Aug 5, 2024: iRedMail-1.7.1 has been released.

**Stubby066** · 2023-01-06 03:31:41

Stubby066
Member
Offline

Registered: 2020-10-10
Posts: 33

Topic: Spam email issue

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Ubuntu 22.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Things have been working well with regards to spam, however recently I've started receiving messages addressed from my account to my own account.

The DKIM fails on these messages. Is there a way to configure to block messages from my domain that fail DKIM (DKIM is set up on my server and works fine)? I suppose I can also block the server, but that is probably a short term solution.

Mail Logs on a message:

Jan  2 11:13:31 muninn amavis[1677980]: (1677980-18) Passed UNCHECKED {RelayedInbound}, [103.198.26.143]:33849 [209.85.208.180] ESMTP/ESMTP <> -> <merchant@argentwolf.org>, (ESMTP://[103.198.26.143]:33849 < SMTPs://209.85.208.180), Queue-ID: 1F8F43F588, Message-ID: <lz6sozzVtTvX1BtKiv6pGdJt=6dWvsXwOwFg44Q6j8wr-7pIK6ek@mail.gmail.com>, mail_id: lbD88jKaCb6o, b: X5Yh5ajuQ, Hits: -, size: 14535, queued_as: D43863F58D, Subject: "Congratulations ! You have been selected.", From: <account@server>, helo=viata.es, 7812 ms
Jan  2 15:51:35 muninn amavis[6163]: (06163-05) Passed CLEAN {RelayedInbound}, [103.198.26.56]:45896 [209.85.218.54] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.56]:45896 < SMTPs://209.85.218.54), Queue-ID: B145D3F5B3, Message-ID: <CAG68epZXCdSUt45KsLBSLNyB24es907XuyzoMhO3djwQ1xaYaT@mail.gmail.com>, mail_id: qClK0OGBJOQe, b: rHhIZgkr_, Hits: -, size: 10422, queued_as: 1C4E63F5B8, Subject: "Congratulations ! You have been selected. (raw: =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zICEgWW91IGhhdmUgYmVlbiBzZWxlY3RlZC4=?=)", From: <account@server>, helo=viata.es, 165 ms
Jan  3 13:48:43 muninn amavis[29401]: (29401-09) Passed CLEAN {RelayedInbound}, [103.198.26.97]:57299 [209.85.128.173] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.97]:57299 < SMTPs://209.85.128.173), Queue-ID: 5E8E63F097, Message-ID: <CAOQ9I0rCydt3IRQzpLcZST_PRZoqpn+r4XjulFe7LcqRg+Kav4@mail.gmail.com>, mail_id: AOEWryKWq5wm, b: lOzSuWzWt, Hits: -, size: 20609, queued_as: F250A3F5B1, Subject: "Congratulations ! You have been selected. (raw: =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zICEgWW91IGhhdmUgYmVlbiBzZWxlY3RlZC4=?=)", From: <account@server>, helo=viata.es, 156 ms
Jan  4 15:21:33 muninn amavis[80059]: (80059-02) Passed CLEAN {RelayedInbound}, [103.198.26.217]:52916 [209.85.208.181] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.217]:52916 < SMTPs://209.85.208.181), Queue-ID: 7B4C33F19B, Message-ID: <QXWpNH7FmN-0i0va3imBkf-C0T60QSpY9pv5=9RCvPeEfy2w5wq@mail.gmail.com>, mail_id: JxbXjQxVgoBk, b: MUMrehw5W, Hits: -, size: 14434, queued_as: 118CE3F37C, Subject: "Congratulations ! You have been selected.", From: <account@server>, helo=vmta152.85.lstrk.net, 138 ms

