Spam

在網路上定位惡意軟體

  • September 30, 2013

我正在嘗試隔離在我的網路上發送惡意軟體的電子郵件。標題如下:

Received: from z.local.domain (172.18.248.22) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24 via Mailbox Transport; Mon, 30 Sep 2013 02:35:43 -0700
Received: from z.local.domain (172.18.248.22) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24; Mon, 30 Sep 2013 02:35:43 -0700
Received: from localhost (172.18.248.18) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24 via Frontend Transport; Mon, 30 Sep 2013 02:35:43 -0700
Received: from www-data by localhost with local (Exim 4.80) (envelope-from <www-data@local.domain>) id 1VQZtH-0002oq-13 for helpdesk@local.domain; Mon, 30 Sep 2013 02:35:43 -0700
MIME-Version: 1.0
Subject: Subject: eRKpqkSHqdjESMjhqQ
Return-Path: www-data@local.domain
X-MS-Exchange-Organization-Authsource: z.local.domain
Date: Mon, 30 Sep 2013 02:35:43 -0700
X-MS-Exchange-Organization-Network-Message-ID: d786a17d-ef12-4403-aa12-08d08bd7914a
X-MS-Exchange-Organization-Authas: Anonymous
content-type: text/html; charset="utf-8"
Message-ID: <E1VQZtH-0002oq-13@localhost>
To: <helpdesk@local.domain>
X-PHP-Originating-Script: 0:ticket.php
From: Benjamin <goodsam@gmail.com>
X-RT-Original-Encoding: iso-8859-1
Content-Length: 500

我已經用clamwin 和malwarebytes 掃描了Z 伺服器,但都返回了否定的結果。除了幫助台之外,似乎沒有其他人在我們的網路中報告過這種垃圾郵件。(Helpdesk 位於執行 Request Tracker 4 的 Debian 7.1 主機上 - 這是檢查此電子郵件帳戶的唯一位置。)

我可以在 Z 伺服器上執行任何其他掃描器還是問題出在其他地方?

您的標頭顯示此郵件來自 172.18.248.18。這就是您需要查看的機器。

引用自:https://serverfault.com/questions/542734

相關問答

Sendmail

sendmail 向我不知道的收件人發送郵件;可能的垃圾郵件主機

  • November 23, 2011
檢視問答
Spam

強制 Apache2.2 放棄請求

  • January 26, 2011
檢視問答
Postfix

如何防止 Postfix 中未經授權的郵件中繼

  • May 12, 2022
檢視問答
Postfix

拒絕反向主機名解析失敗的電子郵件

  • May 11, 2022
檢視問答
Spam

Exchange 365 垃圾郵件過濾器策略阻止域 TLD

  • April 5, 2022
檢視問答
Ubuntu

在生產環境中的 Ubuntu 伺服器上進行惡意軟體掃描的最佳實踐

  • April 5, 2022
檢視問答