spam from the own user
Problem reported by Victor Braun Rodrigues - November 9, 2017 at 4:42 AM
Known
SM 15.7.6474 
 
Since we migrated from version 14 to 15 we started receiving spam supposedly sent by the email account itself, how to solve it?

12 Replies

Reply to Thread
0
Linda Pagillo Replied
Hi Victor. Can you post a header from one of those spam messages please?
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer
3
Scott Forsythe Replied
0
tks Linda, here one header

From - Tue Nov 7 07:37:04 2017
X-Account-Key: account3
X-UIDL: sm_00070124_a706495fb71b4f469b52e4033eb58327
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <www-data@cloud1998705.nitrado.cloud>
Received: from antispam-d.eveo.com.br (antispam-d.eveo.com.br [187.108.193.143]) by mail3.gosites.com.br with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Tue, 7 Nov 2017 02:36:46 -0200
Received: from cloud1998705.nitrado.cloud ([5.83.162.197])
by antispam-d.eveo.com.br with esmtp (Exim 4.89)
(envelope-from <www-data@cloud1998705.nitrado.cloud>)
id 1eBvMa-0005MO-4J
for gosites@gosites.com.br; Tue, 07 Nov 2017 02:19:54 -0200
Received: by cloud1998705.nitrado.cloud (Postfix, from userid 33)
id 6DB577EFEA; Tue, 7 Nov 2017 05:19:05 +0100 (CET)
To: gosites@gosites.com.br
Subject: {RHHJMT} Como foi pedido Curriculum Vitae-Camila Mendes - [ 411919303 ]
X-PHP-Originating-Script: 0:s.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: <gosites@gosites.com.br
>
Message-Id: <20171107041905.6DB577EFEA@cloud1998705.nitrado.cloud>
Date: Tue, 7 Nov 2017 05:19:05 +0100 (CET)
X-Sender-Warning: cloud1998705.nitrado.cloud has no MX records
Authentication-Results: antispam-d.eveo.com.br; dmarc=none header.from=gosites.com.br
X-SpamExperts-Class: unsure
X-SpamExperts-Evidence: Combined (0.58)
X-Recommended-Action: accept
X-Filter-ID: PqwsvolAWURa0gwxuN3S5YEa3T7JuZT23fGO2rGt3ZggOFHBxYsDMIdVAkwBrLMa0u8G98/UgOFR
rRXtKAAmOSJ4FxkoV9MEM2g1d+E/OYDTPpuFqUUQz+mM8JAD4ECWUW0HjGdoUeVnjb/QwXeAGXTk
VQ4HyjjJ0PiMsggSFFCaCRPDiKO7Iku/PLIDcoVx9ZwDW1XYb6wnQu7xWCFgM1rl5JatvxMn9Fbi
0P6ZQI4jAh+TpYcw1ozo6U81iWF3D5d5g1gU7a6hXFAJQs+si3LYM3A6BXfvel8OEFDbU519+JEt
UaspVYdavoLhRnrLNp+sq3L0D78C/jelX5CBusJOm0DhhbaCw0fn+Saj9BPky3SXBOu5ZIOIeNH0
wYEpA56wnx1wZKdVO3wfZtaeXxZGXvTVoq99hK1XsFHTYeb82Rj9tkECNMhjiNEILs6iGo10yHrl
YhCkOtJvv/jjo/oBUi9j4guwjtuvWRr9lUzgU9jtghNmkxc/ANj0evA6UsJCpbUCs6Vs/BaTVz+4
zX06Qg/qdfxQqT8m5XqHIheImFLsMxJbtSiwzD5LElsnYYAd+3EkXV/kvHkhjFb7jj52+6yNFX3q
g/VyYVvTk4dZlfiPJk7i7nqoINZh34VguV6ROn4opq8DnRCgSmq69GXJweRuMt7Xy8Qaz/C/mBL1
XcjznCcGX/phhCbs0USPSQrikj8BuJwovGfCqVd0VGSKOBkwW+D7ei8Z/QFY6gUXDNo97AtYGN00
/fKrrCQbPz0RB263/Ch/r7Jn1zE+Hh8eOqOfO5GqjB+trjwP8z2zRv6WnaEQOXYzjm7lPcBlVb4L
pkOIraEYDeQ0xB0Y6YAJ3dHgaRQYTiRGk4UIccY=
X-Report-Abuse-To: spam@antispam-b.eveo.com.br
X-SmarterMail-Spam: Commtouch 30 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_None, DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020201.5A012CCF.00AE,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - System)
0
Linda Pagillo Replied
Thanks Victor. Question... Why do you have gosites@gosites.com.br as a trusted sender at the system level when that address lives on your server?
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer
0
good question Linda, we have ... i remove it now and see
0
kevind Replied
Unfortunately, removing Trusted Senders doesn't help much. Our users still receive spam sent by their own email address. But now it might get scored by a RBL, Commtouch, etc.
0
Linda Pagillo Replied
If it gets scored you can filter it out as spam.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3606

Authorized Reseller of SmarterTools Products
Authorized Reseller of Message Sniffer
0
Rod Lasky Replied
Employee Post
Hello Victor. This message would have been identified as spam, however the sending domain is listed as a system-wide trusted sender, so any spam results are ignored. See the very last line of this header.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
I think this should not occur since the sender is not who's in the from effectively ... but apparently it worked, I'm still monitoring

thanks for all
0
Andrea Rogers Replied
Employee Post
Hello Victor,
 
This is, unfortunately, a known issue in SmarterMail 15.x. However, it has been resolved in SmarterMail 16.3.6543: 
 
Changed: SMTP and Delivery processes now utilize the From address in email headers if it is provided; provides better spoofing protection.

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

0
kevind Replied
FWIW, I would vote to see this fixed in v15.
0
Andrea Rogers Replied
Employee Post
Kevin, I reached out to the development team with this request, and I'm afraid we aren't able to implement this change in SmarterMail 15.x. Unfortunately, the foundation of the product doesn't support this change in version 15.x or earlier.

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

Reply to Thread