Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 812 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

spam being generated in domain

Chandan Kumar2

too much spam is being generated by 1 id in a the network. the id is not present in our domain. the thing is all relays have been stopped by us except by mail server. we even tested by shutting down our mail server. the email doesn't contain any ip address ( not shown in log viewer) .. all rules written on firewall to drop emai from that id or subejct line doesn't stop the mail from going through.. switching from mta to legacy or legacy to mta doesn't help. the emails keep on going. l1 snd l2 support has been futile till now. community help all that can save me now.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Chandan,

    Thank you for contacting the Sophos Community.

    Can you forward one of the emails that are SPAM, so we can check the headers?

    Also, have you checked that you don't have any DNAT rule with service as ANY?

    Regards,

  • 0 in reply to emmosophos

    2020-06-17 07:59:16Emailmessageid="18035" log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" fw_rule_id="0" user="" policy_name="None" sender="tv.unnikrishnan@sailbsl.in" recipient="andreamonsagrati@hotmail.it" subject="Re: Hello Dear" message_id="1jikvJ-0005IB-4b" email_size="2059" action="DELIVERED" reason="Email has been delivered to recipient(s)." host="sailbsl.in" domain="" src_ip="" src_country="" dst_ip="" dst_country="" protocol="TCP" src_port="0" dst_port="0" bytes_sent="0" bytes_received="0" quarantine_reason="Other" Copy to clipboard

     

    Also, have you checked that you don't have any DNAT rule with service as ANY --> checked. None

  • 0 in reply to Chandan Kumar2

    Hello Chandan,

    Can you send me by PM the Access ID of your Firewall.

    Monitor & Analize >> Diagnostics >> Support Access >> ON >> Access Status >> And copy & paste the Access ID and send it to me.

    Regards,

  • 0 in reply to emmosophos

    DM the details to you. thanks for looking into it

Reply Children