spam with doutle at (fake@domain1@domain2)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

spam with doutle at (fake@domain1@domain2)

kazabe
hi,

My server is crying with a spam problem.  we are receiving a lot of
fake messages with virus attached.

the messages comming from an account like
[hidden email]@spammerdomain.com   with content very simlilar
to the messages sended by our real contacts.

How can i block that?  im trying with amavisd-new and postgrey but dont work.

maybe can i use some regexp?

thanks a lot
Reply | Threaded
Open this post in threaded view
|

Re: spam with doutle at (fake@domain1@domain2)

Benny Pedersen-2
kazabe skrev den 2019-01-18 22:01:

> My server is crying with a spam problem.  we are receiving a lot of
> fake messages with virus attached.

you say doubble @ is a virus ?

> the messages comming from an account like
> [hidden email]@spammerdomain.com   with content very simlilar
> to the messages sended by our real contacts.

forged senders is not new, double @ is just a try to workaround it, to
fool spf testing

> How can i block that?

block what ?

> im trying with amavisd-new and postgrey but dont work.

setup amavisd with a virus scanner

eq clamav with foxhole 3rd party sigs

> maybe can i use some regexp?

more info needed to help more, a staert wouild be to ask on amavisd
maillist for how to use virus scanners, if that does not help post
postconf -n

your setup have more then one problem, and both problems should be
solved seperately
Reply | Threaded
Open this post in threaded view
|

Re: spam with doutle at (fake@domain1@domain2)

Dominic Raferd
In reply to this post by kazabe


On Fri, 18 Jan 2019 at 21:03, kazabe <[hidden email]> wrote:
My server is crying with a spam problem.  we are receiving a lot of
fake messages with virus attached.
The messages coming from an account like
[hidden email]@spammerdomain.com   with content very similar
to the messages senby our real contacts.
How can i block that?  im trying with amavisd-new and postgrey but dont work.
maybe can i use some regexp?

Perhaps but we need more detail: is this address in the 'Envelope From' (sender) or in the 'From: header', and if the latter what is the full text of the header (i.e. so we can see if it is in the text part or in the <...> part)?