The best way I've found to eliminate (yes, entirely) spoofed sender
addresses is to blacklist local domains in spamdyke. This is counter
intuitive, but it works nicely. There should be no email coming in to
your QMT host claiming to be from your domains that is not coming from
an authenticated sender. This requires that all your senders use your
QMT host for submitting emails, but that's not usually a problem.
--
-Eric 'shubes'
On 12/04/2014 03:42 PM, Dan McAllister wrote:
Rajesh:
You have edited the log file, so I'm forced to suppose -- but most of
this kind of SPAM that *I* am seeing these days looks like this:
From: "[email protected]" <[email protected]>
The message APPEARS to be from "[email protected]", but that is actually
just the "text name" given to the FROM account.
The message then passes SPF because the sending host is listed as a
verified sender for the domain "source.ru" <or wherever it is coming from>.
If this isn't the issue, please advise. If you're not comfortable
posting the actual headers, please feel free to send them directly to me
(vs. the list) so I can see more clearly what is happening.
Dan McAllister
QMT DNS/Mirror Admin
On 12/4/2014 1:23 AM, Rajesh M wrote:
hi
mydomain.com email service on my server.
i recd a spam [email protected], from the spammer's server.
the mailfrom shows as :[email protected]
Return-Path:<[email protected]>
i use spf qmail spf check at level 2
logically Received-SPF is supposed to show as spf failed, however it is showing
as pass.
is it because of the envelope sender, ie Return-Path header ?
could you please let me know what additional steps i need to take to prevent
such spam with mailfrom as my own domain.
Return-Path:<[email protected]>
Delivered-To:[email protected]
Received: (qmail 23216 invoked by uid 89); 3 Dec 2014 12:25:54 -0000
Received: by simscan 1.4.0 ppid: 23141, pid: 23209, t: 1.2472s
scanners: attach: 1.4.0 clamav: 0.98.4/m: spam: 3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
ns1.yyyyy.com
X-Spam-Level:
X-Spam-Status: No, score=0.9 required=5.0
tests=HTML_MESSAGE,MIME_HTML_ONLY,T_REMOTE_IMAGE,URI_HEX,headerSPFPASS
autolearn=disabled version=3.3.2
Received: from unknown (HELO etna.w2hosting.cz) (82.208.49.33)
by ns1.yyyyy.com with SMTP; 3 Dec 2014 12:25:52 -0000
Received-SPF: pass (ns1.yyyyy.com: SPF record at lackdesign.cz designates
82.208.49.33 as permitted sender)
Received: from etna.w2hosting.cz (localhost.localdomain [127.0.0.1])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by etna.w2hosting.cz (Postfix) with ESMTPS id 216B0C687F
for<[email protected]>; Wed, 3 Dec 2014 13:25:43 +0100 (CET)
Received: (from apache@localhost)
by etna.w2hosting.cz (8.14.4/8.14.4/Submit) id sB3CPgqc017685;
Wed, 3 Dec 2014 13:25:42 +0100
Date: Wed, 3 Dec 2014 13:25:42 +0100
Message-Id:<[email protected]>
X-Authentication-Warning: etna.w2hosting.cz: apache set sender
[email protected] using -f
To:[email protected]
Subject: [ PayPal ] : About Your Account . #PP-ID = 68872897358073360
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From:<[email protected]>
rajesh
---------------------------------------------------------------------
To unsubscribe, e-mail:[email protected]
For additional commands, e-mail:[email protected]
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]