Debian stretch, ispcoinfig 3.1.15p3 I have received this email, its from <[email protected]> but states one of my customers company name.. it goes on to state some info from October 2018, what the odd thing is from the header.. it states a domain name but the IP for the domain is 127.0.0.1 then states 10.0.0.3 and next to it is unknown 125.165.240.211. how does the email come in and show in the header that localhost sent the email when clearly it came from external.. help and advice please on how to combat or just block it / them.. Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by mail.tlsystems.co.uk (Postfix) with ESMTP id 87E7517605FE for <[email protected]>; Tue, 29 Dec 2020 07:43:13 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at mail.example.tld Received: from mail.tlsystems.co.uk ([127.0.0.1]) by localhost (mail.tlsystems.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1OF_lf-NyCd for <[email protected]>; Tue, 29 Dec 2020 07:43:11 +0000 (GMT) X-Greylist: delayed 561 seconds by postgrey-1.36 at mail.tlsystems.co.uk; Tue, 29 Dec 2020 07:43:10 GMT Received: from mail.azizgroupbd.com (mail.azizgroupbd.com [182.163.126.123]) by mail.tlsystems.co.uk (Postfix) with ESMTPS id 1F25E17602B1 for <[email protected]>; Tue, 29 Dec 2020 07:43:10 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by mail.azizgroupbd.com (Postfix) with ESMTP id F1CD8322AFB for <[email protected]>; Tue, 29 Dec 2020 13:31:47 +0600 (+06) Received: from mail.azizgroupbd.com ([127.0.0.1]) by localhost (mail.azizgroupbd.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UC3qRaVwYxNd for <[email protected]>; Tue, 29 Dec 2020 13:31:47 +0600 (+06) Received: from localhost (localhost [127.0.0.1]) by mail.azizgroupbd.com (Postfix) with ESMTP id A1D3B322AF0 for <[email protected]>; Tue, 29 Dec 2020 13:31:47 +0600 (+06) X-Virus-Scanned: amavisd-new at azizgroupbd.com Received: from mail.azizgroupbd.com ([127.0.0.1]) by localhost (mail.azizgroupbd.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id fKHkq5yxaT_m; Tue, 29 Dec 2020 13:31:47 +0600 (+06) Received: from [10.0.0.3] (unknown [125.165.240.211]) by mail.azizgroupbd.com (Postfix) with ESMTPSA id BC857322AFB for <[email protected]>; Tue, 29 Dec 2020 13:31:43 +0600 (+06) Date: Tue, 29 Dec 2020 14:33:40 +0700 From: "customer name" <[email protected]> To: "dave" <[email protected]> Subject: .................................. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_007_14171_3822803888.95367842" Message-Id: <[email protected]> X-Evolution-Source: e07adfb9aa77fa1d2e20908de8e37362cddcdb3b
Where does it show this? Maybe you are confusing your localhost and the senders localhost? Post listings in CODE tags, easier to read that way.
You can write custom spam filters to try to catch those, but it'll probably never have perfect results (eg. a match for your company name without a matching company domain in the address). The headers look normal, the sending server was mail.azizgroupbd.com [182.163.126.123] and it was processed by your mail system, which adds additional Received headers as it passes through content filters (amavis), correctly using localhost connections. All Received headers prior to those added by your server can be faked, but I suspect they were not, the message simply passed through amavis on the sending side as well, prior to delivering to your server.
I was a bit concerned as it has in the body of the email, data relating back to 2018. Is there a way to increase the security or to encypt email outbound? or does this then lead to recipients not being able to read these emails? or is connecting via SSL/TLS the best current method.. thanks
Your concern is others viewing mail in transit? Tls will help with that, though the receiving end must support it as well (most servers do). You can encrypt at the endpoint (mail client), but of course the recipients must be setup as well, so only practical in limited situations, not general email to arbitrary recipients.
