Problemas com spam com email origem igual ao destino

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Problemas com spam com email origem igual ao destino

Claudio Junior
Ola pessoal

Hoje voltamos a receber emails que entram na caixa postal do usuário com a origem e destino igual ao e-mail do usuário.

O que é possível fazer nestes tipos de email?

Vi que o sistema de spam rotulou ele de forma correta. Vou procurar fazer o devido tratamento ali, mas existe mais alguma coias a se fazer? Gostaria de barrar estes emails para que não entrassem no servidor.

Abaixo minhas smtpd restrictions:

smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks        reject_unauth_destination       reject_non_fqdn_sender  reject_non_fqdn_recipient       reject_unknown_sender_domain    reject_unknown_recipient_domain        reject_unauth_pipelining reject_rbl_client bl.spamcop.net        reject_rbl_client zen.spamhaus.org      reject_rbl_client dnsbl.sorbs.net       check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets    check_policy_service inet:127.0.0.1:60000       check_policy_service unix:private/policy-spf
smtpd_sender_restrictions =


Abaixo o cabeçalho do email com as informações.

Return-Path: <[hidden email]>
Delivered-To: [hidden email]
Received: from localhost (localhost [127.0.0.1])
        by srv03.XXXXXXXXX.com (Postfix) with ESMTP id 8498B7FCA4
        for <[hidden email]>; Thu, 27 Nov 2014 04:29:52 -0200 (BRST)
X-Virus-Scanned: Debian amavisd-new at srv03.XXXXXXXXX.com.br
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char E1 hex):
        Subject: ...ue seu ( CPF / CNPJ ) est\341 em fase de pro[...]
Received: from mail.XXXXXXXXX.com.br ([127.0.0.1])
        by localhost (srv03.XXXXXXXXX.com.br [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id NbQc8jsNO1X3 for <[hidden email]>;
        Thu, 27 Nov 2014 04:29:51 -0200 (BRST)
X-Greylist: delayed 455 seconds by postgrey-1.32 at srv03; Thu, 27 Nov 2014 04:29:46 BRST
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=168.61.8.93; helo=das27.das27.d4.internal.cloudapp.net; envelope-from=[hidden email]; receiver=[hidden email]
Received: from das27.das27.d4.internal.cloudapp.net (unknown [168.61.8.93])
        by srv03.XXXXXXXXX.com (Postfix) with ESMTP id 9C1287FCA2
        for <[hidden email]>; Thu, 27 Nov 2014 04:29:45 -0200 (BRST)
Received: by das27.das27.d4.internal.cloudapp.net (Postfix, from userid 33)
        id 9A36024582; Thu, 27 Nov 2014 06:18:43 +0000 (UTC)
Subject: Comunicamos que seu ( CPF / CNPJ ) est<E1> em fase de protesto. (75753)
X-PHP-Originating-Script: 0:imo30.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-Mailer: Microsoft Office Outlook, Build 17.551210
Content-Transfer-encoding: 8bit
Reply-To: [hidden email]
X-Mailer: iGMail [www.ig.com.br]
X-Originating-Email: [hidden email]
X-Sender: [hidden email]
X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081
Message-Id: <[hidden email]>
Date: Thu, 27 Nov 2014 06:18:43 +0000 (UTC)

Obrigado pela atenção

--
Claudio da Silva Junior
[hidden email]

_______________________________________________
Postfix-br mailing list
[hidden email]
http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/postfix-br
Reply | Threaded
Open this post in threaded view
|

Re: Problemas com spam com email origem igual ao destino

Márcio Merlone
Olá,

Estou com preguiça hoje, dá uma olhada nesta thread que já rolou aqui antes com o mesmo problema:

http://listas.softwarelivre.org/pipermail/postfix-br/2013-April/000707.html

Sds.

On 27-11-2014 10:06, Claudio Junior wrote:
Ola pessoal

Hoje voltamos a receber emails que entram na caixa postal do usuário com a origem e destino igual ao e-mail do usuário.

O que é possível fazer nestes tipos de email?

Vi que o sistema de spam rotulou ele de forma correta. Vou procurar fazer o devido tratamento ali, mas existe mais alguma coias a se fazer? Gostaria de barrar estes emails para que não entrassem no servidor.

Abaixo minhas smtpd restrictions:

smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks        reject_unauth_destination       reject_non_fqdn_sender  reject_non_fqdn_recipient       reject_unknown_sender_domain    reject_unknown_recipient_domain        reject_unauth_pipelining reject_rbl_client bl.spamcop.net        reject_rbl_client zen.spamhaus.org      reject_rbl_client dnsbl.sorbs.net       check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets    check_policy_service inet:127.0.0.1:60000       check_policy_service unix:private/policy-spf
smtpd_sender_restrictions =


Abaixo o cabeçalho do email com as informações.

Return-Path: <[hidden email]>
Delivered-To: [hidden email]
Received: from localhost (localhost [127.0.0.1])
        by srv03.XXXXXXXXX.com (Postfix) with ESMTP id 8498B7FCA4
        for [hidden email]; Thu, 27 Nov 2014 04:29:52 -0200 (BRST)
X-Virus-Scanned: Debian amavisd-new at srv03.XXXXXXXXX.com.br
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char E1 hex):
        Subject: ...ue seu ( CPF / CNPJ ) est\341 em fase de pro[...]
Received: from mail.XXXXXXXXX.com.br ([127.0.0.1])
        by localhost (srv03.XXXXXXXXX.com.br [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id NbQc8jsNO1X3 for [hidden email];
        Thu, 27 Nov 2014 04:29:51 -0200 (BRST)
X-Greylist: delayed 455 seconds by postgrey-1.32 at srv03; Thu, 27 Nov 2014 04:29:46 BRST
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=168.61.8.93; helo=das27.das27.d4.internal.cloudapp.net; envelope-from=[hidden email]; [hidden email]
Received: from das27.das27.d4.internal.cloudapp.net (unknown [168.61.8.93])
        by srv03.XXXXXXXXX.com (Postfix) with ESMTP id 9C1287FCA2
        for [hidden email]; Thu, 27 Nov 2014 04:29:45 -0200 (BRST)
Received: by das27.das27.d4.internal.cloudapp.net (Postfix, from userid 33)
        id 9A36024582; Thu, 27 Nov 2014 06:18:43 +0000 (UTC)
Subject: Comunicamos que seu ( CPF / CNPJ ) est<E1> em fase de protesto. (75753)
X-PHP-Originating-Script: 0:imo30.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-Mailer: Microsoft Office Outlook, Build 17.551210
Content-Transfer-encoding: 8bit
Reply-To: [hidden email]
X-Mailer: iGMail [www.ig.com.br]
X-Originating-Email: [hidden email]
X-Sender: [hidden email]
X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081
Message-Id: <[hidden email]>
Date: Thu, 27 Nov 2014 06:18:43 +0000 (UTC)

Obrigado pela atenção

--
Claudio da Silva Junior
[hidden email]


_______________________________________________
Postfix-br mailing list
[hidden email]
http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/postfix-br

--
Marcio Merlone
TI - Administrador de redes

A1 Engenharia - Unidade Corporativa
Fone: +55 41 3616-3797
Cel: +55 41 9689-0036
http://www.a1.ind.br/

_______________________________________________
Postfix-br mailing list
[hidden email]
http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/postfix-br