Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 38 subscribers
  • Views 1538 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam wird oft zugestellt DKIM failed

Boldmen
Hallo, in den letzen Wochen erhalte ich oft Spam, meistens sieht das im Log dann so aus:

SMTP connection from [37.1.145.59]:45260 (TCP/IP connection count = 1)
[37.1.145.59] F= R= Verifying recipient address with callout
1YySak-000067-1a DKIM: d=my-email-sender.com s=key1 c=relaxed/relaxed a=rsa-sha1 [verification failed - signature did not verify (headers probably modified in transit)]
1YySak-000067-1a ctasd reports 'Unknown' RefID:str=0001.0A0B0203.5568E576.00C3,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
1YySak-000067-1a Greylisting: 37.1.145.59 is a known retry host
1YySak-000067-1a mailer@more-track.com H=srv-59.mkzp.com [37.1.145.59]:45260 P=esmtp S=10892 id=0.0.29.960.1D09A579CA42972.0@srv-59.mkzp.com
SMTP connection from srv-59.mkzp.com [37.1.145.59]:45260 closed by QUIT

Der Text der Mail ist auch mehr als "Spam" verdächtig:  Bonus MontoCarlo 1000EUR usw. 
Wieso filtert die UTM so etwas nicht mehr? Die AntiSpam Einstellungen sind so weit OK, das habe ich geprüft,

VG


This thread was automatically locked due to age.
Parents
  • 0
    (Sorry, my German-speaking brain is not creating thoughts at the moment.[:(])

    It appears that the public DKIM record, key1._domainkey.my-email-sender.com, must have "t=y" => "test mode - do not reject mail based on a DKIM failure."

    If you believe this is spam, you can submit it to Sophos Labs per http://www.sophos.com/de-de/support/knowledgebase/23113.aspx.  Mostly, I see a lot of these are mailing lists the user has opted into, and they just need to opt-out using both links at the bottom of the email.

    MfG - Bob (Bitte auf Deutsch weiterhin.)
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    (Sorry, my German-speaking brain is not creating thoughts at the moment.[:(])

    It appears that the public DKIM record, key1._domainkey.my-email-sender.com, must have "t=y" => "test mode - do not reject mail based on a DKIM failure."

    If you believe this is spam, you can submit it to Sophos Labs per http://www.sophos.com/de-de/support/knowledgebase/23113.aspx.  Mostly, I see a lot of these are mailing lists the user has opted into, and they just need to opt-out using both links at the bottom of the email.

    MfG - Bob (Bitte auf Deutsch weiterhin.)
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML