Spam Issues

paa-marios
Posts: 1
Joined: Wed Mar 30, 2016 2:54 am

Spam Issues

Postby paa-marios » Wed Mar 30, 2016 4:15 am

For the last 1 week we have been hit by spammers 20 odd messages per user at a time, a few times a day (not all domains, not all users of the affected domains). We are running ME 9.00 for 6 months or so with no issues until this one.

I have followed topic: http://forum.mailenable.com/viewtopic.php?t=23929 and some of the steps found here: https://www.mailenable.com/kb/Content/Article.asp?ID=me020008&SS=

Our MTA Logs includes something similar:

03/29/16 01:00:27 [5D2BC2F975914A9DA047D32E7FE38FD4.MAI] from (SMTP) [SMTP:our user@our domain]->[SF:our domain/our user] Mapped Literal

Our SMTP Logs includes something similar:

03/29/16 01:00:25 SMTP-IN 5D2BC2F975914A9DA047D32E7FE38FD4.MAI 744 95.91.223.116 EHLO EHLO ip5f5bdf74.dynamic.kabel-deutschland.de 250-<xxxxxxxxxx>.com [95.91.223.116], this server offers 4 extensions 131 46
03/29/16 01:00:25 SMTP-IN 5D2BC2F975914A9DA047D32E7FE38FD4.MAI 744 95.91.223.116 MAIL MAIL FROM:<DaltonHubert86@kabel-deutschland.de> 250 Requested mail action okay, completed 43 49
03/29/16 01:00:25 SMTP-IN 5D2BC2F975914A9DA047D32E7FE38FD4.MAI 744 95.91.223.116 RCPT RCPT TO:<our user@our domain> 250 Requested mail action okay, completed 43 38
03/29/16 01:00:25 SMTP-IN 5D2BC2F975914A9DA047D32E7FE38FD4.MAI 744 95.91.223.116 DATA DATA 354 Start mail input; end with <CRLF>.<CRLF> 46 6
03/29/16 01:00:26 SMTP-IN 5ACD0F0CAC8842E280812F6FF4A5E93A.MAI 744 95.91.223.116 QUIT QUIT 221 Service closing transmission channel 42 6

I have checked (using mxtoolbox) and we are not open relay:

SMTP Banner Check Reverse DNS does not match SMTP Banner More Info
SMTP TLS Warning - Does not support TLS. More Info
SMTP Reverse DNS Mismatch OK - <ip> resolves to mail.<domain>
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP Connection Time 1.047 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
SMTP Transaction Time 4.094 seconds - Good on Transaction Time


Connecting to <our IP>

220 <server> ESMTP MailEnable Service, Version: 9.00-9.00- ready at 03/30/16 11:50:18 [797 ms]
EHLO PWS3.mxtoolbox.com
250-<server> [64.20.227.134], this server offers 4 extensions
250-AUTH LOGIN
250-SIZE 40960000
250-HELP
250 AUTH=LOGIN [828 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 Requested mail action okay, completed [828 ms]
RCPT TO:<test@example.com>
503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. [828 ms]

PWS3v2 5157ms

It is our thought that emails seem to be generated at the SMTP connector (as the "Remote Mail Server" incoming emails count is low but the count from the "SMTP Connector" to the "MTA" is high).

Any help would be welcomed at this stage.... :-(

MailEnable-Ian
Site Admin
Posts: 8665
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spam Issues

Postby MailEnable-Ian » Thu Mar 31, 2016 2:41 am

Hi,

Checking for open relay is only checking to see if your server is open to spammers so that they can relay outbound messages via your server. Not being open relay is good, but it will not prevent inbound spam to your users. To help stop inbound spam please review the following articles:

http://www.mailenable.com/kb/content/article.asp?ID=me020008
http://www.mailenable.com/kb/content/article.asp?ID=me020391
http://www.mailenable.com/kb/content/article.asp?ID=me020344
Regards,

Ian Margarone
MailEnable Support

Who is online

Users browsing this forum: No registered users and 7 guests