I have a question, we are using NethServer as our primary mail server. Everything was working perfectly but from the past few days, I am receiving SPAM emails from my own domain.
Even though I already implemented SPF, DKIM, & DMARC for my domain. Is there any way to block such SPAM emails?
I am very thankful to you.
AFAIK, no. No mail server will block it’s own legit user from sending a mail to themself.
It “sees” that as internal.
After all, it could be you sending it from a mobile phone to your PC at the office…
Usually, they stop within 1-2 weeks…
My 2 cents
Thank you for your quick reply, when I inspect the header of the email it came from another server.
gateway32.websitewelcome.com ( gateway32.websitewelcome.com [126.96.36.199])
by nethserver.mydomain.com (Postfix) with ESMTPS id 68798CCCF56F
for email@example.com; Thu, 25 Nov 2021 15:37:20 +0100 (CET)
Received: from cm12.websitewelcome.com ( cm12.websitewelcome.com [188.8.131.52])
by gateway32.websitewelcome.com (Postfix) with ESMTP id 2A0BD3F1D80
for firstname.lastname@example.org; Thu, 25 Nov 2021 08:37:06 -0600 (CST)
Received: from br1016.hostgator.com.br ([184.108.40.206])
by cmsmtp with SMTP
id qFs2mvxW5zD3VqFs2msOM6; Thu, 25 Nov 2021 08:37:06 -0600
Received: from [220.127.116.11] (port=51490 helo=cmdesignsolutions.ca)
by br1016.hostgator.com.br with esmtpa (Exim 4.94.2)
for email@example.com; Thu, 25 Nov 2021 11:37:06 -0300
Date: Thu, 25 Nov 2021 09:37:05 -0500
From: Jan firstname.lastname@example.org
Reply-To: Jan email@example.com
Subject: Dringende Anfrage_
X-Mailer: PHPMailer ( phpmailer.sourceforge.net) [version ]
Content-Type: text/plain; charset=“iso-8859-1”
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - br1016.hostgator.com.br
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.com
X-Source-Sender: (cmdesignsolutions.ca) [18.104.22.168]:51490
X-Spamd-Result: default: False [0.00 / 20.00];
ASN(0.00)[asn:46606, ipnet:22.214.171.124/18, country:US];
X-Rspamd-Pre-Result: action=no action;
Matched map: FROM_SUBDOMAINS_WHITELIST
Haben Sie eine Minute? Ich brauche Sie, um eine Aufgabe
f�r mich diskret abzuschlie�en.
P.S: Ich bin jetzt in einer Besprechung und kann nicht
sprechen, also antworte einfach.
Any way to stop stupid spoofed SPAM emails?.
You can use your firewall to block that whole subnet from accessing smtp on your server…
Or are you expecting russian, brasilian or other “funny” mail?
Are you sure that your mail server isn’t acting as a open relay just to be sure go to
mxtoolbox.com do a “test email server” test
need your advise to stop SMTP relay in my production box.
Doubt it is open for SMTP relay.
Advise me the steps…
An experience. With some hints, considerations, side info.
thank you for your message, I just find out that the “allow relay from trusted Network” was check marked. now I unchecked it.
Hopefully should solve the issue
IMHO you should also check mark Enforce sender/login match and unchek Enable authentication on port 25. MUA should use only submission port (587)
I have another question, in the email filter tab do I need to whitelist my domain?
Allow from ==> mydomain.com.
No I don’t believe so I know (at least on my nethserver) I don’t have mine whitelisted I’m fairly certain (and I may be completely wrong on this) if the nethserver your using as your mail server is the default mail server it treats itself as trusted unless you’ve blocked it in firewall by which case you wouldn’t be getting any messages let alone spam also if you mean by the first option on the above screenshot thats for allowing mail sent via ip not fqdn so lets say you had a static ip of 10.10.10.10 which pointed to
server.mydomain.com and you had say server2.mydomain.com as a mailserver but wanted the mail server to be 10.10.10.10 rather than server2.mydomain.com
Okay Good to know, now I removed my own domain from whilisting. I am quite sure it will solve the SPAM emails problem.
BTW again thank you for your quick response.
Please, as a rule of thumb. Be confident, but
check. A lot. Consider to install, if not already there, Fail2Ban.
And if the SPAM flow is arrested, go hunt the “bad spammer boy” into your network.