{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id":"42846","self":"https://jira.geedge.net/rest/api/2/issue/42846","key":"OMPUB-1226","fields":{"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303},"components":[],"timespent":null,"timeoriginalestimate":null,"description":"[~liuyang] 洋姐，监测邮件的策略中配置了smtp、pop3、imap三种协议\r\n\r\n!image-2024-04-14-14-35-49-524.png|width=530,height=338!\r\n\r\n统计了20240414 10:53:06~10:54:01共100000条mail的监测日志：\r\n* decoded as成mail的有58298条，其余解码为base/http/ssl。\r\n* mail协议中出现mail from/to等邮箱地址的数量统计如下\r\n\r\n!image-2024-04-14-14-35-22-882.png!\r\n\r\n日志见附件的压缩文件","project":{"self":"https://jira.geedge.net/rest/api/2/project/10206","id":"10206","key":"OMPUB","name":"Operation and Maintenance","projectTypeKey":"business","avatarUrls":{"48x48":"https://jira.geedge.net/secure/projectavatar?pid=10206&avatarId=10715","24x24":"https://jira.geedge.net/secure/projectavatar?size=small&pid=10206&avatarId=10715","16x16":"https://jira.geedge.net/secure/projectavatar?size=xsmall&pid=10206&avatarId=10715","32x32":"https://jira.geedge.net/secure/projectavatar?size=medium&pid=10206&avatarId=10715"},"projectCategory":{"self":"https://jira.geedge.net/rest/api/2/projectCategory/10002","id":"10002","description":"系统运维","name":"MaintenanceDev"}},"fixVersions":[],"aggregatetimespent":null,"resolution":{"self":"https://jira.geedge.net/rest/api/2/resolution/10000","id":"10000","description":"该问题的工作流程已完成。","name":"完成"},"timetracking":{},"customfield_10401":null,"customfield_10104":null,"customfield_10402":null,"customfield_10105":"0|i05f1g:","customfield_10403":null,"customfield_10404":null,"attachment":[{"self":"https://jira.geedge.net/rest/api/2/attachment/55173","id":"55173","filename":"image-2024-04-14-14-35-22-882.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-14T16:05:49.429+0800","size":3953,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55173/image-2024-04-14-14-35-22-882.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55173/_thumb_55173.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55172","id":"55172","filename":"image-2024-04-14-14-35-49-524.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-14T16:06:08.247+0800","size":43858,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55172/image-2024-04-14-14-35-49-524.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55172/_thumb_55172.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55280","id":"55280","filename":"image-2024-04-15-17-42-18-348.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-15T17:42:22.642+0800","size":35429,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55280/image-2024-04-15-17-42-18-348.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55280/_thumb_55280.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55279","id":"55279","filename":"image-2024-04-15-17-42-26-655.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-15T17:42:31.014+0800","size":334827,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55279/image-2024-04-15-17-42-26-655.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55279/_thumb_55279.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55281","id":"55281","filename":"image-2024-04-15-17-48-17-008.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-15T17:48:22.359+0800","size":1592780,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55281/image-2024-04-15-17-48-17-008.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55281/_thumb_55281.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55323","id":"55323","filename":"image-2024-04-16-11-35-08-052.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T11:35:08.520+0800","size":410994,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55323/image-2024-04-16-11-35-08-052.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55323/_thumb_55323.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55324","id":"55324","filename":"image-2024-04-16-11-36-32-762.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T11:36:33.074+0800","size":100926,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55324/image-2024-04-16-11-36-32-762.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55324/_thumb_55324.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55326","id":"55326","filename":"image-2024-04-16-12-00-35-035.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T12:00:35.530+0800","size":378538,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55326/image-2024-04-16-12-00-35-035.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55326/_thumb_55326.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55325","id":"55325","filename":"image-2024-04-16-12-03-25-954.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T12:03:26.697+0800","size":589889,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55325/image-2024-04-16-12-03-25-954.