1 Topic by aemaething

  • aemaething
  • Member
  • Offline
  • Registered: 2010-12-01
  • Posts: 55

Topic: "undeliverable mail" spam

Hello,


since roundabout 10 days my email account got spammed by "failure notice" emails.
my email address (here xxx@xxx.xxx) is used as "envelope-from" or "return-path".


funny thing is: I think every mail has this line:

X-Original-Helo: dc001.nefteteh.ru (iRedMail: http://www.iredmail.org/)
(with changing servers)

so, this spam is specialized to ired mail servers?

is there any way to stop that?



best,
achim



=== EXAMPLE MAIL ===


Return-Path: <MAILER-DAEMON>
Delivered-To: xxx@xxx.com
Received: from localhost (mailserver.xxx.xxx [127.0.0.1])
    by mailserver.xxx.xxx (iRedMail) with ESMTP id DEE635CD3E
    for <xxx@xxx.com>; Wed,  1 Dec 2010 10:51:35 +0100 (CET)
X-Virus-Scanned: by amavisd at mailserver.xxx.xxx
Received: from mailserver.xxx.xxx ([127.0.0.1])
    by localhost (mailserver.xxx.xxx [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id Q6Ra4QjtNmfV for <xxx@xxx.com>;
    Wed,  1 Dec 2010 10:51:35 +0100 (CET)
X-Original-Helo: dc001.nefteteh.ru (iRedMail: http://www.iredmail.org/)
Received: from dc001.nefteteh.ru (unknown [213.33.213.227])
    by mailserver.xxx.xxx (iRedMail) with ESMTP id 37D3E5CD39
    for <xxx@xxx.com>; Wed,  1 Dec 2010 10:51:35 +0100 (CET)
From: postmaster@nefteteh.ru
To: xxx@xxx.com
Date: Wed, 1 Dec 2010 12:47:32 +0300
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="9B095B5ADSN=_01CB7F2982FBE8C8004FA43Cdc001.nefteteh.r"
X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
Message-ID: <pGKy3hrbn0014aa43@dc001.nefteteh.ru>
Subject: Delivery Status Notification (Failure)

This is a MIME-formatted message. 
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01CB7F2982FBE8C8004FA43Cdc001.nefteteh.r
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       sili84@nefteteh.ru
       sk@nefteteh.ru
       slavaostrov@nefteteh.ru
       slowcrum@nefteteh.ru
       sm@nefteteh.ru
       smcru@nefteteh.ru
       smirnov@nefteteh.ru
       smirnova@nefteteh.ru
       snab@nefteteh.ru
       snejana95@nefteteh.ru




--9B095B5ADSN=_01CB7F2982FBE8C8004FA43Cdc001.nefteteh.r
Content-Type: message/delivery-status

Reporting-MTA: dns;dc001.nefteteh.ru
Received-From-MTA: dns;bd213b5e.virtua.com.br
Arrival-Date: Wed, 1 Dec 2010 12:47:31 +0300

Final-Recipient: rfc822;sili84@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;sk@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;slavaostrov@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;slowcrum@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;sm@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;smcru@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;smirnov@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;smirnova@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;snab@nefteteh.ru
Action: failed
Status: 5.1.1

Final-Recipient: rfc822;snejana95@nefteteh.ru
Action: failed
Status: 5.1.1

--9B095B5ADSN=_01CB7F2982FBE8C8004FA43Cdc001.nefteteh.r
Content-Type: message/rfc822

Received: from bd213b5e.virtua.com.br ([189.33.59.94]) by dc001.nefteteh.ru with Microsoft SMTPSVC(6.0.3790.1830);
     Wed, 1 Dec 2010 12:47:31 +0300
Received: from [189.33.59.94] by mailserver.xxx.xxx; Wed, 1 Dec 2010 06:32:09 -0300
Message-ID: <01cb9121$7ac6fa80$5e3b21bd@aki>
From: =?koi8-r?B?Iu7BxMXWxMEi?= <xxx@xxx.com>
To: <sili84@nefteteh.ru>
Subject: =?koi8-r?B?9dLPy8kgzMDC18kgICAg?=
Date: Wed, 1 Dec 2010 06:32:09 -0300
MIME-Version: 1.0
Content-Type: text/plain;
    format=flowed;
    charset="koi8-r";
    reply-type=original
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Return-Path: xxx@xxx.com
X-OriginalArrivalTime: 01 Dec 2010 09:47:32.0421 (UTC) FILETIME=[C67B0F50:01CB913C]