Email headers

Received: from muninn (muninn [127.0.0.1]) by muninn
(Postfix) with ESMTP id 118CE3F37C for <account@server>; Wed, 4 Jan 2023 15:21:33 -0500
(EST)
X-Virus-Scanned: Debian amavisd-new at muninn
Authentication-Results: muninn (amavisd-new); dkim=fail (2048-bit key) reason="fail
(message has been altered)" header.d=gmail.com
Received: from muninn ([127.0.0.1]) by muninn (muninn
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxbXjQxVgoBk for <account@server>; Wed,
4 Jan 2023 15:21:32 -0500 (EST)
Received-SPF: None (no SPF record) identity=helo; client-ip=103.198.26.217; helo=vmta152.85.lstrk.net;
envelope-from=<>; receiver=<UNKNOWN>
Received: from vmta152.85.lstrk.net (unknown [103.198.26.217]) by muninn (Postfix) with
ESMTP id 7B4C33F19B for <account@server>; Wed, 4 Jan 2023 15:21:32 -0500 (EST)
Received: from 10.226.14.112 by atlas115.aol.mail.ne1.yahoo.com pod-id NONE with HTTPS; Wed, 4 Jan
2031 18:38:53 +0000
X-Originating-Ip: [209.85.208.181]
Received-SPF: pass (domain of gmail.com designates 209.85.208.181 as permitted sender)
Authentication-Results: atlas115.aol.mail.ne1.yahoo.com; dkim=pass header.i=@gmail.com
header.s=20210112; spf=pass smtp.mailfrom=gmail.com; dmarc=pass(p=NONE,sp=QUARANTINE)
header.from=gmail.com;
X-Apparently-To: account@server; Wed, 4 Jan 2031 18:38:54 +0000
X-YMailAVSC: fCNrTX43bBu70GN51fsfdrf.MOFahWXcZOsAIh6bLoas4f.
Vr8GwWucsQCXkQ9Nstvt6g3CJbWVHfHlEAFU.pCLiquNrXhf4CHJihyKhirM
2yjC_HB0Zff_KBjjYzN82pLbE3_9MbK38te.brXqfjyF92yBhvTpc9UkG5us
Z1of_.3sNBxndNCf91GIIxBVuL4HBYKLWqdnAFq8hTGnTpnWVUJLObmly4AS
RbzyAAJMCnrfz46o395saqZpaGNwdFDmmwXAhSjCQ7XZ2wYacYZj5oMAFan5
L8beVswsFzKowPxCMV_W5QlM016Li4GaxWfYsza5xsoE6wvyuHDL.xqa9UNH
B2xupjxGFM4ZuAE.xCvZ6.imkyw1qOkO2qkheK9_w6dDVU.O82n1tqbq96li
lkIHh_6FxBcdR869zBiYDXzHaYqqaRe0E.0id7ynbVpOMh_4gkbux5VZmfGr
qtvYzBnYzKPBGbEXiyPcK3b4YmPXJXsn4XrQ5bEy5Qu4f1EgCFC7qrxy7.8U
7sdncy6HfCUOjfhmbQm9xKiDbbUScXbFLSDVt.eyGMEG_UiUKtlugK.iTRSn
Jp_DEAe4L.nmD.DBa00RO1zXP_EFzeauxoSA_iBVeyt_zbnMNyDbqAlj2sSW
0VtjZLAFYoZXkIUV1J7uaBAWRbqGEq0SE5PtelSNvNa6YZ8wseYxq_YTYXd4
reDjcJd3AUDGedI2HWJZCchHKThk_g3hCPc2x1lcrOduPFK9l8iMJYVVaW8H
sCBla_JDE_JTOwZb0jVpaN0JeDNeL90tgY_Uv0biRw_QF6FhWr2SnJVLLhFu
la2dXZ0B00g8NrLcFQJmLpEWAls5PH40j8uPE.uEBHxPiPAQ_2_7wnFsUU15
XilwBUswEmLxl3AMaXSORjBiPqx2x7FUT3GZ3sZPPo0dtK80T2DougDxBUOS
Lu.8rG.ZIxR2MbH4YI5z5586GPDtw7gMwsPdwoECF4LE2IG6S2veCm_RQzka
YHwsnlUGqcNWart8e1hQS5gxWyViisa5kvj.pR7Ugkhu1dnGcNDN_e.xjwdo KCdWrChv80iTD6nCaoec-
X-YMailISG: n1JUQEsWLDtkiSf9Q3ysFplQGhhQ4t0Y4FGrVQUiSPa.NSC1
fMIgBZQW95MB7vmpkMevrMUJo2yxW4kqxYCmf5tH9tCs_9reQS2lO7RACp2Q
DLPKmocjZR1jenwnAsfCkIy3U0InlZ3iHFauC.Lf46fCWyxp8JD4XVYpPy4h
sMe2jgn18FVUJFDTdTbKdkyqgZBfMV8W6OLwMMW7R2KDlzmr4diedGmgjbwN
6xieQtLq0rUDeSIFxZ1RwHq74ms4ljZ3UN5qKdQuaRkNkhP8sV7WnzgC6m9C
xC472VOlYZT0dHOA8pctTvYVYimMUgxQwZp0kscuIP8MlvMj1DccaPA7cMt7
