Spam used our domain send email to our domain.

P

phalla

New Member
Proxmox Subscriber
May 22, 2020
25
0
1
31
Dear Support,

We have a problem with email spam send email using my domain name send email to my domain name.
Example: spam used spam@mydomain.com send email to myemail@mydomain.com, but when I check log message source IP address from 176.123.5.101.It is not my network.


Sender spam@mydomain.com To myemail@mydomain.com
Dec 15 17:34:48spa02 postfix/smtpd[21469]: connect from mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:49 spa02 postfix/smtpd[21469]: Anonymous TLS connection established from mta5.iifrc.xyz[176.123.5.101]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 15 17:34:50spa02 postfix/smtpd[21469]: 5C665142EB5: client=mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:50 spa02 postfix/cleanup[21444]: 5C665142EB5: message-id=<20201215023446.7AD5C062FC355524@mydomain.com>
Dec 15 17:34:50 spa02 postfix/qmgr[8691]: 5C665142EB5: from=<spam@mydomain.com>, size=11727, nrcpt=1 (queue active)
Dec 15 17:34:50 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: new mail message-id=<20201215023446.7AD5C062FC355524@mydomain.com>#012
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: connect from localhost.localdomain[127.0.0.1]
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: 0273A142EB8: client=localhost.localdomain[127.0.0.1], orig_client=mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:51 spa02 postfix/cleanup[21429]: 0273A142EB8: message-id=<20201215023446.7AD5C062FC355524@mydomain.com>
Dec 15 17:34:51 spa02 postfix/qmgr[8691]: 0273A142EB8: from=<spam@mydomain.com>, size=11955, nrcpt=1 (queue active)
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Dec 15 17:34:51 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: accept mail to <myemail@mydomain.com> (0273A142EB8) (rule: default-accept)
Dec 15 17:34:51 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: processing time: 0.068 seconds (0, 0.026, 0)
Dec 15 17:34:51 spa02 postfix/lmtp[21445]: 5C665142EB5: to=<myemail@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.96, delays=0.86/0/0/0.1, dsn=2.5.0, status=sent (250 2.5.0 OK (142EB75FD8914AECEEA))

Do you have any solution to resolve this problem?

Warm Regards,
Phalla
 
Last edited:
hi,

i guess you meant to post this to the mail gateway forum so i'll move this there.

* you should check if your smtp server is configured as an open relay.

* do you have spf enabled?

you can use https://mxtoolbox.com/emailhealth/ to check your domain
 
It could be email spoofing/masquerading.
Pls show the email raw format headers.
 
Thanks for your support.

Received: from TVC-MAIL01.xxx.local (xxx.4) by
TVC-MAIL01.xxx.local ( xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3
via Mailbox Transport; Tue, 15 Dec 2020 14:03:58 +0700
Received: from TVC-MAIL01.xxx.local (xxx.4) by
TVC-MAIL01.xxx.local (xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.1466.3; Tue, 15 Dec 2020 14:03:57 +0700
Received: from tvc-spa02.xxx.com (xx.63.1) by
TVC-MAIL01.xxx.local (1xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3
via Frontend Transport; Tue, 15 Dec 2020 14:03:57 +0700
Received: from tvc-spa02.xxx.com (localhost.localdomain [127.0.0.1])
by tvc-spa02.xxx.com (Proxmox) with ESMTP id 0BCEE142D6C
for <tech.support@xxx.com>; Tue, 15 Dec 2020 14:03:57 +0700 (+07)
Received: from mta6.iifrc.xyz (mta6.iifrc.xyz [176.123.5.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by tvc-spa02.xxx.com (Proxmox) with ESMTPS id 5ADA1142D69
for <tech.support@xxx.com>; Tue, 15 Dec 2020 14:03:56 +0700 (+07)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mailer; d=xxx.com;
h=From:To:SubjectDate:Message-ID:MIME-Version:Content-Type:
Content-Transfer-Encoding; i=soport@xxx.com;
bh=iLa6INC+ss/+jNCCfvuM1J5/7BkMeap24eCbjtc3GMM=;
b=LxUvhinafmLWdBeFe+iRfkQ5MuLnhWagVXzm1TIGlc6jAv33j5VfdAb0okZR11mtRHkqSOJGj1cj
ksgtfoek1IJI53uBG9V0yX4SFTr4dngvoNikIjzJkC+zHy3v0gSYaz8SNkd2GNWcJoI1juEPPuJ8
f3qG9mKCO1+kndvi18PRumw6UyNAjq7C544ts8UekniRlxGAIQsxzcCUFrmdgTzG4cqd9CX4W57i
jNGfyITlY2MULgMuj+y2Nib80F/dsDPLz5RVDBgOn19MYBHex7QYUAh1RwbuTSuV/UfoRJnUBtAu
72ZSND/khtgULZ/EQIqvIPcSod1dZ/KaR0kjxg==
From: Server team <soport@xxx.com>
To: tech.support@xxx.com
Subject: Update Inbox Office tech.support@xxx.com
Date: 14 Dec 2020 23:03:50 -0800
Message-ID: <20201214230350.CBFA1DDCDB1D4771@xxx.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL:
Return-Path: soport@xxx.com
X-MS-Exchange-Organization-Network-Message-Id: 735a266a-9fa1-4ee8-8514-08d8a0c79767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource:TVC-MAIL01.xxx.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.5720830
X-MS-Exchange-Processed-By-BccFoldering: 15.01.1466.003

Please help to check it, I edited ip and domain.

Warm Regards,
Phalla
 

Attachments

  • spam mail.png
    spam mail.png
    54.4 KB · Views: 14
Last edited:
Do you enable SPF checking on your PMG? SPF checking should help to eliminate email spoofing/masquerading from others network not in your domain SPF record.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom