Zimbra Forums

Zimbra Collaboration & Zimbra Desktop Forums
https://forums.zimbra.org/

Block fake senders

https://forums.zimbra.org/viewtopic.php?t=57847

Page 1 of 1

Block fake senders

Posted: Tue Aug 04, 2015 5:30 am
by symo
Hello everybody!
Since a couple of days I noticed in the mail queue a lot of sent spam messages. At first look it seems that messages are sended from one of my email address (user@mydomain.net), but looking at the log I can see that the sender ip doesn't merge with the sender.
Log:
#########################
Aug  4 11:24:02 mail-smtp postfix/submission/smtpd[13534]: NOQUEUE: filter: RCPT from vps-1117924-13597.manage.myhosting.com[216.224.162.35]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<dondraper129@yahoo.com> proto=ESMTP helo=<driver-sky.com>
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: 649DF6192F: from=<user@mydomain.net>, size=1520, nrcpt=1 (queue active)
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: CAD4361931: from=<user@mydomain.net>, size=1994, nrcpt=1 (queue active)
Aug  4 11:24:02 mail-smtp postfix/qmgr[10041]: D625761932: from=<user@mydomain.net>, size=2135, nrcpt=1 (queue active)
Aug  4 11:24:03 mail-smtp postfix/smtp[10613]: EEF5061931: to=<user@mydomain.net>, relay=myoutboundrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.15, delays=0.01/0/0.02/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1889AD4C04)
Aug  4 12:08:18 mail-smtp postfix/submission/smtpd[309]: NOQUEUE: filter: RCPT from arrayan.tchile.com[200.111.67.89]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<x0xdargrlx0x@yahoo.com> proto=ESMTP helo=<complejomanueldillems.cl>
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: D1A526067A: from=<user@mydomain.net>, size=1539, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: A0B396192F: from=<user@mydomain.net>, size=2001, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/qmgr[10041]: AE0A161931: from=<user@mydomain.net>, size=2142, nrcpt=1 (queue active)
Aug  4 12:08:19 mail-smtp postfix/smtp[31388]: C90146192F: to=<user@mydomain.net>, relay=myoutboudrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.11, delays=0/0/0.01/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EDB29D4C3B)
#########################
As you can see I've different ip sending as user@mydomain.net.
I'm currently using my Zimbra server 8.6.0 as auth smtp relaying outbound email to another server.
I tried to follow this article http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses 









Block fake senders

Posted: Tue Aug 04, 2015 11:20 am
by jorgedlcruz
Hi,
You have 2 options to protect your environment, one is the one you share with us:

http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses 

But that one will protect you to be spammed your internal accounts with spammers from outside. To be sure that your server is secure, also do the next steps:

http://wiki.zimbra.com/wiki/Enforcing_a ... ername_8.5

Let us know after apply that steps too, should work.

Best regards
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited