以下是我从 aol abuse 获得的电子邮件标题和信息。此类电子邮件以极低的频率从我的服务器随机生成,并且 IP 经常被列入黑名单。经过 2 周的努力,我仍然无法找到垃圾邮件发送者:
Return-Path: <[email protected]>
Received: from zircon.freezone.co.uk (zircon.freezone.co.uk [91.222.8.110])
by mtaig-mcb01.mx.aol.com (Internet Inbound) with SMTP id 09111700012D7
for <[email protected]>; Sun, 9 Nov 2014 10:13:08 -0500 (EST)
Received: from rosemaryzipn by mailtn.zircon.freezone.co.uk with local (Exim 4.40)
id YAkDpP-GlgNmv-5p
for [email protected]; Sun, 09 Nov 2014 23:57:32 +0000
To: [email protected]
Subject: Photos from the most thrilling naked cocktail party in a bamboo cafe for your enjoyment!
Message-Id: <[email protected]>
From: "Versie Donelly" <[email protected]>
Date: Sun, 09 Nov 2014 23:57:32 +0000
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
spf=neutral (aol.com: the domain gocaltech.com reports a neutral SPF policy.) smtp.mailfrom=gocaltech.com;
x-aol-sid: 3039ac1a32a1545f84843484
X-AOL-IP: 91.222.8.110
X-AOL-SPF: domain : gocaltech.com SPF : neutral
<html><body>Hello, love muscle!<br>When my naughty hottest friend and me went to the beach I was wondering<br>
if we could see a proper nook to spend some time and have a good cocktail.<br>
Luckily, we found a perfect place - a sweet bamboo cafe on the sea shore where we spent our nights.<br>
<a href="http://ridiqee.loveandpickup.net/">See new naked pics at my profile</a> to appreciate a breathtaking party that we had.<br>
Be ready to see <a href="http://ridiqee.loveandpickup.net/">many perfect spots and <syn32> naked curves!</a></body></html>
服务器是带有 CentOS 6 的 plesk 11。此标题中是否存在任何信息,我可以通过这些信息了解垃圾邮件发送者的来源。
答案1
Received: from rosemaryzipn by mailtn.zircon.freezone.co.uk with local (Exim 4.40)
看起来您的主机上有一些垃圾邮件机器人。该机器人在本地提交邮件,而不是通过 SMTP。这可能是一些易受攻击的 CMS,例如 wordpress 甚至 plesk 本身。