Hi,
I have a question, we are using NethServer as our primary mail server. Everything was working perfectly but from the past few days, I am receiving SPAM emails from my own domain.
Even though I already implemented SPF, DKIM, & DMARC for my domain. Is there any way to block such SPAM emails?
I am very thankful to you.
Kind Regards,
Adnan
Hi
AFAIK, no. No mail server will block it’s own legit user from sending a mail to themself.
It “sees” that as internal.
After all, it could be you sending it from a mobile phone to your PC at the office…
Usually, they stop within 1-2 weeks…
My 2 cents
Andy
Hi @Andy_Wismer,
Thank you for your quick reply, when I inspect the header of the email it came from another server.
Received: from gateway32.websitewelcome.com (gateway32.websitewelcome.com [192.185.145.102])
by nethserver.mydomain.com (Postfix) with ESMTPS id 68798CCCF56F
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 15:37:20 +0100 (CET)
Received: from cm12.websitewelcome.com (cm12.websitewelcome.com [100.42.49.8])
by gateway32.websitewelcome.com (Postfix) with ESMTP id 2A0BD3F1D80
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 08:37:06 -0600 (CST)
Received: from br1016.hostgator.com.br ([162.241.203.147])
by cmsmtp with SMTP
id qFs2mvxW5zD3VqFs2msOM6; Thu, 25 Nov 2021 08:37:06 -0600
X-Authority-Reason: nr=8
Received: from [66.113.226.191] (port=51490 helo=cmdesignsolutions.ca)
by br1016.hostgator.com.br with esmtpa (Exim 4.94.2)
(envelope-from jan@mydomain.com)
id 1mqFs1-002Fca-VS
for shiraz.shah@mydomain.com; Thu, 25 Nov 2021 11:37:06 -0300
Date: Thu, 25 Nov 2021 09:37:05 -0500
To: shiraz.shah@mydomain.com
From: Jan jan@mydomain.com
Reply-To: Jan frtzzzlias@gmail.com
Subject: Dringende Anfrage_
Message-ID: afdb99305c0637e17f7dcae5711856c3@cmdesignsolutions.ca
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=“iso-8859-1”
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - br1016.hostgator.com.br
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.com
X-BWhitelist: no
X-Source-IP: 66.113.226.191
X-Source-L: No
X-Exim-ID: 1mqFs1-002Fca-VS
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (cmdesignsolutions.ca) [66.113.226.191]:51490
X-Source-Auth: smtpfox-maljf@centraldesigner.com.br
X-Email-Count: 87
X-Source-Cap: Y2VudHIzMzk7Y2VudHIzMzk7YnIxMDE2Lmhvc3RnYXRvci5jb20uYnI=
X-Local-Domain: no
X-Rspamd-Server: nethserver.mydomain.com
X-Rspamd-Queue-Id: 68798CCCF56F
X-Spamd-Result: default: False [0.00 / 20.00];
ASN(0.00)[asn:46606, ipnet:192.185.128.0/18, country:US];
FROM_SUBDOMAINS_WHITELIST(0.00)[mydomian.com]
X-Rspamd-Pre-Result: action=no action;
module=multimap;
Matched map: FROM_SUBDOMAINS_WHITELIST
Hallo,
Haben Sie eine Minute? Ich brauche Sie, um eine Aufgabe
f�r mich diskret abzuschlie�en.
P.S: Ich bin jetzt in einer Besprechung und kann nicht
sprechen, also antworte einfach.
Danke
Any way to stop stupid spoofed SPAM emails?.
Kind Regards,
Hafiz
Hi
You can use your firewall to block that whole subnet from accessing smtp on your server…
Or are you expecting russian, brasilian or other “funny” mail? 
Are you sure that your mail server isn’t acting as a open relay just to be sure go to mxtoolbox.com do a “test email server” test
An experience. With some hints, considerations, side info.
Hi @Shane_Treweek,
thank you for your message, I just find out that the “allow relay from trusted Network” was check marked. now I unchecked it.
Hopefully should solve the issue
I hope so as well.
IMHO you should also check mark Enforce sender/login match and unchek Enable authentication on port 25. MUA should use only submission port (587)
Hi,
I have another question, in the email filter tab do I need to whitelist my domain?
Allow from ==> mydomain.com.
Kind Regards,
Adnan
No I don’t believe so I know (at least on my nethserver) I don’t have mine whitelisted I’m fairly certain (and I may be completely wrong on this) if the nethserver your using as your mail server is the default mail server it treats itself as trusted unless you’ve blocked it in firewall by which case you wouldn’t be getting any messages let alone spam also if you mean by the first option on the above screenshot thats for allowing mail sent via ip not fqdn so lets say you had a static ip of 10.10.10.10 which pointed to server.mydomain.com and you had say server2.mydomain.com as a mailserver but wanted the mail server to be 10.10.10.10 rather than server2.mydomain.com
Okay Good to know, now I removed my own domain from whilisting. I am quite sure it will solve the SPAM emails problem.
BTW again thank you for your quick response.
Kind Regards,
Adnan
No problem happy to help
Please, as a rule of thumb. Be confident, but check. A lot. Consider to install, if not already there, Fail2Ban.
And if the SPAM flow is arrested, go hunt the “bad spammer boy” into your network.
I think there is a postfix setting in main.cf that you can set that will only accept emails that are valid.
I suggest you look at the postfix docs regarding main.cf and “mydestination” setting.
It almost seems like ghoulish gore here…
I’m just wondering why the localhost wasn’t trusted alone
Make sure your DKIM, SPF and Dmarc are all working correctly. This was happening to me, and even though I had all 3 of them set up, they wer not set up correctly.
Test your set up, by sending an email to check-auth@verifier.port25.com and you will get immediate diagnostics.
Hope that helps.
