Results 1 to 7 of 7

Thread: Spam mail

  1. #1
    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    1

    Default Spam mail

    I have installed ZCS mail server in a ubuntu server 12.04.
    I have configured mx, dkim all is ok with godaddy, i can receive mail, the problem is with sending mail: Gmail and hotmail receive ZCS mail as spam mail and i can't send mail to yahoo

    zmcontrol -v: Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition.

    dig mydomain.com mx:
    ; <<>> DiG 9.8.1-P1 <<>> mydomain.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56771
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;mydomain.com. IN MX

    ;; ANSWER SECTION:
    mydomain.com. 0 IN MX 5 infra.mydomain.com.

    ;; ADDITIONAL SECTION:
    infra.mydomain.com. 0 IN A ipadress

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Jan 8 06:17:07 2014
    ;; MSG SIZE rcvd: 80

    dig mydomain any:

    <<>> DiG 9.8.1-P1 <<>> mydomain.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13106
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;mydomain.com. IN ANY

    ;; ANSWER SECTION:
    mydomain.com. 0 IN MX 5 infra.mydomain.com.

    ;; ADDITIONAL SECTION:
    infra.mydomain.com. 0 IN A ipadress

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Jan 8 06:18:42 2014
    ;; MSG SIZE rcvd: 80



    *cat /var/log/mail.log
    mail to yahoo
    Jan 8 06:16:19 infra postfix/smtp[26499]: 260F124168F: to=<wxcvbn@yahoo.fr>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=61675, delays=61674/0.01/0.09/0.23, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from ipadres will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html (in reply to MAIL FROM command))

    mail to hotmail
    Jan 8 06:12:43 infra postfix/smtpd[25488]: NOQUEUE: filter: RCPT from mail-qa0-f51.google.com[209.85.216.51]: <wxcvbn@opuntia360.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<marwen.kachroudi@opuntia360.com> to=<tesaccount@drugstic.com> proto=ESMTP helo=<mail-qa0-f51.google.com>
    Last edited by MKO; 01-15-2014 at 01:49 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by MKO View Post
    I have installed ZCS mail server in a ubuntu server 12.04.
    I have configured mx, dkim all is ok with godaddy, i can receive mail, the problem is with sending mail: Gmail and hotmail receive ZCS mail as spam mail and i can't send mail to yahoo

    zmcontrol -v: Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition.

    gig mydomain.com mx:
    ; <<>> DiG 9.8.1-P1 <<>> mydomain.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56771
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;drugstic.com. IN MX

    ;; ANSWER SECTION:
    drugstic.com. 0 IN MX 5 infra.mydomain.com.

    ;; ADDITIONAL SECTION:
    infra.drugstic.com. 0 IN A ipadress

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Jan 8 06:17:07 2014
    ;; MSG SIZE rcvd: 80

    dig mydomain any:

    <<>> DiG 9.8.1-P1 <<>> mydomain.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13106
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;drugstic.com. IN ANY

    ;; ANSWER SECTION:
    drugstic.com. 0 IN MX 5 infra.mydomain.com.

    ;; ADDITIONAL SECTION:
    infra.drugstic.com. 0 IN A ipadress

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Jan 8 06:18:42 2014
    ;; MSG SIZE rcvd: 80
    The problem with the information you've posted here is it doesn't tell us much because it's incomplete and you've removed important parts of the information (IP addresses). If you want to post the configuration confirmation Split DNS you should post the output of all the commands in the 'Verify ....' section of the Split DNS wiki article and do not change any of the information. You should also put the output of each command in 'code tags' to make it more readable.



    Quote Originally Posted by MKO View Post
    *cat /var/log/mail.log
    mail to yahoo
    Jan 8 06:16:19 infra postfix/smtp[26499]: 260F124168F: to=<mohamed154@yahoo.fr>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=61675, delays=61674/0.01/0.09/0.23, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from ipadres will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html (in reply to MAIL FROM command))

    mail to hotmail
    Jan 8 06:12:43 infra postfix/smtpd[25488]: NOQUEUE: filter: RCPT from mail-qa0-f51.google.com[209.85.216.51]: <marwen.kachroudi@opuntia360.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<marwen.kachroudi@opuntia360.com> to=<tesaccount@drugstic.com> proto=ESMTP helo=<mail-qa0-f51.google.com>
    The next problem is that your DNS information above doesn't relate to the problem mentioned in the error messages. The Yahoo! error page tells you all you need to know and according to them, your server is sending a lot of email (or possibly it looks like a spam source) - you ned to do some research on your server to see if that's true and if it is you need to remedy the problem. Search the forums for details on "compromised account" and follow some of the steps to determine if there is a problem on your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    1

    Default

    thnx BILL

    the problem is compromised account.

    * cat /opt/zimbra/log/mailbox.log | sed -n 's/.*SendMsgRequest.*name=\(.*\)@drugstic.com;mid=.*; ip=\(.*\);ua=.*Adding Message.*/\1,\2/p'

    admin ip
    admin,ip
    admin,ip
    admin,ip
    admin,ip
    admin,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccountip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip
    tesaccount,ip


    what shall i do?
    Last edited by MKO; 01-15-2014 at 01:56 AM.

  4. #4
    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    1

    Default

    Thanks BILL,


    * tail -n 100000 /var/log/mail.log | grep "sasl_username="

    Jan 6 10:17:28 infra postfix/submission/smtpd[28032]: 799C9240A7A: client=chello080109019158.6.14.vie.surfer.at[80.109.19.158], sasl_method=PLAIN, sasl_username=admin
    Jan 6 10:18:19 infra postfix/submission/smtpd[28032]: 425E8240B87: client=chello080109019158.6.14.vie.surfer.at[80.109.19.158], sasl_method=PLAIN, sasl_username=admin
    Jan 6 10:21:13 infra postfix/submission/smtpd[1774]: 0786E240BC4: client=chello080109019158.6.14.vie.surfer.at[80.109.19.158], sasl_method=PLAIN, sasl_username=admin
    Jan 6 11:27:28 infra postfix/submission/smtpd[32142]: 2D439240866: client=chello080109019158.6.14.vie.surfer.at[80.109.19.158], sasl_method=PLAIN, sasl_username=dfg
    Jan 6 11:35:31 infra postfix/submission/smtpd[3352]: 20EF3240A72: client=chello080109019158.6.14.vie.surfer.at[80.109.19.158], sasl_method=PLAIN, sasl_username=df


    I have changed the user password but the situation is the same (I can't send mail to yahoo, gmail and yahoo receive mail as spam )
    Last edited by MKO; 01-15-2014 at 01:56 AM.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by MKO View Post
    I have changed the user password but the situation is the same (I can't send mail to yahoo, gmail and yahoo receive mail as spam )
    That won't change until you get your server removed from any blacklists and after a while you should slo see Yahoo! start to accept mail from your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Jul 2011
    Posts
    24
    Rep Power
    4

    Default

    This may or may not be the issue, but if the IP your mail server is using (the public IP) doesn't have reverse DNS setup properly, Google, Hotmail, and Yahoo will reject your mail. Part of their spam rules are setup to check reverse DNS of your mail server's IP, to make sure it resolves to the fully qualified name of the mail server. You can check this by doing a "ping -a yourmailserverIP" from the command line of a Windows PC. It should resolve to the fully qualified name of your mail server.

    We ran into this issue shortly after installing Zimbra. Some people would get the mail sent from our server, but services like Google, Hotmail, and Yahoo wouldn't. After we setup the reverse DNS address, on the mail server's public IP, the mail was received just fine.

    Sean

  7. #7
    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    1

    Default

    hi BILL,

    thanks for your help. Can you mask private informations(ip, mail adress, domain name).

Similar Threads

  1. Replies: 3
    Last Post: 08-17-2012, 01:01 PM
  2. SPAM mail generated from our mail server
    By selva80 in forum Administrators
    Replies: 0
    Last Post: 06-19-2012, 06:03 AM
  3. Replies: 2
    Last Post: 04-03-2009, 01:20 AM
  4. Replies: 5
    Last Post: 03-04-2009, 11:53 AM
  5. My mail becomes spam
    By danny.sierra@omtech.net in forum Administrators
    Replies: 0
    Last Post: 10-03-2007, 08:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •