1

Topic: iRedAPD blacklist and X-Original-Sende

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

So i added a user to blacklist using iRedAPD:

python /opt/iRedAPD-2.2/tools/wblist_admin.py --add --blacklist [redacted]@gmail.com

some time ago and today I see mail from that same user in my SPAM folder, so I have two questions:

1) what does --blacklist actually do? Does it reject emails? If not, what should I use to reject emails? I don't want them in my SPAM or nowhere.

2) if I grep [redacted]@gmail.com either in /var/log/mail.log or /var/log/iredapd/iredapd.log I get 0 results, but if I use "view all headers" in my mail client I will see X-Original-Sender: [redacted]@gmail.com - does that mean it went by iRedAPD because there was no [redacted]@gmail.com in logs (and ended in SPAM for other reasons)? How can I blacklist (reject) based on X-Original-Sender?

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedAPD blacklist and X-Original-Sende

There're few places can store a "Sender" email address:

1) smtp session (in the "MAIL FROM:" smtp command)
2) mail header (in the 'From:' header)

iRedAPD gets the one in smtp session which is passed by Postfix. obviously your case is this one.
The sender address you see in your webmail/MUA is the second one. this one can be forged to be any email address (and display name).

You need to check mail log and mail header to find other info about this spammer, then block it based on the real info (not the one easy to forge, like "From:" address).

3

Re: iRedAPD blacklist and X-Original-Sende

Mail got through MailChimp...now I'm not sure if I can ban this particular address (the sender has a dedicated MailChimp sending address OR he get a random one each time he sends something). I'll investigate.

Thanks for your help smile