messages from fake emails
- Thread starter digiweb
- Start date
please share the logs and (if possible) the mail as eml containing all headers (anonymize all data you do not want to share)
else it's difficult to see what could be tweaked.
else it's difficult to see what could be tweaked.
Received: from server.proxmoxgateway.com (localhost.localdomain [127.0.0.1])
by server.proxmoxgateway.com (PROXMOX) with ESMTP id 538F46C15B7
for <admin@alanadim.com>; Wed, 6 Apr 2022 12:16:57 +0300 (+03)
Received: from server.proxmoxgateway.com ([185.42.200.100])
by hostname.alanadim.com with esmtp (Exim 4.95)
(envelope-from <boss@alanadim.com>)
id 1nc1mT-0007C8-Sx
for admin@alanadim.com;
Wed, 06 Apr 2022 12:16:49 +0300
Received: from emailsecuritytester.com (94-237-30-26.de-fra1.upcloud.host [94.237.30.26])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by relay01.libraesva.com (Postfix) with ESMTPS id 36F1E40169
for <admin@alanadim.com>; Wed, 6 Apr 2022 11:10:53 +0200 (CEST)
Received: from relay01.libraesva.com (relay01.libraesva.com [52.142.218.128])
by server.proxmoxgateway.com (PROXMOX) with ESMTP id 0E1446C155D
for <admin@alanadim.com>; Wed, 6 Apr 2022 12:16:52 +0300 (+03)
Received: from hostname.alanadim.com
by hostname.alanadim.com with LMTP
id uFttOIFaTWKxYgAAUKInHw
(envelope-from <boss@alanadim.com>)
for <admin@alanadim.com>; Wed, 06 Apr 2022 12:16:49 +0300
From: "John Doe" <boss@alanadim.com>
To: <admin@alanadim.com>
Subject: [EST] 1. Test Sender spoofing
Date: Wed, 6 Apr 2022 12:10:53 +0300
Message-ID: <4326b92ade6f727abdea13224acbddd9@emailsecuritytester.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_035D_01D849B1.45865460"
X-Mailer: Zimbra 8.8.12_GA_3866
Thread-Index: AQIgjl5sYoB06JwjbQU8U8PyJfpEXg==
X-SPAM-LEVEL: Spam detection results: 0
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
RCVD_IN_DNSWL_HI -5 Sender listed at https://www.dnswl.org/, high trust
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_SOFTFAIL 0.972 SPF: sender does not match SPF record (softfail)
TO_EQ_FM_DOM_HTML_ONLY 1 To domain == From domain and HTML only
T_REMOTE_IMAGE 0.01 Message contains an external image
T_SCC_BODY_TEXT_LINE -0.01 -
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [emailsecuritytester.com,libraesva.com]
X-Envelope-From: <boss@alanadim.com>
by server.proxmoxgateway.com (PROXMOX) with ESMTP id 538F46C15B7
for <admin@alanadim.com>; Wed, 6 Apr 2022 12:16:57 +0300 (+03)
Received: from server.proxmoxgateway.com ([185.42.200.100])
by hostname.alanadim.com with esmtp (Exim 4.95)
(envelope-from <boss@alanadim.com>)
id 1nc1mT-0007C8-Sx
for admin@alanadim.com;
Wed, 06 Apr 2022 12:16:49 +0300
Received: from emailsecuritytester.com (94-237-30-26.de-fra1.upcloud.host [94.237.30.26])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by relay01.libraesva.com (Postfix) with ESMTPS id 36F1E40169
for <admin@alanadim.com>; Wed, 6 Apr 2022 11:10:53 +0200 (CEST)
Received: from relay01.libraesva.com (relay01.libraesva.com [52.142.218.128])
by server.proxmoxgateway.com (PROXMOX) with ESMTP id 0E1446C155D
for <admin@alanadim.com>; Wed, 6 Apr 2022 12:16:52 +0300 (+03)
Received: from hostname.alanadim.com
by hostname.alanadim.com with LMTP
id uFttOIFaTWKxYgAAUKInHw
(envelope-from <boss@alanadim.com>)
for <admin@alanadim.com>; Wed, 06 Apr 2022 12:16:49 +0300
From: "John Doe" <boss@alanadim.com>
To: <admin@alanadim.com>
Subject: [EST] 1. Test Sender spoofing
Date: Wed, 6 Apr 2022 12:10:53 +0300
Message-ID: <4326b92ade6f727abdea13224acbddd9@emailsecuritytester.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_035D_01D849B1.45865460"
X-Mailer: Zimbra 8.8.12_GA_3866
Thread-Index: AQIgjl5sYoB06JwjbQU8U8PyJfpEXg==
X-SPAM-LEVEL: Spam detection results: 0
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
RCVD_IN_DNSWL_HI -5 Sender listed at https://www.dnswl.org/, high trust
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_SOFTFAIL 0.972 SPF: sender does not match SPF record (softfail)
TO_EQ_FM_DOM_HTML_ONLY 1 To domain == From domain and HTML only
T_REMOTE_IMAGE 0.01 Message contains an external image
T_SCC_BODY_TEXT_LINE -0.01 -
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [emailsecuritytester.com,libraesva.com]
X-Envelope-From: <boss@alanadim.com>
The logs from PMG would also be helpful
else:
-> check the getting started page in the wiki - and consider setting up a local DNS server (as linked there):
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
apart from that you could consider setting up a SPF record for your domain with a hard-fail policy - then you can consider simply enabling the use SPF feature (GUI->Configuration->Mail Proxy->Options)
I hope this helps!
else:
-> check the getting started page in the wiki - and consider setting up a local DNS server (as linked there):
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
apart from that you could consider setting up a SPF record for your domain with a hard-fail policy - then you can consider simply enabling the use SPF feature (GUI->Configuration->Mail Proxy->Options)
I hope this helps!