如何解决Amazon SES 遭到入侵
我们经历了一些奇怪的事情。我们有很多邮件通过我们的域发送,但不是我们发送的。
我们已经安装了 Dmarc、DKIM、SPF 等,所有这些都已设置并正常运行,但问题仍然存在。更改 API 密钥和 SMTP 密钥无法解决此问题。
我们能做什么?
邮件日志示例:
{
"Type" : "Notification","MessageId" : "d9c91074-7f57-5a86-8322-49393f02821a","TopicArn" : "arn:aws:sns:eu-west-1:718401892325:Bounce","Message" : "{\"notificationType\":\"Bounce\",\"bounce\":{\"FeedbackId\":\"0102017a392a81a4-57668ac5-61a5-4648-9dc4-74c1b3c687c7-000000\",\"bounceType\":\"Permanent\",\"bounceSubType\":\"General\",\"bouncedRecipients\":[{\"emailAddress\":\"[REDACTED RECEIVER]\",\"action\":\"Failed\",\"status\":\"5.3.0\",\"diagnosticCode\":\"smtp; 550 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550 [aKgfXeZYNwGH2GQxUFKDHA.us425]\"}],\"timestamp\":\"2021-06-23T13:58:44.000Z\",\"remoteMtaIp\":\"207.211.30.242\",\"reportingMTA\":\"dns; a7-36.smtp-out.eu-west-1.amazonses.com\"},\"mail\":{\"timestamp\":\"2021-06-23T13:58:44.246Z\",\"source\":\"[OUR MAIL ADRESS]\",\"sourceArn\":\"arn:aws:ses:eu-west-1:718401892325:identity/[OURDOMAIN]\",\"sourceIp\":\"185.29.10.120\",\"sendingAccountId\":\"718401892325\",\"messageId\":\"0102017a392a7f16-fe0921c4-319b-4565-a621-999132fc4ded-000000\",\"destination\":[\"[REDACTED RECEIVER]\"],\"headersTruncated\":false,\"headers\":[{\"name\":\"Received\",\"value\":\"from [OURDOMAIN] ([185.29.10.120]) by email-smtp.amazonaws.com with SMTP (SimpleEmailService-d-ETSXZ9WDB) id jsSf6D7p1SM4Tbekxdmr for [REDACTED RECEIVER]; Wed,23 Jun 2021 13:58:44 +0000 (UTC)\"},{\"name\":\"From\",\"value\":\"[REDACTED RECEIVER DOMAIN] <[OURDOMAIN]>\"},{\"name\":\"To\",\"value\":\"[REDACTED RECEIVER]\"},{\"name\":\"Subject\",\"value\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"},{\"name\":\"Date\",\"value\":\"23 Jun 2021 16:57:44 +0300\"},{\"name\":\"Message-ID\",\"value\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\"},{\"name\":\"MIME-Version\",\"value\":\"1.0\"},{\"name\":\"Content-Type\",\"value\":\"text/html\"},{\"name\":\"Content-transfer-encoding\",\"value\":\"quoted-printable\"}],\"commonHeaders\":{\"from\":[\"\\\"[REDACTED RECEIVER DOMAIN]\\\" <[REDACTED RECEIVER]>\"],\"date\":\"23 Jun 2021 16:57:44 +0300\",\"to\":[\"[REDACTED RECEIVER]\"],\"messageId\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\",\"subject\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"}}}","Timestamp" : "2021-06-23T13:58:45.045Z","Signatureversion" : "1","Signature" : "....jetiO8rzyuzM1dc5FCVHt7UAqHIjahA0fmXnLxKn9L5KwOlSlFvYaWBcYkEgCG1F7m+z1qDRaYqaU80Z+YY+exR7nw==","SigningCertURL" : ".......","UnsubscribeURL" : "......-4f97-82a3-3bf1b9e107bc"
}
看起来有人从服务器发送垃圾邮件并使用发件人:ebay.com info@ourdomain.com --> 使用 email-smtp.amazonaws.com SMTP --> 并通过我们的 Amazon SES 帐户发送至:ceo@ ebay.com(例如)
任何人都可以指导我朝着正确的方向前进,因为我不知道该怎么做,而亚马逊也没有那么有用。
ps。为了接收者的隐私,在 JSON 响应中添加了 [redacted...]。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