NFByxu4sO0J4FLOIIP3gd6kqxqfPvXx8Go84oECPwTMKV1MSHVY6vWiceKoe
aJEUEg.rkVB18tehRm8WybqhMulZo3_Nitp.KD0GLcRA2Sa5qDsM4oEXfP_X
xJt.OaJwEdAxNfdzpWB_MaULu3GYTCh_nFKz.SO5Jb7v8D6Q6HpDBj6OWN76
.xKNHwhr1cRMB857mEkxXfKUFku0GxM78LfOvgNzUl4HdwhV_TflidLsG3em
BD0INW4QmRWqrSBPHiVAwKYznn8KZCOoW1yOLZyb1393RLGGQAuvigYWUiRY
e6ZqevpxfQvSumV__jy_HXfGhCsFPcBPzLv7hA_j8q5MC9wgvCwTMUjZuund
mA2z8CwXz9487xr0gmQCmff9zAp82S3OoYDAYmQ508fch7NrPtFIqFt4_ZKj
N1NcnoFsU4rMqMcEL19Gt9augushCR0cd1uHmZhpkhM27xIZZqpvHfGxU4TP
2v3FhvJNbH05cRBfZUyKb___O.bwV6xJdhsdwJBO_6G2KZUg28I2Mc9_JRyE
Congratulations ! You have been selected.
kP39Y0N0Rb24yie1I.14hCksLFXdzl.7xZFMhckgo6AWdaFtfZSMpogO3knI
j8ynxaSlWzZgzEmgAs2NGqDQX4zctqWx0ha6SJ7_QXt14jFIaEmRg1gG5OMk
hc__6gw9vzYgNRjw9EccphCwplxUw7XjwT3AztQBVSkZgLsSXTjtCwLTfN4l
P.E6BAiQ3wtIuYjEPVwxTp3fOHKS3jHZCGY-
Received: from 209.85.208.181 (EHLO mail-lj1-f181.google.com) by 10.226.14.112 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Wed, 04 Jan 2031 18:38:53 +0000
Received: by mail-lj1-f181.google.com with SMTP id e13so33797263ljn.0 for <account@server>;
Wed, 04 Jan 2031 10:38:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to;
bh=O0DyFrhqVqkD2B6AgXB5OKbSlR6CplORmAeJAMrmXYk=;
b=pTTruDBx1PVJyBRwci3ebhSaSh+zleTD5B4+59LNWDmvIXOPCe6MM5zmW2CSPNk4B3
Kwz/0Ky+a+w4sRMoQE3iOJZGAq2dix6a9oZTt8dpM7citg3cuyk3s/EL2/+42qdeejLR
+EssrI3Zqd4FNZZSeMRNLhlAs7qopjdX8MpOpUcAp2jYJbo65IGt5EF3D0HcEx98ve3t
NZqXeo0g1ezPr7wlsfsrRX2G9AQopEuX0fjJ7Z4A5zdAz5GYPt2c2IVMJDSLCeqMKQvA
rr41lJJdXwz5+u+Fuq4FM/uH3NTes+RqLE59zO6bXe/n1ZmVjDAaKwIBBMKOcbTzDeDP NLtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-
id:reply-to; bh=O0DyFrhqVqkD2B6AgXB5OKbSlR6CplORmAeJAMrmXYk=;
b=J8W0gkjWBtF3JI23KBuYMTSr46fbpGRQmuf/QCINSivmyu9GFT2/m6LUyT54eQVOhE
o+Ys6nrjCcDuYUe0sv6pAVc3iQDagXWbaFUEYiNnSBWOszMO0MBmJQKF1ed94IQkmen/
ZXnFqQrDrblafs8LhcqnlEN1iUn3n6c5HyRfKRScwue4Ia/IVtRW89ApOFuIo6hlQIQ9
lYKQUuD6gcdghFNS0FnfWcKtRwHJLiK68ufmynROkZnBeVcfFAK2Aar+Oa57++8FuFC/
ZPpkwMPLdJ4AjSipBH+bDsiBm/TlpEGNg20ywCK3LqF8N/h7tYCtPPGU3YZHZvvMPM61 fEog==
X-Gm-Message-State: AFqh2koFdJYcXzWK7TEvx7nKe0x/gixz2N8QXixm4iqsXGIezo6suKzj
HXW/AWtwpg+K41orhr0orfzws949H7iMe57mgRvvs8Vo
X-Google-Smtp-Source: AMrXdXvh6JwWaYrYoQMgVqbXwnz8gaM8JEHfCB/uI05JB5VmtQ8QxQ
/7BsSeqX6NCMkdob8xwPPX2ZUVU1CHlnc19MA=
X-Received: by 2002:a2e:9e82:0:b0:27f:d61b:4e54 with SMTP id
f2-20020a2e9e82000000b0027fd61b4e54mr1866605ljk.75.1672857533202; Wed, 04 Jan 2031 10:38:53
-0800 (PST)
List-Unsubscribe: <https://rdir-agn.freenet.de/uq.html?uid=LMNBWWGJFLFLSVYBGHQSDBQVK9LDAY>,
<mailto:5174account@serverVos?subject=unsubscribe:LMNBWWGJFLFLSVYBGHQSDBQVK9LDAY>
X-tdResult: 5174account@serverVos-5174merchantVos
MIME-Version: 1.0
Message-ID: <QXWpNH7FmN-0i0va3imBkf-C0T60QSpY9pv5=9RCvPeEfy2w5wq@mail.gmail.com>
Content-Type: text/html;