5 äåëáâòñ × 19-30
   
÷ ôÅÁÔÒÉÕÍÅ ÎÁ óÅÒÐÕÈÏ×ËÅ (ÕÌ.ðÁ×ÌÏ×ÓËÁÑ, Ä.6, Í.óÅÒÐÕÈÏ×ÓËÁÑ) Ô. 236-85-04

ú×ÅÚÄÙ ÓÅÒÅÁÌÏ× "íÁÒÇÏÛÁ" É "ïÄÎÁ ÚÁ ×ÓÅÈ" × ÓÐÅËÔÁËÌÅ

õÒÏËÉ ÌÀÂ×É
     
ìÉÒÉÞÅÓËÁÑ ËÏÍÅÄÉÑ ÷ÁÌÅÒÉÑ óÁÒËÉÓÏ×Á
     
       
üÔÁ ÉÓÔÏÒÉÑ ÚÁÂÁ×ÎÙÍ É ÉÎÔÒÉÇÕÀÝÉÍ ÏÂÒÁÚÏÍ ÐÅÒÅ×ÏÒÁÞÉ×ÁÅÔ ÉÚ×ÅÓÔÎÙÊ ÍÉÆ Ï ÓËÕÌØÐÔÏÒÅ ðÉÇÍÁÌÉÏÎÅ, ÏÖÉ×É×ÛÉÍ ÍÒÁÍÏÒÎÕÀ ÓÔÁÔÕÀ ÓÉÌÏÊ Ó×ÏÅÊ ÌÀÂ×É.
ïÄÎÁËÏ ÔÁËÁÑ ÐÏÐÙÔËÁ ÐÒÅÏÂÒÁÖÅÎÉÑ ÔÅÒÐÉÔ ËÒÁÈ × ÕÓÌÏ×ÉÑÈ ÓÏ×ÒÅÍÅÎÎÏÊ ÒÏÓÓÉÊÓËÏÊ ÄÅÊÓÔ×ÉÔÅÌØÎÏÓÔÉ.
çÅÒÏÉÎÑ ÓÐÅËÔÁËÌÑ ÏÞÁÒÏ×ÁÔÅÌØÎÁ, ÎÏ ÁÂÓÏÌÀÔÎÏ ÎÅ×ÅÖÅÓÔ×ÅÎÎÁ É ÓÔÒÁÛÎÏ ÎÅ×ÏÓÐÉÔÁÎÎÁ. éÓÐÕÇÁ×ÛÉÓØ ÚÁ Ó×ÏÀ ÒÅÐÕÔÁÃÉÀ, ÅÅ ÓÏÖÉÔÅÌØ, ÎÏ×ÏÉÓÐÅÞÅÎÎÙÊ ÒÕÓÓËÉÊ ÍÉÌÌÉÏÎÅÒ, ÎÁÎÉÍÁÅÔ ÄÌÑ ÎÅÕËÒÏÔÉÍÏÊ ÄÁÍÙ ÕÞÉÔÅÌÑ ÉÚÑÝÎÙÈ ÍÁÎÅÒ. îÁÓÔÁ×ÎÉË ÂÙÓÔÒÏ ÚÁÂÙ×ÁÅÔ Ï ÐÅÄÁÇÏÇÉÞÅÓËÏÊ ÜÔÉËÅ É ×ÓËÏÒÅ ÓÁÍ ÐÒÏ×ÏÃÉÒÕÅÔ ÎÅÓÌÙÈÁÎÎÙÊ ÓËÁÎÄÁÌ.
     
òÅÖÉÓÓÅÒ - ÷ÁÌÅÒÉÊ óÁÒËÉÓÏ×
÷ ÒÏÌÑÈ: áÎÎÁ áÒÄÏ×Á\ íÁÒÉÑ âÅÒÓÅÎÅ×Á, ïÌÅÇ íÁÓÌÅÎÎÉËÏ×-÷ÏÊÔÏ×\íÉÈÁÉÌ ðÏÌÉÃÅÊÍÁËÏ/áÌÅËÓÁÎÄÒ èÏ×ÁÎÓËÉÊ, éÇÏÒØ âÏÞËÉÎ\òÏÍÁÎ íÁÄÑÎÏ×\CÅÒÇÅÊ îÁÓÉÂÏ×, ÷ÁÌÅÎÔÉÎ óÍÉÒÎÉÔÓËÉÊ\áÌÅËÓÁÎÄÒ ûÁ×ÒÉÎ, ü×ÅÌÉÎÁ âÌÅÄÁÎÓ\ìÁÒÉÓÁ âÏÇÕÓÌÁ×ÓËÁÑ, é×ÁÒ ëÁÌÎÙÎØÛ\çÅÏÒÇÉÊ íÁÒÔÉÒÏÓØÑÎ.
óÃÅÎÏÇÒÁÆÉÑ -äÍÉÔÒÉÊ äÒÏÂÙÛÅ×
èÕÄÏÖÎÉË ÐÏ ËÏÓÔÀÍÁÍ - ñÎÉÎÁ ëÒÅÍÅÒ
   
âÉÌÅÔÙ ÍÏÖÎÏ ÐÒÉÏÂÒÅÓÔÉ × ËÁÓÓÁÈ ÇÏÒÏÄÁ, Á ÔÁË ÖÅ ÐÏ ÔÅÌ. 778-11-71, 517-11-62

     



--9B095B5ADSN=_01CB7F2982FBE8C8004FA43Cdc001.nefteteh.r--

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by hansolo

  • hansolo
  • Member
  • Offline
  • Registered: 2010-05-21
  • Posts: 26

Re: "undeliverable mail" spam

Hi

I don't know which version you have (I have 0.5.1)
and I changed some amavisd.conf settings to:

after line:
$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
..
  virus_admin_maps => undef,
  spam_admin_maps  => undef,
...
$virus_admin = undef;

there might be some other settings which I don't know.

GL