1 Topic by vbconz

  • vbconz
  • Member
  • Offline
  • Registered: 2013-11-13
  • Posts: 24

Topic: Adding specific spam filters / Removing viruses

One of our clients is receiving backscatter spam. Someone in .LT is sending emails on pretending to be them  (e.g. helo=myclient.co.nz)  and using offoce@myclient.co.nz as the from / return email address. As a result my client is getting bombed with a lot of bounced back scatter.

To make matters worse the content contains Kryptik virus,

Our NOD32 antivirus on the PC is catching the virus and removing it but there are two things I want to do:
1 - Figure out why clam isn't catching the virus at the server
2 - Ban all emails coming in for office@myclient.co.nz where the header contains or content of the returned email contains:
Received: from client-87-247-113-185.inturbo.lt ([87.247.113.185]:11498 helo=myclientco.nz)

if there an easy way to do this server wide or do I have to set up filters per email address?

Cheers
shane

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Adding specific spam filters / Removing viruses

vbconz wrote:

1 - Figure out why clam isn't catching the virus at the server

Do you have freshclam service (or cron job) running to update clamav database regularly?

vbconz wrote:

2 - Ban all emails coming in for office@myclient.co.nz where the header contains or content of the returned email contains:
Received: from client-87-247-113-185.inturbo.lt ([87.247.113.185]:11498 helo=myclientco.nz)

Add a Postfix header_checks rule to block it.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Adding specific spam filters / Removing viruses

BTW, please always show us basic info of your iRedMail server, so that we can give you better answer quickly:

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====