1 Topic by surixx (edited by surixx 2016-12-01 15:20:08)

  • surixx
  • surixx
  • Member
  • Offline
  • Registered: 2016-01-18
  • Posts: 25

Topic: Spam issue in Iredmail 0.9.5-1.

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 14.04 x64bit
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: Attached separately.
====

Hi all / Hi Zhang!

Above are my mail serves details and I'm getting a lot of spam for most of the old users. I host 2 domains and lot of spam is coming via Older domain name. Pls advice me on the same. Thanks for your patience and efforts in advance.

Post's attachments

tail var_log_mail.log 2.62 kb, 7 downloads since 2016-12-01 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Spam issue in Iredmail 0.9.5-1.

Cannot figure out with only one (or few) email log. Some simple questions first:

*) Do you have greylisting enabled?
*) and DNSBL?

3 Reply by surixx

  • surixx
  • surixx
  • Member
  • Offline
  • Registered: 2016-01-18
  • Posts: 25

Re: Spam issue in Iredmail 0.9.5-1.

hi Zhang! Thanks for reply.

1. Do you have greylisting enabled? - Yes! there is "greylisting'  in /opt/iredapd/settings.py file.

plugins = ['reject_null_sender', 'amavisd_wblist', 'greylisting', 'throttle', 'reject_sender_login_mismatch']

2.  and DNSBL? - pen Postfix config file /etc/postfix/main.cf append reject_rbl_client zen.spamhaus.org to parameter smtpd_recipient_restrictions.

I have done the above now only. I shall wait and see the results and shall update after required observation time.

Thanks a lot again Zhang!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Spam issue in Iredmail 0.9.5-1.

surixx wrote:

1. Do you have greylisting enabled? - Yes! there is "greylisting'  in /opt/iredapd/settings.py file.

Although you have plugin enabled, still need to check greylisting settings with commands below to make sure it's enabled for your domains:

cd /opt/iredapd/tools/
python greylisting_admin.py --list

5 Reply by surixx

  • surixx
  • surixx
  • Member
  • Offline
  • Registered: 2016-01-18
  • Posts: 25

Re: Spam issue in Iredmail 0.9.5-1.

ZhangHuangbin wrote:
surixx wrote:

1. Do you have greylisting enabled? - Yes! there is "greylisting'  in /opt/iredapd/settings.py file.

Although you have plugin enabled, still need to check greylisting settings with commands below to make sure it's enabled for your domains:

cd /opt/iredapd/tools/
python greylisting_admin.py --list

Hi Zhang!

Thanks for the Extra concern smile PFB the output:
________________________________________________________________________
saastha@(none):~$ sudo su
sudo: unable to resolve host (none)
root@(none):/home/saastha# cd /opt/iredapd/tools/
root@(none):/opt/iredapd/tools# python greylisting_admin.py --list
Status   Sender                             -> Local Account
------------------------------------------------------------------------------
enabled  @. (anyone)                        -> @. (anyone)
root@(none):/opt/iredapd/tools#
________________________________________________________________________

But still the issue persists. anything further...

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Spam issue in Iredmail 0.9.5-1.

I checked the attached file in your first post, found this:

USER_IN_WHITELIST=-100

Seems you whitelisted this sender (or sender domain). Please double check.

7 Reply by surixx

  • surixx
  • surixx
  • Member
  • Offline
  • Registered: 2016-01-18
  • Posts: 25

Re: Spam issue in Iredmail 0.9.5-1.

ZhangHuangbin wrote:

I checked the attached file in your first post, found this:

USER_IN_WHITELIST=-100

Seems you whitelisted this sender (or sender domain). Please double check.

__________________________________________

Thanks Zhang!

I have checked and i have cleared all the white list as of now. Let me observe and get back to you.

8 Reply by surixx

  • surixx
  • surixx
  • Member
  • Offline
  • Registered: 2016-01-18
  • Posts: 25

Re: Spam issue in Iredmail 0.9.5-1.

surixx wrote:
ZhangHuangbin wrote:

I checked the attached file in your first post, found this:

USER_IN_WHITELIST=-100

Seems you whitelisted this sender (or sender domain). Please double check.

__________________________________________

Thanks Zhang!

I have checked and i have cleared all the white list as of now. Let me observe and get back to you.


Even after clearing the white list we have too many junk mails zhang! Have observed for two days and still the issue persist.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Spam issue in Iredmail 0.9.5-1.

I understand you got many spams, the problem is: you need to find some "fingerprints" of these spams, then block them based on the fingerprints.

For example:

*) many spams are from IP a.b.c.d, then you need to check whether it's ok to block this IP directly.
*) many spams are sent from sender "<someone>@abc.com", then evaluate whether it's ok to block this domain entirely.

I cannot answer a question like "i got many spams, how to block them", i need fingerprints too.