Results 1 to 2 of 2

Thread: How to control spamming completely

  1. #1
    emcampos is offline Senior Member
    Join Date
    Jan 2009
    Location
    manila
    Posts
    59
    Rep Power
    6

    Default How to control spamming completely

    Fellows,



    I spammer was able to break through despite the SpamAssassin and AmavisD.

    Is there a way that i can do more to block those spammers that arent recognized yet by SpamAssassin or Amavis?

    An ISP network admin emailed us that our mail server is suspected to be the source of spam. See below;

    ================================================== ======

    From: "Mrs Linda Susan Spray" <mrs.lindaspray@sbcglobal.net>
    To: undisclosed-recipients:;
    CC:
    Subject: Stop sending money to them...!!
    Date: Wed, 3 Jun 2009 23:20:30 -0700
    Return-Path: <mrs.lindaspray@sbcglobal.net>
    Delivered-To: 1331:mail.com@mail.com
    X-Ob-Received: from unknown (192.168.10.30) by 66.11.168.192.in-addr.arpa; 3 Jun 2009 22:33:22 -0000
    Received: from as2-2.us4.outblaze.com (as2-2.us4.outblaze.com [127.0.0.1]) by as2-2.us4.outblaze.com (Postfix) with ESMTP id 116B1A50050 for <"1331:mail.com"@mail.com>; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
    X-Spam-Flag: YES
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on as2-2.us4.outblaze.com
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.0 required=6.0 tests=CMAE_1 shortcircuit=spam autolearn=disabled version=3.2.5
    X-Spam-Cmae-Analysis: v=1.0 c=0 p=sHHLg3IM2hoGtoGvVgAA:9 a=8pUiMh0fzckA:10 a=8da1oD9WnRMA:10 a=PHnGcDMDf2ZQNkg42j1XSA==:17 a=HZJGGiqLAAAA:8 a=CjxXgO3LAAAA:8 xcat=Undefined/Undefined
    Received: from as2-2.us4.outblaze.com (as2-2.us4.outblaze.com [127.0.0.1]) by as2-2.us4.outblaze.com (Postfix) with SMTP id 05F81A50051 for <"1331:mail.com"@mail.com>; Wed, 3 Jun 2009 22:33:23 +0000 (GMT)
    X-Ob-Received: from unknown (192.168.8.68) by as2-4.us4.outblaze.com; 3 Jun 2009 22:33:23 -0000
    Received: from mail.mydomain (mail.mydomain [200.138.139.11]) by spf8.us4.outblaze.com (Postfix) with ESMTP id 5DCCA88CB for <1331@mail.com>; Wed, 3 Jun 2009 22:33:20 +0000 (GMT)
    Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.mydomain (Postfix) with ESMTP id 59331226BA; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
    X-Virus-Scanned: amavisd-new at mail.mydomain
    Received: from mail.mydomain ([127.0.0.1]) by localhost (mail.mydomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BAcRTsIvxqIj; Wed, 3 Jun 2009 15:32:18 -0700 (PDT)
    Received: from User (unknown [82.128.47.12]) by mail.mydomain (Postfix) with ESMTP id 1B392226D3; Wed, 3 Jun 2009 15:31:03 -0700 (PDT)
    Reply-To: <briand113@att.net>
    Mime-Version: 1.0
    Content-Type: text/plain; charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    X-Msmail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
    Message-Id: <20090603223106.1B392226D3@mail.mydomain.net>

    ================================================== ======

    What can you say about the info i've quoted?

    I believe that the spammer (82.128.47.12) tried to use my Zimbra via relay MTA as its launching pad.

    Is there a way where I can block such access via the MTA filter (if such filter exists)..?

    What other solutions can you suggest?


    REFERENCE:


    The original source of spam mail is 82.128.47.12. This is in Nigeria.

    ------------------------------------------------------------------------
    Network Whois record
    Queried whois.afrinic.net with "82.128.47.12"...

    &#37; Note: this output has been filtered.

    % Information related to '82.128.32.0 - 82.128.63.255'

    inetnum: 82.128.32.0 - 82.128.63.255
    netname: INET-MLTL
    descr: CDMA 1x/EVDO Dial up pool
    country: NG
    admin-c: RIA27
    tech-c: RIA27
    status: ASSIGNED PA
    mnt-by: MLTL-INT-MNT
    mnt-lower: MLTL-INT-MNT
    source: AFRINIC # Filtered
    parent: 82.128.0.0 - 82.128.127.255

    person: IP Admin-RIPE
    address: Multilinks Telecommunications Limited
    address: 231 Adeola Odeku Str.
    address: Victoria Island, Lagos, Nigeria
    e-mail: ipadmin@multilinks.com
    remarks: complaints/spam report : abuse@multilinks.com
    phone: +2341774000
    nic-hdl: RIA27
    remarks: data has been transferred from RIPE Whois Database 20050221
    source: AFRINIC # Filtered

    --------------------------------------------------------------------------

    This is the content of the spam mail;

    Mrs. Linda Susan Spray - Contract Recovery from Nigeria - Anti-Fraud International

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Well that is a typical spam to be honest ... Check to ensure that the networks listed are only yours for the MTA
    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks
    You could also perform a remote test aswell Mail relay testing.

    With respect to reducing the amount of SPAM then I presume you have read Improving Anti-spam system - Zimbra :: Wiki ? You may also wish to search for the forums for SaneSecurity.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Detecting spammers spamming from zimbra accts
    By ronnyek in forum Administrators
    Replies: 2
    Last Post: 02-22-2008, 11:00 AM
  2. Multi user spam control
    By dlochart in forum Administrators
    Replies: 2
    Last Post: 12-13-2006, 11:13 AM
  3. One of my mailboxes has completely stalled!
    By adoroar in forum Developers
    Replies: 4
    Last Post: 12-08-2006, 09:48 AM
  4. Completely Idle server is maxed out!
    By geekgod in forum Developers
    Replies: 5
    Last Post: 10-04-2005, 04:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •