1 Topic by y.restrepo

  • y.restrepo
  • Member
  • Offline
  • Registered: 2019-03-29
  • Posts: 5

Topic: Solve Spoofing problem

Please your help to give me information to solve the following problem:
emails arrive from the same account, this requests money in exchange for publishing videos of pornography. Investigating on the Internet this is called spoofing. In the company we have the fear that we are vulnerable to a virus or ransomware.



Thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Solve Spoofing problem

y.restrepo wrote:

emails arrive from the same account, this requests money in exchange for publishing videos of pornography. Investigating on the Internet this is called spoofing.

Email headers (which contains From:) are easy to forge. sad

You need to check Postfix/iRedAPD log file to figure out which one is the real sender, including sender IP address, sender email address used in SMTP session (it's not always same as the sender address in From: header), then try to ban it based on sender ip/email.

Also, Amavisd logs the matched SpamAssassin rules in Postfix log file, you can try to tune the rule scores to catch similar spams.