しつこい迷惑メール ― 2024/08/03 16:15
数日前から
ASAHIネットのメインメールアドレス(xxxxxxxxxx@asahinet.jp)に
海外からクソメールが大量に届いている
しかも送信元も宛先もこのメールアドレスだ
最初はメーラーのフィルタでゴミ箱直行にしていたが
メーラーに取り込むのも
ゴミ箱チェックで否が応でも目に入るため
いい加減うんざりしてきたので
ASAHIネットのメール設定でできないかと
サイト内をあっちこっち探しまくったら
やっとのことでそれらしい設定の場所を見つけた
「メールフィルタルール」
差出人と宛先に該当のメールアドレス、
それだけじゃ自分がテスト的に送るときに弾かれるため
ヘッダを見てたら
手の込んだ偽装をしているようで
"X-Country-Code"もまちまちだし
"Message-ID"のドメインもまちまちだし
ここでふと目に入ったのが
DKIM
自分から自分に普通に送るときはDKIMが有効だが
例のメールはDKIMがnoneだった
これを判断条件にすればいいのか?
で試しにやってみたところ
フィルタ処理がうまくいってるようだ
これでしばらく様子を見よう
っつーか、こういうのは
「迷惑メールチェック」機能があるのなら
最初から弾くようにして欲しいわ
【参考】問題のメールのヘッダを含む全文
Subject:
I RECORDED YOU!
From:
xxxxxxxxxx@asahinet.jp
Date:
2024/08/02 12:09
To:
xxxxxxxxxx@asahinet.jp
X-Account-Key:
account1
X-UIDL:
096bdb01a04dac6615611e0010d52a76
X-Mozilla-Status:
0001
X-Mozilla-Status2:
00000000
Return-Path:
<xxxxxxxxxx@asahinet.jp>
Delivered-To:
xxxxxxxxxx@asahinet.jp
Received:
from ddirector-0.asahinet.cluster.xspmail.jp ([10.194.194.128]) by dbackend-17.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19:P1:P1 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:16 +0900
Received:
from dproxy-lmtp-595c97f555-kvf2z.asahinet.cluster.xspmail.jp ([10.194.194.128]) by ddirector-0.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19:P1 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:16 +0900
Received:
from hsmtpd-in-4.asahinet.cluster.xspmail.jp ([10.194.194.128]) by dproxy-lmtp-595c97f555-kvf2z.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:15 +0900
ARC-Seal:
i=1; a=rsa-sha256; t=1722568096; cv=none; d=xspmail.jp; s=x01; b=yIL1+JydkGumF1Udh54xN23rOLiotM/hzB7FMj0zIJiPCHXRt9zvbN2M1VC7QBYxB4mt8i/tCUB9W cBU4aY3eQVADlgpO4ecfWOJ/T64xYdCM4/inL7Ha43n4yGtuohP2kkuqLbnMbxFyYmQgyqqkpw+v3f CFb/s2VHUd2GtUheyx608lGXmkOjgclVrDg7wTe7kvldUp+zpaCUrgJu6VBgUiDXvYlHKanBAXk8aS KKCPWyygiJ2VxHsdy4grPLtKM7UM3FPjcBP5w4XQaL9o6lF0KI+wFUQDynr0YNAEQBlJVWhOMhkKDP YV15pTIZrGY4850qghAESQixFOtdeoA==
ARC-Message-Signature:
i=1; a=rsa-sha256; c=relaxed/relaxed; d=xspmail.jp; s=x01; h=content-type:mime-version:message-id:date:subject:to:from:from; bh=x0rWCceY30m6dns+ci/afu65RUBLeC7fGbvG5SOE0EA=; b=tUsYpm8idYhfEo6aQchOWVbvg1qXVqDkrwgV46r6rk/XTZMP6MHzIM59oU6OBNGzGzlIn0sMKGkTV cN2qh8a1UfZaKa0VXdGMtTzkSFX3vTMg7QU+XETkmipY+FN9vXdbSS/D0sKRNfWfzJPV+4T/PGzw9B uT9QIC/7BalJT5ppgSpNwdDmI4gO0TRmHAP7tfo+CZbWgNwqm2Q8Y0DvsZdRSisgx171NHTeOYbcPg uLpPDD1nttKYm6SOrAe2I2VsKmS/MpgJOrZLLDf23ZUv0ZSCa4NjJYHa+KAY8dfaVWcUSUmJ07LgrM jcc/HMwlSP3qUExS1E4uJwUsfghpYaw==
ARC-Authentication-Results:
i=1; hsmtpd-in-4.asahinet.cluster.xspmail.jp; spf=softfail smtp.mailfrom=asahinet.jp smtp.remote-ip=95.215.246.86; dkim=none; dmarc=fail header.from=asahinet.jp; arc=none header.oldest-pass=0; x-token-a=none; x-token-b=none
