您的位置: 首页  >  技术问答  >  从邮件头中找到垃圾邮件来源

从邮件头中找到垃圾邮件来源

分类: 技术问答 2022-07-19 20:58:22
问题描述:

我有一个带有Postfix的Centos服务器。 我的服务器被某人滥用发送垃圾邮件。我定期使用恶意软件检测和其他工具扫描服务器。 Plesk控制面板也设置了每小时50邮件的限制。 服务器操作系统和服务器上的其他软件定期更新。从邮件头中找到垃圾邮件来源

但是,我的ISP通知我有很多垃圾邮件从IP发送,所以他们已经阻止了IP。 我试过所有的方法来检测来源,但失败了。

如果任何人都可以给我建议的方式找头中的垃圾邮件/垃圾邮件脚本,会让我容易:) (我掩盖了我的服务器的ip为server.myserver.com/100.100.100.100)

##########邮件头 
X-HmXmrOriginalRecipient: [email protected] 
Received: from BN3NAM04HT097.eop-NAM04.prod.protection.outlook.com 
(10.175.9.152) by MWHPR14MB1711.namprd14.prod.outlook.com with HTTPS via 
MWHPR18CA0038.NAMPRD18.PROD.OUTLOOK.COM; Sun, 13 Aug 2017 13:28:43 +0000 
Received: from BN3NAM04FT012.eop-NAM04.prod.protection.outlook.com 
(10.152.92.54) by BN3NAM04HT097.eop-NAM04.prod.protection.outlook.com 
(10.152.93.173) with Microsoft SMTP Server (version=TLS1_2, 
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1304.16; Sun, 13 
Aug 2017 13:28:42 +0000 
Authentication-Results: spf=none (sender IP is 100.100.100.100) 
smtp.mailfrom=hotpop3.com; hotmail.com; dkim=none (message not signed) 
header.d=none;hotmail.com; dmarc=none action=none header.from=hotpop3.com; 
Received-SPF: None (protection.outlook.com: hotpop3.com does not designate 
permitted sender hosts) 
Received: from BAY004-MC1F21.hotmail.com (10.152.92.58) by 
BN3NAM04FT012.mail.protection.outlook.com (10.152.92.169) with Microsoft SMTP 
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 
15.1.1304.16 via Frontend Transport; Sun, 13 Aug 2017 13:28:41 +0000 
X-IncomingTopHeaderMarker: OriginalChecksum:F12CEF74F354E5E4529259D131D19D0E4D4442B5F4483E6B74E2D931A45FBA73;UpperCasedChecksum:76720E6505CE4C455F8D3F0CB51C70A39163C5E1791F81A33FB44509BB39FB53;SizeAsReceived:678;Count:13 
Received: from server.myserver.com ([100.100.100.100]) by BAY004-MC1F21.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143); 
Sun, 13 Aug 2017 06:28:35 -0700 
Subject: Lizmay You have a message that will be deleted in 6 days legendary 
Feverishly-Vague-Notebooks: 16359 
To: [email protected] 
Content-Type: text/html; charset="UTF-8" 
Pectoral-Rises-Hobble: sense 
Date: Sun, 13 Aug 2017 09:28:34 +0000 
Content-Transfer-Encoding: 7bit 
Message-ID: [email protected] 
From: Notification Facebook [email protected] 
Return-Path: [email protected] 
X-OriginalArrivalTime: 13 Aug 2017 13:28:35.0988 (UTC) FILETIME=[11010540:01D31438] 
X-IncomingHeaderCount: 13 
X-MS-Exchange-Organization-Network-Message-Id: 10ae07f6-85af-416d-5f30-08d4e24f3700 
X-EOPAttributedMessage: 0 
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0 
X-MS-Exchange-Organization-MessageDirectionality: Incoming 
CMM-sender-ip: 100.100.100.100 
CMM-sending-ip: 100.100.100.100 
CMM-Authentication-Results: hotmail.com; spf=none (sender IP is 
100.100.100.100) [email protected]; dkim=none 
header.d=hotpop3.com; x-hmca=none [email protected] 
CMM-X-SID-PRA: [email protected] 
CMM-X-AUTH-Result: NONE 
CMM-X-SID-Result: NONE 
CMM-X-Message-Status: n:n 
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02 
CMM-X-Message-Info: 3c21WZ1hAltI9DuizMAEE41BI5AyVQJy5WKTrkRtozy7n8uROmdGq+2lzhar6phB3KoijGvJ2eF4om5ai2JdojRslastfe6pj1PSlUSTzu43fu053gfRHmctpRBqOUpyGS3Vvp2i0dMdFEBn/V2FUePTQUv3iK5Hc6xpG2YhOg6feY2B48yB5jfebtnjBPmjRuGMUZjZRdLVNuhzm251tnrEfTwhUg4szJwHV/Dlf+P/AiA7NYuF6WUYldYez+RR 
X-MS-Exchange-Organization-PCL: 2 
X-MS-UserLastLogonTime: 8/13/2017 3:35:36 AM

请务必使用以下设置配置后缀:

... 
smtp_tls_security_level = may 
smtp_use_tls = no 
smtpd_tls_security_level = may 
smtpd_use_tls = yes 
smtpd_sasl_auth_enable = yes 
smtpd_tls_auth_only = no 

smtp_sasl_security_options = noanonymous 
smtp_sasl_tls_security_options = noanonymous 
smtpd_sasl_security_options = noanonymous 
smtpd_sasl_tls_security_options = noanonymous 
...

例如, 
... 
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated 
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org 
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 
...

请注意。请确保,“允许用户和脚本使用Sendmail”未设置为=> HOME>工具和设置>邮件服务器设置,因为这样可以防止sendmail的使用,并且只允许发送具有SMTP验证的邮件在你的情况下推荐!)。

请注意。检查以及官方的Plesk知识库 - 文章:

=>Many email messages are sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used?

...并考虑以及使用的Plesk论坛社区的帮助下在官方Plesk社区论坛:=>https://talk.plesk.com

相关推荐