Не решено Подмена получателя

lcnet

Почетный гость
Приветствую!
Столкнулся с такой проблемой.
Допустим, наш сервер - mail.domain.ru
Иногда, бывает что пользователю приходит письмо, которое отправлено от отправителя sender@mail.ru получателю recipient@yandex.ru в обслуживаемом домене domain.ru.

Текущая конфигурация:
Шлюз - postfix: cspostfix.corp.domain.local (10.20.17.10)
Почтарь - Exchange 2016: CSExchange.corp.domain.local (10.20.17.210)

Как вы понимаете, на сервере mail.domain.ru (Exchange 2016) обслуживаемого домена mail.ru нет
На postfix тоже включены только несколько обслуживаемых доменов, среди которых тоже нет домена mail.ru

Пробовал через телнет представиться сервером mail.ru и попытаться отправить письмо от адресата sender@mail.ru, не вышло ни со шлюза, ни с почтаря.

Не могу понять, как такое получается.

Подскажите, плиз, как с этим бороться?

Received: from CSExchange.corp.domain.local (10.20.17.210) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17 via Mailbox Transport; Tue, 16 Apr 2024 06:46:05 +0300
Received: from CSExchange.corp.domain.local (10.20.17.210) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17; Tue, 16 Apr 2024 06:46:05 +0300
Received: from mail.domain.ru (10.20.17.10) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17 via Frontend Transport; Tue, 16 Apr 2024 06:46:05 +0300
Received: from cspostfix.corp.domain.local (cspostfix [127.0.0.1])
by mail.domain.ru (Postfix) with ESMTP id 1100E56F437
for <sales@domain.ru>; Tue, 16 Apr 2024 06:46:04 +0300 (MSK)
Authentication-Results: mail.domain.ru (amavisd-new);
dkim=pass (2048-bit key) header.d=mail.ru
Received: from mail.domain.ru ([127.0.0.1])
by cspostfix.corp.domain.local (mail.domain.ru [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nfYBTP2slhzU for <sales@domain.ru>;
Tue, 16 Apr 2024 06:46:03 +0300 (MSK)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=45.84.128.76; helo=f172.i.mail.ru; envelope-from=omskzakaz@mail.ru; receiver=<UNKNOWN>
Received: from f172.i.mail.ru (f172.i.mail.ru [45.84.128.76])
by mail.domain.ru (Postfix) with ESMTPS id AC16D56F435
for <sales@domain.ru>; Tue, 16 Apr 2024 06:46:00 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail4;
h=Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From:From:Subject:Content-Type:Content-Transfer-Encoding:To:Cc; bh=YzTCXwKWrIvkHmfMZSr/FkvputlgsJC8YnyqhZd50pg=;
t=1713239174;x=1713329174;
b=NlhZAB0bOzG2hD0tbyAJfJgITocRsqqoBHa5SoRzGCYTO2Es7UTSlveAA860+T/qsB60NGws5Q4NnOj08U4pt00vSZD9hk5GslxPt1I1+9NhDD/9tK/4XeNVOVfi17O1tggGPzCwgQAxuiCc7GeHevKUGVbEbTa20qgJ+L7LxbaCyg7qw9pPYO7tNKB17WLJ9/KGN4THcOhGMYNGgBkMg3fqCVs9j2fcjjtyibfj6bSeePzN3a9ruAGDrwp5TSXjuUnwGJ3IYSSx+aOHPYyDT93RVIWpkn0xEvz+WNqyuVlhBQSca+Xzzh7np/RFu0ANsHi9mIA7QxAePndm89gGgw==;
Received: by f172.i.mail.ru with local (envelope-from <omskzakaz@mail.ru>)
id 1rwZln-00034L-Mh; Tue, 16 Apr 2024 06:46:08 +0300
Received: by e.mail.ru with HTTP;
Tue, 16 Apr 2024 06:46:07 +0300
From: =?UTF-8?B?0JrQsNGH0LDQvdC+0LIg0JDQu9C10LrRgdCw0L3QtNGA?= <omskzakaz@mail.ru>
To: mikrofon78spb@yandex.ru
Subject: =?UTF-8?B?INCf0YDQvtGI0YMg0YHQvtC+0LHRidC40YLRjCDQstC+0LfQvNC+0LbQvdC+?=
=?UTF-8?B?0YHRgtGMINC/0YDQuNC+0LHRgNC10YLQtdC90LjRjy4gCdCQ0YPQtNC40L4=?=
=?UTF-8?B?0LPQuNC0IENSWVNUQUxTT1VORCBEUlLigJMyMTBHIC4g0J7RgtCy0LXRgiA=?=
