This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam from own mail adresses

Hey guys,

we're using a UTM 220 with MX Record. Since a few days I keep seeing mails from our own domain in the SMTP Log, it looks like this:



The IP is unknown to me and they change. I took a look in the header of some of the mails.

Microsoft Mail Internet Headers Version 2.0
Received: from UTM.****-germany.de ([140.***.1.***]) by ****-germany.de with Microsoft SMTPSVC(6.0.3790.4675);
 Fri, 7 Feb 2014 19:55:49 +0100
Received: from [190.22.54.83] (port=12334)
by UTM.****-germany.de with esmtp (Exim 4.76)
(envelope-from )
id 1WBqaN-0002rq-3B
for newsletter.profi@****-germany.de; Fri, 07 Feb 2014 19:55:41 +0100
X-CTCH-RefID: str=0001.0A090203.52F52C2D.0074,ss=3,re=0.000,recu=0.000,reip=0.000,pt=F_26154406,cl=4,cld=1,fgs=0
Message-ID: 
Date: Sat, 01 Feb 2014 11:55:10 -0400
From: 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: 
Subject: Aktuelle Stellenausschreibung
Content-Type: multipart/alternative;
 boundary="------------090700090707010901030209"
Return-Path: newsletter.profi@****-germany.de
X-OriginalArrivalTime: 07 Feb 2014 18:55:49.0824 (UTC) FILETIME=[37B16400:01CF2436]

--------------090700090707010901030209
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

--------------090700090707010901030209
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable


Some mails are getting blocked by the UTM with 
Rejected: RDNS/HELO (RDNS missing)
 or 
Rejected: RBL (black.rbl.ctipd.astaro.local)
 and others are delivered to the mailbox.

There is no authenticated relaying configured and the only server under host based relay is our mailserver...

Do you have an explanation for me and what I can do against it?

All the best!

Max


This thread was automatically locked due to age.
Parents
  • Configuring SPF would solve your problem, Max.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • @ Jetkins: We have some remote users, but they're connected via Exchange Web/Mobile Access.

    @BAlfson: Thanks for that, I already tried to realize it but our **** hoster (1und1) doesn't support SPF records...

    the new sophos board sucks... :-( please give us the old one back.

Reply
  • @ Jetkins: We have some remote users, but they're connected via Exchange Web/Mobile Access.

    @BAlfson: Thanks for that, I already tried to realize it but our **** hoster (1und1) doesn't support SPF records...

    the new sophos board sucks... :-( please give us the old one back.

Children
No Data