Back to Community Threads
6
spam from the own user
Problem reported by Victor Braun Rodrigues - 11/9/2017 at 4:42 AM
Resolved
SM 15.7.6474 
 
Since we migrated from version 14 to 15 we started receiving spam supposedly sent by the email account itself, how to solve it?

12 Replies

Reply to Thread
0
Linda Pagillo Replied
11/9/2017 at 6:50 AM
Hi Victor. Can you post a header from one of those spam messages please?
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
3
ScottF Replied
11/9/2017 at 7:18 AM
0
Victor Braun Rodrigues Replied
11/9/2017 at 9:31 AM
tks Linda, here one header

From - Tue Nov 7 07:37:04 2017
X-Account-Key: account3
X-UIDL: sm_00070124_a706495fb71b4f469b52e4033eb58327
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <www-data@cloud1998705.nitrado.cloud>
Received: from antispam-d.eveo.com.br (antispam-d.eveo.com.br [187.108.193.143]) by mail3.gosites.com.br with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Tue, 7 Nov 2017 02:36:46 -0200
Received: from cloud1998705.nitrado.cloud ([5.83.162.197])
by antispam-d.eveo.com.br with esmtp (Exim 4.89)
(envelope-from <www-data@cloud1998705.nitrado.cloud>)
id 1eBvMa-0005MO-4J
for gosites@gosites.com.br; Tue, 07 Nov 2017 02:19:54 -0200
Received: by cloud1998705.nitrado.cloud (Postfix, from userid 33)
id 6DB577EFEA; Tue, 7 Nov 2017 05:19:05 +0100 (CET)
To: gosites@gosites.com.br
Subject: {RHHJMT} Como foi pedido Curriculum Vitae-Camila Mendes - [ 411919303 ]
X-PHP-Originating-Script: 0:s.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: <gosites@gosites.com.br
>
Message-Id: <20171107041905.6DB577EFEA@cloud1998705.nitrado.cloud>
Date: Tue, 7 Nov 2017 05:19:05 +0100 (CET)
X-Sender-Warning: cloud1998705.nitrado.cloud has no MX records
Authentication-Results: antispam-d.eveo.com.br; dmarc=none header.from=gosites.com.br
X-SpamExperts-Class: unsure
X-SpamExperts-Evidence: Combined (0.58)
X-Recommended-Action: accept
X-Filter-ID: PqwsvolAWURa0gwxuN3S5YEa3T7JuZT23fGO2rGt3ZggOFHBxYsDMIdVAkwBrLMa0u8G98/UgOFR
rRXtKAAmOSJ4FxkoV9MEM2g1d+E/OYDTPpuFqUUQz+mM8JAD4ECWUW0HjGdoUeVnjb/QwXeAGXTk
VQ4HyjjJ0PiMsggSFFCaCRPDiKO7Iku/PLIDcoVx9ZwDW1XYb6wnQu7xWCFgM1rl5JatvxMn9Fbi
0P6ZQI4jAh+TpYcw1ozo6U81iWF3D5d5g1gU7a6hXFAJQs+si3LYM3A6BXfvel8OEFDbU519+JEt
UaspVYdavoLhRnrLNp+sq3L0D78C/jelX5CBusJOm0DhhbaCw0fn+Saj9BPky3SXBOu5ZIOIeNH0
wYEpA56wnx1wZKdVO3wfZtaeXxZGXvTVoq99hK1XsFHTYeb82Rj9tkECNMhjiNEILs6iGo10yHrl
YhCkOtJvv/jjo/oBUi9j4guwjtuvWRr9lUzgU9jtghNmkxc/ANj0evA6UsJCpbUCs6Vs/BaTVz+4
zX06Qg/qdfxQqT8m5XqHIheImFLsMxJbtSiwzD5LElsnYYAd+3EkXV/kvHkhjFb7jj52+6yNFX3q
g/VyYVvTk4dZlfiPJk7i7nqoINZh34VguV6ROn4opq8DnRCgSmq69GXJweRuMt7Xy8Qaz/C/mBL1
XcjznCcGX/phhCbs0USPSQrikj8BuJwovGfCqVd0VGSKOBkwW+D7ei8Z/QFY6gUXDNo97AtYGN00
/fKrrCQbPz0RB263/Ch/r7Jn1zE+Hh8eOqOfO5GqjB+trjwP8z2zRv6WnaEQOXYzjm7lPcBlVb4L
pkOIraEYDeQ0xB0Y6YAJ3dHgaRQYTiRGk4UIccY=
X-Report-Abuse-To: spam@antispam-b.eveo.com.br
X-SmarterMail-Spam: Commtouch 30 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_None, DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020201.5A012CCF.00AE,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - System)
0
Linda Pagillo Replied
11/9/2017 at 11:42 AM
Thanks Victor. Question... Why do you have gosites@gosites.com.br as a trusted sender at the system level when that address lives on your server?
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
0
Victor Braun Rodrigues Replied
11/9/2017 at 12:03 PM
good question Linda, we have ... i remove it now and see
1
kevind Replied
11/9/2017 at 2:10 PM
Unfortunately, removing Trusted Senders doesn't help much. Our users still receive spam sent by their own email address. But now it might get scored by a RBL, Commtouch, etc.
0
Linda Pagillo Replied
11/9/2017 at 2:32 PM
If it gets scored you can filter it out as spam.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
0
Employee Replied
11/9/2017 at 2:47 PM
Employee Post
Hello Victor. This message would have been identified as spam, however the sending domain is listed as a system-wide trusted sender, so any spam results are ignored. See the very last line of this header.
0
Victor Braun Rodrigues Replied
11/9/2017 at 4:58 PM
I think this should not occur since the sender is not who's in the from effectively ... but apparently it worked, I'm still monitoring

thanks for all
0
Employee Replied
8/13/2018 at 10:42 AM
Employee Post
Hello Victor,
 
This is, unfortunately, a known issue in SmarterMail 15.x. However, it has been resolved in SmarterMail 16.3.6543: 
 
Changed: SMTP and Delivery processes now utilize the From address in email headers if it is provided; provides better spoofing protection.
1
kevind Replied
8/14/2018 at 10:07 AM
FWIW, I would vote to see this fixed in v15.
0
Employee Replied
8/14/2018 at 4:07 PM
Employee Post
Kevin, I reached out to the development team with this request, and I'm afraid we aren't able to implement this change in SmarterMail 15.x. Unfortunately, the foundation of the product doesn't support this change in version 15.x or earlier.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting