1 Topic by labasus

  • labasus
  • Member
  • Offline
  • Registered: 2009-06-22
  • Posts: 97

Topic: Spoofing your own emails

Hello,

could we smth. do if spammers masking email with construction like this :
MAIL HEADERS -  From "Name Surname <name.surname@domain.tld>" <spammer@mrpmx.com>

Then users got this email - they are see only - Name Surname <name.surname@domain.tld> and they could think that email is safe ... often emails are with  DOC or XLS attacted file with malware macros...

Of cause you can block with clamav - OLE2: Blocking all VBA macros, but this option is global for all emails, with no exceptions...

So, the main question is how to prevent using your domain email address like name.surname@domain.tld (or another domain email address in the same mail server like name.surname@domain2.tld) than emails are with foreign email addresses like - spammer@mrpmx.com

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

labasus's Website

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Spoofing your own emails

- iRedMail doesn't check this, sad.
- Could you please show us the AMavisd log (it logs to Postfix log file /var/log/maillog) related to this email? Does it log the matched SpamAssassin rules? Maybe we can use some SpamAssassin rule to block this kind of spams.