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2023-01-07 11:43:53

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: Spam email issue

Try to add / update rules in /etc/mail/spamassassin/local.cf, then restart "amavis" (or "amavisd") service to load changed file (SpamAssassin is called by Amavisd directly).

#
# Adjust spam scores.
#
score ALL_TRUSTED 0.1

#
# Spamhaus
#
score URIBL_DBL_SPAM 10
score URIBL_DBL_PHISH 10
score URIBL_DBL_MALWARE 10
score URIBL_DBL_BOTNETCC 3
# Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_SPAM 10
score URIBL_DBL_ABUSE_REDIR 3
score URIBL_DBL_ABUSE_PHISH 5
score URIBL_DBL_ABUSE_MALW 5
score URIBL_DBL_ABUSE_BOTCC 3
score URIBL_DBL_ERROR 0

# multi.surbl.org
score URIBL_WS_SURBL 10
score URIBL_PH_SURBL 10
score URIBL_MW_SURBL 10
score URIBL_CR_SURBL 10
score URIBL_SC_SURBL 10
score URIBL_OB_SURBL 10
score URIBL_AB_SURBL 10
score URIBL_JP_SURBL 10
score URIBL_ABUSE_SURBL 5
score SURBL_BLOCKED 0

# multi.urlbl.com
#score URIBL_BLACK 10
#score URIBL_GREY 3
#score URIBL_RED 0
score URIBL_BLOCKED 0

# DNSBL
score RCVD_IN_SBL 10
score RCVD_IN_SBL_CSS 10
score RCVD_IN_XBL 10
score RCVD_IN_PBL 10

score RCVD_IN_BL_SPAMCOP_NET 5
score RCVD_IN_PSBL 5
score RCVD_IN_RP_RNBL 5

# SPF
# sender does not match SPF record (fail)
score SPF_FAIL 5

# To == From and direct-to-MX
score TO_EQ_FM_DIRECT_MX 5
# To domain == From domain and HTML image link
score TO_EQ_FM_DOM_HTML_IMG 5
# To domain == From domain and HTML only
score TO_EQ_FM_DOM_HTML_ONLY 5
# To domain == From domain and external SPF failed
score TO_EQ_FM_DOM_SPF_FAIL 5
# To == From and HTML only
score TO_EQ_FM_HTML_ONLY 5
# To == From and external SPF failed
score TO_EQ_FM_SPF_FAIL 5

# Malformed From address
score FROM_ADDR_WS 5

# From: has too many raw illegal characters
score SUBJ_ILLEGAL_CHARS 5

# Link to hosted firebase web application, possible phishing.
#score URI_FIREBASEAPP 5

# Email sent from free email service providers.
# From address is in To and Subject
score FROM_IN_TO_AND_SUBJ 5
# From and body contain different freemails.
score FREEMAIL_REPLY 5

**Stubby066** · 2023-01-07 23:05:14

Stubby066
Member
Offline

Registered: 2020-10-10
Posts: 33

Re: Spam email issue

Thanks,
I've added the entries. We'll see what happens.

**Stubby066** · 2023-01-08 05:03:40

Stubby066
Member
Offline

Registered: 2020-10-10
Posts: 33

Re: Spam email issue

These messages are still getting through. How can I verify that amavis is checking them?

amavis[172471]: (172471-01) Passed CLEAN {RelayedInbound}, [103.186.116.200]:42504 [209.85.167.48] ESMTP/ESMTP <> -> <address@server>, (ESMTP://[103.186.116.200]:42504 < SMTPs://209.85.167.48), Queue-ID: B16BF3F46A, Message-ID: <59y8HAv3SF7WU6efF-0rbngdid68rVs+zStejkhrDV6oeG6PioAa@mail.gmail.com>, mail_id: C0t9swNdnJqK, b: J7vOPfke2, Hits: -, size: 23232, queued_as: 574523F602, Subject: "Shut Down Nerve Pain In Your Feet!", From: <address@server>, helo=vmta152.85.lstrk.net, 164 ms
Jan  7 15:50:29 muninn postfix/amavis/smtp[172715]: B16BF3F46A: to=<address@server>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=1.1/0.02/0.01/0.16, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 574523F602)
Jan  7 15:50:29 muninn postfix/qmgr[1698]: B16BF3F46A: removed

**ZhangHuangbin** · 2023-01-10 14:05:49

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: Spam email issue

Stubby066 wrote:

Hits: -,

Seems SpamAssassin doesn't work for this message.
Please turn on debug mode to check why it happens (for further emails).
FYI: https://docs.iredmail.org/debug.amavisd.html

**chris.23lo** · 2023-01-15 22:13:22

chris.23lo
Member
Offline

Registered: 2022-06-30
Posts: 44

Re: Spam email issue

curious about what's the postscreen_dnsbl_sites config

mine is
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2

also make sure your /etc/resolv.conf is not using google since spamhaus has stopped public dns from getting accurate answers.

also i also use spamcop.net in smtpd_recipient_restrictions

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_policy_service inet:127.0.0.1:7777 reject_unauth_destination check_policy_service inet:127.0.0.1:12340 reject_rbl_client bl.spamcop.net reject_non_fqdn_recipient reject_unlisted_recipient

cheers

**Stubby066** · 2023-01-28 10:02:39

Stubby066
Member
Offline

Registered: 2020-10-10
Posts: 33

Re: Spam email issue

I expanded my listing recently.

postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.2*2
    bl.spameatingmonkey.net*2
    bl.spamcop.net
#    dnsbl.sorbs.net
    sbl-xbl.spamhaus.org
    cbl.abuseat.org
#    dul.dnsbl.sorbs.net
    psbl.surriel.com
    swl.spamhaus.org*-4,
#    list.dnswl.org=127.[0..255].[0..255].0*-2,
#    list.dnswl.org=127.[0..255].[0..255].1*-4,
#    list.dnswl.org=127.[0..255].[0..255].[2..3]*-6

I have to figure out what network/dns my server is actually using. This particular server has been around for a few years and upgraded and has gone from resolve to netplan, but when I try to configure that it breaks the network connection.

**jackb** · 2023-01-28 17:41:53

jackb
Member
Offline

From: Ireland
Registered: 2019-05-06
Posts: 117

Re: Spam email issue

Stubby066 wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Ubuntu 22.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Things have been working well with regards to spam, however recently I've started receiving messages addressed from my account to my own account.

The DKIM fails on these messages. Is there a way to configure to block messages from my domain that fail DKIM (DKIM is set up on my server and works fine)? I suppose I can also block the server, but that is probably a short term solution.

Mail Logs on a message:

