Tons of blacklisted emails - ORF Forums

Tons of blacklisted emails RSS Back to forum

1

Hello sirs! I've got the following situation:


-------------------------------------------------------------------------------

-- EVENT SUMMARY --
Time: 8/25/2022 1:49:54 PM GMT+0300 (local)
Sender Email:
Author Email: (not available)
Recipient Email:
Source IP: (not available)
Remote Peer IP: 61.132.170.137
Action: Rejected
Email Subject: (not available)

-- EVENT MESSAGE --
Blacklisted by the Recipient Validation.

-- EVENT DETAILS --
Filtering Point: Before Arrival
Event Class: Blacklist
Severity: Information
Related Test: (not available)
Server: exmx-srv.md.mdis.ru
Service: MSEXCHANGE
HELO Domain: (not available)
Message ID: (not available)
Log Mode: Verbose
ORF Version: 6.7 RELEASE

-------------------------------------------------------------------------------
mdis.ru is definitely my domain. But I've neither user "admin" nor "". I've tried to blacklist sender "" but no use - there are hundreds of incoming (but rejected) mails from that sender. Is there any idea how to stop that?

Thank you in advance!

by vkomyakov 3 months ago
2

@vkomyakov: As long as these emails are blacklisted by ORF, there is nothing to worry about. I suggest the following:

1. Make sure the DHA Protection Test is enabled (ORF Administration Tool > Blacklists > DHA Protection Test). This will temporarily ban the IP address of spammers who keep sending emails to non-existent mailboxes in your organization.

2. Make sure the SPF Test is enabled (ORF Administration Tool > Authentication > SPF Test), and your domain has a published SPF record: https://vamsoft.com/support/docs/knowledge-base/spf-how-to

If you need further assistance, just let me know.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

3

Hello Daniel!

Thank you for explanation. I did enable these tests, just was a little curious why they kept trying to send those fake emails. Thanks again.

by vkomyakov 3 months ago
4

@vkomyakov: Spammers often "spoof" the domain name in the sender email address to impersonate a company or a person within the organization, in at attempt to deceive the recipient or to exploit a misconfigured email filter. ORF can block such emails using the DMARC and SPF tests.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2