=?UTF-8?B?0LbQtdC70LDRgtC10LvQtdC9INCyINC/0LXRgNCy0L7QuSDQv9C+0LvQvtCy?=
=?UTF-8?B?0LjQvdC1INC00L3RjyHCoMKg?=
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
X-SenderField-FwdMsg: 17128917931113511894
X-SenderField-Remind: 0
Date: Tue, 16 Apr 2024 06:46:07 +0300
Reply-To: =?UTF-8?B?0JrQsNGH0LDQvdC+0LIg0JDQu9C10LrRgdCw0L3QtNGA?= <omskzakaz@mail.ru>
Message-ID: <1713239167.219548747@f120.i.mail.ru>
X-Priority: 3 (Normal)
Content-Type: multipart/mixed;
boundary="----5190aA7269508fD28A83E474aD0bB812-6MRKGMN5GxElL12V-1713239167"
Authentication-Results: f172.i.mail.ru; auth=pass smtp.auth=omskzakaz@mail.ru smtp.mailfrom=omskzakaz@mail.ru
X-Mailru-Src: fe
X-7564579A: 646B95376F6C166E
X-77F55803: 119C1F4DF6A9251CF1FA98B48E2E7DB650D49C768A52E7AD41E0C45E070583B48FD872164937FA4C104B2CD24AF2C454DD0D9958E1489E8E99E9F365A296E01A385DD015F53E8E06
X-7FA49CB5: 70AAF3C13DB70168C09775C1D3CA48CFDC9BFDDA78C05939CEDC9CE4EAAF8441BD4B6F7A4D31EC0BABE134FDCE4E272585486F6F803D2941FAD5A440E159F97DCB09FF2BFD657EA6F004C90652538430904AD829351C4442EA1F7E6F0F101C67C09775C1D3CA48CFC399773058354437C2A783ECEC0211AD4AD6D5ED66289B524E70A05D1297E1BBAC83A81C8FD4AD239742502CCDD46D0DD2DCF9CF1F528DBCAC83A81C8FD4AD23D82A6BABE6F325ACD2706015D7A263A7C38EE81DF43BD05AC6CDE5D1141D2B1C1AB06B723D0BC7A7738D41BFFFB1EC676342501C2575C79C0C819B32DFABC24A725E5C173C3A84C3CA5A41EBD8A3A0199FA2833FD35BB23D9E625A9149C048EE33AC447995A7AD182CC0D3CB04F14752D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8B8C7ADC89C2F0B2A5A471835C12D1D977C4224003CC8364762BB6847A3DEAEFB0F43C7A68FF6260569E8FC8737B5C2249EC8D19AE6D49635B68655334FD4449CB9ECD01F8117BC8BEAAAE862A0553A39223F8577A6DFFEA7C289736CE4F78F08343847C11F186F3C59DAA53EE0834AAEE
X-C1DE0DAB: 0D63561A33F958A52946B744215AD44CA76254F65825E0138BDDA5F5718D1872F87CCE6106E1FC07E67D4AC08A07B9B0797D05A5B6841149CB5012B2E24CD356
X-C8649E89: 1C3962B70DF3F0ADE2815F1F17DA719077DD89D51EBB77422CCB5A6D6581D03D0776B5B2C279835F17BCBE6708A5A68D02015372BE9702A26082450FF5C84BA3798DB3C181780B94F431C9897DC86B425673C32E35081B4A5D82D5696D5D1FFA1B56794A24E1788AA52C3A6A7E9613799BD1166FDB2E5B918CD93680B12512CF4C41F94D744909CEC1CAA87FDD978DFAC84DCBDD76CEAF2A24A389F0E278DBF4
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5+wYjsrrSY/u8Y3PrTqANeitKFiSd6Yd7yPpbiiZ/d5BsxIjK0jGQgCHUM3Ry2Lt2G3MDkMauH3h0dBdQGj+BB/iPzQYh7XS3xyn40EmMxrmzGyQ9/nTnF0qBAHQw4LmVwD/ql6jfy+t
X-Mailru-MI: 10000000000000800
X-Mailru-Sender: AA7AAAA5AAC6213B1ACBD176A6CBB90538A66D28E8705E3DDD0D9958E1489E8E04183B7CFDF909FFCA43210BBDC33209CFE9154F8457F70DE48E51A2EAE4F55503AB1AEBEC7359A69A1A31596315F0C9AD5B375F5543BC1DEAB4BC95F72C04283CDA0F3B3F5B9367
X-Mras: Ok
X-Spam: undefined
Return-Path: omskzakaz@mail.ru
X-MS-Exchange-Organization-Network-Message-Id: b0ec55f0-c030-4647-9faa-08dc5dc7be34
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource: CSExchange.corp.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.1933462
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.017
 
Последнее редактирование модератором:
Приветствую!
Столкнулся с такой проблемой.
Допустим, наш сервер - mail.domain.ru
Иногда, бывает что пользователю приходит письмо, которое отправлено от отправителя sender@mail.ru получателю recipient@yandex.ru в обслуживаемом домене domain.ru.

Текущая конфигурация:
Шлюз - postfix: cspostfix.corp.domain.local (10.20.17.10)
Почтарь - Exchange 2016: CSExchange.corp.domain.local (10.20.17.210)

Как вы понимаете, на сервере mail.domain.ru (Exchange 2016) обслуживаемого домена mail.ru нет
На postfix тоже включены только несколько обслуживаемых доменов, среди которых тоже нет домена mail.ru

Пробовал через телнет представиться сервером mail.ru и попытаться отправить письмо от адресата sender@mail.ru, не вышло ни со шлюза, ни с почтаря.

Не могу понять, как такое получается.

Подскажите, плиз, как с этим бороться?

Received: from CSExchange.corp.domain.local (10.20.17.210) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17 via Mailbox Transport; Tue, 16 Apr 2024 06:46:05 +0300
Received: from CSExchange.corp.domain.local (10.20.17.210) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17; Tue, 16 Apr 2024 06:46:05 +0300
Received: from mail.domain.ru (10.20.17.10) by
CSExchange.corp.domain.local (10.20.17.210) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.17 via Frontend Transport; Tue, 16 Apr 2024 06:46:05 +0300
Received: from cspostfix.corp.domain.local (cspostfix [127.0.0.1])
by mail.domain.ru (Postfix) with ESMTP id 1100E56F437
for <sales@domain.ru>; Tue, 16 Apr 2024 06:46:04 +0300 (MSK)
Authentication-Results: mail.domain.ru (amavisd-new);
dkim=pass (2048-bit key) header.d=mail.ru
Received: from mail.domain.ru ([127.0.0.1])
by cspostfix.corp.domain.local (mail.domain.ru [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nfYBTP2slhzU for <sales@domain.ru>;
Tue, 16 Apr 2024 06:46:03 +0300 (MSK)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=45.84.128.76; helo=f172.i.mail.ru; envelope-from=omskzakaz@mail.ru; receiver=<UNKNOWN>
Received: from f172.i.mail.ru (f172.i.mail.ru [45.84.128.76])
by mail.domain.ru (Postfix) with ESMTPS id AC16D56F435
for <sales@domain.ru>; Tue, 16 Apr 2024 06:46:00 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail4;
h=Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From:From:Subject:Content-Type:Content-Transfer-Encoding:To:Cc; bh=YzTCXwKWrIvkHmfMZSr/FkvputlgsJC8YnyqhZd50pg=;
t=1713239174;x=1713329174;
b=NlhZAB0bOzG2hD0tbyAJfJgITocRsqqoBHa5SoRzGCYTO2Es7UTSlveAA860+T/qsB60NGws5Q4NnOj08U4pt00vSZD9hk5GslxPt1I1+9NhDD/9tK/4XeNVOVfi17O1tggGPzCwgQAxuiCc7GeHevKUGVbEbTa20qgJ+L7LxbaCyg7qw9pPYO7tNKB17WLJ9/KGN4THcOhGMYNGgBkMg3fqCVs9j2fcjjtyibfj6bSeePzN3a9ruAGDrwp5TSXjuUnwGJ3IYSSx+aOHPYyDT93RVIWpkn0xEvz+WNqyuVlhBQSca+Xzzh7np/RFu0ANsHi9mIA7QxAePndm89gGgw==;
Received: by f172.i.mail.ru with local (envelope-from <omskzakaz@mail.ru>)
id 1rwZln-00034L-Mh; Tue, 16 Apr 2024 06:46:08 +0300
Received: by e.mail.ru with HTTP;
Tue, 16 Apr 2024 06:46:07 +0300
From: =?UTF-8?B?0JrQsNGH0LDQvdC+0LIg0JDQu9C10LrRgdCw0L3QtNGA?= <omskzakaz@mail.ru>
To: mikrofon78spb@yandex.ru
Subject: =?UTF-8?B?INCf0YDQvtGI0YMg0YHQvtC+0LHRidC40YLRjCDQstC+0LfQvNC+0LbQvdC+?=
=?UTF-8?B?0YHRgtGMINC/0YDQuNC+0LHRgNC10YLQtdC90LjRjy4gCdCQ0YPQtNC40L4=?=
=?UTF-8?B?0LPQuNC0IENSWVNUQUxTT1VORCBEUlLigJMyMTBHIC4g0J7RgtCy0LXRgiA=?=
