Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x Email Support v1.0.x v Receiving spam from my Own Server

Receiving spam from my Own Server
americanninja Offline
Sentora Member
*
OS: Ubuntu 14.04
Version: 1.0.3
Server: VPS
Posts: 81
Threads: 16
Joined: Apr 2015
Reputation: 0
Sex: Undisclosed
Thanks: 4
Given 9 thank(s) in 7 post(s)
#3
RE: Receiving spam from my Own Server
 05-08-2016, 02:33 PM
(05-08-2016, 02:51 AM)Ron-e Wrote: Are they really from your server or sent with an other server just with a the fake email address which is yours?
You can see this in the source of the spam email.
Try to add or edit your SPF record if they are not being flagged as spam..

Hi Ron-E! Thanks for replying to my post. I'm not exactly sure to be honest. I don't really know how to read these email headers. I thought it did, but even Spamassassin is showing a different IP address as the receiving IP as is listed at the top of the header (received: by 10.194.xxx.xxx). So I don't even understand where SpamAssassin is getting the IP address of 41.60.XXX.XXX.

I have copy and pasted the email original message below so you can see. I'd really appreciate any help you can provide. I slightly modified the below email to mask some of the IPs and my server domain name with MYDOMAIN.com and MYEMAIL@gmail.com (which is the email address my web server forwards contact@MYDOMAIN.com to).

As for the SPF record, I have this set on my MYDOMAIN.com DNS. It's listed as this:

TXT @ "v=spf1 a mx ip4:104.131.XXX.XXX ~all"

I think these are all setup properly and everything appeared to check out find when setting up the email server. And this server has been running for about a year now with these settings. I just recently noticed these spam emails coming from MYEMAIL@MYDOMAIN.COM to MYEMAIL@MYDOMAIN.com because of a gmail filter I setup, which says to NOT PUT IN SPAM folder if email comes from @MYDOMAIN.com. So now these spam emails are showing up in my inbox. It's not a big deal, I can just delete them, but I'm just curious if I have something setup incorrectly on my server allowing spammers to use my email server to email me spam. I'd like to prevent/stop this. Thank you!

Code:
Delivered-To: MYEMAIL@gmail.com
Received: by 10.194.XXX.XXX with SMTP id pe3csp3453454wjb;
        Sat, 7 May 2016 14:02:38 -0700 (PDT)
X-Received: by 10.98.XXX.XXX with SMTP id g65mr634345345pfj.91.14626534534500;
        Sat, 07 May 2016 14:02:38 -0700 (PDT)
Return-Path: <contact@MYDOMAINNAME.com>
Received: from panel.MYDOMAINNAME.com (mail.MYDOMAINNAME.com. [104.XXX.XXX.XXX])
        by mx.google.com with ESMTPS id i127si2633453457pfc.224.2016.05.07.14.02.37
        for <MYEMAIL@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 07 May 2016 14:02:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of contact@MYDOMAINNAME.com designates 104.XXX.XXX.XXX as permitted sender) client-ip=104.XXX.XXX.XXX;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of contact@MYDOMAINNAME.com designates 104.XXX.XXX.XXX as permitted sender) smtp.mailfrom=contact@MYDOMAINNAME.com
Received: by panel.MYDOMAINNAME.com (Postfix, from userid 1001)
    id 4B414536B027; Sun,  8 May 2016 06:02:37 +0900 (JST)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
    panel.MYDOMAINNAME.com
X-Spam-Flag: YES
X-Spam-Level: *********
X-Spam-Status: Yes, score=10.0 required=5.0 tests=DOS_OUTLOOK_TO_MX,
    HELO_MISC_IP,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,
    RDNS_NONE,URIBL_ABUSE_SURBL,URIBL_BLOCKED autolearn=no autolearn_force=no
    version=3.4.0
X-Spam-Report:
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    *  1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
    *      blocklist
    *      [URIs: perfin.in]
    *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    *       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    *      for more information.
    *      [URIs: perfin.in]
    *  2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    *      [41.60.XXX.XXX listed in psbl.surriel.com]
    *  1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
    *      https://senderscore.org/blacklistlookup/
    *      [41.60.XXX.XXX listed in bl.score.senderscore.com]
    *  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    *      [Blocked - see <http://www.spamcop.net/bl.shtml?41.60.XXX.XXX>]
    *  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
    *  1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
    *  0.1 HELO_MISC_IP Looking for more Dynamic IP Relays
Received: from [41.60.XXX.XXX] (unknown [41.60.XXX.XXX])
    by panel.MYDOMAINNAME.com (Postfix) with ESMTP id B0E34346B025
    for <contact@MYDOMAINNAME.com>; Sun,  8 May 2016 06:02:31 +0900 (JST)
From: <contact@MYDOMAINNAME.com>
To: <contact@MYDOMAINNAME.com>
Subject: [***SPAM***] Hello!
Date: 8 May 2016 00:10:05 +0100
Message-ID: <002301d1a8b8$01f30ee7$13883c9c$@MYDOMAINNAME.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0020_01D1343r.01F16F67"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acjjujas70y2k3t8jjujas70y2k3t8==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514
X-Spam-Prev-Subject: Hello!

This is a multi-part message in MIME format.

------=_NextPart_000_0020_01D1A8B8.01F16F67
Content-Type: text/plain;
    charset="windows-1250"
Content-Transfer-Encoding: quoted-printable

r u down for right now? i'm 26/f looking for a f*ckbuddy on the side...
i'm crazy in bed ;) think you could tame my pu_$Sy?

my username is Ekaterina03
u can see my naughty pics >>
here =20
------=_NextPart_000_0020_01D1A8B8.01F16F67
Content-Type: text/html;
    charset="windows-1250"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dus-ascii" =
http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 8.00.7601.17514"></HEAD>
<BODY>
<DIV><SPAN class=3D240339418-07052016><FONT size=3D2=20
face=3DArial>r u down for right now? i'm 26/f looking for a f*ckbuddy on =
the side...<br>
i'm crazy in bed ;) think you could tame my pu_$Sy?<br>
<br>
my username is Ekaterina03<br>
u can see my naughty pics <a =
href=3D"http://perfin.in/redir/zugrav6/">>><b> here</b> <<</a> =
<br></FONT></SPAN></DIV></BODY></HTML>
------=_NextPart_000_0020_01D1A8B8.01F16F67--
Find
Reply
Thanks given by:


Messages In This Thread
RE: Receiving spam from my Own Server - by Ron-e - 05-08-2016, 02:51 AM
RE: Receiving spam from my Own Server - by americanninja - 05-08-2016, 02:33 PM
RE: Receiving spam from my Own Server - by Ron-e - 05-08-2016, 06:41 PM
RE: Receiving spam from my Own Server - by Ron-e - 05-08-2016, 08:19 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
External mail client cannot connect to server iraqiboy90 2 6 ,843 02-28-2021, 11:34 AM
Last Post: iraqiboy90
Sentora Email Setup - EMAIL DOESN'T GO TO SPAM james30263 0 3 ,371 09-15-2018, 01:20 PM
Last Post: james30263
Incoming email not receiving. OinkyOverlord 7 15 ,370 06-01-2018, 06:49 AM
Last Post: natansousa1992

Forum Jump:


Users browsing this thread: 2 Guest(s)