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55325/_thumb_55325.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55327","id":"55327","filename":"image-2024-04-16-12-16-06-915.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T12:16:07.631+0800","size":586038,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/55327/image-2024-04-16-12-16-06-915.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/55327/_thumb_55327.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/55175","id":"55175","filename":"monitor_event20240414055548.rar","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-14T19:57:41.090+0800","size":38756954,"mimeType":"application/x-rar-compressed","content":"https://jira.geedge.net/secure/attachment/55175/monitor_event20240414055548.rar"}],"aggregatetimeestimate":null,"resolutiondate":"2024-04-19T15:08:23.430+0800","workratio":-1,"summary":"【WMS-UTR】smtp/pop3/imap监测日志中，decoded as为mail的日志仅占一半，且from，to地址解析比例低","lastViewed":null,"watches":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-1226/watchers","watchCount":2,"isWatching":false},"creator":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"subtasks":[],"created":"2024-04-14T16:09:33.583+0800","reporter":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"customfield_10000":"{summaryBean=com.atlassian.jira.plugin.devstatus.rest.SummaryBean@11293c9f[summary={pullrequest=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@3154855[overall=PullRequestOverallBean{stateCount=0, state='OPEN', details=PullRequestOverallDetails{openCount=0, mergedCount=0, declinedCount=0}},byInstanceType={}], build=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@5687aaf6[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BuildOverallBean@7ff90793[failedBuildCount=0,successfulBuildCount=0,unknownBuildCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], review=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@4d92360c[overall=com.atlassian.jira.plugin.devstatus.summary.beans.ReviewsOverallBean@5608641b[stateCount=0,state=<null>,dueDate=<null>,overDue=false,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], deployment-environment=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@3d33b436[overall=com.atlassian.jira.plugin.devstatus.summary.beans.DeploymentOverallBean@ac1e99c[topEnvironments=[],showProjects=false,successfulCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], repository=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@56bf9c9e[overall=com.atlassian.jira.plugin.devstatus.summary.beans.CommitOverallBean@430202ee[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], branch=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@63308cbc[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BranchOverallBean@66b8044f[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}]},errors=[],configErrors=[]], devSummaryJson={\"cachedValue\":{\"errors\":[],\"configErrors\":[],\"summary\":{\"pullrequest\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":\"OPEN\",\"details\":{\"openCount\":0,\"mergedCount\":0,\"declinedCount\":0,\"total\":0},\"open\":true},\"byInstanceType\":{}},\"build\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"failedBuildCount\":0,\"successfulBuildCount\":0,\"unknownBuildCount\":0},\"byInstanceType\":{}},\"review\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":null,\"dueDate\":null,\"overDue\":false,\"completed\":false},\"byInstanceType\":{}},\"deployment-environment\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"topEnvironments\":[],\"showProjects\":false,\"successfulCount\":0},\"byInstanceType\":{}},\"repository\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}},\"branch\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}}}},\"isStale\":false}}","aggregateprogress":{"progress":0,"total":0},"customfield_10100":null,"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/3","iconUrl":"https://jira.geedge.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10200":null,"customfield_10400":null,"labels":["WMS-UTR"],"environment":null,"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"duedate":"2024-04-15","progress":{"progress":0,"total":0},"issuelinks":[],"comment":{"comments":[{"self":"https://jira.geedge.net/rest/api/2/issue/42846/comment/78514","id":"78514","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"导出的100000条监测日志中，decode_as分布如下：\r\n * MAIL 58298\r\n * BASE 41687\r\n ** app识别结果均为pop,imap,smtp\r\n ** server 端口分布如下：\r\n *** \r\n||server port||sessions||app||\r\n|25|36020|smtp:36020\r\nimap:1|\r\n|110|2956|pop3|\r\n|143|2709|smtp:4\r\nimap:2705|\r\n|587|1|smtp|\r\n|80|1|smtp|\r\n\r\n * \r\n ** 上述端口均为mail常用服务端端口，初步推测decode_as为BASE的原因同https://jira.geedge.net/browse/TSG-19842\r\n * HTTP 3\r\n ** app识别结果均为http.imap或者http.pop3\r\n ** UA均为 python-socks/2.3.0，推测为http代理\r\n * SSL 12\r\n ** app识别结果均为pop3.ssl或者imap.ssl，应该均为STARTLS\r\n\r\n ","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-15T09:59:51.732+0800","updated":"2024-04-15T13:55:20.523+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/42846/comment/78592","id":"78592","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"Decode_as为BASE的分析\r\n * 对于app识别为mail(in smtp, pop, imap)，decode_as为BASE的会话，通过在京版网关下发server port in (25,110,143,587) and ip_protocol==tcp的监测策略，并开启packet capture，3小时记录106个会话，Decode AS分布如下：\r\n ** BASE 37 占比34.9%\r\n ** MAIL 69 占比65.69%\r\n *** C2S单向流 35041，占比53%\r\n *** S2C单向流 24，占比0.03%\r\n * 进一步分析BASE的会话，app识别结果如下：\r\n ** !image-2024-04-15-17-42-18-348.png|width=745,height=164!