Guten Tag zusammen,
wir haben seit einigen Tagen das Problem, dass Kunden Phishing Emails erhalten. Diese gehen an korrekte Absender, die auch in der Exchange Struktur vorhanden sind.
Folgendes Setup gibt es hier:
PMG 1 |
PMG Cluster -> Firewall Redirect Port 2525 -> Exchange Cluster
PMG 2 |
Die SPF, DKIM Einträge der Absender Domains passen leider auch, daher fallen diese Punkte schonmal raus.
Anbei 2 Beispiele:
Apr 13 13:09:12 mailgateway02 postfix/smtpd[1093112]: connect from host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: A48D52F9E5: client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/cleanup[1092320]: A48D52F9E5: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: from=eskbclpa@wepixel.in, size=12536, nrcpt=1 (queue active)
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: new mail message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in#012
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: disconnect from host.24x7servermanagement.net[108.178.38.194] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: SA score=0/5 time=2.635 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HK_RANDOM_ENVFROM(1),HK_RANDOM_FROM(0.999),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_HI(-5),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: 870B92F9E6: client=localhost[127.0.0.1], orig_client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:16 mailgateway02 postfix/cleanup[1092320]: 870B92F9E6: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: 870B92F9E6: from=eskbclpa@wepixel.in, size=13857, nrcpt=1 (queue active)
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: accept mail to empfanger1@exchangedomain.de (870B92F9E6) (rule: default-accept)
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: processing time: 2.713 seconds (2.635, 0.051, 0)
Apr 13 13:09:16 mailgateway02 postfix/lmtp[1092322]: A48D52F9E5: to=empfanger1@exchangedomain.de, relay=127.0.0.1[127.0.0.1]:10024, delay=3, delays=0.26/0/0.06/2.7, dsn=2.5.0, status=sent (250 2.5.0 OK (2FA3B6256AF59CDC65))
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: removed
Apr 13 13:09:16 mailgateway02 postfix/smtp[1092327]: 870B92F9E6: to=empfanger1@exchangedomain.de, relay=XXX[XXX]:2525, delay=0.18, delays=0.01/0/0.04/0.14, dsn=2.6.0, status=sent (250 2.6.0 f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in [InternalId=98406290686029, Hostname=EX01XXX] 15275 bytes in 0.120, 124,228 KB/sec Queued mail for delivery)
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: 870B92F9E6: removed
Apr 13 13:09:12 mailgateway02 postfix/smtpd[1093112]: connect from host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 pmgpolicy[1092302]: SPF says pass
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: A48D52F9E5: client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/cleanup[1092320]: A48D52F9E5: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: from=eskbclpa@wepixel.in, size=12536, nrcpt=1 (queue active)
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2022/04/13-13:09:13 CONNECT TCP Peer: "[127.0.0.1]:37632" Local: "[127.0.0.1]:10024"
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: reloading configuration Proxmox_ruledb
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: new mail message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: disconnect from host.24x7servermanagement.net[108.178.38.194] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:51 mailgateway02 postfix/smtpd[1092468]: connect from linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: 20FD92F52A: client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/cleanup[1092320]: 20FD92F52A: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: disconnect from linux73.webhosting-network-services.com[69.61.45.77] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:52 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: from=ajcpag@insmaltagracia.edu.ar, size=5311, nrcpt=1 (queue active)
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: new mail message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar#012
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: SA score=0/5 time=2.361 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RAZOR2_CF_RANGE_51_100(2.43),RAZOR2_CHECK(1.729),RCVD_IN_DNSWL_HI(-5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: A530B2ED7B: client=localhost[127.0.0.1], orig_client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:54 mailgateway02 postfix/cleanup[1092320]: A530B2ED7B: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: from=ajcpag@insmaltagracia.edu.ar, size=6673, nrcpt=1 (queue active)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: accept mail to empfanger1@exchangedomain.de (A530B2ED7B) (rule: default-accept)
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: processing time: 2.435 seconds (2.361, 0.046, 0)
Apr 13 13:01:54 mailgateway02 postfix/lmtp[1092322]: 20FD92F52A: to=empfanger2@exchangedomain.de, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9, delays=0.5/0/0/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (2F6576256ADA03BE26))
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: removed
Apr 13 13:01:54 mailgateway02 postfix/smtp[1092327]: A530B2ED7B: to=empfanger2@exchangedomain.de, relay=XXX[XXX]:2525, delay=0.19, delays=0/0/0.04/0.14, dsn=2.6.0, status=sent (250 2.6.0 ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar [InternalId=62972810493967, Hostname=EX02XX] 8099 bytes in 0.128, 61,689 KB/sec Queued mail for delivery)
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: removed
Apr 13 13:01:51 mailgateway02 postfix/smtpd[1092468]: connect from linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 pmgpolicy[1092303]: SPF says pass
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: 20FD92F52A: client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/cleanup[1092320]: 20FD92F52A: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: disconnect from linux73.webhosting-network-services.com[69.61.45.77] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:52 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: from=ajcpag@insmaltagracia.edu.ar, size=5311, nrcpt=1 (queue active)
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2022/04/13-13:01:52 CONNECT TCP Peer: "[127.0.0.1]:37602" Local: "[127.0.0.1]:10024"
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: new mail message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: SA score=0/5 time=2.361 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RAZOR2_CF_RANGE_51_100(2.43),RAZOR2_CHECK(1.729),RCVD_IN_DNSWL_HI(-5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: A530B2ED7B: client=localhost[127.0.0.1], orig_client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:54 mailgateway02 postfix/cleanup[1092320]: A530B2ED7B: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: from=ajcpag@insmaltagracia.edu.ar, size=6673, nrcpt=1 (queue active)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Konfiguration:
Seht ihr hier etwas das wir noch tun können um diese Emails zu verhindern?
