1 Topic by hits (edited by hits 2020-08-14 16:16:39)

  • hits
  • Member
  • Offline
  • Registered: 2020-04-27
  • Posts: 29

Topic: Spam mails receiving

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer?Installer
- Linux/BSD distribution name and version:  ubuntu 18
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,

I am facing hell lot of spam emails on users account, Does spf and dkim getrting checked for all incoming mail, or let me know if i need to activate check for this.

How can i restrict such spam mails, find below the email logs of one of spam mails.

Aug 14 04:29:58 example postfix/smtpd[10721]: 4BSMTp2qXhzlVlh: client=dyslmr.btconnect.com[193.113.5.105]
Aug 14 04:29:58 example postfix/cleanup[23606]: 4BSMTp2qXhzlVlh: message-id=<202008132238.ULP84932@dy11780omr11.dci.bt.com>
Aug 14 04:30:00 example postfix/qmgr[3148]: 4BSMTp2qXhzlVlh: from=<wzclondon@btconnect.com>, size=327334, nrcpt=1 (queue active)
Aug 14 04:30:02 example amavis[22396]: (22396-12) Passed CLEAN {RelayedInbound}, [193.113.5.105]:17765 [14.245.167.137] <wzclondon@btconnect.com> -> <arvind.nangare@example.in>, Queue-ID: 4BSMTp2qXhzlVlh, Message-ID: <202008132238.ULP84932@dy11780omr11.dci.bt.com>, mail_id: FRw-xiGRz-Kn, Hits: 1.737, size: 327334, queued_as: 4BSMTt2bTczlVq5, 2362 ms, Tests: [HTML_MESSAGE=0.001,MIME_BOUND_DD_DIGITS=0.349,MIME_HTML_ONLY=0.1,RCVD_IN_MSPIKE_BL=0.001,RCVD_IN_MSPIKE_L4=0.001,RCVD_IN_RP_RNBL=1.284,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,TVD_SPACE_RATIO=0.001]
Aug 14 04:30:02 example postfix/amavis/smtp[23566]: 4BSMTp2qXhzlVlh: to=<arvind.nangare@example.in>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=1.8/0/0/2.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4BSMTt2bTczlVq5)
Aug 14 04:30:02 example postfix/qmgr[3148]: 4BSMTp2qXhzlVlh: removed

Does anybody else face spam mail issue recently..

Please help me to solve this issue.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by hits

  • hits
  • Member
  • Offline
  • Registered: 2020-04-27
  • Posts: 29

Re: Spam mails receiving

Hi,

How can i enable spf check to all incoming mails?, as there are many spam domains mails are recieving which SPF didn't exist.

Please help me..

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam mails receiving

Add below line in /etc/mail/spamassassin/local.cf, then restart Amavisd service:

score SPF_FAIL 5

If SPF failed, it will get score 5. Feel free to tune it.

4 Reply by hits (edited by hits 2020-08-17 16:27:09)

  • hits
  • Member
  • Offline
  • Registered: 2020-04-27
  • Posts: 29

Re: Spam mails receiving

Thank you...I have set it in local.cf and restarted amavis, but some spam domain has no SPF/txt records.

If sender domain don't have any spf/txt records then how can i bounce the mail or tag as spam..


ZhangHuangbin wrote:

Add below line in /etc/mail/spamassassin/local.cf, then restart Amavisd service:

score SPF_FAIL 5

If SPF failed, it will get score 5. Feel free to tune it.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Spam mails receiving

Use rule "SPF_NONE".
WARNING: many mail domains don't have SPF record, use it carefully.