Many emails from spameri@tiscali.it.

ArielVF

New Member
Jan 25, 2022
7
1
3
30
Hello,

Lately I'm receive many emails from spameri@tiscali.it. The mails arrive every day at random times.
Is this part of how PMG works or it's something else?
 

Attachments

  • spam.png
    spam.png
    66 KB · Views: 54
I would think you have to ask the sender why they send the mails, not us : )

As you can see on the column at the right, they were rejected by proxmox, so I believe everything is working as intended.
 
I think this is a very aggressive open relay tester. I don't see why they are performing the test so frequently, however. I see this occur almost once an hour.
 
Lately I'm receive many emails from spameri@tiscali.it.

attempt from specifically this address is something I've seen quite many times - but as you said - it's an open relay tester and mails will not get accepted from them (unless the config is really broken and the system is an open relay) - I would consider this just background-noise of the internet and nothing to worry about
 
  • Like
Reactions: kez
I have solved the mystery of spameri{@}tiscali[.]it. It is an SMTP scanner that anyone could be using.

Here are a few examples of it:
https://www.virustotal.com/gui/file/1d0e905d92dce88321b21d7f8b9d7da620abe017839fd7f1378e6705065fd988
https://www.virustotal.com/gui/file/960113f236cb94b6a3414630ed800485642d0d75b46d16579e13c85d0cbedb75
https://www.virustotal.com/gui/file/3b460bef154fe44b055a79893023e9d117befd6c5b070c4417e2696a27a4faee

Here is the scanner running in a sandbox:
https://tria.ge/230304-palqmsea34/behavioral1

https://www.blackhatrussia.com/1215-speed-smtp-scaner-v25-full.html

Screenshot:
1677932502660.png

If you open one of the samples in Binary Ninja (https://binary.ninja/) and search for the email address in strings, you will find where the string is stored and read from.

spameri.png

You can also see where the string is referenced in the assembly code:

1677932954603.png

Finally, here is one location where the string is used as an input parameter for two functions (there are others according to the code references shown above, but this is one example):

1677933025513.png
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!