help: blok email spoofing

ilyasjaelani

• September 02, 2020 10:49

hi guys, I have an issue regarding spam email, how do I clean it up? i have setup valid spf dkim record following my header mail Return-Path: Delivered-To: dede.supryadi@mydomain.co.id Received: from mail.mydomain.co.id by mail.mydomain.co.id with LMTP id kPoYJcitT1/kcAAAGfME0w for ; Wed, 02 Sep 2020 21:35:52 +0700 Return-path: Envelope-to: dede.supryadi@mydomain.co.id Delivery-date: Wed, 02 Sep 2020 21:35:52 +0700 Received: from vps21212.inmotionhosting.com ([144.208.64.39]:53114) by mail.mydomain.co.id with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1kDTra-0007Jg-NR for dede.supryadi@mydomain.co.id; Wed, 02 Sep 2020 21:35:52 +0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=noedj.com; s=default; h=Content-Type:MIME-Version:Subject:To:From:Date:Sender:Reply-To: Message-ID:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=QzxSmAyDAciosMA+vXQRvtKSFZCr9IgiRKfc8rFolF4=; b=o0VloUz1gIW/0EchOEdnHUI4NQ dtgC9fev8P9RO4BU28agyZHJdiJTYuw1nxMKTMsmiW+pL66ld5aazSDHQmnB4XhuYst4j55Lz+bdQ iUJkfcTlgYvc2m00Hl3PLb0gKzjlvY4051XVU8qp4OjKoXFwkzpJhgkI0iGFGlzEj20k=; Received: from [124.105.17.167] (port=64714) by vps21212.inmotionhosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1kDKQj-0007SN-In for dede.supryadi@mydomain.co.id; Wed, 02 Sep 2020 00:31:31 -0400 Date: Wed, 02 Sep 2020 12:31:31 +0800 From: "AGUS PRIANTO" To: "'Dede Supryadi'" Subject: NEW ITEM KI MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--95111654215894850717321238009256" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps21212.inmotionhosting.com X-AntiAbuse: Original Domain - mydomain.co.id X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - noedj.com X-Get-Message-Sender-Via: vps21212.inmotionhosting.com: authenticated_id: info@noedj.com X-Authenticated-Sender: vps21212.inmotionhosting.com: info@noedj.com ----95111654215894850717321238009256 Content-Type: multipart/related; boundary="--62240308402477013691979561238713794" ----62240308402477013691979561238713794 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
And following from exim log [root@mail ~]# exigrep 1kDTra-0007Jg-NR /var/log/exim_mainlog 2020-09-02 21:35:52 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1kDTra-0007Jg-NR 2020-09-02 21:35:52 1kDTra-0007Jg-NR H=vps21212.inmotionhosting.com [144.208.64.39]:53114 Warning: Message has been scanned: no virus or other harmful content was found 2020-09-02 21:35:52 1kDTra-0007Jg-NR <= info@noedj.com H=vps21212.inmotionhosting.com [144.208.64.39]:53114 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=251268 T="NEW ITEM KI" for dede.supryadi@mydomain.co.id 2020-09-02 21:35:52 1kDTra-0007Jg-NR => dede.supryadi R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 kPoYJcitT1/kcAAAGfME0w Saved" 2020-09-02 21:35:52 1kDTra-0007Jg-NR Completed

• 

  cPanelLauren

  • September 04, 2020 21:10

  Are you using SpamAssassin to filter inbound mail? You can set it up at cPanel>>email>>Spam Filters which would be a good start as it performs SPF validation.

  0
• 

  ilyasjaelani

  • September 08, 2020 10:48

  thank you for the response, I've made some changes to the exim configuration, and so far there are no more spam :)

  0

Please sign in to leave a comment.