[postfix-es] Correos y spam

Pablo Gentilel pablo en royalmercosur.com
Jue Oct 23 20:37:53 CEST 2008

Salian correos con un usuario en particular, si me fijo en el encabezado 
dice que usa como useragent a squirrelmail user credondo.
Mi pregunta es: si no hay open relay, y en main.cf mydestination esta de 
esta forma: mydestination =  $mydomain, myhostname , localhost ..
la opcion mynetworks = , como se entiende que 
salgan  correos  con dominio que no sean  el propio?
Aqui les dejo parte del log de postfix y el mail de la lista negra que 
me mando avisandome en ese orden.
La manera en que lo solucioné de momento es cambiando la contraseñan de 
correo, asi no puede enviar correo ni con el webmail, ni autorizando con 
sasl, ya que me olvide de decirles que el usuario está fuera de mi lan , 
asi que le habia habilitado una cuenta con sasl2
Desde ya muchas gracias

Mail de lista negra.

his is an automated email abuse report from the folks at junkemailfilter.com for an email message received from IP address [] on Wed, 22 Oct 2008 17:12:05 -0700. 

The nature of this spam indicates possible fraud. Pay close attention to both the from address ]"THE CASINO-WEB LOTTERY AWARD" <info en casino.com>] and the reply-to address [].

We hope this information will help you in determining the source of the problem and shut it down. The original message is attached in MIME format with complete headers. For more information about this standardized abuse report format [ARF] please visit http://www.mipassoc.org/arf/ If you would prefer abuse reports in text format let us know.

If you have any questions or feedback about this abuse report or are interested in learning about our spam filtering technology feel free to contact us. If this is not spam please accept our apologies and let us know so we can fix the problem. Pay close attention to the REASON listed.
Marc Perkel - Fearless Leader
Junk Email Filter dot com

* Date:    Wed, 22 Oct 2008 17:12:05 -0700
* From:    "THE CASINO-WEB LOTTERY AWARD" <info en casino.com>
* Subject: Dear Lottery Winner,
* Host:    mail.royalmercosur.com []
* Reason:  419scam Freemail - Reply-to does not match From - R=barr_jasonsoper2 en hotmail.com F="THE CASINO-WEB LOTTERY AWARD" <info en casino.com> - X=pascal H=mail.royalmercosur.com [] HELO=[mail.royalmercosur.com] F=[info en casino.com] T=[acordov

For more information about these abuse reports: http://wiki.junkemailfilter.com/index.php/Spam_abuse
To test or be removed from our blacklist: http://ipadmin.junkemailfilter.com/remove.php?ip=

======== Original Headers ========

Delivery-date: Wed, 22 Oct 2008 17:12:05 -0700
Received: from mail.royalmercosur.com ([])
	by pascal.junkemailfilter.com with esmtp (Exim 4.68)
	id 1Ksno4-0007zw-JQ on interface=
	for acordova en metromedicalservices.com; Wed, 22 Oct 2008 17:12:05 -0700
Received: from localhost (localhost [])
	by mail.royalmercosur.com (Postfix) with ESMTP id 09E9A8C304;
	Wed, 22 Oct 2008 15:44:25 -0300 (ART)
X-Virus-Scanned: amavisd-new at royalmercosur.com
Received: from mail.royalmercosur.com ([])
	by localhost (mail.royalmercosur.com []) (amavisd-new, port 10024)
	with ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART)
Received: from mail.royalmercosur.com (localhost [])
	by mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6;
	Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Received: from
        (SquirrelMail authenticated user credondo)
        by mail.royalmercosur.com with HTTP;
        Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Message-ID: <3057. en mail.royalmercosur.com>
Date: Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Subject: Dear Lottery Winner,
From: "THE CASINO-WEB LOTTERY AWARD" <info en casino.com>
Reply-To: barr_jasonsoper2 en hotmail.com
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;
Content-Transfer-Encoding: quoted-printable
X-Sender-Domain: royalmercosur.com
X-Freemail-From: casino.com
X-Freemail-Reply-to: hotmail.com
X-Spamfilter-host: pascal.junkemailfilter.com - http://www.junkemailfilter.com
X-Mail-from: info en casino.com
X-From-name-part: the casino-web lottery award 
X-Spam-Class: SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - R=barr_jasonsoper2 en hotmail.com F="THE CASINO-WEB LOTTERY AWARD" <info en casino.com> - X=pascal H=mail.royalmercosur.com [] HELO=[mail.royalmercosur.com] F=[info en casino.com] T=[acordova en metromedicalservices.com] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ]
X-Spamsave: Yes - 419scam Freemail - Reply-to does not match From - R=barr_jasonsoper2 en hotmail.com F="THE CASINO-WEB LOTTERY AWARD" <info en casino.com> - X=pascal H=mail.royalmercosur.com [] HELO=[mail.royalmercosur.com] F=[info en casino.com] T=[acordova en metromedicalservices.com] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ]
X-Sender-Host-Name: mail.royalmercosur.com
X-Original-helo: mail.royalmercosur.com


Feedback-Type: abuse
User-Agent: JunkEmailFilter - Abuse Reporter/1.0 - Testing - Feedback Appreciated
Version: 0.1
Original-Mail-From: "THE CASINO-WEB LOTTERY AWARD" <info en casino.com>
Original-Rcpt-To: undisclosed-recipients:;
Received-Date: Wed, 22 Oct 2008 17:12:05 -0700


Dear Lottery Winner,
"THE CASINO-WEB LOTTERY AWARD" <info en casino.com>
Wed, 22 Oct 2008 15:44:23 -0300 (ART)


Wed, 22 Oct 2008 17:12:05 -0700
from mail.royalmercosur.com ([]) by 
pascal.junkemailfilter.com with esmtp (Exim 4.68) id 1Ksno4-0007zw-JQ on 
interface= for acordova en metromedicalservices.com; Wed, 22 Oct 
2008 17:12:05 -0700
from localhost (localhost []) by mail.royalmercosur.com 
(Postfix) with ESMTP id 09E9A8C304; Wed, 22 Oct 2008 15:44:25 -0300 (ART)
amavisd-new at royalmercosur.com
from mail.royalmercosur.com ([]) by localhost 
(mail.royalmercosur.com []) (amavisd-new, port 10024) with 
ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART)
from mail.royalmercosur.com (localhost []) by 
mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6; Wed, 22 Oct 
2008 15:44:23 -0300 (ART)
from (SquirrelMail authenticated user credondo) by 
mail.royalmercosur.com with HTTP; Wed, 22 Oct 2008 15:44:23 -0300 (ART)
<3057. en mail.royalmercosur.com>
Responder a:
barr_jasonsoper2 en hotmail.com
Agente de usuario::
3 (Normal)
pascal.junkemailfilter.com - http://www.junkemailfilter.com
info en casino.com
the casino-web lottery award
SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - 
R=barr_jasonsoper2 en hotmail.com F="THE CASINO-WEB LOTTERY AWARD" 
<info en casino.com> - X=pascal H=mail.royalmercosur.com [] 
HELO=[mail.royalmercosur.com] F=[info en casino.com] 
T=[acordova en metromedicalservices.com] S=[Dear Lottery Winner,] FN=[the 
casino-web lottery award ]
Yes - 419scam Freemail - Reply-to does not match From - 
R=barr_jasonsoper2 en hotmail.com F="THE CASINO-WEB LOTTERY AWARD" 
<info en casino.com> - X=pascal H=mail.royalmercosur.com [] 
HELO=[mail.royalmercosur.com] F=[info en casino.com] 
T=[acordova en metromedicalservices.com] S=[Dear Lottery Winner,] FN=[the 
casino-web lottery award ]

from=<info en casino.com>, size=2711, nrcpt=50 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 324259209E: 
from=<info en casino.com>, size=2711, nrcpt=50 (queue active)
Oct 23 09:02:36 localhost postfix/smtp[13709]: connect to 
cluster2.eu.messagelabs.com[]: Connection refused (port 25)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 11FC62C6FD: from=<>, 
size=8265, nrcpt=1 (queue active)
Oct 23 09:02:36 localhost postfix/smtp[13714]: connect to 
cluster2.eu.messagelabs.com[]: Connection refused (port 25)
Oct 23 09:02:36 localhost postfix/smtp[13708]: connect to 
cluster2.eu.messagelabs.com[]: Connection refused (port 25)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: DB15DD186: from=<>, 
size=5438, nrcpt=1 (queue active)
Oct 23 09:02:36 localhost postfix/smtp[13710]: connect to 
cluster2.eu.messagelabs.com[]: Connection refused (port 25)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1D6398B789: from=<>, 
size=4385, nrcpt=1 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 60CF52D600: 
from=<info en uk.com>, size=2108, nrcpt=50 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 194248D2A7: from=<>, 
size=27838, nrcpt=1 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 3835AC379: from=<>, 
size=9172, nrcpt=1 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1597E8B342: from=<>, 

Esto se repite durante unas cuantas paginas,


More information about the postfix-es mailing list