切换到宽版
  • 7626阅读
  • 3回复

[求助]如何防御类似这种形式伪造的邮件? [复制链接]

上一主题 下一主题
 
只看楼主 倒序阅读 0楼  发表于: 2012-06-18

sender和recipient几乎一样,查看邮件内容却是某种广告,查看邮件原始信息后发现却是从别的IP链接过来的
以下为客户端软件FOXMAIL通过EXCHANGE邮件服务器接收到的邮件的原始信息的一部分内容:加粗部分疑似为垃圾邮件真正的源头,斜体部门为公司相关的邮件帐号示例,邮件的发件人显示也与公司的一样,很容易让内部人员误以为是自己给自己发了封邮件,如果邮件中带有不良信息可能会造成严重后果,那如何来防御这些呢?以下是邮件的详细信息:
Received: from hcv.com (183.60.99.233) by mail.abc.com (192.168.*.*)
with Microsoft SMTP Server id 8.1.436.0; Fri, 15 Jun 2012 17:28:26 +0800
From: =?utf-8?B?5oub6IGY5LiT55So?= <OK_hr@abc.com>
To: =?utf-8?B?5oub6IGY5LiT55So?= <OK_hr@abc.com>
Date: Fri, 15 Jun 2012 17:31:38 +0800
Subject: =?utf-8?B?YXJi44CAPz8/Pz8/Pz/jgIBmeWhq?=
Thread-Topic: =?utf-8?B?YXJi44CAPz8/Pz8/Pz/jgIBmeWhq?=
Thread-Index: Ac1K2TfRKudoFXxdR7ew6SA6F0a4iA==
Message-ID: <007746281067$76618628$83154682@hcv.com>
Accept-Language: zh-CN
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
X-MS-Exchange-Organization-AuthSource: mail.abc.com
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-organization-originalarrivaltime: 15 Jun 2012 09:28:26.1718
(UTC)
x-ms-exchange-organization-originalsize: 1397
x-ms-exchange-organization-recipient-limit-verified: True
x-ms-exchange-forest-rulesexecuted: mail
Content-Type: multipart/alternative;
boundary="_000_0077462810677661862883154682hcvcom_"
MIME-Version: 1.0
--_000_0077462810677661862883154682hcvcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
DQo=
--_000_0077462810677661862883154682hcvcom_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
77u/PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u
YWwvL0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0
PXV0Zi04IiBodHRwLWVxdWl2PUNvbnRlbnQtVHlwZT4NCjxNRVRBIG5hbWU9R0VORVJBVE9SIGNv
bnRlbnQ9Ik1TSFRNTCA4LjAwLjYwMDEuMTg3MDIiPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+
DQo8Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxJTlBVVCBpZD1nYiBib3JkZXI9MCANCnNy
Yz0iaHR0cDovL2ltZzAyLnRhb2Jhb2Nkbi5jb20vaW1nZXh0cmEvaTIvMTA4NDU3NDM2L1QyNFg0
alhucE5YWFhYWFhYWF8hITEwODQ1NzQzNi5naWYiIA0KdHlwZT1pbWFnZT4gPC9ESVY+PC9CT0RZ
PjwvSFRNTD4NCg==
--_000_0077462810677661862883154682hcvcom_--
------=_NextPart_000_009B_01CD4B4C.1180E4F0--
分享到
只看该作者 1楼  发表于: 2012-06-19
Does you install anti-spam or edge server or email spam appliance?
Those should help to prevent such mail. the best if you able to IPS on your gateway too.

只看该作者 2楼  发表于: 2012-06-20
这里的abc.com是你们自己的域名?如果是的话,可以参考下文进行设置:

http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html
只看该作者 3楼  发表于: 2012-06-26
yes,i haven't installed Edge Sever.and,i'll install the Exchange Edge Server while i finish installing Windows 2003 R2*64 in the VM.Thanks for the help of above.
快速回复
限60 字节
 
上一个 下一个