Filtering e-mails with forged "from" address

Discussion in 'ISPConfig 3 Priority Support' started by macguru, Aug 19, 2020.

  1. macguru

    macguru Member HowtoForge Supporter

    Hi !

    I'm being continuously bombarded with e-mail which have same patters - forged "from" address.
    Message appears from valid partner address in normal (no raw or all headers display), or even from our own e-mails.
    Is it possible to kill this with SpamAssassin or with anything else?
    Thanks in advance.

    For example:
    Code:
    Content-Type: multipart/mixed; boundary="----=_Part_44557_269303646.4176165484170440208"
    Mime-Version: 1.0
    X-Greylist: delayed 408 seconds by postgrey-1.36 at mail; Wed, 19 Aug 2020 05:36:15 EEST
    Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thegtgroup.co.za; s=default; t=1597804163; bh=WCNM4n5Cz1S77yLJ2DqyAQnfal4ch1xfm4iesZNt08g=; h=Date:From:To:Subject; b=FAztzEwG6dEWzgreUZfXw4zsmeVZblHYFPCD3Bt/z71qqxOVOAZqwuuPodZJq1j93 EPotXemCDD7bdMfEDSOezDbkni1E9uZGd4Ucoddvcq/jX59kjbl8dbXk4Aj3s6U7u7 0nZ7fG6fn3E1+nDIe+Z/40kVTdx8ufGFdryqrdm4=
    Return-Path: <[email protected]>
    X-Virus-Scanned: Debian amavisd-new at mail.mycompany.com
    Received: from localhost (localhost [127.0.0.1]) by mail.mycompany.com (Postfix) with ESMTP id 6D7A83C3957 for <[email protected]>; Wed, 19 Aug 2020 05:36:18 +0300 (EEST)
    Received: from mail.mycompany.com ([127.0.0.1]) by localhost (mail.mycompany.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmcBmCsi-h-R for <[email protected]>; Wed, 19 Aug 2020 05:36:17 +0300 (EEST)
    Received: from cp2.k-it.co.za (cp2.k-it.co.za [160.119.100.60]) by mail.mycompany.com (Postfix) with ESMTPS id E9DA43C3956 for <[email protected]>; Wed, 19 Aug 2020 05:36:15 +0300 (EEST)
    Received: from [197.248.121.94] (unknown [197.248.121.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by cp2.k-it.co.za (Postfix) with ESMTPSA id 3E25B9752 for <[email protected]>; Wed, 19 Aug 2020 04:29:23 +0200 (SAST)
    <[email protected]>
    Delivered-To: [email protected]
    Authentication-Results: mail.mycompany.com (amavisd-new); dkim=neutral reason="invalid (public key: DNS error: query timed out)" header.d=thegtgroup.co.za
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which ISPConfig version do you use and which OS and do you have changed something in postfix config manually in regard to mail filtering and rejection of emails?
     
  3. macguru

    macguru Member HowtoForge Supporter

    3.1.13 on Debian 9, perfect setup from howtoforge, no extra manual changes in posfix or SpamAssassin configs. Spam filter "normal" on all mailboxes.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Try updating to the current version (3.1.15p3) to see if that helps and choose reconfigure services = yes during update.
     
  5. macguru

    macguru Member HowtoForge Supporter

    Just did update. Does newer version of ISPConfig adds new mail filtering rules?
     
  6. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    Yes, but I'm not sure if they are included in 3.1.15p3 or that they will be part of the upcoming release (3.2)
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The above posted mail should even be catched by the reverse record checks.
     

Share This Page