1
對電子郵件標題的結構有疑問。Email header:last'received:from'header IP is 127.0.0.1
我一直在分析通過我的Postfix MTA發送的垃圾郵件,並注意到有一小部分(< 5%)的localhost地址127.0.0.1作爲最終的'received:from header'。
倒數第二個標頭顯示垃圾郵件服務器的IP。
我假設垃圾郵件發送者通過本地盒子上的MTA中繼到遠程服務器,這就是爲什麼最後收到的郵件頭(代表發送鏈中的第一個郵件頭)顯示本地主機IP。
我有一個實際的標題下面的例子,我的服務器信息已更改爲隱私(垃圾郵件發送者是真實的)。
只想確認我的假設是正確的。
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by mx.acme.net (Postfix) with ESMTP id XXXXXXXXX
for <[email protected]>; Thu, 30 Mar 2017 16:08:16 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mydomain = acme.com
Received: from mx.acme.net ([127.0.0.1])
by localhost (mx.acme.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id XXXXXXXX for <[email protected]>;
Thu, 30 Mar 2017 16:08:15 -0400 (EDT)
Received: from layrbc.operantish.com (layrbc.operantish.com [66.118.137.94])
by mx.acme.net (Postfix) with ESMTP id 0A576D1FAE8
for <[email protected]>; Thu, 30 Mar 2017 16:08:14 -0400 (EDT)
Received: from 025a1bf3.layrbc.operantish.com ([127.0.0.1]:19719 helo=layrbc.operantish.com)
by layrbc.operantish.com with ESMTP id 02DYCACOHN5A1BOPBVDGQKF3;
for <[email protected]>; Thu, 30 Mar 2017 13:08:13 -0700
Date: Thu, 30 Mar 2017 13:08:13 -0700