Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPAM from Hosted Domain (Receive SPAM from: addresses hosted on Kerio Server)
  •  
wolfy

Messages: 4

Karma: 0
Send a private message to this user
SPAM is being received at the Kerio Mailserver hosting the domain WOLF.COM.AU
The mail appears (From: field) to be coming from users from the domain but sourced from external servers. The Return-Path: field is an external non hosted domain.
I believe I have SPF and CALER-ID configured appropriately.

My Question is: Can I filter these email based on the From Field if they come from a server not known to host the domain?

DNS Records for Domain:
wolf.com.au. 3600 IN SOA ns1.planetdomain.com. abuse.planetdomain.com. (
2012052601 ; Serial
14400 ; Refresh
7200 ; Retry
3600000 ; Expire
172800 ) ; Minimum
home 3600 IN A 58.96.40.70
wolf.com.au. 3600 IN A 203.191.38.41
mail 3600 IN A 203.191.38.40
www 3600 IN CNAME wolf.com.au.
wolf.com.au. 300 IN MX 2 mail.wolfenden.net.
wolf.com.au. 3600 IN NS ns1.planetdomain.com.
wolf.com.au. 3600 IN NS ns2.planetdomain.com.
wolf.com.au. 3600 IN TXT v=spf1 mx include:spf.mailengine1.com ip4:203.191.38.40 -all
_ep 360 IN TXT spf.mailengine1.com 203.191.38.40
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Update: your Caller-ID seems OK. This forum just stripped essential tags.

Also you must set SPF and Caller-ID to block the message, not just to increase score. That should prevent those faked emails from being delivered.

[Updated on: Tue, 23 April 2013 09:00]


Petr Dobry
Product Development Manager | Kerio
  •  
wolfy

Messages: 4

Karma: 0
Send a private message to this user
OK WIll try BLOCKING. Of note is that I use STREAMSEND for mass mailing and some users on the domain will recieve email from streamsend servers identified as being from local domain. I can work around it by using a specific domain as sender but I would prefer caller ID to allow their server also. I can't tell if the caller ID record is correct for that. Kerio caller id check does not specify that the server is allowed? Any suggestions.
  •  
wolfy

Messages: 4

Karma: 0
Send a private message to this user
Kerio Server is still receiving email proported to be from domain users from external servers.
Including example email and headers:

Return-Path: <wincet6<_at_>google.com>
X-Spam-Status: No, hits=4.7 required=5.0
tests=BAYES_50: 1.567,HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,
T_URIBL_SEM_FRESH: 0.01,T_URIBL_SEM_FRESH_10: 0.01,T_URIBL_SEM_FRESH_15: 0.01,
URIBL_RHS_DOB: 1.514,URIBL_WS_SURBL: 1.608,TOTAL_SCORE: 4.721,autolearn=no
X-Spam-Level: ****
Received: from [190.237.184.205] ([190.237.184.205])
by wolfenden.net
for valhelendd<_at_>wolf.com.au;
Wed, 24 Apr 2013 14:00:15 +1000
Received: from [119.121.102.169] (account northwardpoe7<_at_>google.com HELO msoirfnre.snjdhfvruh.va)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 579055531 for valhelendd<_at_>wolf.com.au; Tue, 23 Apr 2013 23:00:14 -0500
Date: Tue, 23 Apr 2013 23:00:14 -0500
From: <valhelendd<_at_>wolf.com.au>
X-Mailer: The Bat! (v3.80.03) Educational
X-Priority: 3 (Normal)
Message-ID: <3053282700.QPCTTZ5V756338<_at_>ybtxvcgs.lubwbx.ru>
To: <valhelendd<_at_>wolf.com.au>
Subject: What the banks really get from you - learn their darkest secrets.
MIME-Version: 1.0
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<META content="text/html; charset=unicode" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18939">
<HEAD><TITLE></TITLE>
</HEAD>
<BODY>

.....

</BODY></HTML>

[Updated on: Wed, 24 April 2013 10:02]

Previous Topic: Massive entrys in error log: ASyncKeyDatabase.cpp: ActiveSyncKeyDatabase::StoreFolderInfo: FolderNam
Next Topic: Search freezes and jumps back to top
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 09:09:44 CEST 2017

Total time taken to generate the page: 0.00405 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.