如何判断我的邮件系统是否已被盗用?

时间:2012-07-02 16:08:42

标签: security email

我的网站站长抓取所有电子邮件地址开始收到来自各种电子邮件系统的大量“传递状态通知(失败)”回复。大约每小时1次。

显然垃圾邮件正在发送,因为内容与药物有关。我想知道是否

1)我们没有发送它,但是回复字段正在设置到我们的网站,因此我们收到了失败通知或 2)我们的系统受到了损害,我们的系统正在发送,损害了我们的声誉。另外 - 如果是这种情况,我在哪里解决问题?!

谢谢!

以下是一个例子:

 Delivery to the following recipient failed permanently:

 grdchurch@mail.calvinseminary.edu

 Technical details of permanent failure:
 Google tried to deliver your message, but it was rejected by the recipient domain. We         recommend contacting the other email provider for further information about the cause of    this error. The error that the other server returned was: 550 550 5.1.1   <grdchurch@calvinseminary.edu>... User unknown (state 13).

 ----- Original message -----

 Received: by 10.204.152.70 with SMTP id f6mr6872450bkw.7.1341224023720;
 Mon, 02 Jul 2012 03:13:43 -0700 (PDT)
 Received: by 10.204.152.70 with SMTP id f6mr6872447bkw.7.1341224023673;
 Mon, 02 Jul 2012 03:13:43 -0700 (PDT)
 Return-Path: <Ester7CB4674@mysite.com>
 Received: from 94.98.142.218 ([94.98.142.218])
 by mx.google.com with ESMTP id hi9si10538192bkc.151.2012.07.02.03.13.38;
 Mon, 02 Jul 2012 03:13:39 -0700 (PDT)
 Received-SPF: neutral (google.com: 94.98.142.218 is neither permitted nor denied by   best guess record for domain of Ester7CB4674@mysite.com) client-ip=94.98.142.218;
 Authentication-Results: mx.google.com; spf=neutral (google.com: 94.98.142.218 is neither permitted nor denied by best guess record for domain of Ester7CB4674@mysite.com)    smtp.mail=Ester7CB4674@mysite.com
 Date: Mon, 02 Jul 2012 03:13:39 -0700 (PDT)
 Message-Id: <20120702131340.6C18454BE719A3A513E9@USER-PC>
 From: Leslie Browning <Ester7CB4674@mysite.com>
 To: grdchurch <grdchurch@calvinseminary.edu>
 Reply-To: Maryanne Whitehead <Terry1DA24@starlane411.com>
 Subject: For grdchurch
 Mime-Version: 1.0
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: 7bit

 best ED meds! Be confident! Buy here http://www.akermedic.ru/

 B3B0ED3F2E14A898C2C644020D7E9A8071
 30DA492A4CF3EB0A0E3DE1371040BE5C81
 4C9CF9C9AC2D7881DACD5D1B0A9A460

2 个答案:

答案 0 :(得分:1)

尝试安装一些防病毒和反恶意软件,例如:

http://www.malwarebytes.org/

http://www.microsoft.com/security/pc-security/mse.aspx

并运行完整的系统扫描,看看你提出了什么。

答案 1 :(得分:1)

您可以在邮件标题中看到

Received: from 94.98.142.218 ([94.98.142.218])

如果IP与任何主机的ip不相等,那么它只是欺骗性的From标头。 Received标头不是由发件人创建的,而是由中间邮件服务器创建的,中间邮件服务器(可能)也向您发送了Delivery Status Notification (Failure)邮件。这不能琐碎欺骗。攻击者也不需要欺骗,因为他已经你的系统视为恶搞。

所以我认为这指向一个欺骗性From标题的方向,它指向你。当然没有保证。

相关问题
最新问题