Attaque SPAM du 03/02/2022

Question

Bonjour,Un de nos serveurs a été la cible d'un envoi de 75278 mails dont voici le header d'un exemplaire:> Received: from PR1P264MB3769.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:181::9)> by PR0P264MB1530.FRAP264.PROD.OUTLOOK.COM with HTTPS; Thu, 3 Feb 2022> 09:01:44 +0000> Received: from PR3P193CA0040.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::15)> by PR1P264MB3769.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:181::9) with> Microsoft SMTP Server (version=TLS1_2,> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15; Thu, 3 Feb> 2022 09:01:43 +0000> Received: from PR2FRA01FT006.eop-fra01.prod.protection.outlook.com> (2603:10a6:102:51:cafe::34) by PR3P193CA0040.outlook.office365.com> (2603:10a6:102:51::15) with Microsoft SMTP Server (version=TLS1_2,> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.11 via Frontend> Transport; Thu, 3 Feb 2022 09:01:43 +0000> Authentication-Results: spf=none (sender IP is 217.72.192.102)> smtp.helo=mout-bounce.kundenserver.de; dkim=none (message not signed)> header.d=none;dmarc=fail action=quarantine> header.from=le.fqdn;compauth=fail reason=000> Received-SPF: None (protection.outlook.com: mout-bounce.kundenserver.de does> not designate permitted sender hosts)> Received: from mout-bounce.kundenserver.de (217.72.192.102) by> PR2FRA01FT006.mail.protection.outlook.com (10.152.48.99) with Microsoft SMTP> Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id> 15.20.4951.12 via Frontend Transport; Thu, 3 Feb 2022 09:01:43 +0000> Authentication-Results-Original: mqeue113.server.lan; dkim=none> Received: from le.fqdn ([xx.xx.xx.xx]) by> mx.kundenserver.de (mxeue111 [217.72.192.67]) with ESMTP (Nemesis) id> 1MQNyZ-1mtK911tIX-00MKM4 for ; Thu, 03 Feb> 2022 10:01:42 +0100> Received: by le.fqdn (Postfix)> id 39353C337A; Thu, 3 Feb 2022 10:01:32 +0100 (CET)> Date: Thu, 3 Feb 2022 10:01:32 +0100 (CET)> From: MAILER-DAEMON@le.fqdn (Mail Delivery System)> Subject: Undelivered Mail Returned to Sender> To: plateforme@bambou.cfa-epure.com> Auto-Submitted: auto-replied> Message-Id: <20220203090132.39353C337A@le.fqdn>> Envelope-To: > X-UI-Loop: V01:6QL5ZV6wwJ0=:v3y0cpIWTPOY5LC4P6hZj2MIN3KJO73uhVjJRedCZUc=> X-Spam-Flag: NO> X-UI-Out-Filterresults: notjunk:1;V03:K0:Gt3Q3/3n30M=:Ears1Q5hxKpDLFIwR3dWwy> 26cyhEgFcPD7bbU7ex/z3rREAWDBnQpVV6YWzIGx7j9jh5TctRsajC7d/tfupjc/i8YRmmyPj> aKFJs8RN6uoV/pZZcim7yWMBd7cyIHS/IRt+mPW3blErmngZ/f8M9o//rZxNX7vS/QwwyEKip> aGU6GGVEIQD0kPCwmcehdXAmyv7HK45p8eHn11DHJCIS8sY/WPtY5n2HLYLPYLxF/w95XdnU0> O66gplbPw4hbDCkf2BEXA+CAwCpNEXyAS/j9f7npjB8fxaw/1Jn8Rp5IZ/67GOTK7WMwmCBb9> aRi/hyZXxe6vCE8k1SVDl55WrTZCKPG1AwnsXwELDo0pk35549Mu7Xv4zvHTCBXOD1rzvO18P> PEUyNGB2HSHe8w1D6A/cIO9xhLrUWKHSE4JKt8DYCrax8s8cc4g6I4OnVW/4Vq/cn3cElczBd> nKE6yhyesg==> Return-Path: <>> X-MS-Exchange-Organization-ExpirationStartTime: 03 Feb 2022 09:01:43.4785> (UTC)> X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit> X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000> X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit> X-MS-Exchange-Organization-Network-Message-Id:> a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa> X-EOPAttributedMessage: 0> X-EOPTenantAttributedMessage: d8fdd076-bcb9-4323-af02-1c22f8a3f5b7:0> X-MS-Exchange-Organization-MessageDirectionality: Incoming> X-MS-PublicTrafficType: Email> X-MS-Exchange-Organization-AuthSource:> PR2FRA01FT006.eop-fra01.prod.protection.outlook.com> X-MS-Exchange-Organization-AuthAs: Anonymous> X-MS-Office365-Filtering-Correlation-Id: a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa> X-MS-TrafficTypeDiagnostic: PR1P264MB3769:EE_> X-MS-Oob-TLC-OOBClassifiers: OLM:9508;> X-MS-Exchange-Organization-SCL: 5> X-Forefront-Antispam-Report:> CIP:217.72.192.102;CTRY:DE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mout-bounce.kundenserver.de;PTR:mout-bounce.kundenserver.de;CAT:SPOOF;SFS:(13230001)(1930700014)(356005)(26005)(6266002)(1076003)(58800400005)(7596003)(7636003)(42882007)(9686003)(33964004)(336012)(83380400001)(33656002)(5660300002)(34206002)(22186003)(42186006)(8676002)(78352004)(1096003);DIR:INB;> X-Microsoft-Antispam: BCL:0;> X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2022 09:01:43.4004> (UTC)> X-MS-Exchange-CrossTenant-Network-Message-Id: a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa> X-MS-Exchange-CrossTenant-Id: d8fdd076-bcb9-4323-af02-1c22f8a3f5b7> X-MS-Exchange-CrossTenant-AuthSource:> PR2FRA01FT006.eop-fra01.prod.protection.outlook.com> X-MS-Exchange-CrossTenant-AuthAs: Anonymous> X-MS-Exchange-CrossTenant-FromEntityHeader: Internet> X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB3769> X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.2063751> X-MS-Exchange-Processed-By-BccFoldering: 15.20.4951.012> X-Microsoft-Antispam-Mailbox-Delivery:> ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506458)(944626604)(920097)(930097)(3100021);RF:JunkEmail;> X-Microsoft-Antispam-Message-Info:> =?us-ascii?Q?pa5WZ1znAJz+0RVwhX+Zyddsf+RnMp5C7HZ1XFb49x5lKAfwjAfTfQPtZkvY?=> ...> boundary="B_3726808695_475925881"> MIME-Version: 1.0Peut-on en déduire que l'attaque est partie des serveurs 217.72.192.102 et 67 ?Ai-je des chances d'en retrouver le propriétaire chez 1&1 ?Merci pour vos remarques

 · Answer

Welcome to OVHcloud Community

Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Attaque SPAM du 03/02/2022

Related questions

Join discussion

Most viewed in same Forum

Most recent in same Forum