SPAM emails from my own Domain

Hi,

I have a question, we are using NethServer as our primary mail server. Everything was working perfectly but from the past few days, I am receiving SPAM emails from my own domain.

Even though I already implemented SPF, DKIM, & DMARC for my domain. Is there any way to block such SPAM emails?

I am very thankful to you.

Kind Regards,
Adnan

1 Like

Hi

AFAIK, no. No mail server will block it’s own legit user from sending a mail to themself.
It “sees” that as internal.

After all, it could be you sending it from a mobile phone to your PC at the office…

Usually, they stop within 1-2 weeks…

My 2 cents
Andy

Hi @Andy_Wismer,

Thank you for your quick reply, when I inspect the header of the email it came from another server.

Received: from gateway32.websitewelcome.com (gateway32.websitewelcome.com [192.185.145.102])
by nethserver.mydomain.com (Postfix) with ESMTPS id 68798CCCF56F
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 15:37:20 +0100 (CET)
Received: from cm12.websitewelcome.com (cm12.websitewelcome.com [100.42.49.8])
by gateway32.websitewelcome.com (Postfix) with ESMTP id 2A0BD3F1D80
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 08:37:06 -0600 (CST)
Received: from br1016.hostgator.com.br ([162.241.203.147])
by cmsmtp with SMTP
id qFs2mvxW5zD3VqFs2msOM6; Thu, 25 Nov 2021 08:37:06 -0600
X-Authority-Reason: nr=8
Received: from [66.113.226.191] (port=51490 helo=cmdesignsolutions.ca)
by br1016.hostgator.com.br with esmtpa (Exim 4.94.2)
(envelope-from jan@mydomain.com)
id 1mqFs1-002Fca-VS
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 11:37:06 -0300
Date: Thu, 25 Nov 2021 09:37:05 -0500
To: shiraz.shah@mydomain.com
From: Jan jan@mydomain.com
Reply-To: Jan frtzzzlias@gmail.com
Subject: Dringende Anfrage_
Message-ID: afdb99305c0637e17f7dcae5711856c3@cmdesignsolutions.ca
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=“iso-8859-1”
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - br1016.hostgator.com.br
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.com
X-BWhitelist: no
X-Source-IP: 66.113.226.191
X-Source-L: No
X-Exim-ID: 1mqFs1-002Fca-VS
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (cmdesignsolutions.ca) [66.113.226.191]:51490
X-Source-Auth: smtpfox-maljf@centraldesigner.com.br
X-Email-Count: 87
X-Source-Cap: Y2VudHIzMzk7Y2VudHIzMzk7YnIxMDE2Lmhvc3RnYXRvci5jb20uYnI=
X-Local-Domain: no
X-Rspamd-Server: nethserver.mydomain.com
X-Rspamd-Queue-Id: 68798CCCF56F
X-Spamd-Result: default: False [0.00 / 20.00];
ASN(0.00)[asn:46606, ipnet:192.185.128.0/18, country:US];
FROM_SUBDOMAINS_WHITELIST(0.00)[mydomian.com]
X-Rspamd-Pre-Result: action=no action;
module=multimap;
Matched map: FROM_SUBDOMAINS_WHITELIST

Hallo,

Haben Sie eine Minute? Ich brauche Sie, um eine Aufgabe

f�r mich diskret abzuschlie�en.

P.S: Ich bin jetzt in einer Besprechung und kann nicht

sprechen, also antworte einfach.

Danke


Any way to stop stupid spoofed SPAM emails?.

Kind Regards,
Hafiz

Hi

You can use your firewall to block that whole subnet from accessing smtp on your server…

Or are you expecting russian, brasilian or other “funny” mail? :slight_smile:

Are you sure that your mail server isn’t acting as a open relay just to be sure go to mxtoolbox.com do a “test email server” test

An experience. With some hints, considerations, side info.

1 Like

Hi @Shane_Treweek,

thank you for your message, I just find out that the “allow relay from trusted Network” was check marked. now I unchecked it.

1 Like

Hopefully should solve the issue

I hope so as well.

IMHO you should also check mark Enforce sender/login match and unchek Enable authentication on port 25. MUA should use only submission port (587)

Hi,

I have another question, in the email filter tab do I need to whitelist my domain?
Allow from ==> mydomain.com.

Kind Regards,
Adnan

No I don’t believe so I know (at least on my nethserver) I don’t have mine whitelisted I’m fairly certain (and I may be completely wrong on this) if the nethserver your using as your mail server is the default mail server it treats itself as trusted unless you’ve blocked it in firewall by which case you wouldn’t be getting any messages let alone spam also if you mean by the first option on the above screenshot thats for allowing mail sent via ip not fqdn so lets say you had a static ip of 10.10.10.10 which pointed to server.mydomain.com and you had say server2.mydomain.com as a mailserver but wanted the mail server to be 10.10.10.10 rather than server2.mydomain.com

Okay Good to know, now I removed my own domain from whilisting. I am quite sure it will solve the SPAM emails problem.

BTW again thank you for your quick response.

Kind Regards,
Adnan

1 Like

No problem happy to help

1 Like

Please, as a rule of thumb. Be confident, but check. A lot. Consider to install, if not already there, Fail2Ban.

And if the SPAM flow is arrested, go hunt the “bad spammer boy” into your network.

2 Likes