Hello since a couple of days ago I am receiving a spam mail, that according to the account, I have already applied several security options which had been very effective and I had never had this problem. The peculiar thing about this spam is that the sender is my same account, and it is assumed that having the reject_sender_login_mismatch this should not happen. Today update to version 8.8.11_GA: 3772.FOSS but this did not help. Does anyone have any idea why this may be happening? ? HAST I now have 3 affected users.
Return-Path: <junior@campsat.com.br>
Received: from correo.contacta-call.com (LHLO correo.contacta-call.com)
(172.16.4.88) by correo.contacta-call.com with LMTP; Thu, 21 Feb 2019
08:39:58 -0400 (VET)
Received: from localhost (localhost [127.0.0.1])
by correo.contacta-call.com (Postfix) with ESMTP id 808A8180B88
for <XXXXX@contacta-call.com>; Thu, 21 Feb 2019 08:39:58 -0400 (BOT)
X-Virus-Scanned: amavisd-new at contacta-call.com
X-Spam-Flag: YES
X-Spam-Score: 13.105
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.105 required=6.6 tests=[BAYES_00=-1.9,
FORGED_MUA_OUTLOOK=1.927, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
LOCALPART_IN_SUBJECT=1.107, RCVD_IN_BL_SPAMCOP_NET=1.347,
RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31, RCVD_IN_SBL_CSS=3.335,
SPF_NEUTRAL=0.779, TO_NO_BRKTS_MSFT=2.499]
autolearn=no autolearn_force=no
Received: from correo.contacta-call.com ([127.0.0.1])
by localhost (correo.contacta-call.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GcRDK5SyoobQ for <XXXXX@contacta-call.com>;
Thu, 21 Feb 2019 08:39:54 -0400 (BOT)
Received: from smtp9.braslink.com (smtp9.braslink.com [204.16.0.97])
by correo.contacta-call.com (Postfix) with ESMTP id BC23D1800A8
for <XXXX@contacta-call.com>; Thu, 21 Feb 2019 08:39:51 -0400 (BOT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=204.16.0.109;
Received: from aracaju.braslink.com (unverified [204.16.0.109])
by smtp9.braslink.com (SurgeMail 6.3c2) with ESMTP id 180453940-1862518
for <XXXXXX@contacta-call.com>; Thu, 21 Feb 2019 07:45:05 -0500
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=103.244.251.6;
Received: from [] (unverified [103.244.251.6])
by mailserver7.braslink.com (mailserver7) with ESMTP (TLS) id 133981515-1862518
for <XXXXXX@contacta-call.com>; Thu, 21 Feb 2019 07:45:29 -0500
X-Sender-Info: <junior@campsat.com.br>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907
Thunderbird/15.0.1
List-Help:
<http://www.campsat.com.br/lists/?p=pref ... wwnmd0yxe8>
Errors-To: no-reply@campsat.com.br
Feedback-ID: l3p6den94glnm01mcoeh8vck8x84jv7t4i3z382fh90c7rs:none:jcold
From: <XXXX@contacta-call.com>
List-Subscribe: <http://campsat.com.br/mailman/listinfo/campsat.com.br>,
To: XXXXX@contacta-call.com
Message-ID:
<612900.721387587.8517730.JavaMail.app@6pb4-app27707.campsat.com.br>
X-Mailer: Microsoft Outlook, Build 10.0.2616
Subject: XXXXXX
Date: Thu, 21 Feb 2019 13:45:03 +0100
X-aid: 8748382828
X-X-Authenticated-User: junior@campsat.com.br
X-Originating-IP: 204.16.0.109
mail sent from myself
-
pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
Re: mail sent from myself
Hi,
Looks like the mail was sent using an authenticated thick client (outlook). If you already applied the sasl user match the from, then my guess is that your oc is infected by some malware or so.
Sent from my EVA-AL10 using Tapatalk
Looks like the mail was sent using an authenticated thick client (outlook). If you already applied the sasl user match the from, then my guess is that your oc is infected by some malware or so.
Sent from my EVA-AL10 using Tapatalk
Re: mail sent from myself
Hi, I have similar spam with the same sender and recipient address. I also applied https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses and https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
long time ago and also recently after patching. I am also on 8.8.11_GA: 3799.FOSS +Patch4.
Yesterday I received email (zimbra,log):
May 8 10:01:23 mail postfix/postscreen[32699]: CONNECT from [66.110.203.25]:36406 to [192.168.0.23]:25
May 8 10:01:29 mail postfix/postscreen[32699]: PASS NEW [66.110.203.25]:36406
May 8 10:01:30 mail postfix/smtpd[32708]: connect from mail.sandersville.net[66.110.203.25]
May 8 10:01:31 mail postfix/smtpd[32708]: Anonymous TLS connection established from mail.sandersville.net[66.110.203.25]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 8 10:01:32 mail postfix/smtpd[32708]: NOQUEUE: filter: RCPT from mail.sandersville.net[66.110.203.25]: <childre@childreford.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<childre@childreford.com> to=<peter.pan@anonymized.com> proto=ESMTP helo=<sandersville.net>
May 8 10:01:32 mail postfix/smtpd[32708]: NOQUEUE: filter: RCPT from mail.sandersville.net[66.110.203.25]: <childre@childreford.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<childre@childreford.com> to=<peter.pan@anonymized.com> proto=ESMTP helo=<sandersville.net>
May 8 10:01:32 mail postfix/smtpd[32708]: 3E63E8220AC: client=mail.sandersville.net[66.110.203.25]
May 8 10:01:32 mail postfix/cleanup[32713]: 3E63E8220AC: message-id=<cck-petyh-08879-8856206223-50@4de6xiisb>
May 8 10:01:34 mail postfix/qmgr[9622]: 3E63E8220AC: from=<childre@childreford.com>, size=261585, nrcpt=1 (queue active)
May 8 10:01:34 mail amavis[19981]: (19981-01) ESMTP :10024 /opt/zimbra/data/amavisd/tmp/amavis-20190508T100134-19981-tkeWtf0i: <childre@childreford.com> -> <peter.pan@anonymized.com> SIZE=261585 Received: from mail.anonymized.com ([127.0.0
.1]) by localhost (mail.anonymized.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:34 +0200 (CEST)
May 8 10:01:34 mail amavis[19981]: (19981-01) Checking: JzG6g11n4Lfn [66.110.203.25] <childre@childreford.com> -> <peter.pan@anonymized.com>
May 8 10:01:34 mail amavis[19981]: (19981-01) p004 1 Content-Type: multipart/related
May 8 10:01:34 mail amavis[19981]: (19981-01) p005 1/1 Content-Type: multipart/alternative
May 8 10:01:34 mail amavis[19981]: (19981-01) p001 1/1/1 Content-Type: text/plain, size: 0 B, name:
May 8 10:01:34 mail amavis[19981]: (19981-01) p002 1/1/2 Content-Type: text/html, size: 58 B, name:
May 8 10:01:34 mail amavis[19981]: (19981-01) p003 1/2 Content-Type: image/jpeg, size: 189945 B, name: 1557309670746.jpg
May 8 10:01:34 mail clamd[9364]: SelfCheck: Database status OK.
May 8 10:01:35 mail postfix/smtpd[32708]: disconnect from mail.sandersville.net[66.110.203.25] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 rset=1 quit=1 commands=8
May 8 10:01:36 mail amavis[19981]: (19981-01) spam-tag, <childre@childreford.com> -> <peter.pan@anonymized.com>, Yes, score=7.119 required=6.6 tests=[BAYES_50=0.8, HEADER_FROM_DIFFERENT_DOMAINS=0.094, HTML_IMAGE_ONLY_04=1.172, HTML_MESS
AGE=0.001, LOCALPART_IN_SUBJECT=1.107, MIME_HEADER_CTYPE_ONLY=0.717, MIME_HTML_MOSTLY=0.428, MPART_ALT_DIFF=0.79, TO_NO_BRKTS_HTML_IMG=1.999, TVD_SPACE_RATIO=0.001, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
May 8 10:01:36 mail postfix/amavisd/smtpd[32716]: connect from localhost[127.0.0.1]
May 8 10:01:36 mail postfix/amavisd/smtpd[32716]: 1902E8220AD: client=localhost[127.0.0.1]
May 8 10:01:36 mail postfix/cleanup[32713]: 1902E8220AD: message-id=<cck-petyh-08879-8856206223-50@4de6xiisb>
May 8 10:01:36 mail postfix/qmgr[9622]: 1902E8220AD: from=<childre@childreford.com>, size=262469, nrcpt=1 (queue active)
May 8 10:01:36 mail amavis[19981]: (19981-01) JzG6g11n4Lfn FWD from <childre@childreford.com> -> <peter.pan@anonymized.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1902E8220AD
May 8 10:01:36 mail amavis[19981]: (19981-01) Passed SPAMMY {RelayedTaggedInbound}, [66.110.203.25]:36406 [66.110.203.25] <childre@childreford.com> -> <peter.pan@anonymized.com>, Queue-ID: 3E63E8220AC, Message-ID: <cck-petyh-08879-88562
06223-50@4de6xiisb>, mail_id: JzG6g11n4Lfn, Hits: 7.119, size: 261585, queued_as: 1902E8220AD, 1569 ms
May 8 10:01:36 mail amavis[19981]: (19981-01) TIMING-SA [total 850 ms, cpu 210 ms] - parse: 9 (1.1%), extract_message_metadata: 21 (2.5%), get_uri_detail_list: 0.43 (0.0%), tests_pri_-1000: 7 (0.8%), tests_pri_-950: 1.67 (0.2%), tests_p
ri_-900: 2.1 (0.2%), tests_pri_-90: 50 (5.9%), check_bayes: 47 (5.6%), b_tokenize: 38 (4.5%), b_tok_get_all: 2.6 (0.3%), b_comp_prob: 1.56 (0.2%), b_tok_touch_all: 0.08 (0.0%), b_finish: 1.03 (0.1%), tests_pri_0: 540 (63.5%), check_spf:
467 (54.9%), poll_dns_idle: 642 (75.5%), check_dkim_adsp: 4.2 (0.5%), tests_pri_10: 1.62 (0.2%), tests_pri_20: 1.62 (0.2%), tests_pri_30: 2.3 (0.3%), check_pyzor: 0.82 (0.1%), tests_pri_500: 198 (23.3%), get_report: 0.40 (0.0%)
May 8 10:01:36 mail postfix/smtp[32714]: 3E63E8220AC: to=<peter.pan@anonymized.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=2.6/0.01/0.01/1.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok
: queued as 1902E8220AD)
May 8 10:01:36 mail postfix/qmgr[9622]: 3E63E8220AC: removed
May 8 10:01:36 mail amavis[19981]: (19981-01) size: 261585, TIMING [total 1573 ms, cpu 332 ms, AM-cpu 122 ms, SA-cpu 210 ms] - ldap-prepare: 6 (0%)0, SMTP greeting: 3.2 (0%)1, SMTP EHLO: 1.1 (0%)1, SMTP pre-MAIL: 0.8 (0%)1, mkdir tempdi
r: 2.4 (0%)1, create email.txt: 0.4 (0%)1, ldap-connect: 32 (2%)3, lookup_ldap: 4.6 (0%)3, SMTP pre-DATA-flush: 2.2 (0%)3, SMTP DATA: 40 (3%)6, check_init: 0.6 (0%)6, digest_hdr: 2.5 (0%)6, digest_body_dkim: 1.9 (0%)6, collect_info: 2.0
(0%)6, mkdir parts: 1.9 (0%)7, mime_decode: 21 (1%)8, get-file-type2: 8 (1%)8, parts_decode: 0.2 (0%)8, check_header: 0.5 (0%)8, AV-scan-1: 340 (22%)30, spam-wb-list: 1.5 (0%)30, SA parse: 11 (1%)31, SA check: 839 (53%)84, decide_mail_de
stiny: 4.5 (0%)84, notif-quar: 0.4 (0%)85, fwd-connect: 19 (1%)86, fwd-mail-pip: 9 (1%)86, fwd-rcpt-pip: 0.2 (0%)86, fwd-data-chkpnt: 0.0 (0%)86, write-header: 0.4 (0%)86, fwd-data-contents: 3.2 (0%)87, fwd-end-chkpnt: 202 (13%)99, prepa
re-dsn: 0.9 (0%)99, report: 1.5 (0%)100, main_log_entry: 4.4 (0%)...
May 8 10:01:36 mail amavis[19981]: (19981-01) ...100, update_snmp: 0.6 (0%)100, SMTP pre-response: 0.1 (0%)100, SMTP response: 0.2 (0%)100, unlink-3-files: 0.5 (0%)100, rundown: 1.5 (0%)100
May 8 10:01:36 mail amavis[19981]: (19981-01) size: 261585, RUSAGE minflt=12861+0, majflt=0+0, nswap=0+0, inblock=0+0, oublock=1920+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=35+0, nivcsw=2+0, maxrss=117696+0, ixrss=0+0, idrss=0+0,
isrss=0+0, utime=0.241+0.000, stime=0.090+0.000
May 8 10:01:36 mail amavis[19981]: (19981-01) extra modules loaded: Mozilla/CA.pm
May 8 10:01:37 mail postfix/lmtp[32718]: 1902E8220AD: to=<peter.pan@anonymized.com>, relay=mail.anonymized.com[192.168.0.13]:7025, delay=1, delays=0.21/0.01/0.05/0.72, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
May 8 10:01:37 mail postfix/qmgr[9622]: 1902E8220AD: removed
client header:
Return-Path: <childre@childreford.com>
Received: from mail.anonymized.com (LHLO mail.anonymized.com) (192.168.0.23) by
mail.anonymized.com with LMTP; Wed, 8 May 2019 10:01:36 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mail.anonymized.com (Postfix) with ESMTP id 1902E8220AD
for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:36 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mail.anonymized.com
X-Spam-Flag: YES
X-Spam-Score: 7.119
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.119 required=6.6 tests=[BAYES_50=0.8,
HEADER_FROM_DIFFERENT_DOMAINS=0.094, HTML_IMAGE_ONLY_04=1.172,
HTML_MESSAGE=0.001, LOCALPART_IN_SUBJECT=1.107,
MIME_HEADER_CTYPE_ONLY=0.717, MIME_HTML_MOSTLY=0.428,
MPART_ALT_DIFF=0.79, TO_NO_BRKTS_HTML_IMG=1.999,
TVD_SPACE_RATIO=0.001, T_SPF_PERMERROR=0.01]
autolearn=no autolearn_force=no
Received: from mail.anonymized.com ([127.0.0.1])
by localhost (mail.anonymized.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JzG6g11n4Lfn for <peter.pan@anonymized.com>;
Wed, 8 May 2019 10:01:34 +0200 (CEST)
Received: from sandersville.net (mail.sandersville.net [66.110.203.25])
by mail.anonymized.com (Postfix) with ESMTPS id 3E63E8220AC
for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:32 +0200 (CEST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=103.57.80.68;
From: <peter.pan@anonymized.com>
X-Sender-Info: <childre@childreford.com>
List-ID: wmizofh0pncjbmpuwyz0k9a9
Date: Wed, 8 May 2019 10:01:12 +0200
Message-ID: <cck-petyh-08879-8856206223-50@4de6xiisb>
Subject: peter.pan
Abuse-Reports-To: <abuse@mailer.childreford.com>
Content-Type: multipart/related;
boundary="2A5037CDD-B4D78B-652685-D8061E13-369E67"
X-CSA-Complaints: whitelist-complaints@childreford.com
To: peter.pan@anonymized.com
X-Sender: childre@childreford.com
X-Authenticated-User: childre@childreford.com
I have one idea, could it be caused by setting zimbraMailTrustedIP to router, which I did to gain originating IP?
long time ago and also recently after patching. I am also on 8.8.11_GA: 3799.FOSS +Patch4.
