FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

SPAM avec mon nom de domaine dans le Message ID

Règles du forum : Entraide concernant les différentes messageries et logiciels de messagerie, ainsi que pour les réseaux sociaux (réglages, conseils, problèmes, avis...).
Merci de lire et de respecter la charte générale du forum.

Répondre

Afin d’empêcher la création automatisée de comptes, nous vous demandons de réussir le défi ci-contre.
Smileys
:D :) :-) ;) :| :( :cry: :cheers: :hourra: :mv: :lol: :mdr: :bonjour: :hello: :jap: :siffle: :bisou: :P :o :x :roll: :good: :bad: :super: :reflexion: :suspect: :? :oops: :peur: :zen: :boude: :bug:

Revue du sujet : SPAM avec mon nom de domaine dans le Message ID Étendre la vue

SPAM avec mon nom de domaine dans le Message ID

par anonyme » sam. 13 nov. 2021 15:51
Bonjour j'ai reçu récemment un spam sur mon site internet je me suis donc intéresser à ça provenance quelle a été mon étonnement en voyant que le Message ID de l'en-tête du mail contenait mon nom de domaine, cela veut donc dire si je ne me trompe pas que le message a été envoyer ou générer par mon serveur ? Si oui pensez vous qu'il s'agisse d'un problème de sécurité lié à mon site (je précise qu'il n'ai pas encore lancé donc difficilement trouvable) ? Ou un problème lié à la configuration de ma boîte mail ?

Je vous met ci-dessous l'en tête du mail en ayant au préalable anonymiser les données (du moins je l'espère) :


Received: from outlook.com (XXXX)

by outlook.com with HTTPS; Mon, 8 Nov 2021

20:23:36 +0000

Received: from outlook.com

(XXXX) by outlook.com

(XXXX) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id XXXX; Mon, 8 Nov

2021 20:23:35 +0000

Received: from outlook.com

(XXXX) by outlook.office365.com

(XXXX) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id XXXX via Frontend

Transport; Mon, 8 Nov 2021 20:23:35 +0000

Authentication-Results: spf=pass (sender IP is XXXX)

smtp.mailfrom=mondomaine.com; dkim=pass (signature was verified)

header.d=senderdomain.com;dmarc=bestguesspass action=none

header.from=mondomaine.com;compauth=pass reason=109

Received-SPF: Pass (protection.outlook.com: domain of mondomaine.com designates

XXXX as permitted sender) receiver=protection.outlook.com;

client-ip=XXXX; helo=mondomaine.com;

Received: from monhébergeur (XXXX) by

.outlook.com (XXXX) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

XXXX via Frontend Transport; Mon, 8 Nov 2021 20:23:35 +0000

X-IncomingTopHeaderMarker:

OriginalChecksum:A8B6C1FBBF5422D447B447AB645F5A965BBEBBC562312B95FAD24DF2D710FC9D;UpperCasedChecksum:186699F8DBAAB578019D321D4227C14824A1E47953C88E2391B01446926C2217;SizeAsReceived:4330;Count:31

Received: from mx1.ovh.net (unknown [XXXX])

by monhébergeur (Postfix) with SMTP id 8503A20ADA

for <monadressemail>; Mon, 8 Nov 2021 20:23:35 +0000 (UTC)

Received: from localhost (HELO queueout) (XXXX)

by localhost with SMTP; 8 Nov 2021 22:23:35 +0200

Delivered-To: mondomaine.com @mondomaine.com

Received: from localhost (HELO queue) (XXXX)

by localhost with SMTP; 8 Nov 2021 22:23:35 +0200

Received: from unknown (HELO monhébergeur) (XXXX)

by monhébergeur with AES256-GCM-SHA384 encrypted SMTP; 8 Nov 2021 22:23:35 +0200

Received: from monhébergeur (unknown [XXXX])

by monhébergeur (Postfix) with ESMTP id 4Hp2cl0NVQzKGP8k4

for <@mondomaine.com>; Mon, 8 Nov 2021 20:23:35 +0000 (UTC)

Received: from monhébergeur (unknown [XXXX])

by monhébergeur (Postfix) with ESMTP id 4Hp2ck5hjcz26WMb1

for <@mondomaine.com>; Mon, 8 Nov 2021 20:23:34 +0000 (UTC)

Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=XXXX; helo=senderdomain.com; envelope-from=@mondomaine.com; receiver=@mondomaine.com

Authentication-Results-Original: monhébergeur; dkim=pass (2048-bit key;

unprotected) header.d=senderdomain.com header.i=@senderdomain.com header.b="E+1uYx/8";

dkim-atps=neutral

Received: from senderdomain.com (senderdomain.com [XXXX])

by monhébergeur (Postfix) with ESMTPS id 4Hp2ck4T96z1Mkmr0

for <@mondomaine.com>; Mon, 8 Nov 2021 20:23:34 +0000 (UTC)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail1; d=senderdomain.com;

h=Content-Type:MIME-Version:Date:Subject:From:Reply-To:Message-ID:To;

bh=ngwMFYZmWYFj/XnzL4ZbEeb/r77+UTnr5gNdmFTrAfQ=;

b=E+1uYx/8gB3QBoWNXNeOYiM60lEG0Gt1s2Vc1MN/fdHl52clfq3bqBxlgM6wLcJTrNJSXxY5ly7j

km95aVr1t57KcWWqQ98woVUaCSvcqkI7OTQmHJ4Z1WQHR/Klc+FtWUEm4wyJj2OabAT2W80GSqex

WHsDh+utxs0Hgk53K6TAe/avpj49ahwlW3YVAzoAkqojPSSQIJEvRkl/GyKfMM6NztVieymY1nA+

MiE/eFbymx7c1BBlSlIk4vr+hr9dpSsAKJ42WeQZuhwk9D1jVJ3ImjXcGLPy089kjVwoXbX7oOpb

FDjZdtCPwxwKAUnC+Qse3dtszac0D8AbFU4uHA==

Content-Type: multipart/alternative; boundary="------------000006050208050402060604"

Date: Mon, 08 Nov 2021 21:23:35 +0100

Subject: =?utf-8?B?RGVtYW5kZSBkZSB2w6lyaWZpY2F0aW9uIGQnaWRlbnRpdMOpLg==?=

From: <@mondomaine.com>

Reply-To: <@mondomaine.com>

X-FBL: 1_98_1261_0_636F6E7461637440652D6265746865726D2E6672

Message-ID: <NDC3MJM5.MJI5NJUYNW.1261403110821232021351123320234@mondomaine.com>

To: "mondomaine.com mondomaine.com" <@mondomaine.com>

X-Remote: XXXX (senderdomain.com)

X-Tracer-Id: 9747478444177673163

X-VR-SPAMSTATE: OK

X-VR-SPAMSCORE: 0

X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvuddruddvgddufeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpegtggffuffhrhfkvfesrgdtregrtddtjeenucfhrhhomheptdhvhhgtlhhouhguuceotghonhhtrggtthesvgdqsggvthhhvghrmhdrfhhrqeenucggtffrrghtthgvrhhnpeeifeejtdekteefleetleffgeeguddtkeduuddvgefhveehfeefgfevhfetgfehffenucfkphepledurddufeegrdduledtrdduhedvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghlohepihhniedtrdhmrghilhdrohhvhhdrnhgvthdpihhnvghtpeeluddrudefgedrudeltddrudehvddpmhgrihhlfhhrohhmpegtohhnthgrtghtsegvqdgsvghthhgvrhhmrdhfrhdprhgtphhtthhopegtohhnthgrtghtsegvqdgsvghthhgvrhhmrdhfrh

X-Spam-Status: OK

X-Spam-Reason: vr: OK; dkim: disabled; spf: disabled

X-Message-Type: OK

X-VR-SPAMSTATE: OK

X-VR-SPAMSCORE: 0

X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvuddruddvgddufeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpegtggffuffhrhfkvfesrgdtregrtddtjeenucfhrhhomheptdhvhhgtlhhouhguuceotghonhhtrggtthesvgdqsggvthhhvghrmhdrfhhrqeenucggtffrrghtthgvrhhnpeeifeejtdekteefleetleffgeeguddtkeduuddvgefhveehfeefgfevhfetgfehffenucfkphepledurddufeegrdduledtrdduhedvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpohhuthdphhgvlhhopehmgidurdhovhhhrdhnvghtpdhinhgvthepledurddufeegrdduledtrdduhedvpdhmrghilhhfrhhomheptghonhhtrggtthesvgdqsggvthhhvghrmhdrfhhrpdhrtghpthhtohepmhgrthhhihhsrdgrrhhnrghrsehouhhtlhhoohhkrdhfrhdpmhhouggvpehsmhhtphdphhgvlhhopehinheitddrmhgrihhlrdhovhhhrdhnvghtpdhrtghpthhtoheptghonhhtrggtthesvgdqsggvthhhvghrmhdrfhhr

X-IncomingHeaderCount: 31

Return-Path: @mondomaine.com

X-MS-Exchange-Organization-ExpirationStartTime: 08 Nov 2021 20:23:35.6990

(UTC)