X-MessageBody:
Non-Empty
X-Spam-Analysis:
v=2.4 cv=Hp2wWWfS c=0 sm=1 tr=0 ts=66ac4d9f p=xuSakxmQ/AEa0MmB+nwSGURWKu8=:19 a=imR0kF09Ck3Sj/P7T2bXzg==:117 a=imR0kF09Ck3Sj/P7T2bXzg==:17
X-Spam:
Yes
X-Spam-Score:
100
X-Senderauth-Result:
none
Authentication-Results:
hsmtpd-in-4.asahinet.cluster.xspmail.jp; spf=softfail smtp.mailfrom=asahinet.jp smtp.remote-ip=95.215.246.86; dkim=none; dmarc=fail header.from=asahinet.jp; arc=none header.oldest-pass=0; x-token-a=none; x-token-b=none
Received-SPF:
softfail identity=mailfrom; envelope-from="xxxxxxxxxx@asahinet.jp"
X-Country-Code:
KG
Received:
from [95.215.246.86] (unknown [95.215.246.86]) by hsmtpd-in-4.asahinet.cluster.xspmail.jp (Halon) with ESMTP id 58a62884-d0b4-4e7d-ad46-d93682bad2ff; Fri, 02 Aug 2024 12:08:13 +0900 (JST)
Received:
from bsrjjvi ([7.76.158.13]) by 05163.com with MailEnable ESMTP; Fri, 2 Aug 2024 06:09:39 +0300
Received:
(qmail 34165 invoked by uid 341); 2 Aug 2024 06:09:37 +0300
Message-ID:
<341657.341657@05163.com>
MIME-Version:
1.0
Content-type:
text/plain;
Hello there!
Unfortunately, there are some bad news for you.
Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allowed me to access your files, accounts and your cam.
Check the sender of this email, I have sent it from your email account.
To make sure you read this email, you will receive it multiple times.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I RECORDED YOU (through the cam of your device) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces.
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks and the darknet.
All you need is $1800 USD in Bitcoin (BTC) transfer to my account.
After the transaction is successful, I will proceed to delete everything.
Be sure, I keep my promises.
You can easily buy Bitcoin (BTC) here:
https:||cex.io/buy-bitcoins
https:||nexo.com/buy-crypto/bitcoin-btc
https:||bitpay.com/buy-bitcoin/?crypto=BTC
https:||paybis.com/
https:||invity.io/buy-crypto
Or simply google other exchanger.
After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.
My Bitcoin (BTC) address is: 1GtGZpzfRkAVBL48F68mi8bTcatwpTZGm8
Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).
You are given not more than 3 days after you have opened this email.
As I got access to this email account, I will know if this email has already been read.
Everything will be carried out based on fairness.
An advice from me, regularly change all your passwords to your accounts and update your device with newest security patches.
ASAHIネットのメインメールアドレス(xxxxxxxxxx@asahinet.jp)に
海外からクソメールが大量に届いている
しかも送信元も宛先もこのメールアドレスだ
最初はメーラーのフィルタでゴミ箱直行にしていたが
メーラーに取り込むのも
ゴミ箱チェックで否が応でも目に入るため
いい加減うんざりしてきたので
ASAHIネットのメール設定でできないかと
サイト内をあっちこっち探しまくったら
やっとのことでそれらしい設定の場所を見つけた
「メールフィルタルール」
差出人と宛先に該当のメールアドレス、
それだけじゃ自分がテスト的に送るときに弾かれるため
ヘッダを見てたら
手の込んだ偽装をしているようで
"X-Country-Code"もまちまちだし
"Message-ID"のドメインもまちまちだし
ここでふと目に入ったのが
DKIM
自分から自分に普通に送るときはDKIMが有効だが
例のメールはDKIMがnoneだった
これを判断条件にすればいいのか?
で試しにやってみたところ
フィルタ処理がうまくいってるようだ
これでしばらく様子を見よう
っつーか、こういうのは
「迷惑メールチェック」機能があるのなら
最初から弾くようにして欲しいわ
【参考】問題のメールのヘッダを含む全文
Subject:
I RECORDED YOU!
From:
xxxxxxxxxx@asahinet.jp
Date:
2024/08/02 12:09
To:
xxxxxxxxxx@asahinet.jp
X-Account-Key:
account1
X-UIDL:
096bdb01a04dac6615611e0010d52a76
X-Mozilla-Status:
0001
X-Mozilla-Status2:
00000000
Return-Path:
<xxxxxxxxxx@asahinet.jp>
Delivered-To:
xxxxxxxxxx@asahinet.jp
Received:
from ddirector-0.asahinet.cluster.xspmail.jp ([10.194.194.128]) by dbackend-17.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19:P1:P1 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:16 +0900
Received:
from dproxy-lmtp-595c97f555-kvf2z.asahinet.cluster.xspmail.jp ([10.194.194.128]) by ddirector-0.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19:P1 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:16 +0900
Received:
from hsmtpd-in-4.asahinet.cluster.xspmail.jp ([10.194.194.128]) by dproxy-lmtp-595c97f555-kvf2z.asahinet.cluster.xspmail.jp with LMTP id cj9bFZVNrGYvOjwAKMcN1A:T19 (envelope-from <xxxxxxxxxx@asahinet.jp>) for <xxxxxxxxxx@asahinet.jp>; Fri, 02 Aug 2024 12:08:15 +0900
ARC-Seal:
i=1; a=rsa-sha256; t=1722568096; cv=none; d=xspmail.jp; s=x01; b=yIL1+JydkGumF1Udh54xN23rOLiotM/hzB7FMj0zIJiPCHXRt9zvbN2M1VC7QBYxB4mt8i/tCUB9W cBU4aY3eQVADlgpO4ecfWOJ/T64xYdCM4/inL7Ha43n4yGtuohP2kkuqLbnMbxFyYmQgyqqkpw+v3f CFb/s2VHUd2GtUheyx608lGXmkOjgclVrDg7wTe7kvldUp+zpaCUrgJu6VBgUiDXvYlHKanBAXk8aS KKCPWyygiJ2VxHsdy4grPLtKM7UM3FPjcBP5w4XQaL9o6lF0KI+wFUQDynr0YNAEQBlJVWhOMhkKDP YV15pTIZrGY4850qghAESQixFOtdeoA==
ARC-Message-Signature:
i=1; a=rsa-sha256; c=relaxed/relaxed; d=xspmail.jp; s=x01; h=content-type:mime-version:message-id:date:subject:to:from:from; bh=x0rWCceY30m6dns+ci/afu65RUBLeC7fGbvG5SOE0EA=; b=tUsYpm8idYhfEo6aQchOWVbvg1qXVqDkrwgV46r6rk/XTZMP6MHzIM59oU6OBNGzGzlIn0sMKGkTV cN2qh8a1UfZaKa0VXdGMtTzkSFX3vTMg7QU+XETkmipY+FN9vXdbSS/D0sKRNfWfzJPV+4T/PGzw9B uT9QIC/7BalJT5ppgSpNwdDmI4gO0TRmHAP7tfo+CZbWgNwqm2Q8Y0DvsZdRSisgx171NHTeOYbcPg uLpPDD1nttKYm6SOrAe2I2VsKmS/MpgJOrZLLDf23ZUv0ZSCa4NjJYHa+KAY8dfaVWcUSUmJ07LgrM jcc/HMwlSP3qUExS1E4uJwUsfghpYaw==
ARC-Authentication-Results:
i=1; hsmtpd-in-4.asahinet.cluster.xspmail.jp; spf=softfail smtp.mailfrom=asahinet.jp smtp.remote-ip=95.215.246.86; dkim=none; dmarc=fail header.from=asahinet.jp; arc=none header.oldest-pass=0; x-token-a=none; x-token-b=none
X-MessageBody:
Non-Empty
X-Spam-Analysis:
v=2.4 cv=Hp2wWWfS c=0 sm=1 tr=0 ts=66ac4d9f p=xuSakxmQ/AEa0MmB+nwSGURWKu8=:19 a=imR0kF09Ck3Sj/P7T2bXzg==:117 a=imR0kF09Ck3Sj/P7T2bXzg==:17
X-Spam:
Yes
X-Spam-Score:
100
X-Senderauth-Result:
none
Authentication-Results:
hsmtpd-in-4.asahinet.cluster.xspmail.jp; spf=softfail smtp.mailfrom=asahinet.jp smtp.remote-ip=95.215.246.86; dkim=none; dmarc=fail header.from=asahinet.jp; arc=none header.oldest-pass=0; x-token-a=none; x-token-b=none
Received-SPF:
softfail identity=mailfrom; envelope-from="xxxxxxxxxx@asahinet.jp"
X-Country-Code:
KG
Received:
from [95.215.246.86] (unknown [95.215.246.86]) by hsmtpd-in-4.asahinet.cluster.xspmail.jp (Halon) with ESMTP id 58a62884-d0b4-4e7d-ad46-d93682bad2ff; Fri, 02 Aug 2024 12:08:13 +0900 (JST)
Received:
from bsrjjvi ([7.76.158.13]) by 05163.com with MailEnable ESMTP; Fri, 2 Aug 2024 06:09:39 +0300
Received:
(qmail 34165 invoked by uid 341); 2 Aug 2024 06:09:37 +0300
Message-ID:
<341657.341657@05163.com>
MIME-Version:
1.0
Content-type:
text/plain;
Hello there!
Unfortunately, there are some bad news for you.
Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allowed me to access your files, accounts and your cam.
Check the sender of this email, I have sent it from your email account.
To make sure you read this email, you will receive it multiple times.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I RECORDED YOU (through the cam of your device) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces.
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks and the darknet.
All you need is $1800 USD in Bitcoin (BTC) transfer to my account.
After the transaction is successful, I will proceed to delete everything.
Be sure, I keep my promises.
You can easily buy Bitcoin (BTC) here:
https:||cex.io/buy-bitcoins
https:||nexo.com/buy-crypto/bitcoin-btc
https:||bitpay.com/buy-bitcoin/?crypto=BTC
https:||paybis.com/
https:||invity.io/buy-crypto
Or simply google other exchanger.
After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.
My Bitcoin (BTC) address is: 1GtGZpzfRkAVBL48F68mi8bTcatwpTZGm8
Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).
You are given not more than 3 days after you have opened this email.
As I got access to this email account, I will know if this email has already been read.
Everything will be carried out based on fairness.
An advice from me, regularly change all your passwords to your accounts and update your device with newest security patches.
最近のコメント