Phishing emails

gmakhs

Today i received a phishing email, and what it really puzzled me is that the domain that appear to send it exist in the cluster, the email came from ICANN-user@domain.com , (Domain.com exist in the system) what is strange to me HOW and WHY this email got accepted by the mail server in the first place since :
1) Email user and Address doesn't exist in the system
2) It doesn't comply with spf and dmarc

Does this work properly on enhance?

I am currently investigating

Kosta

gmakhs I think i noticed similar situation in my cluster when I wasn’t using cpfence. But since cpfence in place with rspam training, I don’t see this behaviour etc…
Actually I noticed that even some legitimate emails goes into junk now so I believe spam systems works very well/strict now…

xyzulu

Check the messages headers to determine exactly where the email came from.

gmakhs

xyzulu
Thanks, Though the message shouldnt be rejected?

xyzulu

Depends.. where did it come from etc.. start with the headers and SMTP logs to determine this.