RC Spam problem

[rivert]

All,

I need help on a spam issue that been bugging me lately. I believe my rc is allowing spam loggers and I need a way to prevent this. Please help attached are headers of an example of a spam i caught:

============
Return-Path: <in@dhl.com>
Delivered-To: johnl@iecc.com
Received: (qmail 89456 invoked by uid 1004); 1 Nov 2012 05:06:26 -0000
Delivered-To: majordomo-asrg-chair@asrg.sp.am
Received: (qmail 89454 invoked from network); 1 Nov 2012 05:06:26 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on leila.iecc.com
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.2 required=4.4 tests=BAYES_99,FILL_THIS_FORM,
   FILL_THIS_FORM_FRAUD_PHISH,
   FILL_THIS_FORM_LONG autolearn=no version=3.3.2
X-Spam-Report: *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
   *      [score: 1.0000]
   *  0.0 FILL_THIS_FORM Fill in a form with personal information
   *  3.4 FILL_THIS_FORM_LONG Fill in a form with personal information
   *  0.3 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
Received: from smtp2.mydomain.com (smtp2.mydomain.com [ccc.ccc.ccc])
   by mail1.iecc.com ([sss.sss.sss.sss])
   with ESMTP via TCP port 56409/25 id 527182487;
   01 Nov 2012 05:06:19 -0000
Received: from [bbb.bbb.bbb.bbb] (helo=smtp.mydomain.com)
   by smtp2.mydomain.com with esmtp (Exim 4.69 (FreeBSD))
   (envelope-from <in@dhl.com>)
   id 1TTmoP-000Mx0-Cu; Thu, 01 Nov 2012 06:55:25 +0200
Received: from webmail.mydomain.com ([aaa.aaa.aaa.aaa]
   helo=webmail.mydomain.com)
   by smtp.mydomain.com with esmtp (Exim 4.69 (FreeBSD))
   (envelope-from <in@dhl.com>)
   id 1TTmyc-000Mzz-6W; Thu, 01 Nov 2012 07:05:58 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 31 Oct 2012 20:08:23 -0700
From: =?UTF-8?Q?WELCOME_TO_DHL=C2=AE_INTERNATIONAL_COURIER_COMPANY?=
   <in@dhl.com>
To: undisclosed-recipients:;
Subject: dlh Senior Delivery Officer
Organization: =?UTF-8?Q?WELCOME_TO_DHL=C2=AE_INTERNATIONAL_COURIER_COMPAN?=
   =?UTF-8?Q?Y?=
Reply-To: <dhlcourier_deliveryservice85@rocketmail.com>
Mail-Reply-To: <dhlcourier_deliveryservice85@rocketmail.com>
Message-ID: <79c6b0a6e51b5f92aff36b6141c54b64@mydomain.com>
X-Sender: in@dhl.com
User-Agent: Roundcube Webmail/0.8.1
X-DCC-iecc-Metrics: leila.iecc.com 1107; Body=many Fuz1=many Fuz2=many
X-Tag: tagged by DCC
============

Regards

[rosali]

Roundcube is a web based email client. It displays what your server receives. Fix your problem on the server side to reject spam. Your example mail is tagged as spam by spamassin. So, you or your hoster should take care that these kind of email go to your spam folder or are rejected on the front door.

If you are not the admin of the smtp service you are using, contact the admin. It is definitely no Roundcube issue.

[rivert]

I guess what I am trying to find out is could there be someone who may have perhaps logged on or hacked into an account and sent mail as described. My webmail is setup such that its function is to work as a webmail only connecting to the local SMTP server on the network. All I am trying to do is to strengthen my security as to avoid spam, i have CAPTCHA already implemented on it.

Thank you

[Yoni]

Your server might not be actually compromised. They could be forging your e-mail address and sending messages pretending to be you (return path). This is certainly something that has to be managed in your backend server. SPF and DKIM your e-mails and e-mail servers will reject such forged emails. Eventually the spammer will move on because there is no progress not it makes any sense to mass mail without getting to the recipients inboxes.

There is only so much you can do but certainly spammers do not waste their time forging your addresses if their spam cannot be delivered. Bare with it in the mean time. They will go away soon.

[rivert]

Your server might not be actually compromised. They could be forging your e-mail address and sending messages pretending to be you (return path). This is certainly something that has to be managed in your backend server. SPF and DKIM your e-mails and e-mail servers will reject such forged emails. Eventually the spammer will move on because there is no progress not it makes any sense to mass mail without getting to the recipients inboxes.

There is only so much you can do but certainly spammers do not waste their time forging your addresses if their spam cannot be delivered. Bare with it in the mean time. They will go away soon.

very helpful... thanks a lot. I will do something about it.