We've been receiving quite a lot of bounce back spam emails. The emails usually originate from 4 of our email addresses. We've changed the passwords numerous times, but the issue remains.
SPF, DKIM and DMARC have all been configured for all domains.
I've recently change the Minutes Before Reset to 1.
We have quite a few distribution emails which are being used for sending spam, so all email addresses associated with them are receiving bounce backs.
Code: Select all
2019-10-21 Hmailserver: 5.6.7-B2425
DOMAINS
"Domain1.com" - emxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain1.com\dkim\Domain1.com.key
Selector: hashed
"Domain2.com" - fixxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain2.com\dkim\Domain2.com.key
Selector: hashed
"Domain3.com" - fuxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain3.com\dkim\Domain3.com.key
Selector: hashed
"Domain4.com" - obxx.otxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain4.com\dkim\Domain4.com.key
Selector: hashed
"Domain5.com" - otxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain5.com\dkim\Domain5.com.key
Selector: hashed
"Domain6.com" - pixxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: e:\email security\Domain6.com\dkim\Domain6.com.key
Selector: hashed
-----------------------------------------------------------------------------------------------
RULES
1, Global Spam Rule 1 Criteria: Use AND
Custom: X-Spam-Level Contains *******
-----Actions-----
Move To Folder Trash
---------------------------------------------------------------------
2, Global Spam Rule 2 Criteria: Use AND
Custom: X-Spam-Level Contains ***
-----Actions-----
Move To Folder Spam
---------------------------------------------------------------------
3, Spam Criteria: Use OR
From Contains goaster.com
From Contains paramount.net.pk
From Contains whereareyounow.net
From Contains tollgroup.com
From Contains ntks.ru
-----Actions-----
Delete
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 192.168.0.1 - 192.168.0.254 Priority: 25 Name: Branch00-HeadOffice
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.1.1 - 10.1.1.254 Priority: 25 Name: Branch01-New Kingston
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch01-New Kingston-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.2.1 - 10.1.2.254 Priority: 25 Name: Branch02-Kingston Mall
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch02-Kingston Mall-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.3.0.1 - 10.3.0.254 Priority: 25 Name: Branch03-Falmouth
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.4.1 - 10.1.4.254 Priority: 25 Name: Branch04-Mandeville
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch04-Mandeville-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.5.1 - 10.1.5.254 Priority: 25 Name: Branch05-Montego Bay
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch05-Montego Bay-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.6.0.1 - 10.6.0.254 Priority: 25 Name: Branch06-Portland
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.7.0.1 - 10.7.0.254 Priority: 25 Name: Branch07-Savanna-la-Mar
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.8.1 - 10.1.8.254 Priority: 25 Name: Branch08-May Pen
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch08-May Pen-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.9.1 - 10.1.9.254 Priority: 25 Name: Branch09-Spanish Town
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch09-Spanish Town-DigicelPlay
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.10.1 - 10.1.10.254 Priority: 25 Name: Branch10-Ocho Rios
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch10-Ocho Rios-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.11.0.1 - 10.11.0.254 Priority: 25 Name: Branch11-Linstead
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 10.1.13.1 - 10.1.13.254 Priority: 25 Name: Branch12-Westminster
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Branch12-Westminster-HFC
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Webmail-FUF
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: False Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
------------------------------------------------------
AUTOBANNED Local Addresses:
192.168.0.1 Expires : 10/23/2019 9:41:34 AM
...
192.168.0.112 Expires : 10/22/2019 9:32:25 AM
192.168.0.5 Expires : 10/22/2019 11:12:01 AM
192.168.0.5 Expires : 10/22/2019 1:43:10 PM
192.168.0.1 Expires : 10/21/2019 10:52:55 PM
192.168.0.1 Expires : 10/21/2019 10:59:43 PM
192.168.0.1 Expires : 10/21/2019 11:02:52 PM
192.168.0.1 Expires : 10/21/2019 11:05:12 PM
192.168.0.1 Expires : 10/21/2019 11:07:46 PM
192.168.0.1 Expires : 10/22/2019 9:04:27 AM
192.168.0.1 Expires : 10/21/2019 10:23:26 AM
192.168.0.1 Expires : 10/21/2019 10:06:00 AM
192.168.0.1 Expires : 10/23/2019 8:42:07 AM
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 1 (0.02 hours, 0.00 days)
Minutes to Autoban: 527520 (8,792.00 hours, 366.33 days)
There is a total of 2615 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 30 Mins: 5 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 26500 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 50 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
!! Service Not Enabled !!
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: True Check MX records: True - 2 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: False Use SA score: False - 5
Subject Text: "[Possible Spam]"
Spam delete threshold: 8 Maximum message size: 26500
DNSBL ENTRIES:
zen.spamhaus.org Score: 5 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
hostkarma.junkemailfilter.com Score: 2 Result: 127.0.0.2|127.0.0.4
b.barracudacentral.org Score: 2 Result: 127.0.0.2
bl.spameatingmonkey.net Score: 2 Result: 127.0.0.2-3
cbl.abuseat.org Score: 2 Result: 127.0.0.2
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete email. Notify Sender: False, Notify Receiver: True
Max Message Size: 26500
CLAM AV: True Hostname: localhost Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.7z
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.docm Macro enabled Office
*.dotm Macro enabled Office
*.exe Executable file
*.inf Setup file
*.js JavaScript files
*.lnk Windows link file
*.msg .msg message files - G Roach
*.msi Windows Installer file
*.msp Windows Installer patch
*.pif Program information file
*.rar Winrar archives
*.reg Registration key
*.scf Windows Explorer command
*.scr Windows Screen saver
*.vbs VBScript
*.zip
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
mail.Domain2.com
Certificate: C:\wamp\bin\apache\apache2.4.9\conf\SSL\8e8268e1f460c9c4.crt
Private key: C:\wamp\bin\apache\apache2.4.9\conf\SSL\mail.Domain2.com.key
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : False
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional Cert: mail.Domain2.com
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 465 / SMTP - SSL/TLS Cert: mail.Domain2.com
0.0.0.0 / 587 / SMTP - StartTLS Required Cert: mail.Domain2.com
0.0.0.0 / 993 / IMAP - SSL/TLS Cert: mail.Domain2.com
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: E:\HMAIL\Logs\hmailserver_2019-10-21.log
Error: E:\HMAIL\Logs\ERROR_hmailserver_2019-10-21.log
Event: E:\HMAIL\Logs\hmailserver_events.log - Not present
Awstats: E:\HMAIL\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - .
IMAP - .
TCPIP - True
DEBUG - True
AWSTATS - True
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL
IPv6 support is available in operating system.
Backup directory E:\Backup is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder:
Data folder: E:\HMAIL\Data
Log folder: E:\HMAIL\Logs
Temp folder: E:\HMAIL\Temp
Event folder: E:\HMAIL\Events
[Database]
Type= MSSQL
Username= hmsdb
PasswordEncryption=1
Port= 0
Server= localhost\SQLEXPRESS
Internal= 0
-----------------------------------------------------------------------------------------------