Yesterday I received email (zimbra,log):
May 8 10:01:23 mail postfix/postscreen[32699]: CONNECT from [66.110.203.25]:36406 to [192.168.0.23]:25
May 8 10:01:29 mail postfix/postscreen[32699]: PASS NEW [66.110.203.25]:36406
May 8 10:01:30 mail postfix/smtpd[32708]: connect from mail.sandersville.net[66.110.203.25]
May 8 10:01:31 mail postfix/smtpd[32708]: Anonymous TLS connection established from mail.sandersville.net[66.110.203.25]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 8 10:01:32 mail postfix/smtpd[32708]: NOQUEUE: filter: RCPT from mail.sandersville.net[66.110.203.25]: <childre@childreford.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<childre@childreford.com> to=<peter.pan@anonymized.com> proto=ESMTP helo=<sandersville.net>
May 8 10:01:32 mail postfix/smtpd[32708]: NOQUEUE: filter: RCPT from mail.sandersville.net[66.110.203.25]: <childre@childreford.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<childre@childreford.com> to=<peter.pan@anonymized.com> proto=ESMTP helo=<sandersville.net>
May 8 10:01:32 mail postfix/smtpd[32708]: 3E63E8220AC: client=mail.sandersville.net[66.110.203.25]
May 8 10:01:32 mail postfix/cleanup[32713]: 3E63E8220AC: message-id=<cck-petyh-08879-8856206223-50@4de6xiisb>
May 8 10:01:34 mail postfix/qmgr[9622]: 3E63E8220AC: from=<childre@childreford.com>, size=261585, nrcpt=1 (queue active)
May 8 10:01:34 mail amavis[19981]: (19981-01) ESMTP :10024 /opt/zimbra/data/amavisd/tmp/amavis-20190508T100134-19981-tkeWtf0i: <childre@childreford.com> -> <peter.pan@anonymized.com> SIZE=261585 Received: from mail.anonymized.com ([127.0.0
.1]) by localhost (mail.anonymized.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:34 +0200 (CEST)
May 8 10:01:34 mail amavis[19981]: (19981-01) Checking: JzG6g11n4Lfn [66.110.203.25] <childre@childreford.com> -> <peter.pan@anonymized.com>
May 8 10:01:34 mail amavis[19981]: (19981-01) p004 1 Content-Type: multipart/related
May 8 10:01:34 mail amavis[19981]: (19981-01) p005 1/1 Content-Type: multipart/alternative
May 8 10:01:34 mail amavis[19981]: (19981-01) p001 1/1/1 Content-Type: text/plain, size: 0 B, name:
May 8 10:01:34 mail amavis[19981]: (19981-01) p002 1/1/2 Content-Type: text/html, size: 58 B, name:
May 8 10:01:34 mail amavis[19981]: (19981-01) p003 1/2 Content-Type: image/jpeg, size: 189945 B, name: 1557309670746.jpg
May 8 10:01:34 mail clamd[9364]: SelfCheck: Database status OK.
May 8 10:01:35 mail postfix/smtpd[32708]: disconnect from mail.sandersville.net[66.110.203.25] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 rset=1 quit=1 commands=8
May 8 10:01:36 mail amavis[19981]: (19981-01) spam-tag, <childre@childreford.com> -> <peter.pan@anonymized.com>, Yes, score=7.119 required=6.6 tests=[BAYES_50=0.8, HEADER_FROM_DIFFERENT_DOMAINS=0.094, HTML_IMAGE_ONLY_04=1.172, HTML_MESS
AGE=0.001, LOCALPART_IN_SUBJECT=1.107, MIME_HEADER_CTYPE_ONLY=0.717, MIME_HTML_MOSTLY=0.428, MPART_ALT_DIFF=0.79, TO_NO_BRKTS_HTML_IMG=1.999, TVD_SPACE_RATIO=0.001, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
May 8 10:01:36 mail postfix/amavisd/smtpd[32716]: connect from localhost[127.0.0.1]
May 8 10:01:36 mail postfix/amavisd/smtpd[32716]: 1902E8220AD: client=localhost[127.0.0.1]
May 8 10:01:36 mail postfix/cleanup[32713]: 1902E8220AD: message-id=<cck-petyh-08879-8856206223-50@4de6xiisb>
May 8 10:01:36 mail postfix/qmgr[9622]: 1902E8220AD: from=<childre@childreford.com>, size=262469, nrcpt=1 (queue active)
May 8 10:01:36 mail amavis[19981]: (19981-01) JzG6g11n4Lfn FWD from <childre@childreford.com> -> <peter.pan@anonymized.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1902E8220AD
May 8 10:01:36 mail amavis[19981]: (19981-01) Passed SPAMMY {RelayedTaggedInbound}, [66.110.203.25]:36406 [66.110.203.25] <childre@childreford.com> -> <peter.pan@anonymized.com>, Queue-ID: 3E63E8220AC, Message-ID: <cck-petyh-08879-88562
06223-50@4de6xiisb>, mail_id: JzG6g11n4Lfn, Hits: 7.119, size: 261585, queued_as: 1902E8220AD, 1569 ms
May 8 10:01:36 mail amavis[19981]: (19981-01) TIMING-SA [total 850 ms, cpu 210 ms] - parse: 9 (1.1%), extract_message_metadata: 21 (2.5%), get_uri_detail_list: 0.43 (0.0%), tests_pri_-1000: 7 (0.8%), tests_pri_-950: 1.67 (0.2%), tests_p
ri_-900: 2.1 (0.2%), tests_pri_-90: 50 (5.9%), check_bayes: 47 (5.6%), b_tokenize: 38 (4.5%), b_tok_get_all: 2.6 (0.3%), b_comp_prob: 1.56 (0.2%), b_tok_touch_all: 0.08 (0.0%), b_finish: 1.03 (0.1%), tests_pri_0: 540 (63.5%), check_spf:
467 (54.9%), poll_dns_idle: 642 (75.5%), check_dkim_adsp: 4.2 (0.5%), tests_pri_10: 1.62 (0.2%), tests_pri_20: 1.62 (0.2%), tests_pri_30: 2.3 (0.3%), check_pyzor: 0.82 (0.1%), tests_pri_500: 198 (23.3%), get_report: 0.40 (0.0%)
May 8 10:01:36 mail postfix/smtp[32714]: 3E63E8220AC: to=<peter.pan@anonymized.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=2.6/0.01/0.01/1.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok
: queued as 1902E8220AD)
May 8 10:01:36 mail postfix/qmgr[9622]: 3E63E8220AC: removed
May 8 10:01:36 mail amavis[19981]: (19981-01) size: 261585, TIMING [total 1573 ms, cpu 332 ms, AM-cpu 122 ms, SA-cpu 210 ms] - ldap-prepare: 6 (0%)0, SMTP greeting: 3.2 (0%)1, SMTP EHLO: 1.1 (0%)1, SMTP pre-MAIL: 0.8 (0%)1, mkdir tempdi
r: 2.4 (0%)1, create email.txt: 0.4 (0%)1, ldap-connect: 32 (2%)3, lookup_ldap: 4.6 (0%)3, SMTP pre-DATA-flush: 2.2 (0%)3, SMTP DATA: 40 (3%)6, check_init: 0.6 (0%)6, digest_hdr: 2.5 (0%)6, digest_body_dkim: 1.9 (0%)6, collect_info: 2.0
(0%)6, mkdir parts: 1.9 (0%)7, mime_decode: 21 (1%)8, get-file-type2: 8 (1%)8, parts_decode: 0.2 (0%)8, check_header: 0.5 (0%)8, AV-scan-1: 340 (22%)30, spam-wb-list: 1.5 (0%)30, SA parse: 11 (1%)31, SA check: 839 (53%)84, decide_mail_de
stiny: 4.5 (0%)84, notif-quar: 0.4 (0%)85, fwd-connect: 19 (1%)86, fwd-mail-pip: 9 (1%)86, fwd-rcpt-pip: 0.2 (0%)86, fwd-data-chkpnt: 0.0 (0%)86, write-header: 0.4 (0%)86, fwd-data-contents: 3.2 (0%)87, fwd-end-chkpnt: 202 (13%)99, prepa
re-dsn: 0.9 (0%)99, report: 1.5 (0%)100, main_log_entry: 4.4 (0%)...
