 4, which comprises the following modules:
The mail audit server 100 as described in above-described embodiment, mail server 200 and mail transmission/reception to be audited Database 300;Wherein, mail audit server obtains mail using the IP address of mail server and mail server port and takes The flow of business device, and flow is analyzed, obtain the e-mail messages of each account;Mail transmission/reception database is for storing mail Information.
Specifically, realizing that the process for solving mail bomb includes:
1, mailbox space quota is obtained:
1.1 export the space quota inventory of mail account in mail server.
1.2 cache the space quota inventory of mail account in mail server into mail audit server memory.
Such as mail account, the space quota, mail size information of memory cache are updated, initial mail size is zero. Wherein, mail account storage format is such as: abc@xxx.com, space quota: 500M.
2, mail server flow is obtained:
2.1 configure the IP address of mail server to be audited and mail service port port in mail audit server. Wherein, mail server IP such as 192.168.35.1, port such as 433.
2.2 mail audit servers obtain the flow via mail server to be audited.
3, mail is parsed:
The mail server flow to be audited of 3.1 analyzing steps 2.2.Mainly parse addressee, the mail of each mail The e-mail messages such as size, sending time and sender.
3.2 e-mail messages for parsing step 3.1 are cached into mail audit server memory.
Mail audit server memory records content such as: mail account: abc@xxx.com, space quota: 500M, mail Size: 10M.
In the 3.3 e-mail messages deposit mail transmission/reception databases for parsing step 3.1.Mail transmission/reception database, for depositing Store up mail server mail account mail transmission/reception record.
Data-base recording content is such as: mail account: abc@xxx.com, mail size: 10M, sending time: 2018/9/ 1014:2430 seconds, sender: 123@yyy.com.
4, mail is counted:
4.1 configuration statistical times: for counting the period of mail size.
4.2 statistics mail sizes: specifically including following steps,
A) start timer, when time cycle for configuring of a length of step 4.1.
B) according to the information recipient of step 3.2 parsing, mail size, mail size is added up according to recipient.
If when 5 minutes a length of, the mail size that receives in statistics abc xxx.com5 minutes.
C) update step 1.2 obtains data cached.
Update the information of memory cache: mail account, space quota, mail size particularly point out, and mail size is statistics Value afterwards.It is specific as follows:
Mail account: abc@xxx.com;
Space quota: 500M;
Mail size: 300M;
5, mail space is compared:
5.1 configuration threshold values, the i.e. ratio of space quota.Such as, ratio: 50%.
After the completion of 5.2 step 4 timer tasks, it is more than the mail account of space quota threshold value for mail size, is accused It is alert.For example, 300/500=60%, this is alerted 60% more than 50%.
6, bomb mail is handled:
The mail account of 6.1 pairs of alarms, it is interim to increase mail quota space.Increased provisional quota space size, automatically It calculates.Computation rule: size is 60% (configurable) of former space quota.
The mail account of 6.2 pairs of alarms, corresponding sender carry out region and time-domain analysis.
In 6.3 timing time periods for configuring step 4.2, for the mail account of alarm, from same region or together The account that one sender frequently sends mail pulls in blacklist.
It is 800M that abc@xxx.com, which is temporarily increased the 300M quota i.e. quota of the account,.
The account of abc@xxx.com mail is sent in five minutes recorded in analytical database.It is analyzed, discovery is all From 123@yyy.com, then 123@yyy.com are drawn black.
Using the system for solving mail bomb provided by the embodiment of the present invention, target account is got in present period After addressee information, it is first determined the corresponding total mail size of the e-mail messages.Then, judge whether total mail size is greater than threshold It is worth Quota Threshold, if it is, determining that target account meets with mail bomb.At this point, can count to addressee information, postal is determined Then the initiation account of part bomb will be initiated account and is added in the blacklist for rejecting mail.
In this way, the total mail size received by judging present period, can quickly and accurately determine that target account is It is no to suffer from mail bomb.And determine target account meet with mail bomb after, by target account in present period Addressee information is counted, and can determine the initiation account of mail bomb, and the initiation account is added to and rejects mail Blacklist.It, can from the root quickly and effectively since the initiation account of mail bomb is added in the blacklist for rejecting mail Ground solves the problems, such as mail bomb.It can avoid the case where causing the inbox of user to be paralysed because meeting with mail bomb, improve mail The stability of service has ensured the mail service of user.
Example IV:
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of readable storage medium storing program for executing, are described below A kind of readable storage medium storing program for executing with it is above-described it is a kind of solve mail bomb method can correspond to each other reference.
A kind of readable storage medium storing program for executing is stored with computer program on readable storage medium storing program for executing, and computer program is held by processor The step of method of solution mail bomb of above method embodiment is realized when row.
The readable storage medium storing program for executing be specifically as follows USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), the various program storage codes such as random access memory (RandomAccess Memory, RAM), magnetic or disk Readable storage medium storing program for executing.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.

Claims (10)

1. a kind of method for solving mail bomb characterized by comprising
Target account is obtained in the addressee information of present period, and determines the corresponding total mail size of the addressee information;
Judge whether total mail size is greater than default Quota Threshold;
If it is, determining that the target account meets with mail bomb;
The addressee information is counted, determines the initiation account of the mail bomb;
The initiation account is added in the blacklist for rejecting mail.
2. the method according to claim 1 for solving mail bomb, which is characterized in that unite to the addressee information Meter, determines the initiation account of the mail bomb, comprising:
The addressee information is counted, determines the first most account of mail traffic volume, and first account is determined For the initiation account;
And/or
Determine corresponding second account in the most target area of mail traffic volume and the target area, and by second account It is determined as the initiation account.
3. the method according to claim 1 for solving mail bomb, which is characterized in that determine that the addressee information is corresponding Total mail size, comprising:
The addressee information is parsed, determines the mail size for each mail that the target account receives;
The mail size of each mail is added up, total mail size is obtained.
4. the method according to claim 1 for solving mail bomb, which is characterized in that determining the target account experience After mail bomb, further includes:
Obtain the utilization rate in the target account current time corresponding mail quota space and mail quota space;
If the utilization rate is greater than preset threshold, increase mail quota space.
5. the method according to claim 1 for solving mail bomb, which is characterized in that the acquisition target account is current The addressee information of period, comprising:
Obtain the mail flow of mail server;
The mail flow is analyzed, the characteristic information of each envelope mail is obtained;Wherein, the characteristic information includes addressee, postal Part size, sending time and sender;
The sending time is belonged into the present period, and the mail of the artificial target account of the addressee is determined as Targeted mails;
The characteristic information of the targeted mails is determined as the addressee information.
6. the method according to claim 5 for solving mail bomb, which is characterized in that the postal for obtaining mail server Part flow, comprising:
IP address and mail service port using the mail server, obtain the mail flow of the mail server.
7. according to claim 1 to the method for solving mail bomb described in any one of 6 claims, which is characterized in that true The fixed target account is met with after mail bomb, further includes:
Outputting alarm information.
8. a kind of mail audit server characterized by comprising
Memory, for storing computer program;
Processor is realized when for executing the computer program solving mail bomb as described in any one of claim 1 to 7 The step of method.
9. a kind of system for solving mail bomb characterized by comprising
Mail audit server, mail server to be audited and mail transmission/reception database as claimed in claim 8;Wherein, The mail audit server obtains the mail service using the IP address of the mail server and mail server port The flow of device, and the flow is analyzed, obtain the e-mail messages of each account;The mail transmission/reception database is for depositing Store up the e-mail messages.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with computer program, the meter on the readable storage medium storing program for executing The step of method that mail bomb is solved as described in any one of claim 1 to 7 is realized when calculation machine program is executed by processor.
CN201811272654.4A 2018-10-29 2018-10-29 A kind of method and system solving mail bomb Pending CN109379365A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811272654.4A CN109379365A (en) 2018-10-29 2018-10-29 A kind of method and system solving mail bomb

