Hello,
I am experiencing problem with a specific email address. It sends mass spam mails, CSF notify me:
On mail delivery reports I saw differences between mail send from spam and mail send from user:
User mail:
Spam mail:
I am wondering:
If this is a normal login (spammer have the email password) or is something else going wrong?
Why delivery user on spam mails is system?
Why router on spam mail is enforce_mail_permissions? (Because domain exceeded the max emails per hours?
I am experiencing problem with a specific email address. It sends mass spam mails, CSF notify me:
Code:
Time: Tue May 22 07:32:25 2018 +0300
Type: LOCALHOSTRELAY, IPv6 localhost - ::1
Count: 355 emails relayed
Blocked: No
Sample of the first 10 emails:
- Removed -
On mail delivery reports I saw differences between mail send from spam and mail send from user:
User mail:
Code:
Authentication: dovecot_login
Delivery User: -remote-
Router: dkim_lookuphost
Transport: dkim_remote_smtp
Code:
Authentication: dovecot_login
Delivery User: -system-
Router: enforce_mail_permissions
Transport: fail (because domain has exceeded the max emails per hour)
If this is a normal login (spammer have the email password) or is something else going wrong?
Why delivery user on spam mails is system?
Why router on spam mail is enforce_mail_permissions? (Because domain exceeded the max emails per hours?
Last edited by a moderator: