Azure Cloud Spam (continued from MagicSpam for Plesk forum)

This is the area for a general support questions, discussions and information that you can read and share. Post your experiences, stats and tricks and tips that are not covered elsewhere. Remember, for questions please search the FAQ first, as your question may already be answered.

Moderators: wizard, magicspam

Post Reply
puzzel76
Posts: 10
Joined: Tue Oct 11, 2016 5:46 am

Azure Cloud Spam (continued from MagicSpam for Plesk forum)

Post by puzzel76 » Thu Mar 25, 2021 6:01 am

Hello dear MagicSpam Team,

as I am using Pro on my server I continue the Azure Cloud Spam thread here.
viewtopic.php?f=15&t=237371

Screenshot of Settings attached.

Here is an excerpt of my maillog:

Mar 25 13:48:16 lvps176-28-23-41 postfix/smtpd[19327]: connect from vdds-46.westus.cloudapp.azure.com[137.135.47.133]
Mar 25 13:48:17 lvps176-28-23-41 postfix/smtpd[19327]: 39B501409FE: client=vdds-46.westus.cloudapp.azure.com[137.135.47.133]
Mar 25 13:48:17 lvps176-28-23-41 postfix/cleanup[19347]: 39B501409FE: message-id=<0.0.167.E6.1D72085FD064EB6.0@uspmta194086.emarsys.net>
Mar 25 13:48:17 lvps176-28-23-41 check-quota[19351]: Starting the check-quota filter...
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: SKIP during call 'check-quota' handler
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Starting the spf filter...
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Error code: (2) Could not find a valid SPF record
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: Failed to query MAIL-FROM: No DNS data for 'adostudio.it'.
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: SPF result: none
Mar 25 13:48:17 lvps176-28-23-41 spf[19352]: SPF status: PASS
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: PASS during call 'spf' handler
Mar 25 13:48:17 lvps176-28-23-41 psa-pc-remote[17660]: SKIP during call 'magicspam-flag' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix/qmgr[17412]: 39B501409FE: from=<>, size=32286, nrcpt=1 (queue active)
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: postfix-local: from=MAILER-DAEMON, to=mario@gaida.de, dirname=/var/qmail/mailnames
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: Starting the dk_check filter...
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM Bad signature
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM verification (d=emarsys.net, 1024-bit key) failed: signature verification failed
Mar 25 13:48:17 lvps176-28-23-41 dk_check[19356]: DKIM verification (d=email.experteer.com, 1024-bit key) failed: signature verification failed
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: PASS during call 'dd52-domainkeys' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix-local[19355]: SKIP during call 'magicspam-flag' handler
Mar 25 13:48:17 lvps176-28-23-41 postfix/pipe[19354]: 39B501409FE: to=<mario@gaida.de>, relay=plesk_virtual, delay=1.3, delays=1.3/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Mar 25 13:48:17 lvps176-28-23-41 postfix/qmgr[17412]: 39B501409FE: removed
Mar 25 13:48:17 lvps176-28-23-41 postfix/smtpd[19327]: disconnect from vdds-46.westus.cloudapp.azure.com[137.135.47.133] ehlo=1 mail=1 rcpt=1 bdat=4 quit=1 commands=8

Perhaps this can help you find a way to block azure cloud spam.

kind regards
Mario
Attachments
Bildschirmfoto 2021-03-25 um 13.58.32.jpg
Bildschirmfoto 2021-03-25 um 13.58.32.jpg (178.49 KiB) Viewed 13678 times
Bildschirmfoto 2021-03-25 um 13.58.27.jpg
Bildschirmfoto 2021-03-25 um 13.58.27.jpg (196.14 KiB) Viewed 13678 times
Bildschirmfoto 2021-03-25 um 13.58.11.jpg
Bildschirmfoto 2021-03-25 um 13.58.11.jpg (172.12 KiB) Viewed 13678 times

magicspam
Posts: 1553
Joined: Tue Oct 28, 2008 2:27 pm

Re: Azure Cloud Spam (continued from MagicSpam for Plesk forum)

Post by magicspam » Thu Mar 25, 2021 6:38 pm

Hello puzzel76,

Thank you for the additional information.

Your MagicSpam installation already seems to be quite strictly configured. Since you are using the PRO version, your best option to stop inbound spam from their networks is to enable the MagicSpam custom SpamAssassin Rules if you have SpamAssassin installed on your server.

MagicSpam Admin Interface >> Anti-Spam >> SpamAssassin

If you already have the MagicSpam custom SpamAssassin Rules enabled, please confirm that the LM_IS_AZURE_IP has been hitting. You can check by running the following command on the terminal as root:

Code: Select all

zgrep LM_IS_AZURE_IP /var/log/mail.log*
Otherwise, if you do not expect to receive any email from Microsoft Azure networks, you can block all incoming email from Microsoft Azure networks by adding the RAT-Azure RBL (azure.spamrats.com) through:

MagicSpam Admin Interface >> Anti-Spam >> IP Reputation >> RBL

It would be helpful for our Threat Research Team if you were able to provide us with the logs and samples of the spam coming from Microsoft Azure networks. You can retrieve logs by running the following command on the terminal as root:

Code: Select all

grep cloudapp.azure.com /var/log/magicspam/mslog*
Please send us the logs and spam samples as attachments to us via email at:

support@magicspam.com

Hopefully, this information will help you.

Thank you.
-- MagicSpam Support Team --

Post Reply

Return to “General Discussions and Support Questions”

Who is online

Users browsing this forum: No registered users and 13 guests