Results 1 to 7 of 7

Thread: How to stop Getting SPAM mail from my own domain.

  1. #1
    Join Date
    May 2009
    Location
    INDIA
    Posts
    104
    Rep Power
    6

    Exclamation How to stop Getting SPAM mail from my own domain.

    Hi, my zimbra support only authenticated local users to send mail to my local users and also external users(yahoo, hotmail etc).I mean username and password both must need to send mail from my local users to my localusers or exteranl user... but since last 3-4 days i am getting spam mail from somewhere...as a sender of my own localuser...so what is the wrong and how can i stop it...
    bellow is sample spam mail that i am geeting...

    Return-Path: nahuatl0@raytek.com
    Received: from mail.mydomain.com (LHLO
    mail.mydomain.com) (192.168.0.200) by
    mail.mydomain.com with LMTP; Tue, 29 Jun 2010 13:05:21 +0530
    (IST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.mydomain.com (Postfix) with ESMTP id C400F1679BD3;
    Tue, 29 Jun 2010 13:05:21 +0530 (IST)
    X-Virus-Scanned: amavisd-new at mydomain.com
    X-Spam-Flag: NO
    X-Spam-Score: 5.037
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.037 tagged_above=-10 required=6.6 tests=[AWL=1.575,
    BAYES_60=1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
    RCVD_IN_PBL=0.905, RDNS_NONE=0.1] autolearn=no
    Received: from mail.mydomain.com ([127.0.0.1])
    by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id hLY6Vw55zqGO; Tue, 29 Jun 2010 13:05:20 +0530 (IST)
    Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114])
    by mail.mydomain.com (Postfix) with ESMTP id 2D5FD167801D;
    Tue, 29 Jun 2010 13:05:19 +0530 (IST)
    Received: from 109.201.74.114 (port=4853 helo=[blackedition])
    by mail.global.frontbridge.com with asmtp
    id 2378F6-0007D7-79
    for maninagar@mydomain.com; Tue, 29 Jun 2010 11:33:32 +0300
    Message-ID: <83DD52B1.2197739@raytek.com>
    Date: Tue, 29 Jun 2010 11:33:32 +0300
    From: "mydomain.com" <support@mydomain.com>
    MIME-Version: 1.0
    To: maninagar@mydomain.com
    Subject: Please confirm your email to
    Content-Disposition: inline
    Content-Transfer-Encoding: binary
    Content-Type: text/html; charset=iso-8859-1
    X-Spam: Not detected
    X-Mras: OK



    <html>
    <head>
    <title>mydomain.com letter</title>
    </head>
    REFERENCE: Your Email to . <br> <br>

    You recently sent email to a mailbox that requires authentication of the sender to reduce spam. Before your message can be delivered you must confirm that you are the sender by clicking on the link below and then clicking on the "Deliver" button that will be displayed. Once you have completed this step, no further authorization will be required for future emails that you send to this address. <br> <br>

    <a href="http://www.bims.web.tr/index2.html">Please confirm your email by visiting the URL</a> <br> <br>

    Thank you for your cooperation in helping us to fight spam. <br> <br>

    Regards,<br>
    mydomain.com Account Services<br>
    -------------------------<br>

    </body>
    </html>

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Search the forums for some details on anti-spam techniques (NDR, Backscatter, Sane Security etc., etc.) and read this article: Improving Anti-spam system - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    May 2009
    Location
    INDIA
    Posts
    104
    Rep Power
    6

    Default

    hi i just come to know that this mail is not generated from my mail-server but my mail-server just received it only. using site like ANONYMAILER | Email with no password any one can do such spaming. Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114]) is showing that mail come from that server not from my server.... so how can i stop by receiving mail whose sender and receiver are my local users and they are not generated from my mail-server ?

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by sadiq007 View Post
    hi i just come to know that this mail is not generated from my mail-server but my mail-server just received it only. using site like ANONYMAILER | Email with no password any one can do such spaming.
    That's how spamming works.

    Quote Originally Posted by sadiq007 View Post
    Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114]) is showing that mail come from that server not from my server.... so how can i stop by receiving mail whose sender and receiver are my local users and they are not generated from my mail-server ?
    You can follow the suggestions in my previous post.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    May 2009
    Location
    INDIA
    Posts
    104
    Rep Power
    6

    Default

    hey Bill, dont be laughing dear, just tell me more in details

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by sadiq007 View Post
    hey Bill, dont be laughing dear, just tell me more in details
    I'm not laughing and I've already told you what to do, read the article I've pointed you to and search the forums for the terms I've listed.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    Quote Originally Posted by sadiq007 View Post
    Hi, my zimbra support only authenticated local users to send mail to my local users and also external users(yahoo, hotmail etc).I mean username and password both must need to send mail from my local users to my localusers or exteranl user... but since last 3-4 days i am getting spam mail from somewhere...as a sender of my own localuser...so what is the wrong and how can i stop it...
    bellow is sample spam mail that i am geeting...

    Return-Path: nahuatl0@raytek.com
    Received: from mail.mydomain.com (LHLO
    mail.mydomain.com) (192.168.0.200) by
    mail.mydomain.com with LMTP; Tue, 29 Jun 2010 13:05:21 +0530
    (IST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.mydomain.com (Postfix) with ESMTP id C400F1679BD3;
    Tue, 29 Jun 2010 13:05:21 +0530 (IST)
    X-Virus-Scanned: amavisd-new at mydomain.com
    X-Spam-Flag: NO
    X-Spam-Score: 5.037
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.037 tagged_above=-10 required=6.6 tests=[AWL=1.575,
    BAYES_60=1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
    RCVD_IN_PBL=0.905, RDNS_NONE=0.1] autolearn=no
    Received: from mail.mydomain.com ([127.0.0.1])
    by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id hLY6Vw55zqGO; Tue, 29 Jun 2010 13:05:20 +0530 (IST)
    Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114])
    by mail.mydomain.com (Postfix) with ESMTP id 2D5FD167801D;
    Tue, 29 Jun 2010 13:05:19 +0530 (IST)
    Received: from 109.201.74.114 (port=4853 helo=[blackedition])
    by mail.global.frontbridge.com with asmtp
    id 2378F6-0007D7-79
    for maninagar@mydomain.com; Tue, 29 Jun 2010 11:33:32 +0300
    Message-ID: <83DD52B1.2197739@raytek.com>
    Date: Tue, 29 Jun 2010 11:33:32 +0300
    From: "mydomain.com" <support@mydomain.com>
    MIME-Version: 1.0
    To: maninagar@mydomain.com
    Subject: Please confirm your email to
    Content-Disposition: inline
    Content-Transfer-Encoding: binary
    Content-Type: text/html; charset=iso-8859-1
    X-Spam: Not detected
    X-Mras: OK
    I had this problem like a month and a half ago and i had some help from this forum (thanks again guys) by adding a script that give a high score to the email that comes with different from/ return path...(witch is spam 99% of time) and a even higher score if it comes from and adresse with your domain

    its work very good here is my tread

    http://www.zimbra.com/forums/adminis...tml#post183085

Similar Threads

  1. [SOLVED] Zimbra OSS 6.04 will not start
    By powrrrplay in forum Installation
    Replies: 6
    Last Post: 01-25-2010, 07:15 PM
  2. Replies: 5
    Last Post: 03-04-2009, 11:53 AM
  3. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  4. fatal: Queue report unavailable - mail system is down
    By zzzzsg in forum Administrators
    Replies: 16
    Last Post: 08-24-2006, 03:31 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •