擋掉詐騙信件的範例

[Arnor]

今天收到一封報告信

信件原始內容為

X-MD-FROM: postmaster@raidenftpd.com
X-MD-TO: arnor@raidenftpd.com
Received: from sdns5.becool.com ([162.244.82.64])
by mx.raidenmaild.com ([192.168.1.101]);
Fri, 26 Apr 2019 21:59:24 +0800
(over TLSv1 secured channel)
Date: Fri, 26 Apr 2019 09:03:19 -0500
From: postmaster@sdns5.becool.com
Subject: Delivery report
To: arnor@raidenftpd.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="report5CC30FA7@sdns5.becool.com"

--report5CC30FA7@sdns5.becool.com
Content-Type: text/plain

Hello, this is the mail server on sdns5.becool.com.

I am sending you this message to inform you on the delivery status of a
message you previously sent. Immediately below you will find a list of
the affected recipients; also attached is a Delivery Status Notification
(DSN) report in standard format, as well as the headers of the original
message.

<arnor@raidenftpd.com> delivery failed; will not continue trying

--report5CC30FA7@sdns5.becool.com
Content-Type: message/delivery-status

Reporting-MTA: dns;sdns5.becool.com
X-PowerMTA-VirtualMTA: pmta-vmta5
Received-From-MTA: dns;server.becool.com (127.0.0.1)
Arrival-Date: Fri, 26 Apr 2019 08:52:58 -0500

Final-Recipient: rfc822;arnor@raidenftpd.com
Action: failed
Status: 5.0.0 (undefined status)
Remote-MTA: dns;mx.raidenmaild.com (1.34.91.201)
Diagnostic-Code: smtp;501 arnor@raidenftpd.com, system does not accept that sender is the same as recipient
X-PowerMTA-BounceCategory: other

--report5CC30FA7@sdns5.becool.com
Content-Type: text/rfc822-headers

Subject: Your device has been compromised! Important!
From: arnor@raidenftpd.com <arnor@raidenftpd.com>
To: arnor@raidenftpd.com <arnor@raidenftpd.com>
Date: Fri, 26 Apr 2019 08:52:58 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="===============4869198011377654268=="

--report5CC30FA7@sdns5.becool.com--
.


這封詐騙信從這個主機(可能被當跳板了), 被人轉寄這種以我信箱名義寄給自己的信, 然後直接被擋掉, 所以這主機寄出報告信到寄件人信箱(因為我被假冒)讓我知道有人曾嘗試這樣寄信給我呢!


_________________
*若是想問問題的話, 請務必不要塗改任何 IP, 網域資料, 您若不願貼上IP或網域, 請改以電子郵件來詢問. 謝謝您的配合.*
*若是回報疑似軟體的運行或邏輯或資料處理有誤的問題, 小弟很樂意去了解您的情況, 但請務必以最新版來做回報, 如果以郵件詢問, 請參考 http://www.raidenmaild.com/tw/feedback.html 的說明, 最好標題加個 RaidenMAILD 字樣, 才不致會遺漏了您的信唷. 謝謝您的配合^^*
*在版上發文請遵守網路禮儀, 並請持著虛心敘述問題請教他人, 凡發現違反的文, 均一律刪除為優先, 不另行通知喔.
*與使用者教學相長腦力激盪是我輩成就感的來源, 誠心希望您能不吝指教.
*雷電MAILD 知識庫文件 http://www.raidenmaild.com/tw/kb/

素還尊
Team John Long.
Email: arnor@raidenmaild.com
公司網站 http://www.raidenmaild.com/company/