Somehow receiving spam, need help

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
kborisenko
Posts: 1
Joined: Wed Dec 11, 2019 1:30 pm

Somehow receiving spam, need help

Post by kborisenko »

Hello! Help please.
zimbra version: Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P1 proxy.

I receive spam sending from my distribution list.. Yes, i have done spf check properly and it is working now, BUT: somehow:

Dec 11 02:56:10 mail postfix/smtpd[37124]: connect from lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca[142.116.163.168]
Dec 11 02:56:11 mail postfix/smtpd[37124]: NOQUEUE: filter: RCPT from lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca[142.116.163.168]: <all@my-domain.ru>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<all@my-domain.ru> to=<all@my-domain.ru> proto=ESMTP helo=<lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca>
Dec 11 02:56:11 mail postfix/smtpd[37124]: NOQUEUE: filter: RCPT from lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca[142.116.163.168]: <all@my-domain.ru: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<all@my-domain.ru> to=<all@my-domain.ru> proto=ESMTP helo=<lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca>
Dec 11 02:56:11 mail postfix/smtpd[37124]: 7FFF8B1009AD: client=lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca[142.116.163.168]
Dec 11 02:56:12 mail postfix/cleanup[3147]: 7FFF8B1009AD: message-id=<FEE7AA59C1B314322B66950D7FD8FEE7@9453T0BT4>
Dec 11 02:56:12 mail postfix/qmgr[6615]: 7FFF8B1009AD: from=<all@my-domain.ru>, size=3972, nrcpt=426 (queue active)
Dec 11 02:56:12 mail postfix/smtpd[37124]: disconnect from lnsm3-torontoxn-142-116-163-168.internet.virginmobile.ca[142.116.163.168] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

STRANGE ROW: Dec 11 02:56:12 mail amavis[29752]: (29752-16) ESMTP [127.0.0.1]:10024 /opt/zimbra/data/amavisd/tmp/amavis-20191211T000255-29752-03xCJmNC: ................................................

After that amavis is checking message, make it passed spammy. And half of it goes to spam, other to the inbox of all people in distribution list....

How is it working from 127.0.0.1? Can you help me how to reject it properly?



This is an example of correctly working SPF check by policyd. The only difference is with this warning..:

Dec 11 04:37:17 mail postfix/smtpd[2869]: warning: hostname 188x235x138x182.static-business.saratov.ertelecom.ru does not resolve to address 188.235.138.182: Name or service not known
Dec 11 04:37:17 mail postfix/smtpd[2869]: connect from unknown[188.235.138.182]
Dec 11 04:37:18 mail postfix/smtpd[2869]: NOQUEUE: reject: RCPT from unknown[188.235.138.182]: 554 5.7.1 <rachellrachelle@netc.lu>: Sender address rejected: Failed SPF check; Please see http://www.openspf.org/Why?s=mfrom;id=r ... -domain.ru; netc.lu, Sender is not authorized by default to use 'rachellrachelle@netc.lu' in 'mfrom' identity (mechanism '-all' matched); from=<rachellrachelle@netc.lu> to=<all@my-domain.ru> proto=ESMTP helo=<mail.my-domain.ru>
Top
Post Reply

Return to “Administrators”