我正在尝试隔离在我的networking上发送恶意软件的电子邮件。 标题如下:
Received: from z.local.domain (172.18.248.22) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24 via Mailbox Transport; Mon, 30 Sep 2013 02:35:43 -0700 Received: from z.local.domain (172.18.248.22) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24; Mon, 30 Sep 2013 02:35:43 -0700 Received: from localhost (172.18.248.18) by z.local.domain (172.18.248.22) with Microsoft SMTP Server (TLS) id 15.0.712.24 via Frontend Transport; Mon, 30 Sep 2013 02:35:43 -0700 Received: from www-data by localhost with local (Exim 4.80) (envelope-from <[email protected]>) id 1VQZtH-0002oq-13 for [email protected]; Mon, 30 Sep 2013 02:35:43 -0700 MIME-Version: 1.0 Subject: Subject: eRKpqkSHqdjESMjhqQ Return-Path: [email protected] X-MS-Exchange-Organization-Authsource: z.local.domain Date: Mon, 30 Sep 2013 02:35:43 -0700 X-MS-Exchange-Organization-Network-Message-ID: d786a17d-ef12-4403-aa12-08d08bd7914a X-MS-Exchange-Organization-Authas: Anonymous content-type: text/html; charset="utf-8" Message-ID: <E1VQZtH-0002oq-13@localhost> To: <[email protected]> X-PHP-Originating-Script: 0:ticket.php From: Benjamin <[email protected]> X-RT-Original-Encoding: iso-8859-1 Content-Length: 500 我用clamwin和malwarebytes扫描了Z服务器,但都返回了负面的。 除了帮助台外,其他人似乎都没有在我们的networking中报告这些垃圾邮件。 (Helpdesk位于运行Request Tracker 4的Debian 7.1主机上 – 这是唯一一个检查此电子邮件帐户的地方。)
有没有其他的扫描仪,我可以在Z服务器上运行,或者问题在别处?
你的头显示这个邮件源自172.18.248.18。 所以这是你需要看的机器。