Topic: block incoming email on servers hostname
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 MYSQL edition.
- Linux/BSD distribution name and version: Ubuntu 16.04 X86_64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
I have been running iRedmail for the last week on a a few different domains of mine. The server hostname is mx.domain.com with the domain.com as one of the virtual domains.
I noticed a few email blocked (correctly) when they were trying to look like they came from my domain without being sent via the submission port. However yesterday I received a SPAM email that came from the hostname. I'd like to make sure any of these emails are blocked.
Here is a copy of the mail headers from the email in question:
Return-Path: <MAILER-DAEMON>
Delivered-To: ben@domain.com
Received: from mx.domain.com (localhost [127.0.0.1])
by mx.domain.com (Postfix) with ESMTP id 976055DC02
for <ben@domain.com>; Sat, 15 Apr 2017 10:59:44 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at mx.domain.com
Received: from mx.domain.com ([127.0.0.1])
by mx.domain.com (mx.domain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 74Dk6tzLPS-u for <ben@domain.com>;
Sat, 15 Apr 2017 10:54:12 +0100 (BST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02hn0248.outbound.protection.outlook.com [104.47.6.248])
by mx.domain.com (Postfix) with ESMTPS id 51EB55DCBF
for <ben@domain.com>; Sat, 15 Apr 2017 10:54:03 +0100 (BST)
Received: from HE1PR0401CA0046.eurprd04.prod.outlook.com (10.168.27.14) by
HE1PR04MB2987.eurprd04.prod.outlook.com (10.170.255.145) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.1.1019.17; Sat, 15 Apr 2017 09:53:51 +0000
Received: from AM5EUR02FT005.eop-EUR02.prod.protection.outlook.com
(2a01:111:f400:7e1e::201) by HE1PR0401CA0046.outlook.office365.com
(2603:10a6:3:19::14) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10 via
Frontend Transport; Sat, 15 Apr 2017 09:53:51 +0000
Authentication-Results: spf=none (sender IP is 192.38.124.75)
smtp.helo=sepo1.ku.dk; domain.com dkim=none (message not signed)
header.d=none;domain.com; dmarc=none action=none header.from=;
Received-SPF: None (protection.outlook.com: sepo1.ku.dk does not designate
permitted sender hosts)
Received: from sepo1.ku.dk (192.38.124.75) by
AM5EUR02FT005.mail.protection.outlook.com (10.152.8.173) with Microsoft SMTP
Server id 15.1.1019.14 via Frontend Transport; Sat, 15 Apr 2017 09:53:50
