垃圾邮件发送者可以使用不同的 IP 从我的电子邮件地址向我发送邮件

垃圾邮件发送者可以使用不同的 IP 从我的电子邮件地址向我发送邮件

我检查了所有内容,通常我的服务器会拦截所有垃圾邮件,但这条除外。它不是来自我们的服务器,而是通过我们的用户名转发到我们公司。看起来我把这些电子邮件发给了我自己 :D

我正在使用 Exchange Server 2010。我已检查了所有 spf 记录和 dmarc。我这边一切正常。我需要帮助来阻止这些电子邮件发送给我的用户。

以下是收到的垃圾邮件的标题:

> Received: from crt21.co.jp (60.43.215.250) by server.xxxxx.local 
> (xxx.xxx.xxx.xxx) with Microsoft SMTP Server (TLS) id x.x.x.x; Tue, 5
> Feb  2019 09:05:56 +0300 
> Received: from [84-241-41-230.shatel.ir]
> (unknown [84.241.41.230]) (using  TLSv1 with cipher DHE-RSA-AES256-SHA
> (256/256 bits))   (Client did not present  a certificate) by crt21.co.jp
> (Postfix) with ESMTPSA id 0568913F380A2   for  <[email protected]>;
> Tue,  5 Feb 2019 15:02:04 +0900 (JST) 
> From: <[email protected]>
> Date: Tue, 5 Feb 2019 07:02:07 +0100 
> List-Unsubscribe:<mailto:[email protected]>,
> X-Priority: 1 (Highest) 
> X-Mailer: Duesfatyjz 8 
> Subject: This account has been hacked! Change your password right now!
> Content-Transfer-Encoding: base64 Content-Type: text/plain;
> charset="UTF-8" X-CSA-Complaints: [email protected]
> List-Help: [email protected] 
> Message-ID:<[email protected]> 
> X-Sender:<[email protected]> 
> X-Abuse-Reports-To: <[email protected]> 
> To:<[email protected]> Errors-To: [email protected] 
> User-Agent:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) 
> Gecko/20101125 Thunderbird/3.0.11 MIME-Version: 1.0 
> Return-Path:[email protected] 
> X-MS-Exchange-Organization-AuthSource: server.xxxxxxx.local
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-MS-Exchange-Organization-PRD: mydomain.com
> X-MS-Exchange-Organization-SenderIdResult: SoftFail 
> Received-SPF:SoftFail (server.xxxxxxx.local: domain of transitioning 
> [email protected] discourages use of 60.43.215.250 as  permitted
> sender) 
> X-MS-Exchange-Organization-SCL: 0
> X-MS-Exchange-Organization-PCL: 2
> X-MS-Exchange-Organization-Antispam-Report: 
> DV:3.3.5705.600;SID:SenderIDStatus SoftFail;OrigIP:60.43.215.250

答案1

这很正常。电子邮件就是这样设计的。可以是任何东西,但信封发件人(从未在标题中显示)必须与 SPF 记录相匹配。

答案2

这些邮件是否有共同点,例如主题相同?如果有,您可以设置传输规则来阻止此类邮件。

请检查您的 Exchange 服务器是否为开放中继。您可以从 Exchange 管理 Shell 运行一个非常简单的命令来关闭它。

命令是:

Get-ReceiveConnector “YourReceiveConnectorName” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

为了防止匿名发件人使用您的域发送邮件,我们需要删除分配给他们的 ms-exch-smtp-accept-authoritative-domain-sender 权限。

使用以下命令从面向 Internet 的接收连接器上的 NT Authority\Anonymous Logon 中删除 ms-exch-smtp-accept-authoritative-domain-sender 权限:

Get-ReceiveConnector “我的 Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | 其中 {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

相关内容