Topic: This spam came through to my InBox - how did it get through?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
0.9.7/MySQL/Apache/No Pro
I received an email stating that I'd been hacked and to send bitcoin
The body of the email was an image, not text
I pulled the header info from the email. I have changed my personal email information to "myInboxEmail@mydomain.com" and used this info in each place it otherwise occurred in the email. I changed the name of my server to mail.mymailserver.com from the actual (but again correct in the email I received) name of the mail server.
Here's the header:
Return-Path: <nor-am@thelakebc.ca>
Delivered-To: myInboxEmail@mydomain.com
Received: from mail.mymailserver.com (localhost.localdomain [127.0.0.1])
by mail.mymailserver.com (Postfix) with ESMTP id 2FF963A4213D
for <myInboxEmail@mydomain.com>; Tue, 2 Apr 2019 12:26:03 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at
Authentication-Results: mail.mymailserver.com (amavisd-new);
dkim=pass (1024-bit key) header.d=thelakebc.ca
Received: from mail.mymailserver.com ([127.0.0.1])
by mail.mymailserver.com (mail.mymailserver.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 4ZN-zT3K5gh1 for <myInboxEmail@mydomain.com>;
Tue, 2 Apr 2019 12:25:56 -0400 (EDT)
Received: from thelakebc.ca (mail.thelakebc.ca [207.58.179.62])
by mail.mymailserver.com (Postfix) with ESMTPS id 971543A4213C
for <myInboxEmail@mydomain.com>; Tue, 2 Apr 2019 12:25:56 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=thelakebc.ca; s=default; h=From:Subject:Message-ID:To:Date:MIME-Version:
Content-Type:List-ID:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=B4r72B+B1qvBuKfBJjF3oT7BLi9PIQv5jVB6WhxYaFI=; b=y3dR+mVx/Zk++vNgSK7xD8xw8i
wi3rSDQTPtKaclWejRj5/8mYIb+qr83qRPIzF683ixdwXC+1tcU6ObJKo80NzHgMAiHOmNkC9nQmE
XaKEcpv+pGgu7XoxLA2g7ioQ3+Hv/uvUYUmpnQaL1YsU3vY3Wjigkp8TsZLSfsZvvyqA=;
Received: from [91.240.125.60] (port=34588 helo=[])
by vps.cpelectronics.ca with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.87)
(envelope-from <nor-am@thelakebc.ca>)
id 1hBEsX-0007Nl-RI
for myInboxEmail@mydomain.com; Tue, 02 Apr 2019 01:34:50 -0700
X-Complaints-To: <abuse@mail.thelakebc.ca>
X-Sender-Info: <nor-am@thelakebc.ca>
List-ID: <66961988.thelakebc.ca>
X-Abuse-Reports-To: <abuse@thelakebc.ca>
Content-Type: multipart/related;
boundary="50B2B43-B85-F228-C7F32C9D7-1ADA"
MIME-Version: 1.0
Date: Tue, 2 Apr 2019 10:34:45 +0200
Abuse-Reports-To: <abuse@thelakebc.ca>
To: myInboxEmail@mydomain.com
Message-ID: <9E38E31F-5715388-jfye@thelakebc.ca>
Subject: andrew
From: <myInboxEmail@mydomain.com>
X-aid: 8694287668
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.cpelectronics.ca
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - thelakebc.ca
X-Get-Message-Sender-Via: vps.cpelectronics.ca: authenticated_id: nor-am@thelakebc.ca
X-Authenticated-Sender: vps.cpelectronics.ca: nor-am@thelakebc.ca
X-Source:
X-Source-Args:
X-Source-Dir:Shouldn't my spam filter have trapped this? Is there something I should look at to see if maybe antispam/clamav are NOT running?
Thanks.
Andrew
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.