Exim 电子邮件遭黑客入侵或 Backscatter 攻击

tag-icon tag-icon email-server centos6 exim
Exim 电子邮件遭黑客入侵或 Backscatter 攻击

我已经为客户安装了 Exim 服务器,今天早上醒来发现 Hotmail 大约有 100 次退回邮件,内容如下:

Undelivered Mail Returned to Sender

通过谷歌搜索我遇到了反向散射问题,但是我不确定为什么我的邮件服务器会在出站队列中显示电子邮件。

[root@vesta msglog]# exim -bp
71m  2.5K 1ZC6Ap-0005KE-Un <[email protected]>
          MariseYFaria@
        D heliogalvao@
        D paulakunath@
        D eve_junkera@
        D fabiobt@
        D leidegis@
        D jarbasbueno@
        D heluquisa2004@
        D guig.soares@
        D fhr1980@
        D sirnagovino@

该邮件主题似乎是一堆发往恶意网站的垃圾邮件。

标头如下:

 [root@vesta msglog]# exim -Mvh 1ZC6Ap-0005KE-Un
    1ZC6Ap-0005KE-Un-H
    exim 93 93
    <[email protected]>
    1436188263 0
    -helo_name stevedomain.com
    -host_address 46.177.21.185.51075
    -host_name ppp046177021185.access.hol.gr
    -host_auth dovecot_plain
    -interface_address 109.X.X.X.69.587
    -received_protocol esmtpa
    -body_linecount 41
    -max_received_linelength 86
    -auth_id [email protected]
    YY heliogalvao@
    YY fabiobt@
    NN eve_junkera@
    YN guig.soares@
    NN fhr1980@
    YY paulakunath@
    YY jarbasbueno@
    NN heluquisa2004@
    NN leidegis@
    NN sirnagovino@
    11
    MariseYFaria@
    heliogalvao@
    paulakunath@
    eve_junkera@
    fabiobt@
    leidegis@
    jarbasbueno@
    heluquisa2004@
    guig.soares@
    fhr1980@
    sirnagovino@

    226P Received: from ppp046177021185.access.hol.gr ([46.177.21.185] helo=stevedomain.com)
            by vesta.slidomain.co.uk with esmtpa (Exim 4.72)
            (envelope-from <[email protected]>)
            id 1ZC6Ap-0005KE-Un; Mon, 06 Jul 2015 14:11:04 +0100
    063I Message-ID: <[email protected]>
    044F From: "veribenassi" <[email protected]>
    471T To: "Marise Yaine" <MariseYFaria@>,
     "Helinho" <heliogalvao@>,
     "Kunath" <paulakunath@>, "Evelyn" <eve_junkera@>,
     "Fabio Junqueira" <[email protected]>, "Gisleide" <leidegis@>,
     "Jarbas" <jarbasbueno@>,
     "iso 8859 1 B SGVs9A" <heluquisa2004@>,
     "Guilherme gmail" <guig.soares@>,
     "Fernando Henrique" <fhr1980@>,
     "Janaina Sirna Govino" <sirnagovino@>
    055  Subject: =?ISO-8859-1?Q?6=2F26=2F2015_2=3A10=3A57_PM?=
    038  Date: Thu, 26 Jun 2015 02:10:57 +0000
    018  MIME-Version: 1.0
    091  Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_5B24_83A7AFF1.337DC5C4"
    014  X-Priority: 3
    026  X-MSMail-Priority: Normal
    019  Importance: Normal
    052  X-Mailer: Microsoft Windows Live Mail 16.4.3522.110
    056  X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110

我如何确认我的邮件服务器发生了什么?除了 Fail2Ban 阻止的通常的暴力 ssh 之外,我看不到任何进入框的条目。

相关内容