+0000
Received: from lb-fa-public-snat1.pan.net.ku.dk ([10.78.0.165])
by sepo1.ku.dk (JAMES SMTP Server) with SMTP ID 133
for <ben@domain.com>;
Sat, 15 Apr 2017 11:53:50 +0200 (CEST)
Received: from MM-TS1.Morrell.local (75.148.231.49) by Exchange.ku.dk
(172.28.3.173) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sat, 15 Apr
2017 11:53:49 +0200
Content-Type: multipart/mixed; boundary="===============1187709382=="
MIME-Version: 1.0
Subject: Customer Cash Coupon
To: <ben@domain.com>
From: SONY@mx.domain.com, EU@mx.domain.com
Date: Sat, 15 Apr 2017 04:54:33 -0500
Reply-To: <info@sonyeucoup.com>
Message-ID: <37bd2177-6fc1-448a-a528-94bf686f1451@P2KITHUB08W.unicph.domain>
X-Originating-IP: [75.148.231.49]
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131367236310947821;(e7bb194a-85c4-48de-b850-08d452294bc4);()
X-Forefront-Antispam-Report:
CIP:192.38.124.75;IPV:NLI;CTRY:DK;EFV:NLI;SFV:SPM;SFS:(10009020)(336005)(39410400002)(39400400002)(39840400002)(39380400002)(39450400003)(39850400002)(39860400002)(2970300002)(428002)(5005620100008);DIR:OUT;SFP:1501;SCL:9;SRVR:HE1PR04MB2987;H:sepo1.ku.dk;FPR:;SPF:None;MLV:ovrspm;A:0;MX:0;PTR:InfoDomainNonexistent;LANG:en;
X-Microsoft-Exchange-Diagnostics: 1;AM5EUR02FT005;1:KNRUbhdOs4vy0hFvt+0IHQsgEzDqMw0SpVDPozQ11z0en2lq7W7meJKPa8FIycMWgXK3fvCgwR/KijBPHVcaFTDjEekXeml/sr4OEu8y4NZRpLRYLWwtip9kKWVaRW51uAK/X65XGZddUpeU9u2UweG4Bwrn+lv9WGTfOL6LRhf7HQfQrnbiKy9hlSFzD5GS9a7/HH7wCyeDDqlYsFQ1HKviQ+HF+lnYbD9ehaQz+Aew1CmD1oeXM0A7lZDQ63MGdgUONTzQbZcI6EBhwPxGzdALShxPciTValtGkHpP35UzVaUnJKzSoldnHCwFV/fNqe4hqcZR9sjVyNYuW325XT+bbxWW9w+Ri6dtedN2AtOGZRXzc34Xd0hrG+I6N4caK75FrpQ0Xxp5OKEzIbODXN0TOFadvLM3dQb6ugCGUFMT6/vZ7CMUM0o1nlSLuvsyNCDLuhl/Wl9gnXP3PiXt939ZHKjzZ5/kzb7eXyDTcWG6XXqlv1Kzk3sYqRLKhLz3GO4id5KZSbdYEXFFheuneoF9Ym3+4R0G0SvQso0CyNY=
X-MS-Office365-Filtering-Correlation-Id: f0be7e5a-fdab-43bc-0ad9-08d483e551ba
X-Microsoft-Antispam:
UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131430075)(201703131517081);SRVR:HE1PR04MB2987;
X-Microsoft-Exchange-Diagnostics:
1;HE1PR04MB2987;3:TCIbV1Qlch67G8s1Ny8y9gp5CF2QfvQflhbwshdI79FNmOrCyfWzIhkSpHr7mCarZhr5g4e/Kq/VVh13/YrniHKYpCq6WGDZfYSNmxS4m4EwzGIAw/iKJPdlGMTQiT2Ag1B2OuxVqy6T/5oKNR4f7GzEjVt6D7F5GlZQO3VExW5oOtsCqgo97u5aw1FUPJ4K+XnkIa6s2Ae5FZ8ky5QoqnlGqRllkZcMIU57uzaGSOMy2WSQL488IHTrxr4W5sdN1ROqPNoQd1J07RQXA5D8tDuABhO6jQpouJKJIVmQRKQQXSBd/21WwNF9ncpXJK+JAkIKiQgMKGaAGgaaPl6LAONDEcFCNmvR0BstCvAlv+VrUAqdqlidRQMowPIluQoNhPPjJCkcqJh8BhDBPMPCB5YjgIb+BO37Z7MIsNle23CYjEbMaJtDPk9R9hHY9sVU
X-Microsoft-Exchange-Diagnostics:
1;HE1PR04MB2987;25:JyZp6P7i/g/RL3YY8EqwDrPfMX/rC/Z+aI5Irgrc01pavrzK9eK0IhpnyjLEta0wAUmXJMzZjrJdtewCjtzHYnt6VIH2W1Sal33z94OeIiFDVG45bwjvdtkA4OChIpxrFfBKzPFU1AKbY1tYo9E5J36yS+yVKu0mLssPwJEJy1usUl4J2KTjIJW9iH0EwtF0QfzXxtVQul8a6Jg6gA5C7RD89+BnXQ3+2GCu4wdPKmU3Myq1l/vQ2c242m0KyaLtGQNGRVNdIWG1Pvq+F9CF0dPSOo97DVDY6RABWdFckERgLBlWNz6bqZVeUQz3y53UemHoaM5cjpW72M9j/GrOEUI07sjuHyf7zKfQAQVet0I3seEizvXwQdMPnCg0oRDzuOXP5vNSBGiUlJhJ7D2+/sl+Tn6RO/tuaXX2KHjazeIje7/bqhNpp29Eo46Q7l/Q7t1A1gjwV3BBjEMaqiArKNEVIKuPWoHOum5UMB9gZN8/tatwiBsqIvREop1pVKXhBwU2X566cM4u12ebUa68FPva74ZWUuz3jrvOY9UGr3EyOhBJAXA0NtX6XGdSHyES;31:7p1f9xyQzTWZLGGhPJ5kIDipefaIZZN/OHyWcW09FQHGOhrQ/k/mh30AoYzx7W5usJdsSA9Y944wlnmPhMxEwfQ/IJsCYCpeDrMzD4mcPZcN+De6kLYvgVWhT6CFf5rsVC3OMTEgigD2EryydRJ9IX22cjOvVtQw6J5abHDoMMUkj1yyAD2CUljTs+jtzqe81qHf3CVoHBh+6j+eZTthWJa8JGlf5kehvhMx/HCjWCvPAuvSIKQIK20tWkb5nXRJ06EDIdYlmKSJeth1Nl/tTNo3JAmm10CO7kf9nInkgeLmBU6lT8PI+0MGhp3+pbOK
X-Microsoft-Antispam-PRVS:
<HE1PR04MB2987391F13433A21E4663B07B8040@HE1PR04MB2987.eurprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(144347089115328);
X-Exchange-Antispam-Report-CFA-Test:
BCL:0;PCL:0;RULEID:(102415395)(6095135)(601004)(2401047)(8121501046)(5005006)(13024025)(13016025)(13023025)(13018025)(93006095)(3002001)(10201501046)(6055026)(2002001)(6096035)(20161123556025)(201703131430075)(201703131437075)(201703131448075)(201703131433075)(201703161259150)(20161123561025)(20161123565025)(20161123563025);SRVR:HE1PR04MB2987;BCL:0;PCL:0;RULEID:(400006);SRVR:HE1PR04MB2987;
X-Microsoft-Exchange-Diagnostics:
1;HE1PR04MB2987;4:CCMEBJDQgPV0pooehrZ59dCAl9JtUTWF7WSTsoLRQxLiVF6REQLCbTOa7of5MIvKvMeXhpFcdx0itImFK5gi6vtI3klZ8HTI3Oe6v7mzGHTKA0tFxKAjiv44/BVvRBtyxPjiJ3TXzTGMCduxhA7/yXJDe12RuKwuLm0s5maa7pXuIcbIsP8OiraIiS6+CamtCDmsQqD2W6PJAcISVFLYV+oC1x+/qU/Tvpp4vtoNmFL935Y5teIUr4+BnpxOWK+covoIXBpDZg27ODPXuLEujwSW8nBFaI149oAPA4/o4qidvylBnJb4uhHuNxN/cIMS+dH7t9Qvt827I4kD/NOBh/o4qYeNH5SYfrbgPbNbssY9cLMXB/rsYqIpX3j4JqzqvPr3J1lV3p9o3KtWSUTUpiuzawgetItVuYuTlUB6Vu5I/ytSFTW+af0A769ipctDK3ItF+Wzuzad4l//iXnMW4adtawP+Owcyl41lScRErhu2aRwz+dlgywmj+shlk7LAEARIQZLGtawp2b1LfgU3E8LgfmFkUL7ROlsdhIK2Ujyaa1fvlhoaGA7nfwIdTBBwx2i3HhbgDHZ10922smKalZzzpVUPSIFYPx6FBREhCommN9g4Kemk9vQIKFfhRWfmL+vR7B3ZzzzJ7wjCFXTK9hcC80tZSzS1VHDva15wfiDQ89bQ+dW+wfImBBTxqyDxFk1QFh8RDDv6FrjH6X9nM69N1cy6n4Oarqcn4zlcMKTC4ma25duHGysOsX4rKYOcw1SFUwYptKAff0l12CfawYrRPyF7MkrcnpFOERNzOOkSmDYFFz06Q9C4pCgyY7QbHiKhib92lqDTxuBePwOT7eow/eLPml4OkqVnGakI35PNUtVVJ2Hx4fLwyM7NSeswsf0y17SCMYU2oy7sbQeOJj45ZhS+AjvkMKuLr+03Y8=
X-Forefront-PRVS: 02788FF38E
X-Microsoft-Exchange-Diagnostics:
1;HE1PR04MB2987;23:W3TVBFPg39o2Llbs36xUvC1hB2NXk7f+dJ/NejGQyMEgGJM79YLKGPvwJzOGhijETx0wC9C23VcoSgytlQgsfMkE9XFfPgiGvDdAM7VmucJm3KpDFm4Z/Gc4MY5WKntD14PTFF0RjWytnq5nEsPG96JVLJIA8blxUGJC5Zipv80A4j/PrOqXJGSzW4LPv8oqSLFZiKb0SH6dUTAy4y5/Hrp9IPhXhq+1NmhtvCngZz7C7L+1Iy4oB704x5EEks3fcmQajseiOFVlo+KwdgkiXIDrhV+5NLhaILWhmFfiQ0FIYI740QiFlmsNhjq00r2u6RnkBiIMY2omZlIMCtotrp+07XJuePnV3zJMK7ZKZVZRekP4ivJvMKdT6VddlkSoWPaHrqegVL5rVL8FgDsFc674AC+l5/TUq9q1vQe5DynWrYKgzEg6jsvzf6VwB1uttv6ZPzxz61etPjgWX+dEpw==;6:BOLoz+X67tTO6HOORKoBfQTyNhB1efBpvtPoMFxF6xLjQPedx93EAl4KnnGjMjJHCzGJw83MENl8PxJThvfjF6vOuHxSDM3IYrYMV4sL99tfz+gu5z/dUUmjyEn4JmfyiADtazzOQLuc0VjQsbX7eZk7OmrVZuGrmLBozH3fSq6L19l0dA53/UP4Wlm7CQjw/Lc9yPmujrMWcnN91HgYkenq+dpBefEr08xRegVz1WtVJoTazhyOKGQba8eqOpyanYwmPiybjzsxMc+ekUF3gIQslfChIT0z7JS3woI0oWxygk/Wa5rJAQ37Zqp3/Z5uhvML6l0Qow+5UaNUJl5+QIycqVcWK8/6ZNKG+sbEdsyafkqI+5L5qWBzCyW4GGmZYvfq0n7hGD8mO1IgG03b8gqeEHu7WnxDuBdSWjESIWbuB7ka2BYBaHUYkGDD0IXtAZk/o+zXAJGHclr8iUjfJw==
X-Microsoft-Exchange-Diagnostics:
1;HE1PR04MB2987;5:qkKDL5OsYLR4PUnqh7zWW0CAx7F5YuX3ucgWO+Rt3dNqVtGYK4Ekg8Cq+0k9Xv/LhyYSZ4HN3I8aKYqr5KeONwQTbH8NMiVxHG2vaOKkVdoTProEt1F4b6U2ZDvtSjeFV2BIpgOFw+rvoh5mya179w6VefJ5WWsiIak/QbR21dkWoj0G3S9yoJEMyo2tsI4O;24:lwHZ1wyT6zKZur3lSDofM+5F4DWNqn52vqRt1k0yrGpkRXzQ61qAkZ1F1Mt/n08PBRkSvWikjnahgDheJS96iA==;7:RILbby4y8/gBIDXufZo7ppn5yYZ4Rwe9gekwFqFG195CROZ5sdfEb3pMNGgIWo9bASUmDNRbwrOtuQy3Nd9gfLQ65mvEq7VxXmlcaaofBSjCEZfuAWMUX7erkmWGtQdCyrplmE92lLOMXmdPQV+RbKGgBqME0XzFOi21oIoVllGW/gNKslRdYhJd6OTzD1xUnVj9g10LU+c6WVoJcrNJ4ooA9wqyL1lIhiXsrf772R7JaeZZJxsjmjznhv5Py4A+8iowxmXDdTP6cwr0qLVQr3sFoKS2mFmZRQ4xdJhWUP3ud5WpbYm68FanETW7Ku2vv2NK8wQTVbDCORCdIR/2Xg==
SpamDiagnosticOutput: 1:22
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Apr 2017 09:53:50.7197
(UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;Ip=[192.38.124.75];Helo=[sepo1.ku.dk]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR04MB2987
Is there a setting I need to modify / make in main.cf or is it more of a iRedAPD thing?
Regards
Ben
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.