Block fake senders

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
symo
Posts: 16
Joined: Sat Sep 13, 2014 2:55 am

Block fake senders

Postby symo » Tue Aug 04, 2015 5:30 am

Hello everybody!


Since a couple of days I noticed in the mail queue a lot of sent spam messages. At first look it seems that messages are sended from one of my email address (user@mydomain.net), but looking at the log I can see that the sender ip doesn't merge with the sender.


Log:
#########################
Aug  4 11:24:02 mail-smtp postfix/submission/smtpd[13534]: NOQUEUE: filter: RCPT from vps-1117924-13597.manage.myhosting.com[216.224.162.35]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<dondraper129@yahoo.com> proto=ESMTP helo=<driver-sky.com>
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: 649DF6192F: from=<user@mydomain.net>, size=1520, nrcpt=1 (queue active)
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: CAD4361931: from=<user@mydomain.net>, size=1994, nrcpt=1 (queue active)
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: D625761932: from=<user@mydomain.net>, size=2135, nrcpt=1 (queue active)
Aug  4 11:24:03 mail-smtp postfix/smtp[10613]: EEF5061931: to=<user@mydomain.net>, relay=myoutboundrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.15, delays=0.01/0/0.02/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1889AD4C04)


Aug  4 12:08:18 mail-smtp postfix/submission/smtpd[309]: NOQUEUE: filter: RCPT from arrayan.tchile.com[200.111.67.89]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<x0xdargrlx0x@yahoo.com> proto=ESMTP helo=<complejomanueldillems.cl>
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: D1A526067A: from=<user@mydomain.net>, size=1539, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: A0B396192F: from=<user@mydomain.net>, size=2001, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: AE0A161931: from=<user@mydomain.net>, size=2142, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/smtp[31388]: C90146192F: to=<user@mydomain.net>, relay=myoutboudrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.11, delays=0/0/0.01/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EDB29D4C3B)


#########################


As you can see I've different ip sending as user@mydomain.net.


I'm currently using my Zimbra server 8.6.0 as auth smtp relaying outbound email to another server.


I tried to follow this article http://wiki.zimbra.com/wiki/Rejecting_false_%22mail_from%22_addresses 













User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

Block fake senders

Postby jorgedlcruz » Tue Aug 04, 2015 11:20 am

Hi,


You have 2 options to protect your environment, one is the one you share with us:



But that one will protect you to be spammed your internal accounts with spammers from outside. To be sure that your server is secure, also do the next steps:



Let us know after apply that steps too, should work.



Best regards

Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 17 guests