May 8 10:01:36 mail amavis[19981]: (19981-01) ...100, update_snmp: 0.6 (0%)100, SMTP pre-response: 0.1 (0%)100, SMTP response: 0.2 (0%)100, unlink-3-files: 0.5 (0%)100, rundown: 1.5 (0%)100
May 8 10:01:36 mail amavis[19981]: (19981-01) size: 261585, RUSAGE minflt=12861+0, majflt=0+0, nswap=0+0, inblock=0+0, oublock=1920+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=35+0, nivcsw=2+0, maxrss=117696+0, ixrss=0+0, idrss=0+0,
isrss=0+0, utime=0.241+0.000, stime=0.090+0.000
May 8 10:01:36 mail amavis[19981]: (19981-01) extra modules loaded: Mozilla/CA.pm
May 8 10:01:37 mail postfix/lmtp[32718]: 1902E8220AD: to=<peter.pan@anonymized.com>, relay=mail.anonymized.com[192.168.0.13]:7025, delay=1, delays=0.21/0.01/0.05/0.72, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
May 8 10:01:37 mail postfix/qmgr[9622]: 1902E8220AD: removed
client header:
Return-Path: <childre@childreford.com>
Received: from mail.anonymized.com (LHLO mail.anonymized.com) (192.168.0.23) by
mail.anonymized.com with LMTP; Wed, 8 May 2019 10:01:36 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mail.anonymized.com (Postfix) with ESMTP id 1902E8220AD
for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:36 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mail.anonymized.com
X-Spam-Flag: YES
X-Spam-Score: 7.119
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.119 required=6.6 tests=[BAYES_50=0.8,
HEADER_FROM_DIFFERENT_DOMAINS=0.094, HTML_IMAGE_ONLY_04=1.172,
HTML_MESSAGE=0.001, LOCALPART_IN_SUBJECT=1.107,
MIME_HEADER_CTYPE_ONLY=0.717, MIME_HTML_MOSTLY=0.428,
MPART_ALT_DIFF=0.79, TO_NO_BRKTS_HTML_IMG=1.999,
TVD_SPACE_RATIO=0.001, T_SPF_PERMERROR=0.01]
autolearn=no autolearn_force=no
Received: from mail.anonymized.com ([127.0.0.1])
by localhost (mail.anonymized.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JzG6g11n4Lfn for <peter.pan@anonymized.com>;
Wed, 8 May 2019 10:01:34 +0200 (CEST)
Received: from sandersville.net (mail.sandersville.net [66.110.203.25])
by mail.anonymized.com (Postfix) with ESMTPS id 3E63E8220AC
for <peter.pan@anonymized.com>; Wed, 8 May 2019 10:01:32 +0200 (CEST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=103.57.80.68;
From: <peter.pan@anonymized.com>
X-Sender-Info: <childre@childreford.com>
List-ID: wmizofh0pncjbmpuwyz0k9a9
Date: Wed, 8 May 2019 10:01:12 +0200
Message-ID: <cck-petyh-08879-8856206223-50@4de6xiisb>
Subject: peter.pan
Abuse-Reports-To: <abuse@mailer.childreford.com>
Content-Type: multipart/related;
boundary="2A5037CDD-B4D78B-652685-D8061E13-369E67"
X-CSA-Complaints: whitelist-complaints@childreford.com
To: peter.pan@anonymized.com
X-Sender: childre@childreford.com
X-Authenticated-User: childre@childreford.com
I have one idea, could it be caused by setting zimbraMailTrustedIP to router, which I did to gain originating IP?
Re: mail sent from myself
Exact same case here and I am also getting this spam. I would be interested to know if there is a way to fix this.