Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPA and Caller ID. (How to configure the SPA.)
  •  
armor

Messages: 3
Karma: 0
Send a private message to this user
Hello everybody,

I hope you will help me. I have a lot of email spam from my own domain example: evandro<_a.t_>armor.com.br to: evandro<_a.t_>armor.com.br.
Already activated SPA and Caller ID, but I believe it is something more technical. Does anyone have any material that may assist in the configuration.

I thank you,
Evandro Castro.
  •  
stewie

Messages: 106
Karma: 0
Send a private message to this user
Hi, Evandro.

It's hard to say what's going on with just the information you provided.

For problems like this I always start with the email headers. Since many parts of an email can be forged odds are that your domain is being forged & your mail server is not compromised. Trace the headers & you should be able to at least see where the messages are originating.

Good luck!
  •  
armor

Messages: 3
Karma: 0
Send a private message to this user
hello stewie,

E-mail is originating from an unknown ip as the email header. Below the header:



Return-Path: <informatica<_a.t_>armor.com.br>
X-Envelope-To: Informatica<_a.t_>armor.com.br, Odelia<_a.t_>armor.com.br, bkp<_a.t_>localhost
X-Spam-Status: No, hits=0.0 required=2.0
tests=AWL: -0.307,BAYES_99: 4.07,HTML_FONT_SIZE_HUGE: 0.057,
HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,RDNS_NONE: 0,
URIBL_AB_SURBL: 1.86,URIBL_BLACK: 1.955,URIBL_JP_SURBL: 1.501,
URIBL_WS_SURBL: 1.5,URI_HEX: 0.368,CUSTOM_RULE_FROM: ALLOW,
TOTAL_SCORE: 11.006,autolearn=no
X-Spam-Level:
Return-Path: <informatica<_a.t_>armor.com.br>
Received: from [208.84.242.126] by camenana.hst.terra.com.br (LMTP); Mon, 28 Sep 2009
19:55:16 +0000 (UTC)
X-Abaca-Spam: 312
X-Terra-Karma: -2%
X-Terra-Hash: 89908b06945eb84fc21619d3aa8fa482
Received-SPF: none (bopre.terra.com: 212.166.43.205 is neither permitted nor denied by
domain of armor.com.br) client-ip=212.166.43.205;
envelope-from=informatica<_a.t_>armor.com.br; helo=212-166-43-205.win.be;
Received: from 212-166-43-205.win.be (212-166-43-205.win.be [212.166.43.205])
by bopre.terra.com (Postfix) with ESMTP id B6B104000977F
for <informatica<_a.t_>armor.com.br>; Mon, 28 Sep 2009 19:55:15 +0000 (UTC)
From: "Teofila Guagliano" <informatica<_a.t_>armor.com.br>
To: informatica<_a.t_>armor.com.br
Subject: Find yourself n crowd
Message-ID: <0RH028S0AG463M467.FHYMWTEISI.B7CAC603CA09<_a.t_>dade0401>
Date: Mon, 28 Sep 2009 19:55:15 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Status: O
  •  
stewie

Messages: 106
Karma: 0
Send a private message to this user
Hey, armor. The headers helped. It shows it's not you or a problem with your server. It's just some spammer forging your domain name. It appears some jerk at 212.166.43.205 sent the email through the mail server at 208.84.242.126 which delivered it to you.

You can do a reverse IP lookup on these addresses to get more info (just google: reverse ip lookup).

So, bottom line, just a typical spammer forging parts of the email.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
The headers also show:

Quote:
CUSTOM_RULE_FROM: ALLOW


The spam score is 11. If you hadn't put in a custom rule that allows anything from armor.com.br the message would have been caught as spam. You don't need a rule to allow your own domain, just delete this rule and you are fine.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
stewie

Messages: 106
Karma: 0
Send a private message to this user
Great catch, freakinvibe! I was just looking at the delivery path from computer to computer. So, armor, give freakinvibe's advice a try as that will help to solve the problem. Good luck!
  •  
armor

Messages: 3
Karma: 0
Send a private message to this user
freakinvibe and stewie,
Tank you. I was able to block this type of message! With the tip of freakinvibe.
Appreciate the attention the topic.

Tanks!!! Very Happy
Previous Topic: Redundant Mailservers
Next Topic: 10.6 update broke my Address book sync
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 18:31:46 CET 2017

Total time taken to generate the page: 0.00457 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.