6
spam from the own user
Problem reported by Victor Braun Rodrigues - 11/9/2017 at 4:42 AM
Resolved
SM 15.7.6474 
 
Since we migrated from version 14 to 15 we started receiving spam supposedly sent by the email account itself, how to solve it?

12 Replies

Reply to Thread
0
Linda Pagillo Replied
Hi Victor. Can you post a header from one of those spam messages please?
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
3
ScottF Replied
0
Victor Braun Rodrigues Replied
tks Linda, here one header

From - Tue Nov 7 07:37:04 2017
X-Account-Key: account3
X-UIDL: sm_00070124_a706495fb71b4f469b52e4033eb58327
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <www-data@cloud1998705.nitrado.cloud>
Received: from antispam-d.eveo.com.br (antispam-d.eveo.com.br [187.108.193.143]) by mail3.gosites.com.br with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Tue, 7 Nov 2017 02:36:46 -0200
Received: from cloud1998705.nitrado.cloud ([5.83.162.197])
by antispam-d.eveo.com.br with esmtp (Exim 4.89)
(envelope-from <www-data@cloud1998705.nitrado.cloud>)
id 1eBvMa-0005MO-4J
for gosites@gosites.com.br; Tue, 07 Nov 2017 02:19:54 -0200
Received: by cloud1998705.nitrado.cloud (Postfix, from userid 33)
id 6DB577EFEA; Tue, 7 Nov 2017 05:19:05 +0100 (CET)
To: gosites@gosites.com.br
Subject: {RHHJMT} Como foi pedido Curriculum Vitae-Camila Mendes - [ 411919303 ]
X-PHP-Originating-Script: 0:s.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: <gosites@gosites.com.br
>
Message-Id: <20171107041905.6DB577EFEA@cloud1998705.nitrado.cloud>
Date: Tue, 7 Nov 2017 05:19:05 +0100 (CET)
X-Sender-Warning: cloud1998705.nitrado.cloud has no MX records
Authentication-Results: antispam-d.eveo.com.br; dmarc=none header.from=gosites.com.br
X-SpamExperts-Class: unsure
X-SpamExperts-Evidence: Combined (0.58)
X-Recommended-Action: accept
X-Filter-ID: PqwsvolAWURa0gwxuN3S5YEa3T7JuZT23fGO2rGt3ZggOFHBxYsDMIdVAkwBrLMa0u8G98/UgOFR
rRXtKAAmOSJ4FxkoV9MEM2g1d+E/OYDTPpuFqUUQz+mM8JAD4ECWUW0HjGdoUeVnjb/QwXeAGXTk
VQ4HyjjJ0PiMsggSFFCaCRPDiKO7Iku/PLIDcoVx9ZwDW1XYb6wnQu7xWCFgM1rl5JatvxMn9Fbi
0P6ZQI4jAh+TpYcw1ozo6U81iWF3D5d5g1gU7a6hXFAJQs+si3LYM3A6BXfvel8OEFDbU519+JEt
UaspVYdavoLhRnrLNp+sq3L0D78C/jelX5CBusJOm0DhhbaCw0fn+Saj9BPky3SXBOu5ZIOIeNH0
wYEpA56wnx1wZKdVO3wfZtaeXxZGXvTVoq99hK1XsFHTYeb82Rj9tkECNMhjiNEILs6iGo10yHrl
YhCkOtJvv/jjo/oBUi9j4guwjtuvWRr9lUzgU9jtghNmkxc/ANj0evA6UsJCpbUCs6Vs/BaTVz+4
zX06Qg/qdfxQqT8m5XqHIheImFLsMxJbtSiwzD5LElsnYYAd+3EkXV/kvHkhjFb7jj52+6yNFX3q
g/VyYVvTk4dZlfiPJk7i7nqoINZh34VguV6ROn4opq8DnRCgSmq69GXJweRuMt7Xy8Qaz/C/mBL1
XcjznCcGX/phhCbs0USPSQrikj8BuJwovGfCqVd0VGSKOBkwW+D7ei8Z/QFY6gUXDNo97AtYGN00
/fKrrCQbPz0RB263/Ch/r7Jn1zE+Hh8eOqOfO5GqjB+trjwP8z2zRv6WnaEQOXYzjm7lPcBlVb4L
pkOIraEYDeQ0xB0Y6YAJ3dHgaRQYTiRGk4UIccY=
X-Report-Abuse-To: spam@antispam-b.eveo.com.br
X-SmarterMail-Spam: Commtouch 30 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_None, DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020201.5A012CCF.00AE,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - System)
0
Linda Pagillo Replied
Thanks Victor. Question... Why do you have gosites@gosites.com.br as a trusted sender at the system level when that address lives on your server?
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
0
Victor Braun Rodrigues Replied
good question Linda, we have ... i remove it now and see
1
kevind Replied
Unfortunately, removing Trusted Senders doesn't help much. Our users still receive spam sent by their own email address. But now it might get scored by a RBL, Commtouch, etc.
0
Linda Pagillo Replied
If it gets scored you can filter it out as spam.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 Authorized Reseller of SmarterTools Products Authorized Reseller of Message Sniffer
0
Employee Replied
Employee Post
Hello Victor. This message would have been identified as spam, however the sending domain is listed as a system-wide trusted sender, so any spam results are ignored. See the very last line of this header.
0
Victor Braun Rodrigues Replied
I think this should not occur since the sender is not who's in the from effectively ... but apparently it worked, I'm still monitoring

thanks for all
0
Employee Replied
Employee Post
Hello Victor,
 
This is, unfortunately, a known issue in SmarterMail 15.x. However, it has been resolved in SmarterMail 16.3.6543: 
 
Changed: SMTP and Delivery processes now utilize the From address in email headers if it is provided; provides better spoofing protection.
1
kevind Replied
FWIW, I would vote to see this fixed in v15.
0
Employee Replied
Employee Post
Kevin, I reached out to the development team with this request, and I'm afraid we aren't able to implement this change in SmarterMail 15.x. Unfortunately, the foundation of the product doesn't support this change in version 15.x or earlier.

Reply to Thread