Se hai ricevuto e-mail di spam provenienti dal tuo dominio ti spieghiamo come fare i necessari controlli.
Esempi di spam come di seguito:
Ecco l’intestazione completa:
Date: Mon, 29 Apr 2019 04:57:10 +0200 Abuse-Reports-To: abuse@streamteam.de Subject: kingkin Message-ID: <rn1b4dr2n7pvb28bhspaeizvyhk@w6nipklkwnrsspf9rcjzjdk31w1rp7j1v5i7wi72xxxxxxx>; Organization: Wmdqljwplgkmyxw To: kingkin@example.com List-Subscribe: <mailto:MEMBERS-subscribe-request@streamteam.de>; X-Complaints-To: <abuse@mailer.streamteam.de>; From: <kingkin@example.com>; Content-Type: multipart/related; boundary="iygwtagdm-C8A1B21FFDF" MIME-Version: 1.0 X-aid: 1887484633
Dall’intestazione, l’e-mail sembra provenire dal dominio tuttavia, effettuando il controllo del percorso di ritorno, l’e-mail proviene da un altro dominio
Return-Path: tftomsun@streamteam.de Received: from 172.xx.xx.xx(LHLO emailserver.example.com) (172.xx.xx.xx) by
Per bloccare questo spam, lo si deve bloccare dall’Antispam.
Apri /opt/zimbra/conf/salocal.cf.in. Aggiungi queste righe in fondo
score HEADER_FROM_DIFFERENT_DOMAINS 10.0 header __FROM_DOMAIN From =~ /\@example.com/i header __RETURN_PATH Return-Path =~ /\@example.com/i meta SPAM_DOMAIN !(__RETURN_PATH) && __FROM_DOMAIN describe SPAM_DOMAIN From and return-path did not match our domain score SPAM_DOMAIN 10.0
Nota: regola example.com con il tuo dominio.
Assicurati che il tuo servizio antispam sia stato abilitatozmprov ms `zmhostname` +zimbraServiceEnabled antispam
zmcontrol restart
Analisi
Scarica e- mail di esempio Apri un’e-mail di esempio e modifica il tuo dominiocurl -k https://raw.githubusercontent.com/imanudin11/lainlain/master/contoh.email > /tmp/contoh.email
Received: from server.example.com (unknown [172.173.174.175])
by mail.example.com (Postfix) with ESMTPSA id D256C3E4109
for <user2@example.com>;; Fri, 24 May 2019 13:31:28 +0700 (WIB)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Testing fake from
From: user2@example.com
To: user2@example.com
Message-Id: <20190524063128.D256C3E4109@mail.example.com>;
Date: Fri, 24 May 2019 13:31:28 +0700 (WIB)
Test improvement from and return-path did not match
Salvare e testare l’invio di e-mail. Apri zimbra.log e otterrai un registro come questo/opt/zimbra/common/sbin/sendmail -f user1@outsidedomain.com user2@example.com < /tmp/contoh.email
Apri zimbra.log e otterrai questo
May 24 13:48:47 mail amavis[28571]: (28571-03) Blocked SPAM {DiscardedInbound}, [127.0.0.1] [172.173.174.175] <user1@outsidedomain.com>; -> <user2@example.com>;, Message-ID: <20190524063128.D256C3E4108@mail.example.com>;, mail_id: 3ITthV1GrFsI, Hits: 19.379, size: 665, 10071 ms
May 24 13:48:47 mail postfix/smtp[2978]: 148DB3E4133: to=<user2@example.com>;, relay=127.0.0.1[127.0.0.1]:10024, delay=10, delays=0.01/0/0/10, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=28571-03 - spam)
Se si desidera eseguire nuovamente il test, aprire il file /tmp/contoh.email e modificare l’ID messaggio per evitare messaggi duplicati