Hello everyone. I am getting spam from my own e, (I've reviewed passwords, potential virus and everything is fine) I decided to check the server on which it is intalador ISPconfig which is currently supported by Debian 7 Wheezy. After reviewing the logs being mais I encuntro many suspected impersonation lines like this: Nov 1 09:33:39 lince postfix/smtpd[23620]: NOQUEUE: filter: RCPT from unknown[198.21.3.15]: <bounces+1678159-a73e-jroibas=pro****[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<bounces+1678159-a73e-jroibas=pro****[email protected]> to=<jroibas@pro****te.net> proto=ESMTP helo=<o1.smtp.wmrcurtisinc.com> as I can block this type of spam? Thank you very much for your help
Spammers often use the recipient address or recipient domain as sender address/domain, so this does not mean that the spam was sent trough your server, it is just received by your server like any other email. What you can do to make it easier for the spamfilter to detect such messages is that you add spf records for your domain in dns and add dkim records (see ispconfig dkim patch to add dkim support to ispconfig).
servers are currently deployed as both dkim SPF records in the DNS. current records are: -SPF: hostname: pro****te.net v ptr = mx -all spf1 -DKIM hostname: I default._domainkey.pro **** te.net. v = DKIM1; t = s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw2jW0hJ68DEz3JJl2hR5iTRkf9g3+f7Xp+t5BPY4l****IkEOtSvwsnrJRQxhAWsvz3aBFoZ99GlE2qgrqpFRM+n7t6wkEpMo+/esBViMfFc0cP/BncXqKTyTHFVpHDs21taPGggcxKB7Ydg5BlKilMzjuxZDfJL6Zvnq/pxZrwQtQIDAQAB that other measures could be taken to avoid such mails? filters headers? I am looking forward to your response. thank you
Now the messages are already marked as spam. As I can do so that messages marked as spam are automatically moved to the spam folder ??? thank you