how to blocking Outgoing spam

Discussion in 'General' started by nelchael81, Feb 11, 2021.

  1. nelchael81

    nelchael81 New Member

    I have a problem with outgoing spam in my ISPConfig 3.2 server.
    These are the headers of one of the spam messages that appear to come from my server:
    ---------------------------------------------------------------------------
    Return-Path: <[email protected]*****P.it>
    Delivered-To: [email protected]*****P.it
    Received: from discovery.d*****P.it
    by discovery.d*****P.it with LMTP id sNekN5V9JGBSEgAAC5px1g
    for <[email protected]*****P.it>; Thu, 11 Feb 2021 01:43:01 +0100
    Received: from localhost (localhost [127.0.0.1])
    by discovery.d*****P.it (Postfix) with ESMTP id E21693E99A
    for <[email protected]*****P.it>; Thu, 11 Feb 2021 01:43:01 +0100 (CET)
    X-Virus-Scanned: Debian amavisd-new at discovery.d*****P.it
    Received: from discovery.d*****P.it ([127.0.0.1])
    by localhost (discovery.d*****P.it [127.0.0.1]) (amavisd-new, port 10024)
    with LMTP id uSPzjcq-utP5 for <[email protected]*****P.it>;
    Thu, 11 Feb 2021 01:43:00 +0100 (CET)
    Received: from d*****P.it (hml09.calorstai.info [103.153.183.233])
    by discovery.d*****P.it (Postfix) with ESMTP id F09B83EA55
    for <[email protected]*****P.it>; Thu, 11 Feb 2021 01:42:58 +0100 (CET)
    From: [email protected]*****P.it
    To: [email protected]*****P.it
    Subject: FW: Account Upgrade
    Date: 10 Feb 2021 16:42:57 -0800
    Message-ID: <[email protected]*****P.it>
    MIME-Version: 1.0
    Content-Type: text/html
    Content-Transfer-Encoding: quoted-printable
    ------------------------------------------------------------------------------------
    How can i prevent these spam emails from being sent?
    What other information can I provide to help you understand and solve the problem?
    Thanks for the help
     
    Last edited: Feb 11, 2021
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. nelchael81

    nelchael81 New Member

    I immediately thought about this and i have changed password. I will try to follow the thread you linked to me.

    I noticed that the sender's ip (103.153.183.233) appears to be located in california. All my clients are Italian. Is it possible to set up a geoblocking to prevent the sending of emails from non-European IPs?
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It is possible, but I would not do that. For example, if one of your clients uses a VPN or goes on holiday, they need to access the server aswell.

    You can set up a Fail2Ban jail to block failed attempts for X minutes, and ofcourse, enforce a strong password policy.
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That doesn't list an authenticated user in the Received header, and appears to be to your own user, not sending externally? Looks like simple spam/phishing claiming to be from your domain. Updating to 3.2.2 with 'reject sender login mismatch' enabled will stop that.
     
  6. nelchael81

    nelchael81 New Member

    ok thanks for the advice
     

Share This Page