A
A
Alexey Titov2018-02-12 10:21:17
Mail server
Alexey Titov, 2018-02-12 10:21:17

It seems that someone is sending spam from my domain, how can I figure out what's going on?

Lately I've been receiving emails like this:

This letter was created automatically by the Mail.Ru server, you do not need to respond to it.
Unfortunately, your letter could not be delivered to one or more recipients because: the
letter was blocked by the system as possible spam. To solve the problem, go to
help.mail.ru/notspam-support/id?c=hIxQJIJHS9wIczev ... or write details to [email protected]
Error Code: 24508C84DC4B4782AF377308814B3CF13DADF1DE2EB83CEFC6256B9182CB99EFA7FCC23B1D9C7271BA5137CE2E5236878F9CA260D04BD65B. Letter ID: 0000000D0001B6FD210FBFDA.
**********************
A message that you sent was rejected by the local scanning code that
checks incoming messages on this system. The following error was given:
spam message rejected. Please visit help.mail.ru/notspam-support/id?c=hIxQJIJHS9wIczev... or
report details to [email protected] Error code: 24508C84DC4B4782AF377308814B3CF13DADF1DE2EB83CEFC6256B9182CB99EFA7FCC23B1D9C7271BA5137CE2E5236878F9CA260D04BD65B. ID: 0000000D0001B6FD210FBFDA.
------ This is a copy of your message, including all the headers.
------ No more than 1K characters of the body are included.
Received: from [218.61.1.227] (ident=mail)
by mxmy1.i.mail.ru with local (envelope-from )
id 1ekbbc-0003gK-1N
for [email protected]; Sat, 10 Feb 2018 23:18:40 +0300
X-ResentFrom:
X-MailRu-Forward: 1
Authentication-Results: mxs.mail.ru; spf=softfail (mxmy1.i.mail.ru: transitioning domain of securityrussia.com does not designate 218.61.1.227 as permitted sender) [email protected] smtp.helo=SecurityRussia.com
Received-SPF: softfail (mxmy1.i.mail.ru: transitioning domain of securityrussia.com does not designate 218.61.1.227 as permitted sender) client-ip=218.61.1.227; [email protected]; helo=SecurityRussia.com;
Received: from [218.61.1.227] (port=49545 helo=SecurityRussia.com)
by mxmy1.i.mail.ru with esmtp (envelope-from )
id 1ekbbZ-0003eR-Ei; Sat, 10 Feb 2018 23:18:39 +0300
Received: from xoSecurityRussia.com by p3 SecurityRussia.com with pxi ipo baungw1--03ndyt96xry9
Received: from vh-SecurityRussia.com by f0 SecurityRussia.com with bury xw 5ay-sc1ll7--slnxfv
Received: from ka9.SecurityRussia.com by ye-SecurityRussia.com with ewnn xe ttnz12m--3xmamf3
--
dx1k3uo Id: <[email protected]>
To: [email protected]
Content-Type: text/html; charset = "utf-8"
Date: Sat, 10 Feb 2018 20:18:04 +0000 Content -
Transfer-Encoding: base64 : 1 X-21532ABB: 7567277D36A244813421D60863A2C725E46BC3631ACDDF63C9357EAA582E0BB6F8DFEA4F97EE6A9342A29C9DE27612FE
X-7FA49CB5:
X-DMARC-Policy: no
X-Mras: SPAM
X-Spam: undefined
X-21532ABB: 7567277D36A244813421D60863A2C725E46BC3631ACDDF63C9357EAA582E0BB6F8DFEA4F97EE6A93DB7235B38F2CA2AC
X-7FA49CB5:
X-DMARC-Policy: no
X-Magic: D7426F4F725623B9314912D31C83C134AC13F93113FF3B802A21C51258FEC5C5
X-Mras: SPAM
PGh0bWw + PGhlYWQ + PC9oZWFkPjxib2R5Pjxmb250IHNpemU9NT48YSBocmVmPSJodHRwOi8vU2VjdXJpdHlSdXNzaWEuY29tLnVzMTYubGlzdC1tYW5hZ2UuY29tL3RyYWNrL2NsaWNrP3U9Y3c0bmQ1eGxudTIyN2s5Z2dmcGtlMDVzaSZpZD1mc3dxOGNiamswJmU9dHh6a3RibTczcSYwbTBsPWEyZncyOG8zZWNtJnU9N2UyNDAwMzdhNjM3YmIzZDhlNzZmMTZjNyY2djQ9a21tdGRjODNldXI3aDQmdXV5bD1qOW85aDZ5a3FzcGl3JmlkPWY0ODg1MDRkMTgmczdrMj1nYm50aGQ5YTI5JmU9ZjBlZmE5YTE3MyZlMXk5PWg2ZGFpOTBteGczNXFhJmM3ZD12emx0dHFxazZ0ZWpteXkiPtCSPCEtLdGO0YrQsdGP0LrQtdC90LvRii0tPtCw0YEg0L7QtjwhLS3Qt9GP0YbRgNGJ0L / QuC0tPtC40LTQsDwhLS3RiNGJ0LPQsNGC0YrRg9C1LS0 + 0LXRgiDQstC + 0Lc8IS0t0L3RkdC10YTQuNC4LS0 + 0L3QsNCz0YA8IS0t0YDRh9GC0LfRii0tPtCw0LbQtDwhLS3QutC60YbQsNGI0Y / RhtCxLS0 + 0LXQvdC4PCEtLdGN0L / RitGJ0LHQutC50LwtLT7QtSDQvdCwPCEtLdCx0YDRg9GD0LctLT7RiNC1PCEtLdC / 0YzRhdGA0ZEtLT7Qs9C + INGE0L48IS0t0YPQt9GR0LPQsNGDLS0 + 0L08IS0t0LPRkdGD0L7RgtGO0YHRj9C / LS0 + 0LTQsCDQsiDRgDwhLS3QutC80Y7QtdGI0LfRgdC+LS0+0LDQtzwhLS3QutGG0L/Rhy0tPtC80LU8IS0t0LzRi9Cx0YgtLT7RgNC1INC+PCEtLdGO0LnRi9Cw0L7QtNGR0ZEtLT7RgiAxPCEtLdGO0Y3RidGH0YjRidGILS0+MDA8IS0+MDA8IS0

The [email protected] address mentioned in the letter never existed. What's happening? And how to overcome it?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
C
CityCat4, 2018-02-12
@alextitoff

Someone with IP 218.61.1.227 passed the name SecurityRussia.com to HELO and came up with a lantern name for the box, similar to the real one. SPF on mail.ru worked and mail.ru kicked this letter.
There is no way to overcome :) except to go to China (IP Chinese) :)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question