• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SPAM from internal e-mail

F

FirstPoint

Basic Pleskian
Hello.

We have the following problem:
Domain abc.com is hosted on our server, it has a hosted e-mail [email protected]. This e-mail adress keeps getting SPAM messages from an address [email protected] (where srv2.xyz.com is our server FQDN).
What we understood by reading the headers (posted below) is that someone is sending an e-mail to [email protected]. This e-mail adress, as configured in Plesk, redirects e-mails to [email protected]. But we don't understand how someone managed to send an e-mail from an unexistent [email protected] to it. Can you help us ?

Here are the headers:

DomainKey-Status: no signature
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: by srv2.xyz.com (Postfix, from userid 30)
id CD4A2430017F; Tue, 14 Apr 2015 23:50:58 +0200 (CEST)
DomainKey-Status: bad format
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from 188.165.248.5 (unknown [60.169.75.45])
by srv2.xyz.com (Postfix) with SMTP id 7AA5D430017B
for <support@âbc.com>; Tue, 14 Apr 2015 23:50:55 +0200 (CEST)
X-Message-Info: 7wPTdI64Kxmhkf8yMbP7QD3jIkfijS63
Received: from dns5scapular.com ([151.84.110.111]) by nd1-w7.hotmail.com with
Microsoft SMTPSVC(5.0.2195.6824); Wed, 15 Apr 2015 02:42:58 +0400
Received: from archbishopcrinkle.com [127.0.0.1] by dns4exquisite.com
(SMTPD32-7.12 ) id PB071861W2; Tue, 14 Apr 2015 16:49:58 -0600
Subject: I love that I can now fit in to my old clothes!
From: Anibal@srv2.xyz.com, [email protected]yz.com
To: support@abc.com
Message-Id: <[email protected]>
Content-Type: multipart/alternative;
boundary="--26043614405046902846"
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: abc.com
Date: Tue, 14 Apr 2015 23:50:58 +0200 (CEST)
X-Antivirus: avast! (VPS 150414-0, 14.04.2015), Inbound message
X-Antivirus-Status: Clean
----26043614405046902846
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
This is the most effective weight loss treatment! You may need the information!
This is the new way to shape your body.
We are the biggest shop in the net!
http://x.co/8rnAW
----26043614405046902846--
[/qupte]
Click to expand...
 
Hi FirstPoint,

I suppose, that your public key is used to authenticate the smtp - user ( Anonymous ) over TLS and you didn't restrict thsi in postfix ( main.cf ) - in basic, you allow TLS and/or SASL authentification for the user "anonymous", if authentification over the standard public key is used, without using "username" and "password". Please have a look at your eMail - logs and watchout for the user "Anonymous".
 
You must log in or register to reply here.

Similar threads

D
Issue No email dispatch
Replies
2
Views
855
dicker
D
K
Question Spam???
Replies
1
Views
175
Peter Debik
P
L
Resolved Mails marked as Spam
Replies
6
Views
1K
tramvainqueur
tramvainqueur
L
Issue Spam-/Mailproblems
Replies
1
Views
423
Peter Debik
P
M
Issue I am not receiving emails from 1 domain
Replies
4
Views
825
MarcelFoto
M
Back
Top