Topic: Spam/Forged Emails

- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
- Linux/BSD distribution name and version: Centos (centos-release-7-5.1804.el7.centos.2.x86_64)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

2019-11-07 14:33:36 INFO [] Client has not been seen before, greylisted.
2019-11-07 14:33:37 INFO [] RCPT, anderson.albuquerque@gmpromo.com.br -> k.ligon@seiko-it.com.ph, 451 4.7.1 Sorry, Server is busy, Pls. try again in a minute. [sasl_username=, sender=anderson.albuquerque@gmpromo.com.br, client_name=mail1986.hm1315.locaweb.com.br, reverse_client_name=mail1986.hm1315.locaweb.com.br, helo=mail1986.hm1315.locaweb.com.br, encryption_protocol=, process_time=0.9486s]

==> /var/log/maillog <==
Nov  7 14:33:37 mail2 postfix/smtpd[8922]: NOQUEUE: reject: RCPT from mail1986.hm1315.locaweb.com.br[] 451 4.7.1 <k.ligon@seiko-it.com.ph>: Recipient address rejected: Sorry, Server is busy, Pls. try again in a minute.; from=<anderson.albuquerque@gmpromo.com.br> to=<k.ligon@seiko-it.com.ph> proto=ESMTP helo=<mail1986.hm1315.locaweb.com.br>
Nov  7 14:33:38 mail2 postfix/smtpd[8922]: disconnect from mail1986.hm1315.locaweb.com.br[]

Hi Guys,

Recently some of our users received an email with attached MS WORD doc (Trojan HEUR:Trojan.MSOffice.SAgent.gen).
And unfortunately that attachment had already been downloaded and run by the user.

Since then, we are receiving tons of Forged Emails.
I have enabled plugins of IredApd such as reject_sender_login_mismatch but unfortunately there emails that is still delivered in our INBOX.

What is the best way to deal with it.


Re: Spam/Forged Emails

devedames wrote:

Since then, we are receiving tons of Forged Emails.

What kind of "forged" emails?
The pasted log doesn't relate to forged one.


Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee