1 Topic by ired_mania

  • ired_mania
  • Member
  • Offline
  • Registered: 2019-06-20
  • Posts: 173

Topic: recieving email from fake mail server

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


hi, I received email from a wrong sender(new4-smtp.messagingengine.com) as you can see log info below. Although faked mail server (new4-smtp.messagingengine.com) has sent email by tse.ir domain, amavis didnot prevent to send.

Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-mail.mydomainht.com
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-PIPELINING
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-SIZE 25600000
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-ETRN
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-AUTH
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250-8BITMIME
Nov  7 10:13:27 mail postfix/smtpd[6573]: > new4-smtp.messagingengine.com[66.111.4.230]: 250 DSN

dict_pcre_lookup: /etc/postfix/command_filter.pcre: MAIL FROM:<ghalibafasl@tse.ir> SIZE=8573
Nov  7 10:13:27 mail postfix/smtpd[6573]: extract_addr: input: <ghalibafasl@tse.ir>
Nov  7 10:13:27 mail postfix/smtpd[6573]: smtpd_check_addr: addr=ghalibafasl@tse.ir
Nov  7 10:13:27 mail postfix/smtpd[6573]: send attr request = rewrite
Nov  7 10:13:27 mail postfix/smtpd[6573]: send attr rule = local
Nov  7 10:13:27 mail postfix/smtpd[6573]: send attr address = ghalibafasl@tse.ir


a:new4-smtp.messagingengine.com
a
Type    Domain Name    IP Address    TTL
A    new4-smtp.messagingengine.com
66.111.4.230
24 hrs

Pref    Hostname    IP Address    TTL   
5    mail.tse.ir
91.99.102.11
Pars Online PJS (AS60976)    60 min   

Type    Domain Name    TTL    Record
TXT    tse.ir
60 min    v=spf1 mx:mail.tse.ir ip4:91.99.102.11 ip4:213.217.40.74/32 ~all

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: recieving email from fake mail server

I don't understand the issue, and offered info is not clear too.