Im Email Inhalt selbst steht etwas wie das hier:
Hi,
Ich wünschte, ich wollte Ihnen eine Datei fallen lassen, die ich rannte, um sie persönlich anzutreffen.
https://mhdti.com/ril/pltavecotasupla
<Normaler Mailcontent>
wir haben seit einigen Tagen das Problem, dass Kunden Phishing Emails erhalten. Diese gehen an korrekte Absender, die auch in der Exchange Struktur vorhanden sind.
Folgendes Setup gibt es hier:
PMG 1 |
PMG Cluster -> Firewall Redirect Port 2525 -> Exchange Cluster
PMG 2 |
Die SPF, DKIM Einträge der Absender Domains passen leider auch, daher fallen diese Punkte schonmal raus.
Anbei 2 Beispiele:
Apr 13 13:09:12 mailgateway02 postfix/smtpd[1093112]: connect from host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: A48D52F9E5: client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/cleanup[1092320]: A48D52F9E5: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: from=eskbclpa@wepixel.in, size=12536, nrcpt=1 (queue active)
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: new mail message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in#012
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: disconnect from host.24x7servermanagement.net[108.178.38.194] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: SA score=0/5 time=2.635 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HK_RANDOM_ENVFROM(1),HK_RANDOM_FROM(0.999),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_HI(-5),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: 870B92F9E6: client=localhost[127.0.0.1], orig_client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:16 mailgateway02 postfix/cleanup[1092320]: 870B92F9E6: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:16 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: 870B92F9E6: from=eskbclpa@wepixel.in, size=13857, nrcpt=1 (queue active)
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: accept mail to empfanger1@exchangedomain.de (870B92F9E6) (rule: default-accept)
Apr 13 13:09:16 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: processing time: 2.713 seconds (2.635, 0.051, 0)
Apr 13 13:09:16 mailgateway02 postfix/lmtp[1092322]: A48D52F9E5: to=empfanger1@exchangedomain.de, relay=127.0.0.1[127.0.0.1]:10024, delay=3, delays=0.26/0/0.06/2.7, dsn=2.5.0, status=sent (250 2.5.0 OK (2FA3B6256AF59CDC65))
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: removed
Apr 13 13:09:16 mailgateway02 postfix/smtp[1092327]: 870B92F9E6: to=empfanger1@exchangedomain.de, relay=XXX[XXX]:2525, delay=0.18, delays=0.01/0/0.04/0.14, dsn=2.6.0, status=sent (250 2.6.0 f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in [InternalId=98406290686029, Hostname=EX01XXX] 15275 bytes in 0.120, 124,228 KB/sec Queued mail for delivery)
Apr 13 13:09:16 mailgateway02 postfix/qmgr[514081]: 870B92F9E6: removed
Apr 13 13:09:12 mailgateway02 postfix/smtpd[1093112]: connect from host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 pmgpolicy[1092302]: SPF says pass
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: A48D52F9E5: client=host.24x7servermanagement.net[108.178.38.194]
Apr 13 13:09:13 mailgateway02 postfix/cleanup[1092320]: A48D52F9E5: message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/qmgr[514081]: A48D52F9E5: from=eskbclpa@wepixel.in, size=12536, nrcpt=1 (queue active)
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2022/04/13-13:09:13 CONNECT TCP Peer: "[127.0.0.1]:37632" Local: "[127.0.0.1]:10024"
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: reloading configuration Proxmox_ruledb
Apr 13 13:09:13 mailgateway02 pmg-smtp-filter[1092137]: 2FA3B6256AF59CDC65: new mail message-id=f0pqfaf4uz7oxgyvhcez3noh0rggu7su@wepixel.in
Apr 13 13:09:13 mailgateway02 postfix/smtpd[1093112]: disconnect from host.24x7servermanagement.net[108.178.38.194] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:51 mailgateway02 postfix/smtpd[1092468]: connect from linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: 20FD92F52A: client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/cleanup[1092320]: 20FD92F52A: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: disconnect from linux73.webhosting-network-services.com[69.61.45.77] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:52 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: from=ajcpag@insmaltagracia.edu.ar, size=5311, nrcpt=1 (queue active)
