1 Topic by cre8r (edited by cre8r 2015-08-14 06:12:35)

  • cre8r
  • Member
  • Offline
  • Registered: 2014-03-25
  • Posts: 47

Topic: Help with from=<> spam

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.0
- Linux/BSD distribution name and version: Ubuntu 12.04.5 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====
Any ideas how I can block these spam emails arriving??
I am starting to get a lot of them, and am struggling to find a way....
Can't block "from=<>" as this is used for reporting emails etc...

Any ideas/help would be awesome....

Aug 14 09:51:04 mx postfix/smtpd[29409]: DD17E360064: client=localhost[127.0.0.1]
Aug 14 09:51:04 mx postfix/cleanup[5368]: DD17E360064: message-id=<SG2PR02MB07317397834836DD1C71571AB87D0@SG2PR02MB0731.apcprd02.prod.outlook.com>
Aug 14 09:51:04 mx postfix/qmgr[18964]: DD17E360064: from=<>, size=7727, nrcpt=1 (queue active)
Aug 14 09:51:04 mx amavis[25583]: (25583-14) Passed CLEAN, LOCAL [134.170.140.247] [100.64.103.235] <> -> <REDACTED>, Message-ID: <SG2PR02MB07317397834836DD1C71571AB87D0@SG2PR02MB0731.apcprd02.prod.outlook.com>, mail_id: AHrByM+Q9ql2, Hits: 5.343, size: 6943, queued_as: DD17E360064, 578 ms
Aug 14 09:51:04 mx postfix/smtp[5375]: C57FF360060: to=<REDACTED>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.2, delays=1.6/0/0/0.58, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DD17E360064)
Aug 14 09:51:04 mx postfix/pipe[5392]: DD17E360064: to=<REDACTED>, relay=dovecot, delay=0.04, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 14 09:51:04 mx postfix/qmgr[18964]: DD17E360064: removed

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by cre8r

  • cre8r
  • Member
  • Offline
  • Registered: 2014-03-25
  • Posts: 47

Re: Help with from=<> spam

Further logs.

Aug 14 09:20:49 mx postfix/smtpd[22502]: connect from mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]
Aug 14 09:20:50 mx cbpolicyd[31016]: module=Greylisting, action=defer, host=134.170.140.247, helo=APAC01-HK1-obe.outbound.protection.outlook.com, from=, to=REDACTED, reason=greylisted
Aug 14 09:20:50 mx postfix/smtpd[22502]: NOQUEUE: reject: RCPT from mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]: 451 4.7.1 <REDACTED>: Recipient address rejected: Greylisting in effect, please come back later; from=<> to=<REDACTED> proto=ESMTP helo=<APAC01-HK1-obe.outbound.protection.outlook.com>
Aug 14 09:20:50 mx postfix/smtpd[22502]: disconnect from mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]
Aug 14 09:51:01 mx postfix/smtpd[1370]: connect from mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]
Aug 14 09:51:02 mx cbpolicyd[338]: module=Greylisting, action=pass, host=134.170.140.247, helo=APAC01-HK1-obe.outbound.protection.outlook.com, from=, to=REDACTED, reason=authenticated
Aug 14 09:51:02 mx postfix/smtpd[1370]: C57FF360060: client=mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]
Aug 14 09:51:04 mx postfix/smtpd[1370]: disconnect from mail-hk1hn0247.outbound.protection.outlook.com[134.170.140.247]
Aug 14 09:51:04 mx amavis[25583]: (25583-14) Passed CLEAN, LOCAL [134.170.140.247] [100.64.103.235] <> -> <REDACTED>, Message-ID: <SG2PR02MB07317397834836DD1C71571AB87D0@SG2PR02MB0731.apcprd02.prod.outlook.com>, mail_id: AHrByM+Q9ql2, Hits: 5.343, size: 6943, queued_as: DD17E360064, 578 ms

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Help with from=<> spam

Upgrade iRedAPD to 1.6.0, then enable plugin `reject_null_sender` in /opt/iredapd/settings.py.
Reference:
http://www.iredmail.org/docs/upgrade.iredapd.html

4 Reply by cre8r

  • cre8r
  • Member
  • Offline
  • Registered: 2014-03-25
  • Posts: 47

Re: Help with from=<> spam

Thanks for your reply Zhang,

I was planing to upgrade (do-release-upgrade) this weekend so I have a newer PHP etc and then to upgrade to the latest iRedAPD , iRedMail, iRed-AdminPro.

I have a few concerns with doing a dist upgrade also as I need to migrate to nginx first also.

Are you available over the next 2 or 3 days for (paid) remote support if required?
Do you know of any issues arising when upgrading from ubuntu 12.04 to 14.04 lts?


Thanks again

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Help with from=<> spam

Migrating from iRedMail-0.9.0 (old server) to iRedMail-0.9.2 is easy. How about install the latest iRedMail release on new server, then migrate old server to new server? It's much easier than an Ubuntu dist-upgrade.

We offer paid migration support if you need:
http://www.iredmail.org/support.html#migration

6 Reply by cre8r

  • cre8r
  • Member
  • Offline
  • Registered: 2014-03-25
  • Posts: 47

Re: Help with from=<> spam

Thanks Zhang,
We are planning to move to a more robust setup in the near future (2VMs + MySQL Cluster + Shared Mailbox Storage + Keepalived failover) but need to keep this system running for a short while yet.

Went to upgrade the other night (iRedMail 0.9.0 > 0.9.1) and found I am missing php5-intl which is only available with PHP 5.4+ (I am running 5.3 currently) so couldn't start the first step until I upgrade PHP.
But, at the same time I need to migrate to nginx etc so figured it was easier to do it in one run (including OS).

Anyway will upgrade iRedAPD this evening as this is very straight forward and look at migrating soon.


Thanks

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Help with from=<> spam

cre8r wrote:

We are planning to move to a more robust setup in the near future (2VMs + MySQL Cluster + Shared Mailbox Storage + Keepalived failover) but need to keep this system running for a short while yet.

Would you mind sharing this deploy document?

8 Reply by cre8r

  • cre8r
  • Member
  • Offline
  • Registered: 2014-03-25
  • Posts: 47

Re: Help with from=<> spam

Of course smile
When we are closer to deployment I'll be sure to share.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Help with from=<> spam

That's great, appreciate and waiting for your sharing. smile