Can ISPConfig send spam?

Discussion in 'General' started by telvenes, Oct 14, 2015.

  1. telvenes

    telvenes Member

    domain: existingdomain_com exist
    mail: /var/spool/postfix/deferred/5/5AC95DFFFD
    Code:
    *** ENVELOPE RECORDS 5AC95DFFFD ***
    message_size:            1837             716               2               0            1837
    message_arrival_time: Tue Oct 13 09:12:58 2015
    create_time: Tue Oct 13 09:12:58 2015
    named_attribute: log_ident=5AC95DFFFD
    named_attribute: rewrite_context=local
    sender: negative.seo.works@gmail_com
    named_attribute: encoding=7bit
    named_attribute: log_client_name=localhost
    named_attribute: log_client_address=127.0.0.1
    named_attribute: log_client_port=38467
    named_attribute: log_message_origin=localhost[127.0.0.1]
    named_attribute: log_helo_name=localhost
    named_attribute: log_protocol_name=ESMTP
    named_attribute: client_name=localhost
    named_attribute: reverse_client_name=localhost
    named_attribute: client_address=127.0.0.1
    named_attribute: client_port=38467
    named_attribute: helo_name=localhost
    named_attribute: protocol_name=ESMTP
    named_attribute: client_address_type=2
    named_attribute: dsn_orig_rcpt=rfc822;info@existingdomain_com
    original_recipient: info@existingdomain_com
    recipient: euh1967@gmail_com
    named_attribute: dsn_orig_rcpt=rfc822;info@existingdomain_com
    original_recipient: info@existingdomain_com
    done_recipient: festival@existingdomain_com
    *** MESSAGE CONTENTS 5AC95DFFFD ***
    Received: from localhost (localhost [127.0.0.1])
            by isp1.myserver (Postfix) with ESMTP id 5AC95DFFFD
            for <info@existingdomain_com>; Tue, 13 Oct 2015 09:12:58 +0200 (CEST)
    X-Virus-Scanned: Debian amavisd-new at isp1.myserver
    X-Spam-Flag: YES
    X-Spam-Score: 18.216
    X-Spam-Level: ******************
    X-Spam-Status: Yes, score=18.216 tagged_above=1 required=4.5
            tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001,
            FSL_HELO_FAKE=2.799, NML_ADSP_CUSTOM_MED=1.2,
            RCVD_IN_BL_SPAMCOP_NET=1.246, RCVD_IN_BRBL_LASTEXT=1.644,
            RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.284, RCVD_IN_XBL=0.724,
            RDNS_NONE=1.274, SPF_HELO_SOFTFAIL=0.896, SPF_SOFTFAIL=0.972,
            URIBL_BLACK=1.775, URIBL_DBL_SPAM=1.7]
            autolearn=spam autolearn_force=no
    Received: from isp1.myserver ([127.0.0.1])
            by localhost (isp1.myserver [127.0.0.1]) (amavisd-new, port 10024)
            with ESMTP id voDCxsNEXCYP for <info@existingdomain_com>;
            Tue, 13 Oct 2015 09:12:56 +0200 (CEST)
    Received: from gmail_com (unknown [61.104.155.170])
            by isp1.myserver (Postfix) with ESMTP id 4C782DFFFC
            for <info@existingdomain_com>; Tue, 13 Oct 2015 09:12:53 +0200 (CEST)
    Reply-To: negative.seo.works@gmail_com
    From: negative.seo.works@gmail_com
    To: info@existingdomain_com
    Subject: ***SPAM***Beat bad competition with negative SEO
    Date: 13 Oct 2015 10:12:29 +0300
    Message-ID: <20151013101228.B4F910848DD635C4@gmail_com>
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: quoted-printable
    
    Is your competition annoying you with bad SEO tactics?
    
    Fight back with negative SEO
    
    Negative SEO attack Services. Deindex bad competitors from=20
    Google. It works with any Website, video, blog, product or=20
    service.
    
    
    
    Unsubscribe option is available on the footer of our website
    
    *** HEADER EXTRACTED 5AC95DFFFD ***
    named_attribute: encoding=7bit
    *** MESSAGE FILE END 5AC95DFFFD ***
    
     
  2. telvenes

    telvenes Member

    Is my server sending spam? None of these emails or domains exist on this server.

    this is mail queue:
     
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Code:
    original_recipient: info@existingdomain_com
    recipient: euh1967@gmail_com
    looks like info@existingdomain_com forwards to euh1967@gmail_com? you forward enough spam to gmail and they'll temporarily reject like that.
     
    telvenes likes this.
  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Received: from gmail_com (unknown [61.104.155.170]) - this mail is not from your server
     
  5. telvenes

    telvenes Member

    Yes you are right. I shoud have check this. And this mail is

    SPAM score:
    X-Spam-Flag: YES
    X-Spam-Score: 18.216

    And in ispconfig spamfilter i have:
    spamtag lvl1:1
    spamtag lvl2:4.5
    spamkill:50
    SPAM dsn cutoff level:0
    SPAM quarantine cutoff level:0

    why is the email still forwarded if it is spam?
     
  6. telvenes

    telvenes Member

    Yes, i beleave it is because it is a forwarded email, and the senders domain is not on myserver
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The kill level that you have set is 50, the score of the mail is 18. 18 < 50, so the mail gets forwarded.
     
    telvenes likes this.
  8. telvenes

    telvenes Member

    Should i change kill lvl to 10? or is it to low?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Try 15 and if too much spam gets forwarded then lower it to 10.
     
    telvenes likes this.
  10. telvenes

    telvenes Member

    ok thank you.
     
  11. telvenes

    telvenes Member

    it worked for a while, now i get alot of spam again. how can i check if the filter is actialy working?
     
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Your mail.log will have logs from amavis, and you will have some message headers added indicating that as well.
     
  13. telvenes

    telvenes Member

    I will try to adjust te killscore to 10.
    last time i used ispconfig i had to install a second server with mailscanner/mailwatcher to get rid of the spam...
     
  14. telvenes

    telvenes Member

Share This Page