problem in receiving Fake emails Exim

B

beniii

Verified User
Joined
May 8, 2013
Messages
23
Hi
We have a strange problem in receiving emails in one of our Linux servers. The MTA is Exim. The problem is that a domain (e.g. test.com) on the server receives emails from the same domain (e.g. [email protected] or any other account name) from a different IP address!! Is there any way to drop or ban such emails? Should we do something in Exim configuration files or somewhere else on the server?
How can block recive with the same name as the domain's email unrealistic?

Any help is appreciated.
 
What exim version are you using?
What exim.conf version are you using?
What Custombuild version are you using?

Best regards
 
I do not know how to retrieve the version of exim.conf!! Does it have a different version from Exim?? Anyway these versions where written in the exim.conf file:
README.SpamBlocker.exim.conf.2.1
SpamBlocker.exim.conf.2.1.1-release
Runtime configuration file for DirectAdmin/Exim 4.24 and above
Requires exim.pl dated 20-Apr-2007 17:09 or later
 
We did as the link mentioned. We built all components to the latest version. But nothing changed. I still can send a an email with the fake address to the server and it places in the Inbox without any warning!!

here's the header of the email:

Return-Path:*
Delivered-To:*[email protected]
Received:*from Mailservice1.irandns.com
****by Mailservice1.irandns.com (Dovecot) with LMTP id c3Y3AxQVI1goYQAAE7uLNg
****for ; Wed, 09 Nov 2016 15:52:44 +0330
Return-path:*
Envelope-to:*[email protected]
Delivery-date:*Wed, 09 Nov 2016 15:52:44 +0330
Received:*from ip253.ip-92-222-234.eu ([92.222.234.253] helo=lh07.irandns.com)
****by Mailservice1.irandns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
****(Exim 4.87)
****(envelope-from )
****id 1c4Rtr-0006oQ-AO
****for [email protected]; Wed, 09 Nov 2016 15:52:43 +0330
Received:*from root by lh07.irandns.com with local (Exim 4.87)
****(envelope-from )
****id 1c4Rw9-0007lG-AZ
****for [email protected]; Wed, 09 Nov 2016 15:55:05 +0330
To:*[email protected]
Subject:*suspend Host
X-PHP-Originating-Script:*0:mail.php
From:[email protected]
Message-Id:*
Date:*Wed, 09 Nov 2016 15:55:05 +0330
Forward-Confirmed-ReverseDNS:*Reverse and forward lookup success on 92.222.234.253, -10 Spam score
X-Spam-Score:*0.0 (/)
 
Do you have spam assassin activated on your server?

Did exim restart once you implemented the new functionality?
Can you confirm that exim.conf has been updated?
Is the sending server ip (or hostname) in any whitelist in /etc/virtual/whitelist*?

Best regards
 
Yes, spam assassin is activated. (We built it as the link said)
Yes the exim is working normally.
The first line of the exim.conf is this "SpamBlockerTechnology* powered exim.conf, Version 4.4.6", I think it is updated
We did not define any whitelist or blacklist for ips or hostnames!
 
The fact you did built it with Custombuild doesn't mean it is active.

SA can be activated per-domain, so you may need to log in DA, go to user level, Spamassasin setup, configure and activate it.

Best regards
 
Dear SeLLeRoNe.
As you see in the picture, the SA is activated but nothing is changed.
spamassassin.PNG
 
You must log in or register to reply here.
Back
Top