Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Unwanted Mails (Receving Unwanted mails from different domains in Our Mail Server)
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Continuously we are receiving unwanted mails in our companies mail server.
For Example:
"Let`s Get Ready To Rumble! It is Our New Potential Acquisitions
Pick.

Date: Monday, Mar 18
Company: County Line Energy
Tick: C_YLC
Last Trade: $.019
Target: 0.10

Don`t Miss this Pick! Another Big Day."


All the mails are coming from different domain in which many are of from registered domain like gmail, yahoo, rediff etc.
I tried to block this mails through Custom Rules but still not very much helpful for me.
The worst part of this kind of mails is that they don't have the unsubscribe option.
Can anyone suggest me "How to Block this Kind of Mails".

Regards
Ashish Chandrakar
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Are you sure those emails are sent from gmail and yahoo legitimately, not spoofed? If they are spoofed, turn on SPF. If not, I would try lowering your spam threshold.
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Thanks for your reply.

Only few mails are coming from gmail or yahoo and rest of the mails are from different domains or email ID's.
For Example:-
1) Julia Drake <ma221114<_at_>ias.edu>
2) Bryon Burch <bryonburch819<_at_>yahoo.co.uk>
3) Milton Bauer <lassesti74<_at_>livenirvana.com>


SPF is on.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Can you post the header of such a mail?

Also, indicate what Anti-Spam configuration you have setup.

Which Blacklists?
Spam repellent switched on?
What is the tag threshold, what it the block threshold?

Also, which version of Kerio Connect are you using? The latest version catches Penny Stock spam quite accurately.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Header of few unwanted mail...

1) From: Purchase-Vigara Today <psnwfgco<_at_>mej.co.uk>
To:
Date: 18.03.2013 10:31 AM
Subject: Levtira + Vigara Now - 0.76$

2)From: Julia Drake <ma221114<_at_>ias.edu>
To:
Date: 18.03.2013 09:19 AM
Subject: Our Newest Solvent Stocks is... INSIDE!


Spam repellent switched on

Tag threshold is 5 and Block is 9.5

Version is 8.0.0 build 639
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Please send the full headers, they should contain the Anti-Spam details, find example of a header below:

Return-Path: <iekosika<_at_>gmx.com>
X-Spam-Status: Yes, hits=5.1 required=5.0
	tests=BAYES_50: 1.567,DCC_CHECK: 1.1,HTML_FONT_LOW_CONTRAST: 0.001,
	HTML_MESSAGE: 0.001,SUSPICIOUS_RECIPS: 2.51,TOTAL_SCORE: 5.179,autolearn=no
X-Spam-Flag: YES
X-Spam-Level: *****
Received: from mout.gmx.net ([212.227.17.22])
	by mail.test.org
	for mail<_at_>test.org;
	Fri, 15 Mar 2013 14:39:05 +0100
Received: from mailout-eu.gmx.com ([10.1.101.210]) by mrigmx.server.lan
 (mrigmx001) with ESMTP (Nemesis) id 0Lhhfz-1V2jxR052X-00mpzX for
 <mail<_at_>test.org>; Fri, 15 Mar 2013 14:38:48 +0100
Received: (qmail 1012 invoked by uid 0); 15 Mar 2013 13:38:47 -0000
Received: from 130.0.59.190 by rms-eu007 with HTTP
Content-Type: multipart/alternative;
 boundary="========GMXBoundary286631363354726727073"
Date: Fri, 15 Mar 2013 14:38:45 +0100
From: "Don Frye" <iekosika<_at_>gmx.com>
Message-ID: <20130315133846.286630<_at_>gmx.com>
MIME-Version: 1.0
X-Original-Subject: Letter for you- SALE!! analogs of lux watches   of the site.  -enjoy!
Subject: **SPAM**  Letter for you- SALE!! analogs of lux watches   of the site.  -enjoy!
To: mail@wcoastspas.com,mail@wcqm.com,mail@wcsassociates.com,mail@wdbc.net,mail<_at_>test.org
X-Flags: 0001
X-Mailer: GMX.com Web Mailer
x-registered: 0
X-GMX-UID: MUExcZMOeSEqICI/sHwhFZx+IGRvb0Ap

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Header of mail....

Return-Path: <ma221114<_at_>ias.edu>
X-Envelope-To: yogita.shah@simplexengg.in, simplex<_at_>simplexengg.in
Received: from localhost ([127.0.0.1])
by mail.simplexengg.in (Kerio Connect 8.0.0)
for yogita.shah<_at_>simplexengg.in;
Mon, 18 Mar 2013 10:20:54 +0530
Received: from unknown (HELO ytg2) ([38.26.228.24])
by 93.85.139.14 with ESMTP; Mon, 18 Mar 2013 07:56:39 +0400
Message-ID: <000d01ce238c$39e585e0$261ae418@home39747ba8b5ytg2>
From: "Julia Drake" <ma221114<_at_>ias.edu>
To:
Subject: Our Newest Solvent Stocks is... INSIDE!
Date: Mon, 18 Mar 2013 07:49:09 +0400
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-2";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Our Best PICK EVER!!! Shares to Rapidly Cover!

Trading Date: Monday, Mar 18th
Company: County Line Energy Corp.
Ticker: CYL C
Last Trade: 0.019
Target Price: .25

This Stock makes a move to the moon with HUGE news! This Stock is Ready
to Bounce off Support Level!!!

[Updated on: Mon, 18 March 2013 11:13]

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Strange thing is that no Spamassassin lines are in the header, so it must have skipped Anti-Spam checks for this mail completely. This happens if the mails comes from inside your network.

The following part looks suspicious:

Received: from localhost ([127.0.0.1])
by mail.simplexengg.in (Kerio Connect 8.0.0)


Either you have configured some SMTP proxy on the Kerio Connect Server or you are spammed from inside your network. You should see more details in the mail log.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
My mail server is in-house and all the mails which I received or send its shows "Received: from localhost ([127.0.0.1])
by mail.simplexengg.in (Kerio Connect 8.0.0)"
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
But then there is a mis-configuration in your email flow.

Are you using any proxy between the Internet and the mail server? Your top most header should be something like

Received: from mail.sender.com ([official IP address of sender mail host])
by mail.simplexengg.in (Kerio Connect 8.0.0)


In your example the mail seems to come from inside. It could also be that your server is compromised. Difficult to say from here. Check the mail log to find out where incoming mail flows through.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Please suggest me how can I check mis-configuration in email flow and also I am not using any proxy services in between my mail server and Internet.
I have Kerio Connect between them.


  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Quote:
I have Kerio Connect between them.


What do you mean by that? Do you mean you have the Kerio Firewall (Kerio CONTROL) between the Internet and the Kerio Mail Server?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Ashish Chandrakar

Messages: 10
Karma: 0
Send a private message to this user
Yes...I have Kerio Control between Internet and the Mail Server.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
It is very difficult to help without detailed information about your setup. I guess you need to have a Kerio partner or Kerio support look over your config. Something seems to be wrong.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: [solved] Email adress: send copy to internal and external adress
Next Topic: Blocking emails with specific words
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 09:44:25 CET 2017

Total time taken to generate the page: 0.00660 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.