Jan  2 11:13:31 muninn amavis[1677980]: (1677980-18) Passed UNCHECKED {RelayedInbound}, [103.198.26.143]:33849 [209.85.208.180] ESMTP/ESMTP <> -> <merchant@argentwolf.org>, (ESMTP://[103.198.26.143]:33849 < SMTPs://209.85.208.180), Queue-ID: 1F8F43F588, Message-ID: <lz6sozzVtTvX1BtKiv6pGdJt=6dWvsXwOwFg44Q6j8wr-7pIK6ek@mail.gmail.com>, mail_id: lbD88jKaCb6o, b: X5Yh5ajuQ, Hits: -, size: 14535, queued_as: D43863F58D, Subject: "Congratulations ! You have been selected.", From: <account@server>, helo=viata.es, 7812 ms
Jan  2 15:51:35 muninn amavis[6163]: (06163-05) Passed CLEAN {RelayedInbound}, [103.198.26.56]:45896 [209.85.218.54] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.56]:45896 < SMTPs://209.85.218.54), Queue-ID: B145D3F5B3, Message-ID: <CAG68epZXCdSUt45KsLBSLNyB24es907XuyzoMhO3djwQ1xaYaT@mail.gmail.com>, mail_id: qClK0OGBJOQe, b: rHhIZgkr_, Hits: -, size: 10422, queued_as: 1C4E63F5B8, Subject: "Congratulations ! You have been selected. (raw: =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zICEgWW91IGhhdmUgYmVlbiBzZWxlY3RlZC4=?=)", From: <account@server>, helo=viata.es, 165 ms
Jan  3 13:48:43 muninn amavis[29401]: (29401-09) Passed CLEAN {RelayedInbound}, [103.198.26.97]:57299 [209.85.128.173] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.97]:57299 < SMTPs://209.85.128.173), Queue-ID: 5E8E63F097, Message-ID: <CAOQ9I0rCydt3IRQzpLcZST_PRZoqpn+r4XjulFe7LcqRg+Kav4@mail.gmail.com>, mail_id: AOEWryKWq5wm, b: lOzSuWzWt, Hits: -, size: 20609, queued_as: F250A3F5B1, Subject: "Congratulations ! You have been selected. (raw: =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zICEgWW91IGhhdmUgYmVlbiBzZWxlY3RlZC4=?=)", From: <account@server>, helo=viata.es, 156 ms
Jan  4 15:21:33 muninn amavis[80059]: (80059-02) Passed CLEAN {RelayedInbound}, [103.198.26.217]:52916 [209.85.208.181] ESMTP/ESMTP <> -> <account@server>, (ESMTP://[103.198.26.217]:52916 < SMTPs://209.85.208.181), Queue-ID: 7B4C33F19B, Message-ID: <QXWpNH7FmN-0i0va3imBkf-C0T60QSpY9pv5=9RCvPeEfy2w5wq@mail.gmail.com>, mail_id: JxbXjQxVgoBk, b: MUMrehw5W, Hits: -, size: 14434, queued_as: 118CE3F37C, Subject: "Congratulations ! You have been selected.", From: <account@server>, helo=vmta152.85.lstrk.net, 138 ms

Email headers

Received: from muninn (muninn [127.0.0.1]) by muninn
(Postfix) with ESMTP id 118CE3F37C for <account@server>; Wed, 4 Jan 2023 15:21:33 -0500
(EST)
X-Virus-Scanned: Debian amavisd-new at muninn
Authentication-Results: muninn (amavisd-new); dkim=fail (2048-bit key) reason="fail
(message has been altered)" header.d=gmail.com
Received: from muninn ([127.0.0.1]) by muninn (muninn
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxbXjQxVgoBk for <account@server>; Wed,
4 Jan 2023 15:21:32 -0500 (EST)
Received-SPF: None (no SPF record) identity=helo; client-ip=103.198.26.217; helo=vmta152.85.lstrk.net;
envelope-from=<>; receiver=<UNKNOWN>
Received: from vmta152.85.lstrk.net (unknown [103.198.26.217]) by muninn (Postfix) with
ESMTP id 7B4C33F19B for <account@server>; Wed, 4 Jan 2023 15:21:32 -0500 (EST)
Received: from 10.226.14.112 by atlas115.aol.mail.ne1.yahoo.com pod-id NONE with HTTPS; Wed, 4 Jan
2031 18:38:53 +0000
X-Originating-Ip: [209.85.208.181]
Received-SPF: pass (domain of gmail.com designates 209.85.208.181 as permitted sender)
Authentication-Results: atlas115.aol.mail.ne1.yahoo.com; dkim=pass header.i=@gmail.com
header.s=20210112; spf=pass smtp.mailfrom=gmail.com; dmarc=pass(p=NONE,sp=QUARANTINE)
header.from=gmail.com;
X-Apparently-To: account@server; Wed, 4 Jan 2031 18:38:54 +0000
X-YMailAVSC: fCNrTX43bBu70GN51fsfdrf.MOFahWXcZOsAIh6bLoas4f.
Vr8GwWucsQCXkQ9Nstvt6g3CJbWVHfHlEAFU.pCLiquNrXhf4CHJihyKhirM
2yjC_HB0Zff_KBjjYzN82pLbE3_9MbK38te.brXqfjyF92yBhvTpc9UkG5us
Z1of_.3sNBxndNCf91GIIxBVuL4HBYKLWqdnAFq8hTGnTpnWVUJLObmly4AS
RbzyAAJMCnrfz46o395saqZpaGNwdFDmmwXAhSjCQ7XZ2wYacYZj5oMAFan5
L8beVswsFzKowPxCMV_W5QlM016Li4GaxWfYsza5xsoE6wvyuHDL.xqa9UNH
B2xupjxGFM4ZuAE.xCvZ6.imkyw1qOkO2qkheK9_w6dDVU.O82n1tqbq96li
lkIHh_6FxBcdR869zBiYDXzHaYqqaRe0E.0id7ynbVpOMh_4gkbux5VZmfGr
qtvYzBnYzKPBGbEXiyPcK3b4YmPXJXsn4XrQ5bEy5Qu4f1EgCFC7qrxy7.8U
7sdncy6HfCUOjfhmbQm9xKiDbbUScXbFLSDVt.eyGMEG_UiUKtlugK.iTRSn
Jp_DEAe4L.nmD.DBa00RO1zXP_EFzeauxoSA_iBVeyt_zbnMNyDbqAlj2sSW
0VtjZLAFYoZXkIUV1J7uaBAWRbqGEq0SE5PtelSNvNa6YZ8wseYxq_YTYXd4
reDjcJd3AUDGedI2HWJZCchHKThk_g3hCPc2x1lcrOduPFK9l8iMJYVVaW8H
sCBla_JDE_JTOwZb0jVpaN0JeDNeL90tgY_Uv0biRw_QF6FhWr2SnJVLLhFu
la2dXZ0B00g8NrLcFQJmLpEWAls5PH40j8uPE.uEBHxPiPAQ_2_7wnFsUU15
XilwBUswEmLxl3AMaXSORjBiPqx2x7FUT3GZ3sZPPo0dtK80T2DougDxBUOS
Lu.8rG.ZIxR2MbH4YI5z5586GPDtw7gMwsPdwoECF4LE2IG6S2veCm_RQzka
YHwsnlUGqcNWart8e1hQS5gxWyViisa5kvj.pR7Ugkhu1dnGcNDN_e.xjwdo KCdWrChv80iTD6nCaoec-
X-YMailISG: n1JUQEsWLDtkiSf9Q3ysFplQGhhQ4t0Y4FGrVQUiSPa.NSC1
fMIgBZQW95MB7vmpkMevrMUJo2yxW4kqxYCmf5tH9tCs_9reQS2lO7RACp2Q
DLPKmocjZR1jenwnAsfCkIy3U0InlZ3iHFauC.Lf46fCWyxp8JD4XVYpPy4h
sMe2jgn18FVUJFDTdTbKdkyqgZBfMV8W6OLwMMW7R2KDlzmr4diedGmgjbwN
6xieQtLq0rUDeSIFxZ1RwHq74ms4ljZ3UN5qKdQuaRkNkhP8sV7WnzgC6m9C
xC472VOlYZT0dHOA8pctTvYVYimMUgxQwZp0kscuIP8MlvMj1DccaPA7cMt7
NFByxu4sO0J4FLOIIP3gd6kqxqfPvXx8Go84oECPwTMKV1MSHVY6vWiceKoe
aJEUEg.rkVB18tehRm8WybqhMulZo3_Nitp.KD0GLcRA2Sa5qDsM4oEXfP_X
xJt.OaJwEdAxNfdzpWB_MaULu3GYTCh_nFKz.SO5Jb7v8D6Q6HpDBj6OWN76
.xKNHwhr1cRMB857mEkxXfKUFku0GxM78LfOvgNzUl4HdwhV_TflidLsG3em
BD0INW4QmRWqrSBPHiVAwKYznn8KZCOoW1yOLZyb1393RLGGQAuvigYWUiRY
e6ZqevpxfQvSumV__jy_HXfGhCsFPcBPzLv7hA_j8q5MC9wgvCwTMUjZuund
mA2z8CwXz9487xr0gmQCmff9zAp82S3OoYDAYmQ508fch7NrPtFIqFt4_ZKj
N1NcnoFsU4rMqMcEL19Gt9augushCR0cd1uHmZhpkhM27xIZZqpvHfGxU4TP
2v3FhvJNbH05cRBfZUyKb___O.bwV6xJdhsdwJBO_6G2KZUg28I2Mc9_JRyE
Congratulations ! You have been selected.
kP39Y0N0Rb24yie1I.14hCksLFXdzl.7xZFMhckgo6AWdaFtfZSMpogO3knI
j8ynxaSlWzZgzEmgAs2NGqDQX4zctqWx0ha6SJ7_QXt14jFIaEmRg1gG5OMk
hc__6gw9vzYgNRjw9EccphCwplxUw7XjwT3AztQBVSkZgLsSXTjtCwLTfN4l
P.E6BAiQ3wtIuYjEPVwxTp3fOHKS3jHZCGY-
Received: from 209.85.208.181 (EHLO mail-lj1-f181.google.com) by 10.226.14.112 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Wed, 04 Jan 2031 18:38:53 +0000
Received: by mail-lj1-f181.google.com with SMTP id e13so33797263ljn.0 for <account@server>;
Wed, 04 Jan 2031 10:38:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to;
bh=O0DyFrhqVqkD2B6AgXB5OKbSlR6CplORmAeJAMrmXYk=;
b=pTTruDBx1PVJyBRwci3ebhSaSh+zleTD5B4+59LNWDmvIXOPCe6MM5zmW2CSPNk4B3
Kwz/0Ky+a+w4sRMoQE3iOJZGAq2dix6a9oZTt8dpM7citg3cuyk3s/EL2/+42qdeejLR
+EssrI3Zqd4FNZZSeMRNLhlAs7qopjdX8MpOpUcAp2jYJbo65IGt5EF3D0HcEx98ve3t
NZqXeo0g1ezPr7wlsfsrRX2G9AQopEuX0fjJ7Z4A5zdAz5GYPt2c2IVMJDSLCeqMKQvA
rr41lJJdXwz5+u+Fuq4FM/uH3NTes+RqLE59zO6bXe/n1ZmVjDAaKwIBBMKOcbTzDeDP NLtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-
id:reply-to; bh=O0DyFrhqVqkD2B6AgXB5OKbSlR6CplORmAeJAMrmXYk=;
b=J8W0gkjWBtF3JI23KBuYMTSr46fbpGRQmuf/QCINSivmyu9GFT2/m6LUyT54eQVOhE
o+Ys6nrjCcDuYUe0sv6pAVc3iQDagXWbaFUEYiNnSBWOszMO0MBmJQKF1ed94IQkmen/
ZXnFqQrDrblafs8LhcqnlEN1iUn3n6c5HyRfKRScwue4Ia/IVtRW89ApOFuIo6hlQIQ9
lYKQUuD6gcdghFNS0FnfWcKtRwHJLiK68ufmynROkZnBeVcfFAK2Aar+Oa57++8FuFC/
ZPpkwMPLdJ4AjSipBH+bDsiBm/TlpEGNg20ywCK3LqF8N/h7tYCtPPGU3YZHZvvMPM61 fEog==
X-Gm-Message-State: AFqh2koFdJYcXzWK7TEvx7nKe0x/gixz2N8QXixm4iqsXGIezo6suKzj
HXW/AWtwpg+K41orhr0orfzws949H7iMe57mgRvvs8Vo
X-Google-Smtp-Source: AMrXdXvh6JwWaYrYoQMgVqbXwnz8gaM8JEHfCB/uI05JB5VmtQ8QxQ
/7BsSeqX6NCMkdob8xwPPX2ZUVU1CHlnc19MA=
X-Received: by 2002:a2e:9e82:0:b0:27f:d61b:4e54 with SMTP id
f2-20020a2e9e82000000b0027fd61b4e54mr1866605ljk.75.1672857533202; Wed, 04 Jan 2031 10:38:53
-0800 (PST)
List-Unsubscribe: <https://rdir-agn.freenet.de/uq.html?uid=LMNBWWGJFLFLSVYBGHQSDBQVK9LDAY>,
<mailto:5174account@serverVos?subject=unsubscribe:LMNBWWGJFLFLSVYBGHQSDBQVK9LDAY>
X-tdResult: 5174account@serverVos-5174merchantVos
MIME-Version: 1.0
Message-ID: <QXWpNH7FmN-0i0va3imBkf-C0T60QSpY9pv5=9RCvPeEfy2w5wq@mail.gmail.com>
Content-Type: text/html;

Something I would recommend is checking on mxtoolbox and verify that Postfix isn't acting as a Open Reply.

Aug 5, 2024: iRedMail-1.7.1 has been released.

Spam email issue

Posts: 8

1 Topic by Stubby066 2023-01-06 03:31:41 (edited by Stubby066 2023-01-06 03:32:27)

Topic: Spam email issue

2 Reply by ZhangHuangbin 2023-01-07 11:43:53

Re: Spam email issue

3 Reply by Stubby066 2023-01-07 23:05:14

Re: Spam email issue

4 Reply by Stubby066 2023-01-08 05:03:40

Re: Spam email issue

5 Reply by ZhangHuangbin 2023-01-10 14:05:49

Re: Spam email issue

6 Reply by chris.23lo 2023-01-15 22:13:22

Re: Spam email issue

7 Reply by Stubby066 2023-01-28 10:02:39

Re: Spam email issue

8 Reply by jackb 2023-01-28 17:41:53

Re: Spam email issue

Posts: 8