=?UTF-8?B?0LbQtdC70LDRgtC10LvQtdC9INCyINC/0LXRgNCy0L7QuSDQv9C+0LvQvtCy?=
=?UTF-8?B?0LjQvdC1INC00L3RjyHCoMKg?=
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
X-SenderField-FwdMsg: 17128917931113511894
X-SenderField-Remind: 0
Date: Tue, 16 Apr 2024 06:46:07 +0300
Reply-To: =?UTF-8?B?0JrQsNGH0LDQvdC+0LIg0JDQu9C10LrRgdCw0L3QtNGA?= <omskzakaz@mail.ru>
Message-ID: <1713239167.219548747@f120.i.mail.ru>
X-Priority: 3 (Normal)
Content-Type: multipart/mixed;
boundary="----5190aA7269508fD28A83E474aD0bB812-6MRKGMN5GxElL12V-1713239167"
Authentication-Results: f172.i.mail.ru; auth=pass smtp.auth=omskzakaz@mail.ru smtp.mailfrom=omskzakaz@mail.ru
X-Mailru-Src: fe
X-7564579A: 646B95376F6C166E
X-77F55803: 119C1F4DF6A9251CF1FA98B48E2E7DB650D49C768A52E7AD41E0C45E070583B48FD872164937FA4C104B2CD24AF2C454DD0D9958E1489E8E99E9F365A296E01A385DD015F53E8E06
X-7FA49CB5: 70AAF3C13DB70168C09775C1D3CA48CFDC9BFDDA78C05939CEDC9CE4EAAF8441BD4B6F7A4D31EC0BABE134FDCE4E272585486F6F803D2941FAD5A440E159F97DCB09FF2BFD657EA6F004C90652538430904AD829351C4442EA1F7E6F0F101C67C09775C1D3CA48CFC399773058354437C2A783ECEC0211AD4AD6D5ED66289B524E70A05D1297E1BBAC83A81C8FD4AD239742502CCDD46D0DD2DCF9CF1F528DBCAC83A81C8FD4AD23D82A6BABE6F325ACD2706015D7A263A7C38EE81DF43BD05AC6CDE5D1141D2B1C1AB06B723D0BC7A7738D41BFFFB1EC676342501C2575C79C0C819B32DFABC24A725E5C173C3A84C3CA5A41EBD8A3A0199FA2833FD35BB23D9E625A9149C048EE33AC447995A7AD182CC0D3CB04F14752D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8B8C7ADC89C2F0B2A5A471835C12D1D977C4224003CC8364762BB6847A3DEAEFB0F43C7A68FF6260569E8FC8737B5C2249EC8D19AE6D49635B68655334FD4449CB9ECD01F8117BC8BEAAAE862A0553A39223F8577A6DFFEA7C289736CE4F78F08343847C11F186F3C59DAA53EE0834AAEE
X-C1DE0DAB: 0D63561A33F958A52946B744215AD44CA76254F65825E0138BDDA5F5718D1872F87CCE6106E1FC07E67D4AC08A07B9B0797D05A5B6841149CB5012B2E24CD356
X-C8649E89: 1C3962B70DF3F0ADE2815F1F17DA719077DD89D51EBB77422CCB5A6D6581D03D0776B5B2C279835F17BCBE6708A5A68D02015372BE9702A26082450FF5C84BA3798DB3C181780B94F431C9897DC86B425673C32E35081B4A5D82D5696D5D1FFA1B56794A24E1788AA52C3A6A7E9613799BD1166FDB2E5B918CD93680B12512CF4C41F94D744909CEC1CAA87FDD978DFAC84DCBDD76CEAF2A24A389F0E278DBF4
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5+wYjsrrSY/u8Y3PrTqANeitKFiSd6Yd7yPpbiiZ/d5BsxIjK0jGQgCHUM3Ry2Lt2G3MDkMauH3h0dBdQGj+BB/iPzQYh7XS3xyn40EmMxrmzGyQ9/nTnF0qBAHQw4LmVwD/ql6jfy+t
X-Mailru-MI: 10000000000000800
X-Mailru-Sender: AA7AAAA5AAC6213B1ACBD176A6CBB90538A66D28E8705E3DDD0D9958E1489E8E04183B7CFDF909FFCA43210BBDC33209CFE9154F8457F70DE48E51A2EAE4F55503AB1AEBEC7359A69A1A31596315F0C9AD5B375F5543BC1DEAB4BC95F72C04283CDA0F3B3F5B9367
X-Mras: Ok
X-Spam: undefined
Return-Path: omskzakaz@mail.ru
X-MS-Exchange-Organization-Network-Message-Id: b0ec55f0-c030-4647-9faa-08dc5dc7be34
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource: CSExchange.corp.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.1933462
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2375.017

Никто с таким не сталкивался?
 
попробуй отправить почту через телнет, может у тебя open relay
 
Назад
Верх