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: new mail message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar#012
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: SA score=0/5 time=2.361 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RAZOR2_CF_RANGE_51_100(2.43),RAZOR2_CHECK(1.729),RCVD_IN_DNSWL_HI(-5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: A530B2ED7B: client=localhost[127.0.0.1], orig_client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:54 mailgateway02 postfix/cleanup[1092320]: A530B2ED7B: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: from=ajcpag@insmaltagracia.edu.ar, size=6673, nrcpt=1 (queue active)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: accept mail to empfanger1@exchangedomain.de (A530B2ED7B) (rule: default-accept)
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: processing time: 2.435 seconds (2.361, 0.046, 0)
Apr 13 13:01:54 mailgateway02 postfix/lmtp[1092322]: 20FD92F52A: to=empfanger2@exchangedomain.de, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9, delays=0.5/0/0/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (2F6576256ADA03BE26))
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: removed
Apr 13 13:01:54 mailgateway02 postfix/smtp[1092327]: A530B2ED7B: to=empfanger2@exchangedomain.de, relay=XXX[XXX]:2525, delay=0.19, delays=0/0/0.04/0.14, dsn=2.6.0, status=sent (250 2.6.0 ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar [InternalId=62972810493967, Hostname=EX02XX] 8099 bytes in 0.128, 61,689 KB/sec Queued mail for delivery)
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: removed
Apr 13 13:01:51 mailgateway02 postfix/smtpd[1092468]: connect from linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 pmgpolicy[1092303]: SPF says pass
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: 20FD92F52A: client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:52 mailgateway02 postfix/cleanup[1092320]: 20FD92F52A: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:52 mailgateway02 postfix/smtpd[1092468]: disconnect from linux73.webhosting-network-services.com[69.61.45.77] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 13 13:01:52 mailgateway02 postfix/qmgr[514081]: 20FD92F52A: from=ajcpag@insmaltagracia.edu.ar, size=5311, nrcpt=1 (queue active)
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2022/04/13-13:01:52 CONNECT TCP Peer: "[127.0.0.1]:37602" Local: "[127.0.0.1]:10024"
Apr 13 13:01:52 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: new mail message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 pmg-smtp-filter[1092137]: 2F6576256ADA03BE26: SA score=0/5 time=2.361 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RAZOR2_CF_RANGE_51_100(2.43),RAZOR2_CHECK(1.729),RCVD_IN_DNSWL_HI(-5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: connect from localhost[127.0.0.1]
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: A530B2ED7B: client=localhost[127.0.0.1], orig_client=linux73.webhosting-network-services.com[69.61.45.77]
Apr 13 13:01:54 mailgateway02 postfix/cleanup[1092320]: A530B2ED7B: message-id=ripnlxmgxrnaem9erjtce2m3ss52rxse@insmaltagracia.edu.ar
Apr 13 13:01:54 mailgateway02 postfix/qmgr[514081]: A530B2ED7B: from=ajcpag@insmaltagracia.edu.ar, size=6673, nrcpt=1 (queue active)
Apr 13 13:01:54 mailgateway02 postfix/smtpd[1092326]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Konfiguration:
Seht ihr hier etwas das wir noch tun können um diese Emails zu verhindern?
Im Email Inhalt selbst steht etwas wie das hier:
Hi,
Ich wünschte, ich wollte Ihnen eine Datei fallen lassen, die ich rannte, um sie persönlich anzutreffen.
https://mhdti.com/ril/pltavecotasupla
<Normaler Mailcontent>
