0
我有一个带有Postfix的Centos服务器。 我的服务器被某人滥用发送垃圾邮件。我定期使用恶意软件检测和其他工具扫描服务器。 Plesk控制面板也设置了每小时50邮件的限制。 服务器操作系统和服务器上的其他软件定期更新。从邮件头中找到垃圾邮件来源
但是,我的ISP通知我有很多垃圾邮件从IP发送,所以他们已经阻止了IP。 我试过所有的方法来检测来源,但失败了。
如果任何人都可以给我建议的方式找头中的垃圾邮件/垃圾邮件脚本,会让我容易:) (我掩盖了我的服务器的ip为server.myserver.com/100.100.100.100)
##########邮件头X-HmXmrOriginalRecipient: [email protected]
Received: from BN3NAM04HT097.eop-NAM04.prod.protection.outlook.com
(10.175.9.152) by MWHPR14MB1711.namprd14.prod.outlook.com with HTTPS via
MWHPR18CA0038.NAMPRD18.PROD.OUTLOOK.COM; Sun, 13 Aug 2017 13:28:43 +0000
Received: from BN3NAM04FT012.eop-NAM04.prod.protection.outlook.com
(10.152.92.54) by BN3NAM04HT097.eop-NAM04.prod.protection.outlook.com
(10.152.93.173) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1304.16; Sun, 13
Aug 2017 13:28:42 +0000
Authentication-Results: spf=none (sender IP is 100.100.100.100)
smtp.mailfrom=hotpop3.com; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=none action=none header.from=hotpop3.com;
Received-SPF: None (protection.outlook.com: hotpop3.com does not designate
permitted sender hosts)
Received: from BAY004-MC1F21.hotmail.com (10.152.92.58) by
BN3NAM04FT012.mail.protection.outlook.com (10.152.92.169) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.1304.16 via Frontend Transport; Sun, 13 Aug 2017 13:28:41 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:F12CEF74F354E5E4529259D131D19D0E4D4442B5F4483E6B74E2D931A45FBA73;UpperCasedChecksum:76720E6505CE4C455F8D3F0CB51C70A39163C5E1791F81A33FB44509BB39FB53;SizeAsReceived:678;Count:13
Received: from server.myserver.com ([100.100.100.100]) by BAY004-MC1F21.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
Sun, 13 Aug 2017 06:28:35 -0700
Subject: Lizmay You have a message that will be deleted in 6 days legendary
Feverishly-Vague-Notebooks: 16359
To: [email protected]
Content-Type: text/html; charset="UTF-8"
Pectoral-Rises-Hobble: sense
Date: Sun, 13 Aug 2017 09:28:34 +0000
Content-Transfer-Encoding: 7bit
Message-ID: [email protected]
From: Notification Facebook [email protected]
Return-Path: [email protected]
X-OriginalArrivalTime: 13 Aug 2017 13:28:35.0988 (UTC) FILETIME=[11010540:01D31438]
X-IncomingHeaderCount: 13
X-MS-Exchange-Organization-Network-Message-Id: 10ae07f6-85af-416d-5f30-08d4e24f3700
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 100.100.100.100
CMM-sending-ip: 100.100.100.100
CMM-Authentication-Results: hotmail.com; spf=none (sender IP is
100.100.100.100) [email protected]; dkim=none
header.d=hotpop3.com; x-hmca=none [email protected]
CMM-X-SID-PRA: [email protected]
CMM-X-AUTH-Result: NONE
CMM-X-SID-Result: NONE
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
CMM-X-Message-Info: 3c21WZ1hAltI9DuizMAEE41BI5AyVQJy5WKTrkRtozy7n8uROmdGq+2lzhar6phB3KoijGvJ2eF4om5ai2JdojRslastfe6pj1PSlUSTzu43fu053gfRHmctpRBqOUpyGS3Vvp2i0dMdFEBn/V2FUePTQUv3iK5Hc6xpG2YhOg6feY2B48yB5jfebtnjBPmjRuGMUZjZRdLVNuhzm251tnrEfTwhUg4szJwHV/Dlf+P/AiA7NYuF6WUYldYez+RR
X-MS-Exchange-Organization-PCL: 2
X-MS-UserLastLogonTime: 8/13/2017 3:35:36 AM