Windows
如何阻止對 Azure Windows VM 的傳入 SMTP .EML 攻擊
今天凌晨 1:53,我的 Azure VM 開始在 C:\inetpub\mailroot\Queue 中收到意外的 .EML 文件。到我第一次登錄時大約早上 6 點,它已收到超過 36000 個文件。作為一種解決方法,我停止了服務 > SMTP。
我該如何防止這種情況?
我正在開發一個將發送和接收 SMTP 的網路應用程序。幾天前我剛開始使用 SendGrid 發送,並且只使用 IIS 接收到:C:\inetpub\mailroot\Queue\
以下是 .EML 文件的第一個和最後一個,作為範例……
第一個 .EML 文件……………………..
Received: from <MY PUBLIC IP> by prayshep with Microsoft SMTPSVC(8.5.9600.16384); Mon, 28 Dec 2015 01:53:49 -0800 Received: from XXXXXXXXXXXX by ; Mon, 28 Dec 2015 12:46:42 +0300 Message-ID: <WPWTCYHGVOKQGPNWMSWDVVAN@yam.com> From: "¡¹¤W¤dºØ¤é¥»¶i¤f±¡½ì¥Î«~¡¹Darren" <oddbjsh@hotmail.com> Reply-To: "¡¹½ì¥Î«~ºë«~«Î¡¹Darren" <oddbjsh@hotmail.com> To: q-kids@yahoo.com.tw Subject: ¢e©Ê·P¨k¤º¿Ç¢eDarren Date: Mon, 28 Dec 2015 06:52:42 -0300 X-Mailer: Microsoft Outlook Express 6.00.2462.0000 MIME-Version: 2.0 Content-Type: multipart/alternative; boundary="--44460359181169204938" X-Priority: 3 X-MSMail-Priority: Normal Return-Path: oddbjsh@hotmail.com X-OriginalArrivalTime: 28 Dec 2015 09:53:50.0113 (UTC) FILETIME=[A70D0910:01D14155] ----44460359181169204938 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dbig5"> <title></title> <style> <!-- p.MsoNormal {mso-style-parent:""; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman"; margin-left:0cm; margin-right:0cm; margin-top:0cm} --> </style> </head> <body> <table border=3D"0" width=3D"615" id=3D"table1"> <tr> <td> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9= ; font-weight: 700"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#008000">=B6i=A4f=A6= =A8=A4H=B1=A1=BD=EC=A5=CE=AB~</font></span></a></span></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#FF0000">=B2=A2=AC=FC=BA=CE=A6=E7=A5=F4=BF=EF</font></spa= n><font color=3D"#FF0000"><span style=3D"text-decoration: none"><span lang= =3D"EN-US">3</span><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A5= =F3</span><span lang=3D"EN-US">699</span></span></font><span style=3D"text= -decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#FF= 0000">=A4=B8</font></span></a><font color=3D"#FF0000"> </font></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5= =E9"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#FF00FF">=A4=F5=BB=B6= =A9=CA=B7P=AAA=B9=A2</font></span></a></span><font color=3D"#FF00FF"> </font></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9= ; font-weight: 700"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#00FFFF">=B1=A1=BD=EC= =A5=CE=AB~=AC=C9=AA=BA=A4k=A4=FD=B6}=BDc=A4=E5</font></span></a></span></p= > <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none" lang=3D"EN-US"><font color=3D"#000= 000"> AV</font></span><font color=3D"#000000"><span style=3D"text-decoration: = none"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A4k=C0u=AB=F6=BC= =AF=B4=CE</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A6W=BE=B9</span> </= span></font> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#000000">=B5L=BDu=B8=F5=B3J</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#99CC00">=B0=AA=BC=E9</font></span><span style=3D"text-de= coration: none"><font color=3D"#99CC00"><span lang=3D"EN-US">G</span><span= style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=C2I=B1M=B0=CF</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B6W=A9=CA=B7P=AC=FC= =BBL=B5=B7=C4=FB=A4=CE=BA=F4=C4=FB</span> </font></span></a></b> </p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#FF66FF">=B7R=AA=B1=A8=A4=A6=E2=A7=EA=BAt</font></span><f= ont color=3D"#FF66FF"><span style=3D"text-decoration: none"> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B9q=B0=CA=A6=DB=BC=A2= =BE=B9</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B0=AA=BC=E9=AA=BA=AF= =B5=B1K</span><span lang=3D"EN-US">-</span></span></font><span style=3D"te= xt-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#= FF66FF">=AB=C2=A6=D3=ACX</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#000000">=A5=FE=C0]=B6W=BC=F6=BD=E6=B0=D3=AB~</font></spa= n><font color=3D"#FF0000"><span lang=3D"EN-US" style=3D"text-decoration: n= one"><font size=3D"4">24</font></span></font><span style=3D"text-decoratio= n: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#000000">=B7Q= =AE=C9=A7=D6=B3t=B0e=B9F</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5= =E9">=B5L=AAk=B3s=B5=B2=BD=D0=BD=C6=BBs=BA=F4=A7}=A1=F7</span><span lang=3D= "EN-US"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <font size=3D"4">http://bit.ly/1QSvkx3</font></a></span></b></p> <p>=A1@</td> </tr> </table> </body> </html> ----44460359181169204938--最後一個.EML 文件………………………………………….. …………
