Clients receiving spam from themselves, but not being sent from server?
Hi,
I am currently experiencing an issue where users are receiving SPAM from themselves. Could you kindly assist? I have root access (cloud server).
-
Hello, Could you provide an example from /var/log/exim_mainlog when this happens? EX: exigrep MSGID /var/log/exim_mainlog
Replace "MSGID" with the message ID listed in the headers of one of the messages. Thank you.0 -
Hello, Could you provide an example from /var/log/exim_mainlog when this happens? EX:
exigrep MSGID /var/log/exim_mainlog
Replace "MSGID" with the message ID listed in the headers of one of the messages. Thank you.
2016-10-02 18:39:101bqjn0-000DNS-6b H=([210.56.17.83]) [210.56.17.83]:24920 Warning: "SpamAssassin as wwwgreenqco detected message as spam (27.6)" 2016-10-02 18:39:10 1bqjn0-000DNS-6b <= maflores@example.com.mx H=([210.56.1 7.83]) [210.56.17.83]:24920 P=esmtp S=4526 id=F66DE9AAA4722EE77CF8BBB5633FF66D@7 R1JPD77R T="From International Company" for info@domain.co.za 2016-10-02 18:39:10 1bqjn0-000DNS-6b => info R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 kAjXKi448Vf2yAAAHoDy TA Saved" 2016-10-02 18:39:10 1bqjn0-000DNS-6b Completed
0 -
bqjn0-000DNS-6b H=([210.56.17.83]) [210.56.17.83]:24920 Warning: "SpamAssassin as wwwgreenqco detected message as spam (27.6)"
This suggests SpamAssassin is accurately detecting the spoofed message as SPAM. Emails with spoofed "FROM" addresses are common SPAM techniques, but you can safely ignore this when SpamAssassin correctly blocks the message. In cPanel version 58, SPF checking is automatically enabled through SpamAssassin to help prevent these types of emails. Thank you.0 -
SPF checking will only work if you have an SPF in the domains DNS. I would advise you to use a DKIM as well. You need to go to Cpanel > EMAIL > Authentication and make sure these are added. If you use an external DNS service, rather than your server own PowerDNS service then you will have to copy the SPF the DKIM if your data over. 0
Please sign in to leave a comment.
Comments
4 comments