Topic: Spam mail bot beeing filtered

- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

0.9.9 MYSQL edition
iRedAdmin-Pro management

We are having tons of email relaying from external ips (with an internal account).

Nov  6 16:27:36 nowi amavis[16132]: (16132-07) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [external_ip]:64332 [external_ip] <user@ourdomain.com> -> <moonierwoods66@yahoo.com>, Queue-ID: F3E6D1E20126, mail_id: 1TiMft5PIGzu, Hits: -, size: 308716, queued_as: 878021E2023A, dkim_new=dkim:ourdomain.com, 176 ms
Nov  6 16:27:37 nowi postfix/submission/smtpd[6980]: 055C01E20126: client=unknown[], sasl_method=PLAIN, sasl_username=user@ourdomain.com
Nov  6 16:27:38 nowi amavis[16711]: (16711-01) Passed CLEAN {RelayedInbound}, [external_ip]:59499 [external_ip] <> -> <user@ourdomain.com>, Queue-ID: DF05F1E20243, Message-ID: <E1iSQxi-0007Lq-7d@vps40713.inmotionhosting.com>, mail_id: 3Z9TiUmT-AFY, Hits: -, size: 4978, queued_as: 26A111E20295, 80 ms
Nov  6 16:27:38 nowi postfix/amavis/smtp[16695]: DF05F1E20243: to=<user@ourdomain.com>, relay=[]:10024, delay=0.68, delays=0.59/0/0/0.08, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[]:10025): 250 2.0.0 Ok: queued as 26A111E20295)

Amavis says PASSED CLEAN and it's not!
It also say ORIGINATIN LOCAL and our internal ip range is
We've putted originating external IP in blacklist and nothing happens

Please Help.
We are entering in several dnsbl block lists because of this massive mailing


Re: Spam mail bot beeing filtered

rabrahan wrote:

Amavis says PASSED CLEAN and it's not!

There's no 100% spam catching guarantee.

Try to run script /root/iRedMail-0.9.9/tools/find_top_sasl_usernames.sh (or download the latest iRedMail-0.9.9 and copy it from the downloaded package), it will show you which users performed a lot smtp authentication, the top one or few might be hacked and used to send spams. You need to reset the password and remove the queued spams.


Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee


Re: Spam mail bot beeing filtered

Thanks for your reply!