I have one user who is receiving a great deal of spam. It looks like the spam is bypassing the RBL checks I have set up on the server. (The spam IPs are all listed in the RBLs.) The one clue I see is that the authentication is listed as localdelivery. How is this happening, and how do I stop it? I've tried changing this user's email password, but that had no effect. Any suggestions greatly appreciated. Here is an example of one of the delivery reports.
Event: success [ Sender User: -remote- Sender Domain: Sender: [email protected] Sent Time: Nov 30, 2016 4:42:16 PM Sender Host: things.domain.top Sender IP: 91.219.xxx.xxx Authentication: localdelivery Spam Score: 0 Recipient: [email protected] Delivered To: [email protected] Delivery User: someusr Delivery Domain: example.com Router: virtual_user Transport: dovecot_virtual_delivery Out Time: Nov 30, 2016 4:42:16 PM ID: 1cCHJz-0002b8-PU Delivery Host: localhost Delivery IP: 127.0.0.1 Size: 5.09 KB Result: Accepted
Last edited by a moderator: