Hi,
I've been dealing with a problem for days. A lot of spam comes to our mail accounts from different mail servers. The sending mail server is not filtered because it is clean. I can block a rope or domain. But it comes from too many ip addresses and domains.
Summary:
Mail from server: mambrino.ddnet.es [88.87.135.35]
From: =?utf-8?Q?=C3=96me_=C3=87anak_=3Comecanak=40mydomai?==?utf-8?Q?m=3E?= <gambrinusrpino8@ciett.com>
To: <myname@mydomain.com>
It looks like it came from omecanak@mydomain.com in the mailbox. How can we block these emails?
I read:
https://forum.proxmox.com/threads/spam-getting-through.49322/
https://forum.proxmox.com/threads/m...n-data-section-faked-from-address-spam.49685/
Mailenable mail headers:
Received: from ([222.222.222.222]) by mymailserver.com with MailEnable IMAP; Wed, 12 Aug 2020
19:21:45 +0300
Received: from mambrino.ddnet.es (mambrino.ddnet.es [88.87.135.35]) by pmg5.mypmg.com
(Proxmox) with ESMTPS id 44C94201B38 for <myname@mydomain.com>; Wed, 12
Aug 2020 19:21:42 +0300 (+03)
Received: from pmg5.mypmg.com (localhost.localdomain [127.0.0.1]) by pmg5.mypmg.com
(Proxmox) with ESMTP id CAE75201870 for <myname@mydomain.com>; Wed, 12
Aug 2020 19:21:44 +0300 (+03)
Received: from pap004-8878.mylan.co.za (HELO ?154.68.163.15?)
(gambrinusrpino8@ciett.com) by mambrino.ddnet.es with ESMTPA; 12 Aug 2020
17:53:36 +0200
Received: (qmail 28718 invoked by uid 514); 12 Aug 2020 17:53:39 +0200
Received: from pmg5.mypmg.com ([xxx.xxx.xxx.xxx]) by mymailserver.com with MailEnable ESMTP;
Wed, 12 Aug 2020 19:21:45 +0300
From: =?utf-8?Q?=C3=96me_=C3=87anak_=3Comecanak=40mydomai?==?utf-8?Q?m=3E?= <gambrinusrpino8@ciett.com>
To: <myname@mydomain.com>
Date: Wed, 12 Aug 2020 18:53:36 +0300
Message-ID: <1597247619105428687@mambrino.ddnet.es>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00A0_01D67172.7AE95210"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHklhIOSYBynSatX7FxSmKIUy4Csw==
X-Envelope-Sender: gambrinusrpino8@ciett.com
X-ME-Bayesian: 0.000000
X-SPAM-LEVEL: Spam detection results: 2 BAYES_20 -0.001 Bayes spam
probability is 5 to 20% KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does
not have any anti-forgery methods MIME_BOUND_DD_DIGITS 1.373 Spam tool
pattern in MIME boundary RCVD_IN_MSPIKE_H2 -0.001 Average reputation
(+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF
Record SPF_NONE 0.001 SPF: sender does not publish an SPF
Record
X-Qmail-Scanner-Diagnostics: from pap004-8878.mylan.co.za
(gambrinusrpino8@ciett.com@pap004-8878.mylan.co.za) by mambrino.ddnet.es
(envelope-from <gambrinusrpino8@ciett.com>, uid 513) with
qmail-scanner-2.11st (mhr: 1.0. spamassassin: 3.4.1. perlscan: 2.11st.
Clear:RC:1(154.68.163.15):. Processed in 0.016854 secs); 12 Aug 2020
15:53:39 -0000
X-OlkEid: 00000000321DA0EFAF231740B4578B5A016D71040700D9539C2261A6BB45B9DAB62C7081B3C101002100FFFF0000E397401C134767438013636D184988C30000000094DC00006BA9E57DE43AC14C8AEFABBCF687E91C
X-Read: 1
PMG Tracking Center Log:
Aug 12 16:21:42 pmg5 postfix/smtpd[24837]: connect from mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:43 pmg5 postfix/smtpd[24837]: 44C94201B38: client=mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:43 pmg5 postfix/cleanup[21094]: 44C94201B38: message-id=<1597247619105428687@mambrino.ddnet.es>
Aug 12 16:21:43 pmg5 postfix/qmgr[3256]: 44C94201B38: from=<gambrinusrpino8@ciett.com>, size=322723, nrcpt=1 (queue active)
Aug 12 16:21:43 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: new mail message-id=<1597247619105428687@mambrino.ddnet.es>#012
Aug 12 16:21:43 pmg5 postfix/smtpd[24837]: disconnect from mambrino.ddnet.es[88.87.135.35] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: SA score=2/5 time=0.861 bayes=0.20 autolearn=no autolearn_force=no hits=BAYES_20(-0.001),KAM_LAZY_DOMAIN_SECURITY(1),MIME_BOUND_DD_DIGITS(1.373),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_NONE(0.001)
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: connect from localhost.localdomain[127.0.0.1]
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: CAE75201870: client=localhost.localdomain[127.0.0.1], orig_client=mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:44 pmg5 postfix/cleanup[20977]: CAE75201870: message-id=<1597247619105428687@mambrino.ddnet.es>
Aug 12 16:21:44 pmg5 postfix/qmgr[3256]: CAE75201870: from=<gambrinusrpino8@ciett.com>, size=323389, nrcpt=1 (queue active)
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: accept mail to <myname@mydomain.com> (CAE75201870) (rule: default-accept)
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: processing time: 1.014 seconds (0.861, 0.064, 0)
Aug 12 16:21:44 pmg5 postfix/lmtp[22844]: 44C94201B38: to=<myname@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=1/0/0/1, dsn=2.5.0, status=sent (250 2.5.0 OK (201AA15F341717D60DB))
Aug 12 16:21:44 pmg5 postfix/qmgr[3256]: 44C94201B38: removed
Aug 12 16:21:45 pmg5 postfix/smtp[23253]: CAE75201870: to=<myname@mydomain.com>, relay=mail.mymailserver.com[11.111.111.111]:587, delay=0.39, delays=0.07/0/0.26/0.07, dsn=2.0.0, status=sent (250 Requested mail action okay, completed)
Aug 12 16:21:45 pmg5 postfix/qmgr[3256]: CAE75201870: removed
I've been dealing with a problem for days. A lot of spam comes to our mail accounts from different mail servers. The sending mail server is not filtered because it is clean. I can block a rope or domain. But it comes from too many ip addresses and domains.
Summary:
Mail from server: mambrino.ddnet.es [88.87.135.35]
From: =?utf-8?Q?=C3=96me_=C3=87anak_=3Comecanak=40mydomai?==?utf-8?Q?m=3E?= <gambrinusrpino8@ciett.com>
To: <myname@mydomain.com>
It looks like it came from omecanak@mydomain.com in the mailbox. How can we block these emails?
I read:
https://forum.proxmox.com/threads/spam-getting-through.49322/
https://forum.proxmox.com/threads/m...n-data-section-faked-from-address-spam.49685/
Mailenable mail headers:
Received: from ([222.222.222.222]) by mymailserver.com with MailEnable IMAP; Wed, 12 Aug 2020
19:21:45 +0300
Received: from mambrino.ddnet.es (mambrino.ddnet.es [88.87.135.35]) by pmg5.mypmg.com
(Proxmox) with ESMTPS id 44C94201B38 for <myname@mydomain.com>; Wed, 12
Aug 2020 19:21:42 +0300 (+03)
Received: from pmg5.mypmg.com (localhost.localdomain [127.0.0.1]) by pmg5.mypmg.com
(Proxmox) with ESMTP id CAE75201870 for <myname@mydomain.com>; Wed, 12
Aug 2020 19:21:44 +0300 (+03)
Received: from pap004-8878.mylan.co.za (HELO ?154.68.163.15?)
(gambrinusrpino8@ciett.com) by mambrino.ddnet.es with ESMTPA; 12 Aug 2020
17:53:36 +0200
Received: (qmail 28718 invoked by uid 514); 12 Aug 2020 17:53:39 +0200
Received: from pmg5.mypmg.com ([xxx.xxx.xxx.xxx]) by mymailserver.com with MailEnable ESMTP;
Wed, 12 Aug 2020 19:21:45 +0300
From: =?utf-8?Q?=C3=96me_=C3=87anak_=3Comecanak=40mydomai?==?utf-8?Q?m=3E?= <gambrinusrpino8@ciett.com>
To: <myname@mydomain.com>
Date: Wed, 12 Aug 2020 18:53:36 +0300
Message-ID: <1597247619105428687@mambrino.ddnet.es>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00A0_01D67172.7AE95210"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHklhIOSYBynSatX7FxSmKIUy4Csw==
X-Envelope-Sender: gambrinusrpino8@ciett.com
X-ME-Bayesian: 0.000000
X-SPAM-LEVEL: Spam detection results: 2 BAYES_20 -0.001 Bayes spam
probability is 5 to 20% KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does
not have any anti-forgery methods MIME_BOUND_DD_DIGITS 1.373 Spam tool
pattern in MIME boundary RCVD_IN_MSPIKE_H2 -0.001 Average reputation
(+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF
Record SPF_NONE 0.001 SPF: sender does not publish an SPF
Record
X-Qmail-Scanner-Diagnostics: from pap004-8878.mylan.co.za
(gambrinusrpino8@ciett.com@pap004-8878.mylan.co.za) by mambrino.ddnet.es
(envelope-from <gambrinusrpino8@ciett.com>, uid 513) with
qmail-scanner-2.11st (mhr: 1.0. spamassassin: 3.4.1. perlscan: 2.11st.
Clear:RC:1(154.68.163.15):. Processed in 0.016854 secs); 12 Aug 2020
15:53:39 -0000
X-OlkEid: 00000000321DA0EFAF231740B4578B5A016D71040700D9539C2261A6BB45B9DAB62C7081B3C101002100FFFF0000E397401C134767438013636D184988C30000000094DC00006BA9E57DE43AC14C8AEFABBCF687E91C
X-Read: 1
PMG Tracking Center Log:
Aug 12 16:21:42 pmg5 postfix/smtpd[24837]: connect from mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:43 pmg5 postfix/smtpd[24837]: 44C94201B38: client=mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:43 pmg5 postfix/cleanup[21094]: 44C94201B38: message-id=<1597247619105428687@mambrino.ddnet.es>
Aug 12 16:21:43 pmg5 postfix/qmgr[3256]: 44C94201B38: from=<gambrinusrpino8@ciett.com>, size=322723, nrcpt=1 (queue active)
Aug 12 16:21:43 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: new mail message-id=<1597247619105428687@mambrino.ddnet.es>#012
Aug 12 16:21:43 pmg5 postfix/smtpd[24837]: disconnect from mambrino.ddnet.es[88.87.135.35] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: SA score=2/5 time=0.861 bayes=0.20 autolearn=no autolearn_force=no hits=BAYES_20(-0.001),KAM_LAZY_DOMAIN_SECURITY(1),MIME_BOUND_DD_DIGITS(1.373),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_NONE(0.001)
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: connect from localhost.localdomain[127.0.0.1]
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: CAE75201870: client=localhost.localdomain[127.0.0.1], orig_client=mambrino.ddnet.es[88.87.135.35]
Aug 12 16:21:44 pmg5 postfix/cleanup[20977]: CAE75201870: message-id=<1597247619105428687@mambrino.ddnet.es>
Aug 12 16:21:44 pmg5 postfix/qmgr[3256]: CAE75201870: from=<gambrinusrpino8@ciett.com>, size=323389, nrcpt=1 (queue active)
Aug 12 16:21:44 pmg5 postfix/smtpd[24719]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: accept mail to <myname@mydomain.com> (CAE75201870) (rule: default-accept)
Aug 12 16:21:44 pmg5 pmg-smtp-filter[24980]: 201AA15F341717D60DB: processing time: 1.014 seconds (0.861, 0.064, 0)
Aug 12 16:21:44 pmg5 postfix/lmtp[22844]: 44C94201B38: to=<myname@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=1/0/0/1, dsn=2.5.0, status=sent (250 2.5.0 OK (201AA15F341717D60DB))
Aug 12 16:21:44 pmg5 postfix/qmgr[3256]: 44C94201B38: removed
Aug 12 16:21:45 pmg5 postfix/smtp[23253]: CAE75201870: to=<myname@mydomain.com>, relay=mail.mymailserver.com[11.111.111.111]:587, delay=0.39, delays=0.07/0/0.26/0.07, dsn=2.0.0, status=sent (250 Requested mail action okay, completed)
Aug 12 16:21:45 pmg5 postfix/qmgr[3256]: CAE75201870: removed
