|
Hello, #postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mydestination = mail.xxx.ro, ns2.yyy.ro, localhost myhostname = mail.xxx.ro mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname permit smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_sender_login_mismatch reject_invalid_hostname reject_unknown_sender_domain reject_unknown_recipient_domain reject_unverified_recipient reject_unlisted_recipient reject_invalid_helo_hostname check_sender_access hash:/etc/postfix/access_sender check_helo_access pcre:/etc/postfix/helo_checks reject_unknown_sender_domain reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/valias.txt virtual_gid_maps = static:1000 virtual_mailbox_base = /var/spool/vmail virtual_mailbox_domains = /etc/postfix/vhost.txt virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt virtual_uid_maps = static:1000 About the spam: - it comes from a specific sender to me (the anvolope), but the headers are always from ME to ME. -------- Original Message -------- Return-Path: <stronges...@google.com> X-Original-To: off...@mydomain.ro Delivered-To: off...@mydomain.ro Received: by mail.mydomain.ro (Postfix, from userid 1018) id A3E8C10BADF; Thu, 5 Sep 2013 17:10:06 +0300 (EEST) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on cma.cma.ro X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.8 required=5.0 tests=FILL_THIS_FORM, FILL_THIS_FORM_LONG,KB_DATE_CONTAINS_TAB,KB_FAKED_THE_BAT, RCVD_IN_BRBL_LASTEXT,RCVD_IN_XBL,RDNS_NONE,SPF_HELO_SOFTFAIL,TAB_IN_FROM, URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_PH_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.3.2 X-Spam-Report: * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist * [URIs: evropa-career.com] * 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [41.66.194.98 listed in zen.spamhaus.org] * 0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * 1.8 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: evropa-career.com] * 0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist * [URIs: evropa-career.com] * 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: evropa-career.com] * 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: evropa-career.com] * 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT * [41.66.194.98 listed in bb.barracudacentral.org] * 0.5 TAB_IN_FROM From starts with a tab * 3.8 KB_DATE_CONTAINS_TAB KB_DATE_CONTAINS_TAB * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS * 3.4 KB_FAKED_THE_BAT KB_FAKED_THE_BAT * 0.0 FILL_THIS_FORM Fill in a form with personal information * 3.5 FILL_THIS_FORM_LONG Fill in a form with personal information Received: from google.com (unknown [41.66.194.98]) by mail.mydomain.ro (Postfix) with ESMTP id ECD2310B6C4 for <off...@mydomain.ro>; Thu, 5 Sep 2013 17:10:00 +0300 (EEST) Received: from [221.194.175.146] (account goitr...@google.com HELO qhnmo.acswumaysrwvf.ua) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 126849276 for off...@mydomain.ro; Thu, 5 Sep 2013 14:09:51 +0000 Date: Thu, 5 Sep 2013 14:09:51 +0000 From: <off...@mydomain.ro> X-Mailer: The Bat! (v2.00.18) Business X-Priority: 3 (Normal) Message-ID: <0415780157.lbfig8j2962...@rdvbfyirmelwiu.xvyginqgbkhusl.ru> To: <off...@mydomain.ro> Subject: ***SPAM*** Job opportunity - hurry to apply! MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit X-Spam-Prev-Subject: Job opportunity - hurry to apply! and the same message from postfix logs: /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/pickup[17510]: A3E8C10BADF: uid=1018 from=<stronges...@google.com> /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/cleanup[17702]: A3E8C10BADF: message-id=<0415780157.lbfig8j2962...@rdvbfyirmelwiu.xvyginqgbkhusl.ru> /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/qmgr[19671]: A3E8C10BADF: from=<stronges...@google.com>, size=3912, nrcpt=1 (queue active) /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/virtual[17708]: A3E8C10BADF: to=<off...@mydomain.ro>, relay=virtual, delay=0.3, delays=0.17/0/0/0.12, dsn=2.0.0, status=sent (delivered to maildir) /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/qmgr[19671]: A3E8C10BADF: removed Thank you |
- spam - headers: from ME to ME, but different anvelop... wiseadmin
- Re: spam - headers: from ME to ME, but differen... Wietse Venema
- Re: spam - headers: from ME to ME, but differen... Wijatmoko U. Prayitno
- Re: spam - headers: from ME to ME, but diff... wiseadmin
- Re: spam - headers: from ME to ME, but diff... Wietse Venema
- Re: spam - headers: from ME to ME, but ... Wijatmoko U. Prayitno
- Re: spam - headers: from ME to ME, ... Tonu Samuel
- Re: spam - headers: from ME to ME, ... wiseadmin
- Re: spam - headers: from ME to ME, ... wiseadmin
- Re: spam - headers: from ME to ME, but ... Stan Hoeppner
