Hi guys, i am using ubuntu 20.04 and ISPConfig 3.2 I have the domain cl-soft.com setup in ISPConfig but without setting up an email account and i get spam emails from mail.cl-soft.com to my private email account. there is no mail account setup for mail.cl-soft.com How is it possible they can spam email from that account. Is there an option to avoid this? thanks for your kind help
Return-path: <[email protected]> Original-recipient: rfc822;[email protected] Received: from mr28p00im-smtpin032.me.com by p101-mailgateway-79dcdc9478-wpsn2 (mailgateway 2108B195) with SMTP id 47fa877d-002c-4741-a289-f6d7e6fe8f1c for <[email protected]>; Tue, 25 May 2021 01:33:45 GMT X-Apple-MoveToFolder: INBOX X-Apple-Action: MOVE_TO_FOLDER/INBOX X-Apple-UUID: 47fa877d-002c-4741-a289-f6d7e6fe8f1c Received: from server2.cl-i.net (server2.cl-i.net [167.86.74.26]) by mr28p00im-smtpin032.me.com (Postfix) with ESMTPS id 643FB2659D0 for <[email protected]>; Tue, 25 May 2021 01:33:41 +0000 (UTC) X-ICL-SCORE: 3.2220332300 X-ICL-INFO: GAtbVUseBFBHSVVESgMGUldZCh4MXUMRSFsIVVhDQ19XFwkZHRIWBxFERAAdUlsDBg0DBThTWk8G FgADVlNZD1dZABNFElUOWAoJEQweVQ0YW0YEEUALQERPUVlABhhVQVdUQVoQXgcZFltVC1VEFBAL VFkbXBsLWxcDA1oQRhYHREQEHUJABwdLSBQUHV9MGxwSVVhUUl9XDAgcFl9BDFdZCx4cDRRePgEv IDsDABUnEgVFL2BTBDE/PgJKRX00GkgvHh4DfywRARw8AmlHJhY5BRtVQ1kEAVcFGBUOFEIHGltV DF9bBhM5CxJWU1kPVw== Authentication-Results: dmarc.icloud.com; dmarc=none header.from=cl-soft.com x-dmarc-info: pass=none; dmarc-policy=(nopolicy); s=u0; d=u0 x-dmarc-policy: none Authentication-Results: dkim-verifier.icloud.com; dkim=none Authentication-Results: spf.icloud.com; spf=none (spf.icloud.com: [email protected] does not designate permitted sender hosts) [email protected] Received-SPF: none (spf.icloud.com: [email protected] does not designate permitted sender hosts) receiver=p00-spfmilter-7dd5d8fc4-v7n8z; client-ip=167.86.74.26; helo=server2.cl-i.net; [email protected] Received: from localhost (localhost [127.0.0.1]) by server2.cl-i.net (Postfix) with ESMTP id 0B2695C178A for <[email protected]>; Tue, 25 May 2021 03:33:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at server2.cl-i.net Received: from server2.cl-i.net ([127.0.0.1]) by localhost (server2.cl-i.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0E7WBDUiI0eA for <[email protected]>; Tue, 25 May 2021 03:33:39 +0200 (CEST) Received: by server2.cl-i.net (Postfix, from userid 5014) id D877C5C1799; Tue, 25 May 2021 03:33:38 +0200 (CEST) To: [email protected] Subject: New Message From cl-Soft Date: Tue, 25 May 2021 01:33:38 +0000 From: Eric Jones <[email protected]> Message-ID: <[email protected]> X-Mailer: PHPMailer 6.4.1 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-MANTSH: 1TEIXR1geHVoaGkNHB1tfQEQaEhoTGBsaGBEKTEMXGxoEGxsYBBIcBB8fEBseGh8 aEQpMWRcbHhoRCllEF25EbG9nT29kGUxMEQpZTRdkRURPEQpZSRcfcRsGGxp3BhkfBhoGGgYbG hoGGnEaEBp3BhoGGgYaBhoGGgYacRoQGncGGhEKWV4XY2N5EQpDThdnEx4TfUlzfnhbelIHfFh ST2FkZU1CR2llR0JpE30ZXxEKWFwXGQQaBB4eBx8TSBweGx4ZBRsdBBsbGgQdGgQbGRgQGx4aH xoRCl5ZF3IeTEN4EQpNXBcYGh8RCkxaF2htTWtrEQpNThdoaxEKQ1oXGxwdBBIcBB0eBBgcEQp CXhcbEQpCRRdie3pITh1YWxp4RBEKQk4XYRlNBRMFAX1jUlARCkJMF2hQZnJMbF1eaWNGEQpCb BdsUEhpGn5fb2weRhEKQkAXbFxta0sFRRhDXVsRCkJYF2JhBWJ/RkZlTHtGEQpCeBd6YltFaGZ ZfG19chEKTV4XBxsRClpYFxkRCnBoF2F7HFt4fH5JeB9GEAcbEhEKcGgXZWwSel0BUFJcfFkQB xsSEQpwaBdhU2FubX1AcnlkTRAHGx4RCnBoF2VDYkxpZnpMTX5FEAcbEhEKcGgXb1BvT0dYaW1 leFMQBxkaEQpwfRdmckleS3lSHkRDQRAHHAQYEQpwfRd6YF1fY3N5QWN4UhAHGRoRCnB/F2ZyS V5LeVIeRENBEAccBBgRCnB/F2JZYHp9fRJgUwUbEAccBBgRCnBfF21GEkZtZVpFeHBjEAccBBg RCnBsF2tkE2ceHmN7HmR9EAcbEhEKbX4XBxsRClhNF0sR X-CLX-Shades: None
Alright, so it seems like the website is sending as "webmaster@" posing as "mail@" from the server server2.cl-i.net to your mailaddress. There is no SPF policy to designate IP's allowed to send, so it is not blocked.
