"MAIL FROM" vs. "From"-Header in Data section - faked From address SPAM

digi

New Member
Dec 7, 2018
3
0
1
38
Hi!

As also posted here[1] we are receiving spam with a valid MAIL-FROM address (e.g. MAIL FROM: foobar@spammerexample.com + valid SPF for ip/domain e.g. via google mail), but the From-Header in the Data part of the SMTP conversation is set to e.g "legitlooking@mx1.mydomain.com".
So from the customer's/client's point of view the email seems to come from "mx1.mydomain.com".
mx1.mydomain.com is my proxmox host.

My main question:
  • Is there any way to make proxmox check the From-header in the Data section?
At best I'd like to reject incoming mail, that tries to look like its coming from the proxmox-system itself.

Clarification: I do not need proxmox to check all incoming mails for matching return-path/"mail from" vs. from-header(data) addresses as this would make mailinglists etc not work i guess - I just want proxmox to reject mails trying to come from the system itself.

Details:
mail in customers inbox has the following headers (parts removed):
...
Received-SPF: pass (spammerexample.com: a.b.c.d is authorized to use ...)
...
From: <foo@mx1.mydomain.com>, <bar@mx1.mydomain.com>, ... <- this is obviously faked
...
To: <victim@victimdomain.at>
...
Return-Path: thespammer@spammerexample.com
...

[1]https://forum.proxmox.com/threads/spam-getting-through.49322/
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!