spam from myself

[erlan]

Greetings.
Spam gets letters from the sender specified by the user himself. The same letters get to the group mail. How to deal with such spam.
thanks for the help

Oct 24 02:45:05 proxmox postfix/smtpd[808748]: warning: hostname 134-249-214-38.broadband.kyivstar.net does not resolve to address 134.249.214.38: Name or service not known
Oct 24 02:45:05 proxmox postfix/smtpd[808748]: comnect from unknown[134.249.214.38]
Oct 24 02:45:07 proxmox postfix/smtpd[808748]: 470FEC1263: client=unknown[134.249.214.38]
Oct 24 02:45:07 proxmox postfix/cleanup[808775]: 470FEC1263: message-id=<6355D1F9.5080205@my@mydomain.com>
Oct 24 02:45:07 proxmox postfix/qmgr[551508]: 470FEC1263: from=<my@mydomain.com>, size=3342, nrcpt=1 (queue active)
Oct 24 02:45:07 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: new mail message-id=<6355D1F9.5080205@my@mydomain.com>#012
Oct 24 02:45:08 proxmox postfix/smtpd[808748]: discomnect from unknown[134.249.214.38] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 24 02:45:10 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: SA score=23/5 time=2.174 bayes=undefined autolearn=no autolearn_force=no hits=BITCOIN_ONAN(1),BITCOIN_SPAM_02(1.978),BITCOIN_SPAM_07(1),HELO_DYNAMIC_IPADDR2(3.888),INVALID_DATE(0.432),KAM_CRIM(8.5),KAM_DMARC_STATUS(0.01),NO_FM_NAME_IP_HOSTN(0.001),PDS_BTC_ID(0.386),RCVD_IN_HOSTKARMA_BL(1.5),RCVD_IN_VALIDITY_RPBL(1.284),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),RDNS_NONE(1.274),SPF_HELO_NONE(0.001),SPF_SOFTFAIL(0.972),TO_EQ_FM_DIRECT_MX(1),TVD_RCVD_IP(0.001)
Oct 24 02:45:10 proxmox postfix/smtpd[808780]: comnect from localhost.localdomain[127.0.0.1]
Oct 24 02:45:10 proxmox postfix/smtpd[808780]: 14B86C1316: client=localhost.localdomain[127.0.0.1], orig_client=unknown[134.249.214.38]
Oct 24 02:45:10 proxmox postfix/cleanup[808775]: 14B86C1316: message-id=<6355D1F9.5080205@my@mydomain.com>
Oct 24 02:45:10 proxmox postfix/qmgr[551508]: 14B86C1316: from=<my@mydomain.com>, size=4875, nrcpt=1 (queue active)
Oct 24 02:45:10 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: accept mail to <my@mydomain.com> (14B86C1316) (rule: Whitelist)
Oct 24 02:45:10 proxmox postfix/smtpd[808780]: discomnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 24 02:45:10 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: processing time: 2.248 secomds (2.174, 0.038, 0)
Oct 24 02:45:10 proxmox postfix/lmtp[808776]: 470FEC1263: to=<my@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=0.52/0.03/0/2.3, dsn=2.5.0, status=sent (250 2.5.0 OK (C12706355A7D3CCECC))
Oct 24 02:45:10 proxmox postfix/qmgr[551508]: 470FEC1263: removed
Oct 24 02:45:10 proxmox postfix/smtp[808781]: 14B86C1316: to=<my@mydomain.com>, relay=10.15.11.4[10.15.11.4]:25, delay=0.2, delays=0/0.02/0.15/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 44BC782106E)
Oct 24 02:45:10 proxmox postfix/qmgr[551508]: 14B86C1316: removed

 

[dcsapak]