Hi there, thanks a lot for your answer. in ISPConfig there is no setup for any mail account for this domain. should i setup SPF on the server or is there another solution? thanks a lot for your help
Two options come to mind, either add that domain (cl-soft.com) in the postfix blacklist (type sender), or add cl-soft.com as a mail domain (you don't have to create any mailboxes) and ensure you have the 'reject sender login mismatch' setting enabled.
Hi thanks for your answer. there is no option for reject sender login mismatch when i create cl-soft.com as a mail domain Can you help me where to find this option? thanks a lot
HI guys, i still have the same problem with another domain on this server: Code: Return-path: <[email protected]> Original-recipient: rfc822;[email protected] Received: from st11p00im-smtpin006.me.com by p101-mailgateway-79cf87b6dc-jt7r6 (mailgateway 2108B198) with SMTP id 31a30a8c-0315-4196-80eb-92a0d5cdee55 for <[email protected]>; Mon, 14 Jun 2021 11:22:55 GMT X-Apple-MoveToFolder: INBOX X-Apple-Action: MOVE_TO_FOLDER/INBOX X-Apple-UUID: 31a30a8c-0315-4196-80eb-92a0d5cdee55 Received: from server2.cl-i.net (server2.cl-i.net [167.86.74.26]) by st11p00im-smtpin006.me.com (Postfix) with ESMTPS id 45046F45663 for <[email protected]>; Mon, 14 Jun 2021 11:22:51 +0000 (UTC) X-ICL-SCORE: 3.2220332300 X-ICL-INFO: GAtbVUseBFBHSVVESgMGUldZCh4MXUMRSFsIVVhDQ19XFwkZHRIWBxFERAAdUlsDBg0DBTgBG1Ad FhUDVlNZD1dZABNFEgdPRxEJBAweVQ0YW0YEEUALQERPUVlABhhVQVdUQVoQXgcZFltVC1VEFBAL VFkbXBsLWxcDA1oQRhYHREQEHUJABwdLSBQUHV9MGxwSVVhUUl9XDAgcFl9BDFdZCx4cDRReMiMg Tj9hA1MHSgwcL1NPIDktEBo7dkMbNhQVMjppX1FMMz8CIWAFNzQ5V1pKWFkRAVcFGBUOFEIHGltV DF9bBhM5CxJWU1kPVw== Authentication-Results: dmarc.icloud.com; dmarc=none header.from=1-2host.com x-dmarc-info: pass=none; dmarc-policy=(nopolicy); s=u0; d=u0 x-dmarc-policy: none Authentication-Results: dkim-verifier.icloud.com; dkim=none Authentication-Results: spf.icloud.com; spf=none (spf.icloud.com: [email protected] does not designate permitted sender hosts) [email protected] Received-SPF: none (spf.icloud.com: [email protected] does not designate permitted sender hosts) receiver=p00-spfmilter-6ff467cfbf-zccc5; client-ip=167.86.74.26; helo=server2.cl-i.net; [email protected] Received: from localhost (localhost [127.0.0.1]) by server2.cl-i.net (Postfix) with ESMTP id F3B3E5C1769 for <[email protected]>; Mon, 14 Jun 2021 13:22:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at server2.cl-i.net Received: from server2.cl-i.net ([127.0.0.1]) by localhost (server2.cl-i.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Pfat69wNFJ9B for <[email protected]>; Mon, 14 Jun 2021 13:22:48 +0200 (CEST) Received: by server2.cl-i.net (Postfix, from userid 5012) id B00745C1783; Mon, 14 Jun 2021 13:22:48 +0200 (CEST) To: [email protected] Subject: New Message From 1-2 host Date: Mon, 14 Jun 2021 11:22:48 +0000 From: AL SAEED CORPORATION LLC <[email protected]> Reply-To: "\"AL SAEED CORPORATION LLC\"" <[email protected]> Message-ID: <[email protected]> X-Mailer: PHPMailer 6.4.1 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-MANTSH: 1TEIXWV4bG1oaGkNHB0JTTFwYGxsfGhkaGxEKTEMXGxoEHRwEGxMTBBIQGx4aHxo RCkxZFxseEQpZRBdveHtJQVljbnIbZBEKWU0XZEVETxEKWUkXG3EbBhh3BhMfBhoGGgYHGx0GB xkacRoQG3cGGgYaBhoGBxkfBhoGGnEaEBp3BhoRClleF2NjeREKQ04XQ0EeeXNgfFtlEh9Ma0x MG0xBZFtlXx14Hh5fSF5fEm8RClhcFxkEGgQeHgcfE0gcHhseGQUbHQQbHRgEEhsEEhwQGx4aH xoRCl5ZF3IFZWlEEQpNXBcHGR4RCkxaF3hiXWtrEQpFWRdoa28RCkxfF3oFBQUFBQUFBQVOEQp MRhdja2sRCkNaFxscHQQSHAQdHgQYHBEKQl4XGxEKQkUXbhtZWxNpQEVYc2cRCkJOF2hJZFpLa 1gZGRkYEQpCTBdpY2gdZkkYW3lOWREKQmwXYWZif2dFRx55HWgRCkJAF21/WWtmYG9cbEh7EQp CWBdiYQVif0ZGZUx7RhEKQngXemJbRWhmWXxtfXIRCk1eFxsRCnBnF2ZEeBMdZlseeB5PEBsSE QpwaBdoeR5lZ0JYHF9iaxAZGhEKcGgXYBtyTwFQHWNdEkwQHhIRCnBoF2ZHRUt6fhJkXEhvEBk aEQpwZxdmEkREbWZjbhx/RxAbEhEKcGwXYB1gRFJjHkN7XU4QHhIRCm1+FxsRClhNF0sR X-CLX-Shades: None Wir sind AL SAEED CORPORATION LLC Wir vergeben Kredite an Privatpersonen/Firmen zu einem jährlichen Zinssatz von 2 %. Wir interessieren uns für die Finanzierung von Projekten mit großem Volumen. Die Rückzahlungsfrist beträgt 1 Jahr bis 30 Jahre. KONTAKTIERE UNS: E-Mail: [email protected] WhatsApp: +31687883894 Telefonnummer: 84293231629 i checked the box : reject sender and login mismatch I setup in email domains the domain 1-2host.com but still receiving spam from my domain, do you have any idea where else i can look for the problem? The domain name points at server2 but i did not setup mail.1-2host.com at the nameserver. can this be a problem maybe? thanks for your kind help
Sorry, bad previous answer on my part, reject_sender_login_mismatch only works with smtpd, your mail is locally submitted (which uses postdrop), so that doesn't help. It looks like you'd have to use local_login_sender_maps (and empty_address_local_login_sender_maps_lookup_key) to setup a similar restriction, which ISPConfig does not set up. I don't believe the postfix blacklist will work for postdrop, either. So other solutions ... there is a 'discard' transport which simply discards all mail, if you could get mail from your 1-2host.com domain to use that it'd suit your purposes. You could create an email account on the server for this purpose, eg. [email protected] (this is needed so mail to the address isn't rejected), then under Email Routing add a new transport with [email protected] as the Domain, type 'custom' and 'discard:' as the Destination. Now enable the (new) per-domain relay options (under Main Config > Mail, and enable in client template if needed/used), edit the 1-2host.com email domain and set Relayhost to [email protected]. This works because there's no verification that the 'Relayhost' is a valid hostname, but... it works for now, at least. Then see what happens. The above basically emulates the behavior of sender_dependent_default_transport_maps, which you could just use. Another option would be to switch from amavis to rspamd, and use the postfix blacklist (or maybe better (because a client can do it, not only the admin), use the 'Email blacklist' when logged in as the client, which is the same thing).
