1

Topic: Spam prevention knowledge questions

- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 14
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

I use your system for years, but spam is something i would like to avoid.

My questions:
(1) nshzfsi@cgv.org  —> this came in Inbox.  (But this address does not exist)  -> does not greylisting rule these mails out ?

(2) Received: from example.com (mail.example.com [127.0.0.1])  —> is this normal that localhost or 127 ip address is there ?

(3) Received from where does this come from ? is this normal ?

Received: from vps10228.com (unknown [180.124.186.44]) by mx.example.com (Postfix) with SMTP id 25FD840E74C for <info@CLIENTDOMAIN.COM>; Tue, 24 Apr 2018 10:24:04 +0200 (CEST)
Received: from kicicich (unknown [16.105.101.23]) by vps10228.com (Postfix) with ESMTP id 000014EF3C8 for <info@CLIENTDOMAIN.COM>; Tue, 24 Apr 2018 08:26:01 -0000

(4) yichipei77610@126.com   —> this address is not verifiable -> do you allow or block that ?

(5) My client has spam score of 2.0 how can i improve more, so that she receives less spam ?
(knowing that the default is 6)

(6) Do i need to look for external spam block solutions or can you help me out ?

header part

Return-Path: <nshzfsi@cgv.org>
Delivered-To: info@CLIENTDOMAIN.COM
Received: from example.com (mail.example.com [127.0.0.1])
    by mx.example.com (Postfix) with ESMTP id 6EB9F40E74A
    for <info@CLIENTDOMAIN.COM>; Tue, 24 Apr 2018 10:24:09 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at example.com
Received: from mx.example.com ([127.0.0.1])
    by example.com (example.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id M26aCOd_idtn for <info@CLIENTDOMAIN.COM>;
    Tue, 24 Apr 2018 10:24:08 +0200 (CEST)
Received: from vps10228.com (unknown [180.124.186.44])
    by mx.example.com (Postfix) with SMTP id 25FD840E74C
    for <info@CLIENTDOMAIN.COM>; Tue, 24 Apr 2018 10:24:04 +0200 (CEST)
Received: from kicicich (unknown [16.105.101.23])
    by vps10228.com (Postfix) with ESMTP id 000014EF3C8
    for <info@CLIENTDOMAIN.COM>; Tue, 24 Apr 2018 08:26:01 -0000
Date: Tue, 24 Apr 2018 16:26:00 +0800
From: "Hedy" <nshzfsi@cgv.org>
To: "info" <info@CLIENTDOMAIN.COM>
Reply-To: <yichipei77610@126.com>
Subject: =?GB2312?B?UmU6IE1ha2V1cCBDYXNlIGNvb3BlcmF0aW9uIHdpdGggTU9OREEgU1RVRElP?=
X-Mailer: Foxmail 5.0 [cn]
Mime-Version: 1.0
Content-Type: text/plain;
    charset="GB2312"
Content-Transfer-Encoding: base64
Content-Disposition: inline
Message-Id: <20180424082601.000014EF3C8@vps10228.com>

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Spam prevention knowledge questions

Kris01 wrote:

(1) nshzfsi@cgv.org  —> this came in Inbox.  (But this address does not exist)  -> does not greylisting rule these mails out ?

If @cgv.org is a external address, you need to check iRedAPD log file to figure out whether it passed greylisting, or maybe whitelisted.

Kris01 wrote:

(2) Received: from example.com (mail.example.com [127.0.0.1])  —> is this normal that localhost or 127 ip address is there ?

Normal.

Kris01 wrote:

(3) Received from where does this come from ? is this normal ?

Usually MTA adds one "Received:" header when email goes through the MTA.

Kris01 wrote:

(4) yichipei77610@126.com   —> this address is not verifiable -> do you allow or block that ?

@126.com is a valid mail domain name in China, but iRedMail doesn't whitelist it with default settings.
You need to check Postfix/iRedAPD log file to figure it out.

Kris01 wrote:

(5) My client has spam score of 2.0 how can i improve more, so that she receives less spam ?
(knowing that the default is 6)

Maybe decrease the score with iRedAdmin-Pro (in user profile page, tab "Spam Policy"). So that higher score than your setting will be marked as spam.

Kris01 wrote:

(6) Do i need to look for external spam block solutions or can you help me out ?

Do you have DNSBL services enabled in Postfix?