Oct 24 02:45:10 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: SA score=23/5 time=2.174 bayes=undefined autolearn=no autolearn_force=no hits=BITCOIN_ONAN(1),BITCOIN_SPAM_02(1.978),BITCOIN_SPAM_07(1),HELO_DYNAMIC_IPADDR2(3.888),INVALID_DATE(0.432),KAM_CRIM(8.5),KAM_DMARC_STATUS(0.01),NO_FM_NAME_IP_HOSTN(0.001),PDS_BTC_ID(0.386),RCVD_IN_HOSTKARMA_BL(1.5),RCVD_IN_VALIDITY_RPBL(1.284),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),RDNS_NONE(1.274),SPF_HELO_NONE(0.001),SPF_SOFTFAIL(0.972),TO_EQ_FM_DIRECT_MX(1),TVD_RCVD_IP(0.001)

Oct 24 02:45:10 proxmox pmg-smtp-filter[808307]: C12706355A7D3CCECC: accept mail to <my@mydomain.com> (14B86C1316) (rule: Whitelist)

it would be marked as spam (23! points) but it matches something on the whitelist. i'd properly check if all the entries on the 'Whitelist' rule are good and necessary

 

[erlan]

Thank you, I removed my own domain from the list.
How to block such a letter. Sent test from https://emkei.cz/

Oct 28 11:22:39 proxmox postfix/smtpd[20905]: connect from emkei.cz[89.187.129.27]
Oct 28 11:22:40 proxmox postfix/smtpd[20905]: 568E6C1271: client=emkei.cz[89.187.129.27]
Oct 28 11:22:40 proxmox postfix/cleanup[21866]: 568E6C1271: message-id=<20221028052238.5ED205A000E@emkei.cz>
Oct 28 11:22:40 proxmox postfix/qmgr[843]: 568E6C1271: from=<999@mydomain.com>, size=836, nrcpt=1 (queue active)
Oct 28 11:22:40 proxmox postfix/smtpd[20905]: disconnect from emkei.cz[89.187.129.27] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Oct 28 11:22:40 proxmox pmg-smtp-filter[21558]: C1274635B6720903EA: new mail message-id=<20221028052238.5ED205A000E@emkei.cz>#012
Oct 28 11:22:40 proxmox postfix/smtpd[21872]: connect from localhost.localdomain[127.0.0.1]
Oct 28 11:22:40 proxmox postfix/smtpd[21872]: 9FAD9C12E0: client=localhost.localdomain[127.0.0.1], orig_client=emkei.cz[89.187.129.27]
Oct 28 11:22:40 proxmox postfix/cleanup[21866]: 9FAD9C12E0: message-id=<20221028052238.5ED205A000E@emkei.cz>
Oct 28 11:22:40 proxmox postfix/qmgr[843]: 9FAD9C12E0: from=<999@mydomain.com>, size=1052, nrcpt=1 (queue active)
Oct 28 11:22:40 proxmox postfix/smtpd[21872]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 28 11:22:40 proxmox pmg-smtp-filter[21558]: C1274635B6720903EA: accept mail to <999@mydomain.com> (9FAD9C12E0) (rule: default-accept)
Oct 28 11:22:40 proxmox pmg-smtp-filter[21558]: C1274635B6720903EA: processing time: 0.067 seconds (0, 0.036, 0)
Oct 28 11:22:40 proxmox postfix/lmtp[21867]: 568E6C1271: to=<999@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.44, delays=0.24/0.03/0.09/0.07, dsn=2.5.0, status=sent (250 2.5.0 OK (C1274635B6720903EA))
Oct 28 11:22:40 proxmox postfix/qmgr[843]: 568E6C1271: removed
Oct 28 11:22:40 proxmox postfix/smtp[21659]: 9FAD9C12E0: to=<999@mydomain.com>, relay=1111[1111]:25, delay=0.18, delays=0/0/0.15/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C92C68858A7)
Oct 28 11:22:40 proxmox postfix/qmgr[843]: 9FAD9C12E0: removed

 

[dcsapak]

what exactly is the question? seems like a normal mail?
how does your rule system look like?

 

[erlan]

Letter received from myself. The answer is also from myself.
The set of rules is standard, spf, dkim entries are configured.