Spam used our domain send email to our domain.

P

phalla

New Member
Proxmox Subscriber
May 22, 2020
25
0
1
32
Dear Support,

We have a problem with email spam send email using my domain name send email to my domain name.
Example: spam used spam@mydomain.com send email to myemail@mydomain.com, but when I check log message source IP address from 176.123.5.101.It is not my network.


Sender spam@mydomain.com To myemail@mydomain.com
Dec 15 17:34:48spa02 postfix/smtpd[21469]: connect from mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:49 spa02 postfix/smtpd[21469]: Anonymous TLS connection established from mta5.iifrc.xyz[176.123.5.101]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 15 17:34:50spa02 postfix/smtpd[21469]: 5C665142EB5: client=mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:50 spa02 postfix/cleanup[21444]: 5C665142EB5: message-id=<20201215023446.7AD5C062FC355524@mydomain.com>
Dec 15 17:34:50 spa02 postfix/qmgr[8691]: 5C665142EB5: from=<spam@mydomain.com>, size=11727, nrcpt=1 (queue active)
Dec 15 17:34:50 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: new mail message-id=<20201215023446.7AD5C062FC355524@mydomain.com>#012
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: connect from localhost.localdomain[127.0.0.1]
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: 0273A142EB8: client=localhost.localdomain[127.0.0.1], orig_client=mta5.iifrc.xyz[176.123.5.101]
Dec 15 17:34:51 spa02 postfix/cleanup[21429]: 0273A142EB8: message-id=<20201215023446.7AD5C062FC355524@mydomain.com>
Dec 15 17:34:51 spa02 postfix/qmgr[8691]: 0273A142EB8: from=<spam@mydomain.com>, size=11955, nrcpt=1 (queue active)
Dec 15 17:34:51 spa02 postfix/smtpd[21434]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Dec 15 17:34:51 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: accept mail to <myemail@mydomain.com> (0273A142EB8) (rule: default-accept)
Dec 15 17:34:51 spa02 pmg-smtp-filter[21461]: 142EB75FD8914AECEEA: processing time: 0.068 seconds (0, 0.026, 0)
Dec 15 17:34:51 spa02 postfix/lmtp[21445]: 5C665142EB5: to=<myemail@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.96, delays=0.86/0/0/0.1, dsn=2.5.0, status=sent (250 2.5.0 OK (142EB75FD8914AECEEA))

Do you have any solution to resolve this problem?

Warm Regards,
Phalla
 
Last edited:
hi,

i guess you meant to post this to the mail gateway forum so i'll move this there.

* you should check if your smtp server is configured as an open relay.

* do you have spf enabled?

you can use https://mxtoolbox.com/emailhealth/ to check your domain
 
Thanks for your support.

Received: from TVC-MAIL01.xxx.local (xxx.4) by
TVC-MAIL01.xxx.local ( xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3
via Mailbox Transport; Tue, 15 Dec 2020 14:03:58 +0700
Received: from TVC-MAIL01.xxx.local (xxx.4) by
TVC-MAIL01.xxx.local (xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.1466.3; Tue, 15 Dec 2020 14:03:57 +0700
Received: from tvc-spa02.xxx.com (xx.63.1) by
TVC-MAIL01.xxx.local (1xxx.4) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3
via Frontend Transport; Tue, 15 Dec 2020 14:03:57 +0700
Received: from tvc-spa02.xxx.com (localhost.localdomain [127.0.0.1])
by tvc-spa02.xxx.com (Proxmox) with ESMTP id 0BCEE142D6C
for <tech.support@xxx.com>; Tue, 15 Dec 2020 14:03:57 +0700 (+07)
Received: from mta6.iifrc.xyz (mta6.iifrc.xyz [176.123.5.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by tvc-spa02.xxx.com (Proxmox) with ESMTPS id 5ADA1142D69
for <tech.support@xxx.com>; Tue, 15 Dec 2020 14:03:56 +0700 (+07)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mailer; d=xxx.com;
h=From:To:SubjectDate:Message-ID:MIME-Version:Content-Type:
Content-Transfer-Encoding; i=soport@xxx.com;
bh=iLa6INC+ss/+jNCCfvuM1J5/7BkMeap24eCbjtc3GMM=;
b=LxUvhinafmLWdBeFe+iRfkQ5MuLnhWagVXzm1TIGlc6jAv33j5VfdAb0okZR11mtRHkqSOJGj1cj
ksgtfoek1IJI53uBG9V0yX4SFTr4dngvoNikIjzJkC+zHy3v0gSYaz8SNkd2GNWcJoI1juEPPuJ8
f3qG9mKCO1+kndvi18PRumw6UyNAjq7C544ts8UekniRlxGAIQsxzcCUFrmdgTzG4cqd9CX4W57i
jNGfyITlY2MULgMuj+y2Nib80F/dsDPLz5RVDBgOn19MYBHex7QYUAh1RwbuTSuV/UfoRJnUBtAu
72ZSND/khtgULZ/EQIqvIPcSod1dZ/KaR0kjxg==
From: Server team <soport@xxx.com>
To: tech.support@xxx.com
Subject: Update Inbox Office tech.support@xxx.com
Date: 14 Dec 2020 23:03:50 -0800
Message-ID: <20201214230350.CBFA1DDCDB1D4771@xxx.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL:
Return-Path: soport@xxx.com
X-MS-Exchange-Organization-Network-Message-Id: 735a266a-9fa1-4ee8-8514-08d8a0c79767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource:TVC-MAIL01.xxx.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.5720830
X-MS-Exchange-Processed-By-BccFoldering: 15.01.1466.003

Please help to check it, I edited ip and domain.

Warm Regards,
Phalla
 

Attachments

  • spam mail.png
    spam mail.png
    54.4 KB · Views: 14
Last edited:
Do you enable SPF checking on your PMG? SPF checking should help to eliminate email spoofing/masquerading from others network not in your domain SPF record.
 
You must log in or register to reply here.
Top Bottom