Hello dear MagicSpam Team,
as I am using Pro on my server I continue the Azure Cloud Spam thread here.
viewtopic.php?f=15&t=237371
Screenshot of Settings attached.
Here is an excerpt of my maillog:
Mar 25 13:48:16 lvps176-28-23-41 postfix/smtpd[19327]: connect from vdds-46.westus.cloudapp.azure.com[137.135.47.133]
Mar 25 13:48:17 lvps176-28-23-41 postfix/smtpd[19327]: 39B501409FE: client=vdds-46.westus.cloudapp.azure.com[137.135.47.133]
Mar 25 13:48:17 lvps176-28-23-41 postfix/cleanup[19347]: 39B501409FE: message-id=<0.0.167.E6.1D72085FD064EB6.0@uspmta194086.emarsys.net>
Mar 25 13:48:17 lvps176-28-23-41 check-quota[19351]: Starting the check-quota filter...
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: SKIP during call 'check-quota' handler
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Starting the spf filter...
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Error code: (2) Could not find a valid SPF record
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Failed to query MAIL-FROM: No DNS data for 'adostudio.it'.
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: SPF result: none
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: SPF status: PASS
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: PASS during call 'spf' handler
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: SKIP during call 'magicspam-flag' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix/qmgr[17412]: 39B501409FE: from=<>, size=32286, nrcpt=1 (queue active)
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: postfix-local: from=MAILER-DAEMON, to=mario@gaida.de, dirname=/var/qmail/mailnames
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: Starting the dk_check filter...
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM Bad signature
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM verification (d=emarsys.net, 1024-bit key) failed: signature verification failed
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM verification (d=email.experteer.com, 1024-bit key) failed: signature verification failed
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: PASS during call 'dd52-domainkeys' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: SKIP during call 'magicspam-flag' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix/pipe[19354]: 39B501409FE: to=<mario@gaida.de>, relay=plesk_virtual, delay=1.3, delays=1.3/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Mar 25 13:48:17 lvps176-28-23-41 postfix/qmgr[17412]: 39B501409FE: removed
Mar 25 13:48:17 lvps176-28-23-41 postfix/smtpd[19327]: disconnect from vdds-46.westus.cloudapp.azure.com[137.135.47.133] ehlo=1 mail=1 rcpt=1 bdat=4 quit=1 commands=8
Perhaps this can help you find a way to block azure cloud spam.
kind regards
Mario
Azure Cloud Spam (continued from MagicSpam for Plesk forum)
Azure Cloud Spam (continued from MagicSpam for Plesk forum)
- Attachments
-
- Bildschirmfoto 2021-03-25 um 13.58.32.jpg (178.49 KiB) Viewed 18222 times
-
- Bildschirmfoto 2021-03-25 um 13.58.27.jpg (196.14 KiB) Viewed 18222 times
-
- Bildschirmfoto 2021-03-25 um 13.58.11.jpg (172.12 KiB) Viewed 18222 times
Re: Azure Cloud Spam (continued from MagicSpam for Plesk forum)
Hello puzzel76,
Thank you for the additional information.
Your MagicSpam installation already seems to be quite strictly configured. Since you are using the PRO version, your best option to stop inbound spam from their networks is to enable the MagicSpam custom SpamAssassin Rules if you have SpamAssassin installed on your server.
MagicSpam Admin Interface >> Anti-Spam >> SpamAssassin
If you already have the MagicSpam custom SpamAssassin Rules enabled, please confirm that the LM_IS_AZURE_IP has been hitting. You can check by running the following command on the terminal as root:
Otherwise, if you do not expect to receive any email from Microsoft Azure networks, you can block all incoming email from Microsoft Azure networks by adding the RAT-Azure RBL (azure.spamrats.com) through:
MagicSpam Admin Interface >> Anti-Spam >> IP Reputation >> RBL
It would be helpful for our Threat Research Team if you were able to provide us with the logs and samples of the spam coming from Microsoft Azure networks. You can retrieve logs by running the following command on the terminal as root:
Please send us the logs and spam samples as attachments to us via email at:
support@magicspam.com
Hopefully, this information will help you.
Thank you.
Thank you for the additional information.
Your MagicSpam installation already seems to be quite strictly configured. Since you are using the PRO version, your best option to stop inbound spam from their networks is to enable the MagicSpam custom SpamAssassin Rules if you have SpamAssassin installed on your server.
MagicSpam Admin Interface >> Anti-Spam >> SpamAssassin
If you already have the MagicSpam custom SpamAssassin Rules enabled, please confirm that the LM_IS_AZURE_IP has been hitting. You can check by running the following command on the terminal as root:
Code: Select all
zgrep LM_IS_AZURE_IP /var/log/mail.log*
MagicSpam Admin Interface >> Anti-Spam >> IP Reputation >> RBL
It would be helpful for our Threat Research Team if you were able to provide us with the logs and samples of the spam coming from Microsoft Azure networks. You can retrieve logs by running the following command on the terminal as root:
Code: Select all
grep cloudapp.azure.com /var/log/magicspam/mslog*
support@magicspam.com
Hopefully, this information will help you.
Thank you.
-- MagicSpam Support Team --
Who is online
Users browsing this forum: No registered users and 10 guests