X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit

X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000

X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit

X-MS-Exchange-Organization-Network-Message-Id:

6d642815-bf1d-4e9e-6962-08d9a2f5a44f

X-EOPAttributedMessage: 0

X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0

X-MS-Exchange-Organization-MessageDirectionality: Incoming

X-MS-PublicTrafficType: Email

X-MS-Exchange-Organization-AuthSource:

.outlook.com

X-MS-Exchange-Organization-AuthAs: Anonymous

X-MS-UserLastLogonTime: 11/8/2021 8:15:10 PM



X-MS-TrafficTypeDiagnostic: DB8PR09MB3657:

X-MS-Exchange-EOPDirect: true

X-Sender-IP: XXXX

X-SID-PRA: @mondomaine.com

X-SID-Result: PASS

X-MS-Exchange-Organization-PCL: 2

X-MS-Exchange-Organization-SCL: 6

X-Microsoft-Antispam: BCL:0;

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2021 20:23:35.6860

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 6d642815-bf1d-4e9e-6962-08d9a2f5a44f

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-AuthSource: .outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: Internet

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:

00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR09MB3657

X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0579276

X-MS-Exchange-Processed-By-BccFoldering: 15.20.4669.016

X-Microsoft-Antispam-Mailbox-Delivery:

abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000284)(90000117)(90005022)(91005020)(91035115)(5061607266)(5061608174)(9050020)(9100337)(4900116)(2008001134)(2008000189)(2008120379)(2008019284)(2008021020)(2021050021)(8390246)(8377080)(8386120)(8403086)(210498285)(210499095)(210410095)(4910005)(9610002)(9540004)(9320001)(9250002)(4920091)(6350099)(4960004)(4950132)(4990091)(9140004);RF:JunkEmail;

X-Message-Info:

qoGN4b5S4yrM8FHGBE7lvTctAkGqo5AWWM7QiYy9byusOeFfntlT6RCeFio2tA+XkTaCnWmnPfmxUC59JffXyhWMItXwfBosnbTGvM1m9P8Ue2UiHjfmZZpxTUOekRV8Lgs0W3ACkUmtR1JvuG1oFpBoO0ZXrToTKgZMqTif/HGaGDVZH1hdVXTPRt7pGDaUhHJ8JDdRfOuzwrjRkmeUEA==

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0xO1NDTD02

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?bTA5VGJFRGNFMHlscVpxaFR6VVAveWlkVk9SYkhlK1N6ckRPUStoWExNRlV0?=

