Amazon SES 遭入侵

tag-icon tag-icon amazon-web-services amazon-ses
Amazon SES 遭入侵

我们遇到了一些奇怪的事情。我们收到了很多通过我们的域名发送的邮件,但这些邮件并不是我们发的。

我们已经设置了 DMARC、DKIM、SPF 等,并且一切正常,但问题仍然存在。更改 API 密钥和 SMTP 密钥无法解决此问题。我们该怎么办?

邮件日志示例:

{
  "Type" : "Notification",
  "MessageId" : "d9c91074-7f57-5a86-8322-49393f02821a",
  "TopicArn" : "arn:aws:sns:eu-west-1:718401892325:Bounce",
  "Message" : "{\"notificationType\":\"Bounce\",\"bounce\":{\"feedbackId\":\"0102017a392a81a4-57668ac5-61a5-4648-9dc4-74c1b3c687c7-000000\",\"bounceType\":\"Permanent\",\"bounceSubType\":\"General\",\"bouncedRecipients\":[{\"emailAddress\":\"[REDACTED RECEIVER]\",\"action\":\"failed\",\"status\":\"5.3.0\",\"diagnosticCode\":\"smtp; 550 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550 [aKgfXeZYNwGH2GQxUFKDHA.us425]\"}],\"timestamp\":\"2021-06-23T13:58:44.000Z\",\"remoteMtaIp\":\"207.211.30.242\",\"reportingMTA\":\"dns; a7-36.smtp-out.eu-west-1.amazonses.com\"},\"mail\":{\"timestamp\":\"2021-06-23T13:58:44.246Z\",\"source\":\"[OUR MAIL ADRESS]\",\"sourceArn\":\"arn:aws:ses:eu-west-1:718401892325:identity/[OURDOMAIN]\",\"sourceIp\":\"185.29.10.120\",\"sendingAccountId\":\"718401892325\",\"messageId\":\"0102017a392a7f16-fe0921c4-319b-4565-a621-999132fc4ded-000000\",\"destination\":[\"[REDACTED RECEIVER]\"],\"headersTruncated\":false,\"headers\":[{\"name\":\"Received\",\"value\":\"from [OURDOMAIN] ([185.29.10.120]) by email-smtp.amazonaws.com with SMTP (SimpleEmailService-d-ETSXZ9WDB) id jsSf6D7p1SM4Tbekxdmr for [REDACTED RECEIVER]; Wed, 23 Jun 2021 13:58:44 +0000 (UTC)\"},{\"name\":\"From\",\"value\":\"[REDACTED RECEIVER DOMAIN] <[OURDOMAIN]>\"},{\"name\":\"To\",\"value\":\"[REDACTED RECEIVER]\"},{\"name\":\"Subject\",\"value\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"},{\"name\":\"Date\",\"value\":\"23 Jun 2021 16:57:44 +0300\"},{\"name\":\"Message-ID\",\"value\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\"},{\"name\":\"MIME-Version\",\"value\":\"1.0\"},{\"name\":\"Content-Type\",\"value\":\"text/html\"},{\"name\":\"Content-Transfer-Encoding\",\"value\":\"quoted-printable\"}],\"commonHeaders\":{\"from\":[\"\\\"[REDACTED RECEIVER DOMAIN]\\\" <[REDACTED RECEIVER]>\"],\"date\":\"23 Jun 2021 16:57:44 +0300\",\"to\":[\"[REDACTED RECEIVER]\"],\"messageId\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\",\"subject\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"}}}",
  "Timestamp" : "2021-06-23T13:58:45.045Z",
  "SignatureVersion" : "1",
  "Signature" : "....jetiO8rzyuzM1dc5FCVHt7UAqHIjahA0fmXnLxKn9L5KwOlSlFvYaWBcYkEgCG1F7m+z1qDRaYqaU80Z+YY+exR7nw==",
  "SigningCertURL" : ".......",
  "UnsubscribeURL" : "......-4f97-82a3-3bf1b9e107bc"
}

看起来有人正在从服务器发送垃圾邮件并使用 FROM: ebay.com[电子邮件保护]--> 使用 email-smtp.amazonaws.com SMTP --> 并通过我们的 Amazon SES 账户发送至:[电子邮件保护](例如)

因为我不知道该怎么做而且亚马逊也没有什么帮助,所以有人可以给我指明正确的方向吗?

答案1

电子邮件显示“通知类型”为“退回”。在我看来,这表明 AWS SES 正在通知您退回邮件(电子邮件被退回而不是送达),如这一页,包含弹回类型这里。该邮件的“bounceType”为“Permanent”,文档显示“收件人的电子邮件提供商发送了硬退回邮件,但未说明硬退回的原因。”

显然有人在使用 AWS SES 向您的域发送电子邮件,但邮件未送达。如果不是您或您的公司,我建议您联系AWS 滥用团队对这个 (关联)。如果您自己举报,而举报的对象是您公司的其他部门,则可能会发生不好的事情,因此请仔细检查。

相关内容