Topic: Spam/Forged Emails
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
- Linux/BSD distribution name and version: Centos (centos-release-7-5.1804.el7.centos.2.x86_64)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
2019-11-07 14:33:36 INFO [22.214.171.124] Client has not been seen before, greylisted.
2019-11-07 14:33:37 INFO [126.96.36.199] RCPT, email@example.com -> firstname.lastname@example.org, 451 4.7.1 Sorry, Server is busy, Pls. try again in a minute. [sasl_username=, email@example.com, client_name=mail1986.hm1315.locaweb.com.br, reverse_client_name=mail1986.hm1315.locaweb.com.br, helo=mail1986.hm1315.locaweb.com.br, encryption_protocol=, process_time=0.9486s]
==> /var/log/maillog <==
Nov 7 14:33:37 mail2 postfix/smtpd: NOQUEUE: reject: RCPT from mail1986.hm1315.locaweb.com.br[188.8.131.52] 451 4.7.1 <firstname.lastname@example.org>: Recipient address rejected: Sorry, Server is busy, Pls. try again in a minute.; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<mail1986.hm1315.locaweb.com.br>
Nov 7 14:33:38 mail2 postfix/smtpd: disconnect from mail1986.hm1315.locaweb.com.br[184.108.40.206]
Recently some of our users received an email with attached MS WORD doc (Trojan HEUR:Trojan.MSOffice.SAgent.gen).
And unfortunately that attachment had already been downloaded and run by the user.
Since then, we are receiving tons of Forged Emails.
I have enabled plugins of IredApd such as reject_sender_login_mismatch but unfortunately there emails that is still delivered in our INBOX.
What is the best way to deal with it.