=?utf-8?B?MXVwVkhNMk9CclRGYWRCZWRTcU9UVG5EZGlNNk8zckNkREJZSVB2eDJITlF5?=

=?utf-8?B?a0RhMlFNUTJpOEhBU0tsazJiaDFLOWNZMmsxbkdlS1E1UUM5eTJkSzJUVlhY?=

=?utf-8?B?VXh6VElwdVlkWUdJMW1EMEFvR1BOcTJFVzZBYVB0d2o2Yit5RXZ4SzhacE96?=

=?utf-8?B?Y0xCVlQ4T2JBYk5GelVwQ1hzd2dDSmhTc2s5alIwbjJSd0s3a1E0T1BYRE0v?=

=?utf-8?B?U0Y5bUpnOGw0WWN4UmpzaGJOeVFFamV6YmtEWmF3SkI4K0hzcGNCZFVzRmRx?=

=?utf-8?B?d1BVdGxmUmZYUDltRElMcG9RR0VBQVNwdzNsaFZEUDRIUFNoUDdpakU5TUxu?=

=?utf-8?B?RHJ2c2lTZXZTMDFQVnJWRHhiUktSWktVZmppQjZWZGtqWG5Ubjd2Y3lrd0E3?=

=?utf-8?B?ZDI2aVpaSElFcm9PeDNzZTdWZFlxbFV4aVNHZ1BJQ2JKcmxtTnJVN0VXUjJu?=

=?utf-8?B?d21UR3QxRnAxNEtRUFAzam1uMW1lNHVTc3NPUTlYWnRzbEQrOGtxUlMyYnhi?=

=?utf-8?B?N1Y2cTBtQ3JmWVd6clZJY2xha3h3RXlLcjR6OFlneUZ6S0NNa3JqUnYzbVBN?=

=?utf-8?B?cGVxMWg4OGpGUE1ZeUViUEM0NEMramdYdEoyUlNsOE1PVk05VjFnSlVzT3J3?=

=?utf-8?B?SVdnS3VUbmVzQUMrYXNQakVrUllvU01wWUFWWC85UTRScXN1VnQ2eFJnbFF5?=

=?utf-8?B?RUJiRVNOWVFGdDJPSndxNzYvdlFpRnFwTXBQMXFPNnRYMVNsNUwyUkQ4MlF0?=

=?utf-8?B?aFZhMElRR2ZBNnlTOVBZU1RNLzh1SWdoTFV3b0QyY094UTRMTlR3L0xQNEZP?=

=?utf-8?B?V09VUFBDRXBxTWliVytIRVhleFhIT3Q2RHQ2STc4NDZSb2QrdU0xa1FuKzRt?=

=?utf-8?B?TmhuMTR2THNkMjBhcHRPVkoxZGdySkJXSEx5RDhWTWxiWlJER2dKOTlJbzNn?=

=?utf-8?B?cjYveU9Pamt1ckh6N2VaenlDYzJFOWQ2L080cDloRU1TbE92RTlnSWp1aUtP?=

=?utf-8?B?Q09qVUtFWDFjdHUyRTIwZXc1dXI5OVJGSzdOY3JBZnlHNzFWTG9qRENpMmNu?=

=?utf-8?B?MmxSMlVVcWZPUEZLd1diRzR4WlNTbEJhRi9tYktkY21rVjhhbGtEcWFzcUM2?=

=?utf-8?B?cU5zN2YrN0tUQ3FEQ2hlaFg0c1N4VXpjRVdDSFlseDZlTjJRR3lmdldQbnU1?=

=?utf-8?B?Z3hwSnZKNWxCOElldEtKdFZBWTl0V0pZRFdpL2dxWXR5YnRJR3lSNWxOZzhF?=

=?utf-8?B?OE1jenZmNlpsZGxqcmN2SFV0MUJ6VEgxWDVobHFoalNibmpvZ0k1bHJUM0l5?=

=?utf-8?B?a0UwUmRjV0ZQQndSYXFlV21UQWY1bURtQ2dtMGgyT0FsVDJrd2ZrYmQwcnZp?=

=?utf-8?B?Wjd3WGV2NTdGL1prUmZjUGlpRGZaZjl3T3dINUczMEdMclUyVFNUdjVsQUU0?=

=?utf-8?B?MzVadzFSVldkWDR5ZlZzNXkxcmtUVzVMUVRXU3JQRFhEY3UzOVlRTUxLMzdH?=

=?utf-8?B?NjlDbzIyOStYL0xwTGlUc0hsWlZYT1VlN2UxaHVkZThwelc5dlp5Z25WU1Fa?=

=?utf-8?B?WGN0NXRWZTNMR25TcFNBYXpyYXhqTmNMb1JDdmhGdml5Mm9mU0VBYzZkYUs2?=

=?utf-8?B?eTl2QnJtNTdQQnFPajYzcFhCRGdlclM3ckc0WDl3a1dsTkJvZi9qTWFQRCt1?=

=?utf-8?B?czZnOEVpaE14MHFoYk5SbTd5dHpOZkF4Q2hwS2NvNklGbkJMTm03NUF4OWd2?=

=?utf-8?B?S0ZtVVAzdUlmKzBjZzVETTlhbVNiNzdGbHp4cmhndDhqd0RycnRUczg2Vlhx?=

=?utf-8?B?VUlyQW9DTkt6T2ozTlNWRTNxdVdHWUpVWjR6UklhSUtEaThnWFB2aGNQUzNY?=

=?utf-8?B?bzVXZ3VFNVJWK0RsRnEyaDhEakhuODVJWnFSZUVSNFZKeTBmMEhxTWViVGpr?=

=?utf-8?B?UnhpbWpOK0Zybm9rOEpzQUlHS2ZpR3RFMzhHMW9oTzZwT3VhMEUwSkxvRVRH?=

=?utf-8?B?V3ZiS0wzb0RCdDJGcFJrSm5qakdaSUdkZFNraVZ1Tmt5aTZxaTE1aDhycFRM?=

=?utf-8?B?U2Z6V0JGODBZZ1ppakFVN2wzQzZPazBRanFyaTFucS9Xbkx0RHlhUTRWOXBX?=

=?utf-8?B?WU55KzhxbDhhSXphTmo0bzFzN3pQcnJvVEV2cFVNU0Y0bWp5SnN3OTg3eVJQ?=

=?utf-8?B?bWtJaTVNbHoreStuSEV4N0FqdWdRPT0=?=

MIME-Version: 1.0

hey Eh beh tu vas bien te faire balader par tes co[…]

Aide SEO

Si vous êtes trop à court d'idé[…]

Game

J’ai toujours aimé essayer de nouveau[…]

Game

Ce site m’a impressionné par la quali[…]