Results 1 to 4 of 4

Thread: how to stop SPAM which having FROM address of my domain

  1. #1
    Join Date
    May 2009
    Location
    INDIA
    Posts
    104
    Rep Power
    6

    Question how to stop SPAM which having FROM address of my domain

    hi friends,
    As per Uxbod suggestion http://www.zimbra.com/forums/adminis...same-user.html

    i have done following...
    su - zimbra
    Create a file under /opt/zimbra/conf called spoofprotection with the following content
    mydomain.com REJECT we never email ourself from outside so go away!
    then Zimbra needs to know to look at it so we need to change /opt/zimbra/conf/postfix_recipient_restrictions.cf and add
    check_sender_access hash:/etc/postfix/spoofprotection
    this need to go after the permit_mynetworks so the file looks like
    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient
    check_sender_access hash:/opt/zimbra/conf/spoofprotection
    %%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%

    postfix reload

    but i am still gettings such SPAM bellow is sample SPAM

    Return-Path: yangonnw24@roviss.com
    Received: from mail.mydomain.com (LHLO
    mail.mydomain.com) (192.168.0.200) by
    mail.mydomain.com with LMTP; Mon, 12 Jul 2010 22:42:45 +0530
    (IST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.mydomain.com (Postfix) with ESMTP id 096C4167800D;
    Mon, 12 Jul 2010 22:42:45 +0530 (IST)
    X-DSPAM-Result: Innocent
    X-DSPAM-Class: Innocent
    X-DSPAM-Confidence: 1.00
    X-DSPAM-Probability: 0.0023
    X-DSPAM-Signature: N/A
    X-Virus-Scanned: amavisd-new at mydomain.com
    X-Spam-Flag: NO
    X-Spam-Score: 1.53
    X-Spam-Level: *
    X-Spam-Status: No, score=1.53 tagged_above=-10 required=6.6
    tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=0.001,
    FORGED_OUTLOOK_TAGS=0.001, HELO_DYNAMIC_IPADDR=2.426,
    HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, DSPAM:Innocent=-1.000]
    autolearn=no
    Received: from mail.mydomain.com ([127.0.0.1])
    by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id WZo0XLfExvUd; Mon, 12 Jul 2010 22:42:43 +0530 (IST)
    Received: from pppoe-188-187-16-198.volgograd.ertelecom.ru (pppoe-188-187-16-198.volgograd.ertelecom.ru [188.187.16.198])
    by mail.mydomain.com (Postfix) with ESMTP id F16F01678003;
    Mon, 12 Jul 2010 22:42:40 +0530 (IST)
    Received: from 188.187.16.198 by roviss.com; Mon, 12 Jul 2010 21:09:39 +0300
    Message-ID: <000d01cb21e5$03790000$6400a8c0@yangonnw24>
    From: "123greetings.com" <maninagar@mydomain.com>
    To: <maninagar@mydomain.com>
    Subject: You have received an Greeting eCard
    Date: Mon, 12 Jul 2010 21:09:39 +0300
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0006_01CB21E5.03790000"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0006_01CB21E5.03790000
    Content-Type: text/plain;
    format=flowed;
    charset="Windows-1252";
    reply-type=original
    Content-Transfer-Encoding: 7bit

    Good day.

    You have received an eCard

    To pick up your eCard, open attached file.

    Your card will be aviailable for pick-up beginning for the next 30 days.
    Please be sure to view your eCard before the days are up!

    We hope you enjoy you eCard.

    Thank You!

    ------=_NextPart_000_0006_01CB21E5.03790000
    Content-Type: text/html;
    name="ecard.html"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="ecard.html"

    How can i stop such SPAM mail?

  2. #2
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    you can do 2 things.
    activate more restrictive dns checks for mail
    second is use dspam

    problem with mroe restricted dns checks is that regular may fail. simply some users will use youtlook with another smtp and simply use their adresses

    dspam on the other hand (besides the poor implementation in zimbra) a very powerful statistical spamfiler. it does not lead wordlist or whitelist (whitelist do not really exist)

    it takes the hole mail, crunsh it to numbers and detect based on some very compley occasions adn statistical data which mail is bad which not.
    it has some automatic whitelist (if a mail is not marked as spam 10 times it getting autowhitelistet) this doenst mean that someone can use an emailadress from the whitelist (in difference to spamassain)

    dspam take the hole mailheader for whitelist comparison. if you havbe 2 email clients with same adress you have to send from both 10 emails in order to be whitelistet

    but more information on the dpsam website. if you going to use it i strongly recommend to check out their documentation or ask on the maillinglist
    because zimbra has it 0 documented and there are a lot of possibilitys you check out first

  3. #3
    Join Date
    May 2009
    Location
    INDIA
    Posts
    104
    Rep Power
    6

    Default

    hi,
    but u can see in my header DSPAM is already enabled.
    X-DSPAM-Result: Innocent
    X-DSPAM-Class: Innocent
    X-DSPAM-Confidence: 1.00
    X-DSPAM-Probability: 0.0023
    X-DSPAM-Signature: N/A

  4. #4
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    oh yes overread it BUT
    what im missing is the token - should be in the message or in the header.
    how many mails do you have trained to dspam and which modes ure using ? (dspam config file might help here too)

    ahh

    dspam log please
    X-DSPAM-Signature: N/A
    show something is wrong - often db corrupt or not connect to the db (dpsam db)
    Last edited by bofh; 07-13-2010 at 05:15 AM.

Similar Threads

  1. Help... my Zimbra is sending SPAM to the world!!!
    By dwidman in forum Administrators
    Replies: 3
    Last Post: 06-22-2010, 12:45 AM
  2. [SOLVED] Local Domain Users emails tagged SPAM
    By owl700 in forum Administrators
    Replies: 6
    Last Post: 04-06-2010, 06:41 AM
  3. Mail getting into spam within the same domain
    By talluricho in forum Administrators
    Replies: 2
    Last Post: 03-26-2010, 06:52 PM
  4. Invert split domain configuration or stop it
    By fmodola in forum Administrators
    Replies: 0
    Last Post: 08-20-2008, 03:44 AM
  5. Replies: 20
    Last Post: 03-18-2008, 06:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •