How to stop Getting SPAM mail from my own domain.

[sadiq007]

Hi, my zimbra support only authenticated local users to send mail to my local users and also external users(yahoo, hotmail etc).I mean username and password both must need to send mail from my local users to my localusers or exteranl user... but since last 3-4 days i am getting spam mail from somewhere...as a sender of my own localuser...so what is the wrong and how can i stop it...
bellow is sample spam mail that i am geeting...

Return-Path: nahuatl0@raytek.com
Received: from mail.mydomain.com (LHLO
mail.mydomain.com) (192.168.0.200) by
mail.mydomain.com with LMTP; Tue, 29 Jun 2010 13:05:21 +0530
(IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.mydomain.com (Postfix) with ESMTP id C400F1679BD3;
Tue, 29 Jun 2010 13:05:21 +0530 (IST)
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: NO
X-Spam-Score: 5.037
X-Spam-Level: *****
X-Spam-Status: No, score=5.037 tagged_above=-10 required=6.6 tests=[AWL=1.575,
BAYES_60=1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
RCVD_IN_PBL=0.905, RDNS_NONE=0.1] autolearn=no
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hLY6Vw55zqGO; Tue, 29 Jun 2010 13:05:20 +0530 (IST)
Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114])
by mail.mydomain.com (Postfix) with ESMTP id 2D5FD167801D;
Tue, 29 Jun 2010 13:05:19 +0530 (IST)
Received: from 109.201.74.114 (port=4853 helo=[blackedition])
by mail.global.frontbridge.com with asmtp
id 2378F6-0007D7-79
for maninagar@mydomain.com; Tue, 29 Jun 2010 11:33:32 +0300
Message-ID: <83DD52B1.2197739@raytek.com>
Date: Tue, 29 Jun 2010 11:33:32 +0300
From: "mydomain.com" <support@mydomain.com>
MIME-Version: 1.0
To: maninagar@mydomain.com
Subject: Please confirm your email to
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/html; charset=iso-8859-1
X-Spam: Not detected
X-Mras: OK



<html>
<head>
<title>mydomain.com letter</title>
</head>
REFERENCE: Your Email to . <br> <br>

You recently sent email to a mailbox that requires authentication of the sender to reduce spam. Before your message can be delivered you must confirm that you are the sender by clicking on the link below and then clicking on the "Deliver" button that will be displayed. Once you have completed this step, no further authorization will be required for future emails that you send to this address. <br> <br>

<a href="http://www.bims.web.tr/index2.html">Please confirm your email by visiting the URL</a> <br> <br>

Thank you for your cooperation in helping us to fight spam. <br> <br>

Regards,<br>
mydomain.com Account Services<br>
-------------------------<br>

</body>
</html>

[phoenix]

Search the forums for some details on anti-spam techniques (NDR, Backscatter, Sane Security etc., etc.) and read this article: Improving Anti-spam system - Zimbra :: Wiki

[sadiq007]

hi i just come to know that this mail is not generated from my mail-server but my mail-server just received it only. using site like ANONYMAILER | Email with no password any one can do such spaming. Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114]) is showing that mail come from that server not from my server.... so how can i stop by receiving mail whose sender and receiver are my local users and they are not generated from my mail-server ?

[phoenix]

Quote:

Originally Posted by sadiq007

hi i just come to know that this mail is not generated from my mail-server but my mail-server just received it only. using site like ANONYMAILER | Email with no password any one can do such spaming.

That's how spamming works.

Quote:

Originally Posted by sadiq007

Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114]) is showing that mail come from that server not from my server.... so how can i stop by receiving mail whose sender and receiver are my local users and they are not generated from my mail-server ?

You can follow the suggestions in my previous post.

[sadiq007]

hey Bill, dont be laughing dear, just tell me more in details

[phoenix]

Quote:

Originally Posted by sadiq007

hey Bill, dont be laughing dear, just tell me more in details

I'm not laughing and I've already told you what to do, read the article I've pointed you to and search the forums for the terms I've listed.

[Plurnay]

Quote:

Originally Posted by sadiq007

Hi, my zimbra support only authenticated local users to send mail to my local users and also external users(yahoo, hotmail etc).I mean username and password both must need to send mail from my local users to my localusers or exteranl user... but since last 3-4 days i am getting spam mail from somewhere...as a sender of my own localuser...so what is the wrong and how can i stop it...
bellow is sample spam mail that i am geeting...

Return-Path: nahuatl0@raytek.com
Received: from mail.mydomain.com (LHLO
mail.mydomain.com) (192.168.0.200) by
mail.mydomain.com with LMTP; Tue, 29 Jun 2010 13:05:21 +0530
(IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.mydomain.com (Postfix) with ESMTP id C400F1679BD3;
Tue, 29 Jun 2010 13:05:21 +0530 (IST)
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: NO
X-Spam-Score: 5.037
X-Spam-Level: *****
X-Spam-Status: No, score=5.037 tagged_above=-10 required=6.6 tests=[AWL=1.575,
BAYES_60=1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
RCVD_IN_PBL=0.905, RDNS_NONE=0.1] autolearn=no
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hLY6Vw55zqGO; Tue, 29 Jun 2010 13:05:20 +0530 (IST)
Received: from ppp-109.201.74.114.dobroe.ru (unknown [109.201.74.114])
by mail.mydomain.com (Postfix) with ESMTP id 2D5FD167801D;
Tue, 29 Jun 2010 13:05:19 +0530 (IST)
Received: from 109.201.74.114 (port=4853 helo=[blackedition])
by mail.global.frontbridge.com with asmtp
id 2378F6-0007D7-79
for maninagar@mydomain.com; Tue, 29 Jun 2010 11:33:32 +0300
Message-ID: <83DD52B1.2197739@raytek.com>
Date: Tue, 29 Jun 2010 11:33:32 +0300
From: "mydomain.com" <support@mydomain.com>
MIME-Version: 1.0
To: maninagar@mydomain.com
Subject: Please confirm your email to
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/html; charset=iso-8859-1
X-Spam: Not detected
X-Mras: OK

I had this problem like a month and a half ago and i had some help from this forum (thanks again guys) by adding a script that give a high score to the email that comes with different from/ return path...(witch is spam 99% of time) and a even higher score if it comes from and adresse with your domain

its work very good here is my tread

[SOLVED] We are geting spam for our distribution list