Hello everybody!
Since a couple of days I noticed in the mail queue a lot of sent spam messages. At first look it seems that messages are sended from one of my email address (user@mydomain.net), but looking at the log I can see that the sender ip doesn't merge with the sender.
Log:
#########################
Aug 4 11:24:02 mail-smtp postfix/submission/smtpd[13534]: NOQUEUE: filter: RCPT from vps-1117924-13597.manage.myhosting.com[216.224.162.35]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<dondraper129@yahoo.com> proto=ESMTP helo=<driver-sky.com>
Aug 4 11:24:02 mail-smtp postfix/qmgr[10041]: 649DF6192F: from=<user@mydomain.net>, size=1520, nrcpt=1 (queue active)
Aug 4 11:24:02 mail-smtp postfix/qmgr[10041]: CAD4361931: from=<user@mydomain.net>, size=1994, nrcpt=1 (queue active)
Aug 4 11:24:02 mail-smtp postfix/qmgr[10041]: D625761932: from=<user@mydomain.net>, size=2135, nrcpt=1 (queue active)
Aug 4 11:24:03 mail-smtp postfix/smtp[10613]: EEF5061931: to=<user@mydomain.net>, relay=myoutboundrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.15, delays=0.01/0/0.02/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1889AD4C04)
Aug 4 12:08:18 mail-smtp postfix/submission/smtpd[309]: NOQUEUE: filter: RCPT from arrayan.tchile.com[200.111.67.89]: <user@mydomain.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user@mydomain.net> to=<x0xdargrlx0x@yahoo.com> proto=ESMTP helo=<complejomanueldillems.cl>
Aug 4 12:08:19 mail-smtp postfix/qmgr[10041]: D1A526067A: from=<user@mydomain.net>, size=1539, nrcpt=1 (queue active)
Aug 4 12:08:19 mail-smtp postfix/qmgr[10041]: A0B396192F: from=<user@mydomain.net>, size=2001, nrcpt=1 (queue active)
Aug 4 12:08:19 mail-smtp postfix/qmgr[10041]: AE0A161931: from=<user@mydomain.net>, size=2142, nrcpt=1 (queue active)
Aug 4 12:08:19 mail-smtp postfix/smtp[31388]: C90146192F: to=<user@mydomain.net>, relay=myoutboudrelyaserver.net[xxx.xxx.xxx.xxx]:25, delay=0.11, delays=0/0/0.01/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EDB29D4C3B)
#########################
As you can see I've different ip sending as user@mydomain.net.
I'm currently using my Zimbra server 8.6.0 as auth smtp relaying outbound email to another server.
I tried to follow this article http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses
Block fake senders
-
jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Block fake senders
Hi,
You have 2 options to protect your environment, one is the one you share with us:
http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses
But that one will protect you to be spammed your internal accounts with spammers from outside. To be sure that your server is secure, also do the next steps:
http://wiki.zimbra.com/wiki/Enforcing_a ... ername_8.5
Let us know after apply that steps too, should work.
Best regards
You have 2 options to protect your environment, one is the one you share with us:
http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses
But that one will protect you to be spammed your internal accounts with spammers from outside. To be sure that your server is secure, also do the next steps:
http://wiki.zimbra.com/wiki/Enforcing_a ... ername_8.5
Let us know after apply that steps too, should work.
Best regards