Queue / How come there is Spam waiting?

Discussion room for the MailPlus Server package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
paradeiser
Experienced
Experienced
Posts: 119
Joined: Mon Aug 09, 2010 10:57 am

Queue / How come there is Spam waiting?

Unread post by paradeiser » Fri Aug 10, 2018 3:05 pm

Dear Forum,

I'm quite familiar with MailPlus Server and its running smoothly, I just don't understand the Queue page. Maybe someone could enlighten me ;)

As I understand it, it should be empty unless my MailServer can not deliver a mail I sent.
But my Queue shows me quite a lot of emails, that are obviously spam. As Sender, it shows one of my legit users, but strange recipients that are for sure not addressed by us.
As I understand it, these mails pretend to originate from us / our SMTP - right?

I've activated authentication for SMTP and most of the security features in the "Mail Delivery / Security" Page.
Do I have to worry, my system sends spam?
How do the mails get in the Queue?

Thanks for helping me,
paradeiser
DS210j | DS410 | DS211 | DS214 | DS216+II | DS916+ | Back-UPS | macOS/Windows

User avatar
WST16
Versed
Versed
Posts: 244
Joined: Sun Oct 02, 2016 10:03 am

Re: Queue / How come there is Spam waiting?

Unread post by WST16 » Fri Aug 10, 2018 5:15 pm

Hi,

Try using a tool like mxtoolbox to check the state of your mail server:
https://mxtoolbox.com/

Note that there are many tests that you can perform with the above. You might want to try what you can to paint a clear picture of what’s going on.

Also, if you didn’t. Look into configuring DMARC, DKIM and SPF.
DS216+II : DS118 : APC Back UPS ES 700 : Mac user

paradeiser
Experienced
Experienced
Posts: 119
Joined: Mon Aug 09, 2010 10:57 am

Re: Queue / How come there is Spam waiting?

Unread post by paradeiser » Fri Aug 10, 2018 9:12 pm

thx for your input!

but thats all working just fine, mxtoolbox gives no errors
SMTP Reverse DNS Mismatch OK - xxx.xxx.xxx.xxx resolves to mail.xxx.xx
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP Banner Check OK - Reverse DNS matches SMTP Banner
SMTP TLS OK - Supports TLS.
SMTP Open Relay OK - Not an open relay.
SPF, DKIM, DMARC is all set up and working fine.
DMARC Analyzer shows good statistics, and the invalid flows are ok.

I just dont understand where the mails in the queue are coming from… any ideas?

sincerely,
paradeiser
DS210j | DS410 | DS211 | DS214 | DS216+II | DS916+ | Back-UPS | macOS/Windows

User avatar
WST16
Versed
Versed
Posts: 244
Joined: Sun Oct 02, 2016 10:03 am

Re: Queue / How come there is Spam waiting?

Unread post by WST16 » Fri Aug 10, 2018 9:58 pm

If you’re sure that no one can send unless authenticated then it must be/should be an authorized client inside or outside. You might have a security breach where you have usernames/passwords exposed and used.

On the other hand, maybe one —or many— clients is infected with a worm/virus that is sending all of this.

I would try to examine the senders that appear in the queue and trace it back to the sources inside and check the clients for any viruses or worms.

Try to find something out of order within those logs. Like messages being sent in odd hours where you don’t have users sending emails. Try to zoom in on a pattern or a user.

Check your password polices, and if you’re a small group, change all the passwords if it’s managable.

Sorry, that’s all I can think of. I hope someone else can provide more and better suggestions.
DS216+II : DS118 : APC Back UPS ES 700 : Mac user

paradeiser
Experienced
Experienced
Posts: 119
Joined: Mon Aug 09, 2010 10:57 am

Re: Queue / How come there is Spam waiting?

Unread post by paradeiser » Sat Aug 11, 2018 8:18 am

Thanks a lot for discussing this with me… actually it helps a lot just to go thru this again.

I think I found the source:
A user has turned on his auto-reply coz he's out of office. But the mailserver also replies to spam-mails. As spammers use fake sender-information the auto-reply cant be delivered: voilá!

maybe there should be more options, like: reply just once a day to the same sender, don't send reply if its spam, …

Thanks a lot!
DS210j | DS410 | DS211 | DS214 | DS216+II | DS916+ | Back-UPS | macOS/Windows

User avatar
WST16
Versed
Versed
Posts: 244
Joined: Sun Oct 02, 2016 10:03 am

Re: Queue / How come there is Spam waiting?

Unread post by WST16 » Sat Aug 11, 2018 8:46 am

Aha, that makes sense— in a way :-)
So it was all internal afterall, that’s good.
But why all this spam is allowed in?!

If they are going to the junk folder, then the server knows, or believes that they’re spam.

Since you’ve enabled SPF, you can set it to reject Softfail and it should (never tried it) reject the emails that don’t comply. But it’ll be very strict and might block some legit emails that don’t provide SPF too.

Maybe that’s something to look at.
It never ends… :-)
DS216+II : DS118 : APC Back UPS ES 700 : Mac user

paradeiser
Experienced
Experienced
Posts: 119
Joined: Mon Aug 09, 2010 10:57 am

Re: Queue / How come there is Spam waiting?

Unread post by paradeiser » Mon Aug 13, 2018 9:56 am

Would be great if mailplus_team would look into tweaking the auto-reply funcionality (exclude spam, etc.)

Thanks!
paradeiser
DS210j | DS410 | DS211 | DS214 | DS216+II | DS916+ | Back-UPS | macOS/Windows

Post Reply

Return to “MailPlus Server”