\r\n ** app识别为VPN的会话结果无误，原因为VPN服务使用常见邮件端口。\r\n ** app识别为imap的会话，典型的传输内容如下：\r\n ** !image-2024-04-15-17-42-26-655.png|width=1748,height=250!\r\n ** 上图会话传输的内容为qqmail服务器的欢迎（greeting）消息，客户端与服务端握手成功后，服务端主动返回其支持的功能（Capabilities），包括不同的认证方法和命令扩展。\r\n ** 上述会话周期性出现，被第三方DPI识别为imap并在app字段标注，但由于未传输mail日志相关字段，decode_as将被标注为BASE。\r\n * 分析decode_as的会话，传输的内容如下：\r\n ** !image-2024-04-15-17-48-17-008.png|width=609,height=273!\r\n ** 上述会话decode_as会被标注为MAIL，但是mail_xx字段全部为空，原因是mail decoder在出现STARTTLS后，会主动通知firewall插件该状态，但并未出现已定义的相关日志字段。\r\n\r\n{*}修改建议{*}：参照SSL，新增mail.starttls flags日志字段，用于标注MAIL会话中STARTTLS的行为","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-15T17:42:13.527+0800","updated":"2024-04-16T10:21:57.428+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/42846/comment/78610","id":"78610","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"body":"UTR现场MAIL数据包下载地址\r\n\r\nhttps://de.files.gdnt-cloud.com/d/712121426ea244bcaf40/","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=niuxiang","name":"niuxiang","key":"JIRAUSER10114","emailAddress":"niuxiang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10349","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10349","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10349","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10349"},"displayName":"牛翔","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T02:01:16.917+0800","updated":"2024-04-16T02:01:37.612+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/42846/comment/78638","id":"78638","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"现场返回两个pcapng数据包，功能端处理后结果如下：\r\n\r\n*数据包 10164_port25.pcapng 259.7MB*\r\n * TCP会话：12670\r\n ** c2s 11347 89.5%\r\n ** s2c 971 7.5%\r\n ** bidirectional 2.7%\r\n * 有效传输数据会话（包数>3,字节数>5）:5775\r\n ** *c2s* 4936 *85.5%*\r\n ** *s2c* 549 *9.5%*\r\n ** *bidirectional* 290 *5%*\r\n * 解析为SMTP 5017, 占有效传输数据会话 86.8%\r\n ** *STARTTLS* 1298 *占SMTP会话 25.8%*\r\n ** 含MAIL_FROM_CMD 3410，占SMTP会话67.9%\r\n ** 含MAIL_FROM 248, 占SMTP会话 4.9%\r\n ** 含MAIL_TO_CMD 3328，占SMTP会话 66.3%\r\n ** 含MAIL_TO 246, 占SMTP会话 4.9%\r\n *** 含MAIL_FROM_CMD但是不含MAIL_FROM传输内容如下：\r\n *** SMTP命令行交互后，被服务端RST\r\n *** !image-2024-04-16-12-16-06-915.png|width=859,height=218!\r\n ** *无上述MAIL字段 309，占SMTP会话 6%*\r\n *** 无mail收发件人字段传输的内容如下：\r\n **** SMTP 单向流 ，客户端发起EHLO\r\n **** !image-2024-04-16-11-35-08-052.png|width=988,height=183!\r\n **** SMTP双向流\r\n **** !image-2024-04-16-11-36-32-762.png|width=573,height=189!\r\n\r\n \r\n\r\n*数据包 10164_port25port110port143.pcapng 303.7MB*\r\n * TCP会话：17963\r\n ** c2s 16363 91%\r\n ** s2c 1221 6.9%\r\n ** bidirectional 379 2.1%\r\n * 有效传输数据会话（包数>3,字节数>5）:8343\r\n ** *c2s* 7315 *87.6%*\r\n ** *s2c* 684 *8.2%*\r\n ** *bidirectional* 344 *4.2%*\r\n * 解析为MAIL 6714, 占有效传输数据会话 80.4%\r\n ** *STARTTLS* 2124 *占MAIL会话 31.6%*\r\n ** 含MAIL_FROM_CMD 3758，占MAIL会话55.9%\r\n ** 含MAIL_FROM 123, 占MAIL会话 1.8%\r\n ** 含MAIL_TO_CMD 3681，占MAIL会话 54.8%\r\n ** 含MAIL_TO 122, 占MAIL会话 1.8%\r\n ** {*}不含上述MAIL字段{*}会话832，占MAIL会话 *12.3%*\r\n *** 无mail收发件人字段传输的内容如下：\r\n **** pop3 单向流，仅传输用户名密码\r\n *** !image-2024-04-16-12-00-35-035.png|width=1375,height=322!\r\n *** IMAP单向流，客户端登入登出\r\n *** !image-2024-04-16-12-03-25-954.png|width=834,height=186!\r\n\r\n \r\n\r\n*初步结论*\r\n * 监测mail，日志中decode as为base的原因\r\n ** 对于MAIL.STARTTLS会话，当前监测日志中Decode As会被填充为BASE，结合Application识别结果可以判断\r\n ** 现场采样的数据包，STARTTLS会话比例在25%~30%\r\n * decode as为MAIL，但是收发件人为空的原因\r\n ** Decode As为MAIL的会话，存在正常交互，但是不传输MAIL收发件人信息的行为（按捕包+采样统计约占MAIL会话的10%~12%）\r\n ** 日志中仅包含MAIL_FROM_CMD不包含MAIL_FROM的情况，通常为命令行交互过程中，未进入到传输MAIL内容的流程即被服务端中止\r\n ** 单向流情况下，单侧不包含MAIL收发件人信息\r\n *** SMTP S2C侧\r\n *** POP和IMAP C2S侧","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2024-04-16T11:25:56.027+0800","updated":"2024-04-17T10:08:19.904+0800"}],"maxResults":4,"total":4,"startAt":0},"votes":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-1226/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"assignee":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuyang","name":"liuyang","key":"JIRAUSER10102","emailAddress":"liuyang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"刘洋","active":true,"timeZone":"Asia/Shanghai"},"updated":"2024-04-22T09:31:27.199+0800","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}}}}