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811272654.4A CN109379365A (en) 2018-10-29 2018-10-29 A kind of method and system solving mail bomb

Publications (1)

Publication Number Publication Date
CN109379365A true CN109379365A (en) 2019-02-22

Family

ID=65390277

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811272654.4A Pending CN109379365A (en) 2018-10-29 2018-10-29 A kind of method and system solving mail bomb

Country Status (1)

Country Link
CN (1) CN109379365A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325561A (en) * 2007-06-12 2008-12-17 阿里巴巴集团控股有限公司 Method, apparatus and system for processing electronic mail
CN102404341A (en) * 2011-12-22 2012-04-04 中标软件有限公司 Method and device for monitoring user behavior of e-mail
CN103441920A (en) * 2013-08-14 2013-12-11 新浪网技术(中国)有限公司 Judgment method and device of junk mail server
CN104065638A (en) * 2013-08-16 2014-09-24 武开有 Method for preventing mail bomb attack based on mail service space reservation
CN104702487A (en) * 2013-12-04 2015-06-10 北京千橡网景科技发展有限公司 Mail sending method and device
US20160012465A1 (en) * 2014-02-08 2016-01-14 Jeffrey A. Sharp System and method for distributing, receiving, and using funds or credits and apparatus thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325561A (en) * 2007-06-12 2008-12-17 阿里巴巴集团控股有限公司 Method, apparatus and system for processing electronic mail
CN102404341A (en) * 2011-12-22 2012-04-04 中标软件有限公司 Method and device for monitoring user behavior of e-mail
CN103441920A (en) * 2013-08-14 2013-12-11 新浪网技术(中国)有限公司 Judgment method and device of junk mail server
CN104065638A (en) * 2013-08-16 2014-09-24 武开有 Method for preventing mail bomb attack based on mail service space reservation
CN104702487A (en) * 2013-12-04 2015-06-10 北京千橡网景科技发展有限公司 Mail sending method and device
US20160012465A1 (en) * 2014-02-08 2016-01-14 Jeffrey A. Sharp System and method for distributing, receiving, and using funds or credits and apparatus thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
冷亮.等: "邮件炸弹检测算法", 《黑龙江科技信息》 *

Similar Documents

Publication Publication Date Title
EP1407377B1 (en) Apparatus and method for handling electronic mail
US8180841B2 (en) System for facilitating thread-based message prioritization
US7610344B2 (en) Sender reputations for spam prevention
US9875466B2 (en) Probability based whitelist
US7769815B2 (en) System and method for determining that an email message is spam based on a comparison with other potential spam messages
US7673003B2 (en) Social network email filtering
US7849142B2 (en) Managing connections, messages, and directory harvest attacks at a server
US6941348B2 (en) Systems and methods for managing the transmission of electronic messages through active message date updating
US8583787B2 (en) Zero-minute virus and spam detection
US7873695B2 (en) Managing connections and messages at a server by associating different actions for both different senders and different recipients
US7797443B1 (en) System and method for detecting spam e-mail
CN101472245B (en) Spam message interception method and device
CN108809749B (en) Performing upper layer inspection of a stream based on a sampling rate
WO2005048033A2 (en) System and method for managing a trusted email datastore
CN109462599A (en) A kind of honey jar management system
KR20120112710A (en) Managing sms spoofing using smpp protocol
US20110252043A1 (en) Electronic communication control
CN104717120A (en) Method and device for determining time for sending information
EP1998518B1 (en) Thread-based message prioritization
CN108737344A (en) A kind of network attack protection method and device
CN109379365A (en) A kind of method and system solving mail bomb
US20100175103A1 (en) Reactive throttling of inbound messages and ranges
CN109218163B (en) Mail delivery method and server
CN113792076A (en) Data auditing system
CN109617786B (en) Information management method based on chat tool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190222