Postfix

使用有效使用者通過我的伺服器轉發的垃圾郵件

  • July 27, 2015

我收到“未送達的郵件已退回給發件人”消息。正在使用我的伺服器 (server1.nbicharts.com) 上的有效使用者 (mike@proactech.com) 轉發相關郵件消息。我控制著那個電子郵件地址,所以不是我在做轉發。我已經測試過我的伺服器不是開放中繼,因此我需要有關如何跟踪允許這種情況發生的漏洞的幫助。我認為雖然我只看到未傳遞的消息,但肯定還有更多正在傳遞的消息。

任何幫助將不勝感激。

這是一條典型的消息:

       This is the mail system at host server1.nbicharts.com.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                  The mail system

<hrrecruitmentcell@tvssons.com>: host b.as.safentrix.com[23.239.12.179] said:
   550 5.1.1 <hrrecruitmentcell@tvssons.com>: Recipient address rejected: User
   unknown (in reply to RCPT TO command)



Reporting-MTA: dns; server1.nbicharts.com
X-Postfix-Queue-ID: D7340580C88
X-Postfix-Sender: rfc822; mike@proactech.com
Arrival-Date: Sat, 25 Jul 2015 06:35:04 -0400 (EDT)

Final-Recipient: rfc822; hrrecruitmentcell@tvssons.com
Original-Recipient: rfc822;hrrecruitmentcell@tvssons.com
Action: failed Status: 5.1.1
Remote-MTA: dns; b.as.safentrix.com
Diagnostic-Code: smtp; 550 5.1.1 <hrrecruitmentcell@tvssons.com>: Recipient
   address rejected: User unknown


ForwardedMessage.eml
Subject: Reply: kavithamai
From: kavithamai <mike@proactech.com>
Date: 07/25/2015 01:35 AM
To: "hrrecruitmentcell" <hrrecruitmentcell@tvssons.com>

Begin forwarded message

>  
>>
>>> http://freefinancialstresstest.com/lazbqala.php?kavithamai
>
> From: Kavithamai -kavithamai@yahoo.co.in-
> Date: Fri, 25 Jul 2015 11:35:04 +0000
> To: Hrrecruitmentcell
> Subject: Re: Fwd
>
> 7/25/2015 11:35:04 AM

Sent from my iPad

這裡mail.log

Jul 25 06:35:06 server1 postfix/smtp[18650]: D7340580C88: to=<hrrecruitmentcell@tvssons.com>, relay=b.as.safentrix.com[23.239.12.179]:25, delay=1.8, delays=1.1/0/0.45/0.2, dsn=5.1.1, status=bounced (host b.as.safentrix.com[23.239.12.179] said: 550 5.1.1 <hrrecruitmentcell@tvssons.com>: Recipient address rejected: User unknown (in reply to RCPT TO command))

您進行了一些探勘,發現原始出站電子郵件是通過您的伺服器發送的。這意味著,在這種情況下,你不是joe-jobbed

探勘日誌表明,有問題的使用者已通過身份驗證從 Orange Slovakia 發送電子郵件,這很可能是移動連接。您應該詢問該使用者為什麼要進行身份驗證以從斯洛伐克發送郵件。

如果他打算發送此郵件,您應該根據您的可接受使用政策評估他的行為。如果他不打算發送它,那麼他的帳戶,可能還有他的移動計算設備,已經被盜用,他應該進行適當的清理,並且你應該鎖定他的帳戶,直到你對他滿意地這樣做感到滿意為止,再次取決於您的 AUP 來證明您的行為是正確的。

引用自:https://serverfault.com/questions/708570