Received: from <MY PUBLIC IP> by prayshep with Microsoft SMTPSVC(8.5.9600.16384); Mon, 28 Dec 2015 05:19:41 -0800 Received: from 230.88.183.252 by ; Mon, 28 Dec 2015 09:16:36 -0400 Message-ID: <LRBOOITCSSBMFNYHLKZIFNL@pchome.com.tw> From: "¡¹¶i¤f¦¨¤H±¡½ì¥Î«~¡¹Charity" <gocmfuiepnvn@pchome.com.tw> Reply-To: "¡¹¼Ö¦h±¡½ì¥Î«~¡¹Charity" <ffqbqnljzp@pchome.com.tw> To: freewilldesigner@yahoo.com.tw Subject: ¢e¸¾÷ªM¨t¦C¢eCharity Date: Mon, 28 Dec 2015 07:16:36 -0600 X-Mailer: MIME-Version: 2.0 Content-Type: multipart/alternative; boundary="--=====754321844504=_" X-Priority: 3 X-MSMail-Priority: Normal Return-Path: umlxtoita@pchome.com.tw X-OriginalArrivalTime: 28 Dec 2015 13:19:41.0886 (UTC) FILETIME=[694805E0:01D14172] ----=====754321844504=_ Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dbig5"> <title></title> <style> <!-- p.MsoNormal {mso-style-parent:""; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman"; margin-left:0cm; margin-right:0cm; margin-top:0cm} --> </style> </head> <body> <table border=3D"0" width=3D"615" id=3D"table1"> <tr> <td> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9= ; font-weight: 700"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#008000">=B6i=A4f=A6= =A8=A4H=B1=A1=BD=EC=A5=CE=AB~</font></span></a></span></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#FF0000">=B2=A2=AC=FC=BA=CE=A6=E7=A5=F4=BF=EF</font></spa= n><font color=3D"#FF0000"><span style=3D"text-decoration: none"><span lang= =3D"EN-US">3</span><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A5= =F3</span><span lang=3D"EN-US">699</span></span></font><span style=3D"text= -decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#FF= 0000">=A4=B8</font></span></a><font color=3D"#FF0000"> </font></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5= =E9"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#FF00FF">=A4=F5=BB=B6= =A9=CA=B7P=AAA=B9=A2</font></span></a></span><font color=3D"#FF00FF"> </font></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9= ; font-weight: 700"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none"><font color=3D"#00FFFF">=B1=A1=BD=EC= =A5=CE=AB~=AC=C9=AA=BA=A4k=A4=FD=B6}=BDc=A4=E5</font></span></a></span></p= > <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none" lang=3D"EN-US"><font color=3D"#000= 000"> AV</font></span><font color=3D"#000000"><span style=3D"text-decoration: = none"><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A4k=C0u=AB=F6=BC= =AF=B4=CE</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=A6W=BE=B9</span> </= span></font> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#000000">=B5L=BDu=B8=F5=B3J</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#99CC00">=B0=AA=BC=E9</font></span><span style=3D"text-de= coration: none"><font color=3D"#99CC00"><span lang=3D"EN-US">G</span><span= style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=C2I=B1M=B0=CF</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B6W=A9=CA=B7P=AC=FC= =BBL=B5=B7=C4=FB=A4=CE=BA=F4=C4=FB</span> </font></span></a></b> </p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#FF66FF">=B7R=AA=B1=A8=A4=A6=E2=A7=EA=BAt</font></span><f= ont color=3D"#FF66FF"><span style=3D"text-decoration: none"> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B9q=B0=CA=A6=DB=BC=A2= =BE=B9</span> <span style=3D"font-family: =B7s=B2=D3=A9=FA=C5=E9">=B0=AA=BC=E9=AA=BA=AF= =B5=B1K</span><span lang=3D"EN-US">-</span></span></font><span style=3D"te= xt-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#= FF66FF">=AB=C2=A6=D3=ACX</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <span style=3D"text-decoration: none; font-family: =B7s=B2=D3=A9=FA=C5=E9= "> <font color=3D"#000000">=A5=FE=C0]=B6W=BC=F6=BD=E6=B0=D3=AB~</font></spa= n><font color=3D"#FF0000"><span lang=3D"EN-US" style=3D"text-decoration: n= one"><font size=3D"4">24</font></span></font><span style=3D"text-decoratio= n: none; font-family: =B7s=B2=D3=A9=FA=C5=E9"><font color=3D"#000000">=B7Q= =AE=C9=A7=D6=B3t=B0e=B9F</font></span></a></b></p> <p class=3D"MsoNormal">=A1@</p> <p class=3D"MsoNormal"><b><span style=3D"font-family: =B7s=B2=D3=A9=FA=C5= =E9">=B5L=AAk=B3s=B5=B2=BD=D0=BD=C6=BBs=BA=F4=A7}=A1=F7</span><span lang=3D= "EN-US"> <a target=3D"_blank" href=3D"http://bit.ly/1QSvkx3"> <font size=3D"4">http://bit.ly/1QSvkx3</font></a></span></b></p> <p>=A1@</td> </tr> </table> </body> </html> ----=====754321844504=_--
您沒有受到“
.eml文件攻擊”。您收到大量垃圾郵件,這很自然,IIS 將電子郵件儲存在符合 RFC822 的文件中,以.eml.如果要阻止
.eml文件堆積,則需要阻止垃圾郵件發送者。為此,您需要執行大約 900 萬種不同方法中的任何一種來阻止和阻止垃圾郵件,當您僅將 IIS 用於 SMTP 時,其中許多方法將不可行。考慮確定垃圾郵件是否來自公共 IP 地址並阻止它們,或者阻止似乎有問題的整個網路。這可以通過 Windows 防火牆或 IIS 伺服器前面的防火牆來完成。更好的解決方案是選擇具有更多特性和功能的 SMTP 伺服器來阻止垃圾郵件。