We are facing some difficulties receiving some spams all the time with some attachments
It seams like it was sent from our domain but it` not. In the header of the mail there other ip address:
Received-SPF: none (mail.bungalow.eu: muniupala.go.cr does not designate permitted sender hosts)
Received: from pymes.ice.cr ([201.191.203.156]) by mail.bungalow.eu with
MailEnable ESMTP; Wed, 13 Feb 2019 10:36:52 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=muniupala.go.cr; s=default; h=Content-Type:MIME-Version:Subject:Message-Id:
To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=rB3focs5mQX+RoMmmgI1tM5AA+1SNMMU1qQdOX1KDic=; b=HZjKV0c1TcSOl3fk7fCXLv0QOa
bHCGRaXcbwfJln3x2XVhISNKeE9chFPY99repNr6vwEgGOV2iOBxL3z74NVjo3rEgg7dxVxQvTA5F
Pr9YUv6SeMn8tCFD37JT1jk+iG5WIucEnfAR47OB8eLo/+tmHPrq2aFVfn+vaegQls1iuhZqqrVp+
cb+dE3WJW1rtVJcMB01+WJv+lUwtaaa6Y373YRU8NHs3CQaxN/Uj1VoWObCKLIHVVMuI+Ps56TsAU
UsyPwjLSZLk3W1IREQzZ2hH3hXj9p4fJQPncuoyUPWKi89nZIF/Mi5bPAHkd8HKeKzQ6zTddmJmZG
lNPBcUcw==;
Received: from [189.173.175.231] (port=63800 helo=[192.11.22.53])
by pymes.ice.cr with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91)
(envelope-from <ecarvajal@muniupala.go.cr>)
id 1gtqy6-0003Ao-OO
for f.mihalache@bungalow.eu; Wed, 13 Feb 2019 03:36:39 -0600
Date: Wed, 13 Feb 2019 02:36:33 -0700
From: Human Resources <hr@bungalow.eu> <ecarvajal@muniupala.go.cr>
To: f.mihalache@bungalow.eu
Message-Id: <E7iYsESM3a73duLj2OPlWCoVx9tcciOBSEIltoH8WQ3aEuQ91bu@bungalow.eu>
Subject: INVOICE from Human Resources
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_33615_1953309928.36959714893120125617"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - pymes.ice.cr
X-AntiAbuse: Original Domain - bungalow.eu
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - muniupala.go.cr
X-Get-Message-Sender-Via: pymes.ice.cr: authenticated_id: ecarvajal@muniupala.go.cr
X-Authenticated-Sender: pymes.ice.cr: ecarvajal@muniupala.go.cr
X-Envelope-Sender: ecarvajal@muniupala.go.cr
X-ME-Bayesian: 0.000000
Return-Path: <ecarvajal@muniupala.go.cr>
Can somebody give some advise how can avoid such an email like these.
Thank you.
Spam problem
-
Brett Rowbotham
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: Spam problem
Your DNS entry has a SPF record but you don't seem to be checking. SPF would fail that email that is supposedly coming from you as the email server it came from would not be authorised to send for your domain.
Check SMTP Properties under Sender Policy Framework to enable, and then set a filter to quarantine emails that fail SPF checking.
Check SMTP Properties under Sender Policy Framework to enable, and then set a filter to quarantine emails that fail SPF checking.
Re: Spam problem
HI Brett Rowbotham
My Sender Policy Framework was already activated with the option:
"Reject emails from connection which fail Spf.+
"Dont check connection from local Ip addess"
Just created a global filter if the Spf test return result mathing "fail" = copy message to quarantine"
Hope I did well.
My Sender Policy Framework was already activated with the option:
"Reject emails from connection which fail Spf.+
"Dont check connection from local Ip addess"
Just created a global filter if the Spf test return result mathing "fail" = copy message to quarantine"
Hope I did well.
