如何判断我的邮件系统是否已被入侵?

【问题标题】:How do I tell if my mail system has been compromised?如何判断我的邮件系统是否已被入侵?
【发布时间】:2012-07-02 16:08:41
【问题描述】:

我的网站管理员万能电子邮件地址开始收到来自各种电子邮件系统的大量“交付状态通知(失败)”回复。每小时 1 个。

这显然是垃圾邮件,因为内容是关于药物的。我想知道是否

1) 不是我们发送的,而是我们的站点设置了回复字段,因此我们收到了失败通知或 2) 我们的系统已被入侵,由我们发送,损害了我们的声誉。另外 - 如果是这种情况,我该去哪里解决问题?!

谢谢!

这是一个例子:

 Delivery to the following recipient failed permanently:

 grdchurch@mail.calvinseminary.edu

 Technical details of permanent failure:
 Google tried to deliver your message, but it was rejected by the recipient domain. We         recommend contacting the other email provider for further information about the cause of    this error. The error that the other server returned was: 550 550 5.1.1   <grdchurch@calvinseminary.edu>... User unknown (state 13).

 ----- Original message -----

 Received: by 10.204.152.70 with SMTP id f6mr6872450bkw.7.1341224023720;
 Mon, 02 Jul 2012 03:13:43 -0700 (PDT)
 Received: by 10.204.152.70 with SMTP id f6mr6872447bkw.7.1341224023673;
 Mon, 02 Jul 2012 03:13:43 -0700 (PDT)
 Return-Path: <Ester7CB4674@mysite.com>
 Received: from 94.98.142.218 ([94.98.142.218])
 by mx.google.com with ESMTP id hi9si10538192bkc.151.2012.07.02.03.13.38;
 Mon, 02 Jul 2012 03:13:39 -0700 (PDT)
 Received-SPF: neutral (google.com: 94.98.142.218 is neither permitted nor denied by   best guess record for domain of Ester7CB4674@mysite.com) client-ip=94.98.142.218;
 Authentication-Results: mx.google.com; spf=neutral (google.com: 94.98.142.218 is neither permitted nor denied by best guess record for domain of Ester7CB4674@mysite.com)    smtp.mail=Ester7CB4674@mysite.com
 Date: Mon, 02 Jul 2012 03:13:39 -0700 (PDT)
 Message-Id: <20120702131340.6C18454BE719A3A513E9@USER-PC>
 From: Leslie Browning <Ester7CB4674@mysite.com>
 To: grdchurch <grdchurch@calvinseminary.edu>
 Reply-To: Maryanne Whitehead <Terry1DA24@starlane411.com>
 Subject: For grdchurch
 Mime-Version: 1.0
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: 7bit

 best ED meds! Be confident! Buy here http://www.akermedic.ru/

 B3B0ED3F2E14A898C2C644020D7E9A8071
 30DA492A4CF3EB0A0E3DE1371040BE5C81
 4C9CF9C9AC2D7881DACD5D1B0A9A460

【问题讨论】:

  • 另外,我的猜测是垃圾邮件中的From: 字段被欺骗了,而不是您的电子邮件服务器被入侵了。

标签: security email


【解决方案1】:

尝试安装一些防病毒和反恶意软件,例如:

http://www.malwarebytes.org/

http://www.microsoft.com/security/pc-security/mse.aspx

并运行完整的系统扫描,看看你想出了什么。

【讨论】:

    【解决方案2】:

    可以在邮件头中看到a

    Received: from 94.98.142.218 ([94.98.142.218])

    如果那里的 IP 不等于任何主机的 ip,则它只是欺骗的 From 标头。 Received 标头不是由发件人创建的,而是由中间邮件服务器创建的,中间邮件服务器(可能)也向您发送了Delivery Status Notification (Failure) 消息。这不能轻描淡写。攻击者也不需要进行欺骗,因为他已经拥有您的系统作为欺骗。

    所以我认为这指向了指向您的欺骗 From 标头的方向。当然没有保证。

    【讨论】:

      猜你喜欢
      • 2011-11-25
      • 2018-09-13
      • 2011-10-12
      • 1970-01-01
      • 2011-05-19
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode