我发现了一些需要发送给[电子邮件保护]我想知道是谁发的。搜索日志时,我发现发件人是“<>”,所以可能是 postfix(邮件守护程序),但我如何追溯原始发件人?
Sep 18 14:34:02 messagerie postfix/cleanup[610]: 6766E1E922DB: message-id=<[email protected]>
Sep 18 14:34:02 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:34:03 messagerie postfix/pipe[648]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=0.59, delays=0.03/0.19/0/0.37, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/1116.0.messagerie.domain.tld. )
Sep 18 14:41:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:41:30 messagerie postfix/pipe[656]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=448, delays=448/0.07/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/4281.0.messagerie.domain.tld. )
Sep 18 14:51:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:51:31 messagerie postfix/pipe[5595]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=1049, delays=1049/0.11/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/5601.0.messagerie.domain.tld. )
Sep 18 15:11:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 15:11:30 messagerie postfix/pipe[8843]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=2248, delays=2248/0.11/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/9050.0.messagerie.domain.tld. )
编辑
正如@RyanBabchishin 指出的那样,我跳过了日志中的几行。通过再次仔细搜索 qid,我发现了以下内容:
Sep 18 14:34:02 messagerie postfix/cleanup[610]: 6766E1E922DB: message-id=<[email protected]>
[... Many lines later ...]
Sep 18 14:34:02 messagerie postfix/bounce[777]: 283821E922D9: sender non-delivery notification: 6766E1E922DB
Sep 18 14:34:02 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
因此实际上 6766E1E922DB 是 283821E922D9 的反弹。如果我搜索 283821E922D9,我就能找到原始发件人(应该是 rpub 本身):
Sep 18 14:34:01 messagerie postfix/smtpd[31851]: 283821E922D9: client=localhost[127.0.0.1]
Sep 18 14:34:01 messagerie postfix/cleanup[718]: 283821E922D9: message-id=<[email protected]>
Sep 18 14:34:01 messagerie postfix/smtpd[31851]: disconnect from localhost[127.0.0.1]
Sep 18 14:34:01 messagerie postfix/qmgr[2749]: 283821E922D9: from=<[email protected]>, size=32590, nrcpt=2 (queue active)
事实真相
答案1
电子邮件的发件人很容易被欺骗,因此您无法使用发件人的电子邮件做任何有用的事情。您可以信任的唯一相关信息是发送电子邮件的 SMTP 服务器。
答案2
通过再次搜索日志
Sep 18 14:34:02 messagerie postfix/cleanup[610]: 6766E1E922DB: message-id=<[email protected]>
[... Many lines later ...]
Sep 18 14:34:02 messagerie postfix/bounce[777]: 283821E922D9: sender non-delivery notification: 6766E1E922DB
Sep 18 14:34:02 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
这是针对 283821E922D9 的退回邮件。搜索该 QID 可找到原始发件人:
Sep 18 14:34:01 messagerie postfix/qmgr[2749]: 283821E922D9: from=<[email protected]>, size=32590, nrcpt=2 (queue active)