最近我的服务器生成了许多垃圾邮件。我在示例消息中查找了信息,但发件人显然是伪造的,并且消息头中也没有后缀用户 ID。以下是示例消息的完整标头:
root@server:~# postcat -qv 400CB848E9
postcat: name_mask: all
postcat: inet_addr_local: configured 4 IPv4 addresses
postcat: inet_addr_local: configured 2 IPv6 addresses
*** ENVELOPE RECORDS hold/400CB848E9 ***
message_size: 2333 670 1 0 2333 0
message_arrival_time: Thu Jun 24 06:44:46 2021
create_time: Thu Jun 24 06:44:46 2021
named_attribute: log_ident=400CB848E9
named_attribute: rewrite_context=local
sender: [email protected]
named_attribute: log_client_name=localhost.localdomain
named_attribute: log_client_address=127.0.0.1
named_attribute: log_client_port=40070
named_attribute: log_message_origin=localhost.localdomain[127.0.0.1]
named_attribute: log_helo_name=localhost
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost.localdomain
named_attribute: reverse_client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: client_port=40070
named_attribute: helo_name=localhost
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;[email protected]
original_recipient: [email protected]
recipient: [email protected]
*** MESSAGE CONTENTS hold/400CB848E9 ***
regular_text: Received: from localhost (localhost.localdomain [127.0.0.1])
regular_text: by dallas.mylocalhostdomain.com (Postfix) with ESMTP id 400CB848E9
regular_text: for <[email protected]>; Thu, 24 Jun 2021 06:44:46 -0400 (EDT)
regular_text: From: Google Drive Storage <[email protected]>
regular_text: To: [email protected]
regular_text: MIME-Version: 1.0
regular_text: Message-ID: <[email protected]>
regular_text: Date: Thu, 24 Jun 2021 06:44:46 +0000
regular_text: Content-Type: text/html; charset=UTF-8
regular_text: Content-Transfer-Encoding: 7bit
regular_text: Subject: File is damaged and could not be repaired
从头部可以看出,消息的发送者是[email protected],但是服务器上不存在这个域名/用户。据我所知,我很困惑,用户必须存在于服务器上,然后才能对 SMTP 进行身份验证。此外,mail.log 文件中也没有认证信息。
我希望有人可以帮助指出如何识别生成此消息的真实用户?
谢谢!