SYSTEM INFORMATION | |
---|---|
OS type and version | Debian 12 |
Virtualmin version | 7.20.2 |
Is this normal to get this kind of reminders? I even checked the quota but it is not fully used.
SYSTEM INFORMATION | |
---|---|
OS type and version | Debian 12 |
Virtualmin version | 7.20.2 |
Is this normal to get this kind of reminders? I even checked the quota but it is not fully used.
This looks kinda phishy to me. You sure this is legit?
Phishing scam, trying to look like cpanel webmail.
Phishing i guess what should i do now? any advice? mail came directly from my domain
Not much, you could create some spamassassin rules to stop them getting to the inbox.
Check the email headers, it should be from a external address.
That’s NOT a message generated by Webmin, Virtualmin or Usermin.
Did it come from your server? Domains can be spoofed, especially if you aren’t checking SPF/DKIM and don’t have spam filtering set up. If it came from your server, you have an exploited web app or user or similar and you urgently need to address that problem.
@Joe I will check and see what information i can find. also will try to check the header like @stefan1959 mentioned.
Keep you updated.
Thank you all
Update:
received another email and i checked the header
Blockquote
Return-Path: accountt@lunachern.com
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on
serverbox.mydomain.net
X-Spam-Level: ****
X-Spam-Status: No, score=4.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,GB_CUSTOM_HTM_URI,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,
RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,
SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM,URI_NOVOWEL
autolearn=no autolearn_force=no version=4.0.0
X-Original-To: fern@mydomain.net
Delivered-To: “fern@mydomain.net”@serverbox.mydomain.net
Authentication-Results: serverbox.mydomain.net;
dkim=pass (2048-bit key; unprotected) header.d=lunachern.com header.i=@lunachern.com header.a=rsa-sha256 header.s=202411 header.b=ipZ7PvQO;
dkim-atps=neutral
Received: from smtp.born.lunachern.com (smtp.lunachern.com [79.141.173.135])
by serverbox.mydomain.net (Postfix) with ESMTPS id 19EBC18A25A
for fern@mydomain.net; Wed, 4 Dec 2024 17:06:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lunachern.com;
s=202411; t=1733314333;
bh=ZH7ue/imQQWXYnl0wIuHGCca6Wnk0ah4yjp6wr6d2C0=;
h=Reply-To:From:To:Subject:Date:From;
b=ipZ7PvQOGgagPYPQ2q35lXjrxq2knr8459ktHW5rn7ffNTtQhZWy5uy8+MSMVlL6g
IicTH1bhZpQGOREKPjOUD44zyNZgxWZSQ3dLHjrwycy7t49xCsmnHXxdZo7Dvs+yn5
kJCb+GR8Qp6janeNa4Jq5JHn5iwft+Z+zgqYifoSM1qVI3uApd9ymgM9c4Ld+3Q+5L
1pzwy4hsecHtbKSxo64GbTy+0UVqoaQBNjbN74EtOaC9/e9PIlhjU6y9cYyBoDEtaQ
b8XJkY3szfhx3jb2h7diU70B5WscfCw4q6dTiEX+HTv+5T9Nc+xRV3hrn3u+pzQc+d
p18EVk5pWE8Iw==
Received: from 244.100.94.34.bc.googleusercontent.com (244.100.94.34.bc.googleusercontent.com [34.94.100.244])
by smtp.born.lunachern.com (Postfix) with ESMTPSA id 1F0EA6C616
for fern@mydomain.net; Wed, 4 Dec 2024 12:12:12 +0000 (UTC)
Reply-To: noreply@mydomain.net
From: Mail Supportaccountt@lunachern.com
To: fern@mydomain.net
Subject: Password Expiration Notification(Prompt Attention Required for fern@mydomain.net)
Date: 4 Dec 2024 04:12:11 -0800
Message-ID: 20241204041211.BBCA955F897C4AF4@lunachern.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
Create some spamassassin rules to make the score higher, over 5 and it will be sent to spam folder.
@stefan1959 Thanks, i will try to do that
it appear to me that lunachern.com using virtualmin panel. when i check their page it is virtualmin start up page.
If this email keeps coming you can go to
Webmin > Servers > SpamAssassin Mail Filter > Allowed and Denied Addresses > Denied Addresses
and add
*@lunachern.com
*.lunachern.com
Usually they have more servers they send from though so chasing them works better with rules.
You can add additional headers that will list the rules and it’s score that an email triggers. You can change the values of the rules to suit your intention. Some of the rules you see in my report I have already changed the values.
@popmay This is great. i will try to add it now. Thank you
I hate when people use Virtualmin for evil. Spammers and scammers make me so angry. Giving it away from free, we have no way to stop it, but it sucks and hurts my feelings.
I agree with you. i really hate these people but what can we do they will keep on doing it. only thing i can do right now is to minimize it with the help i got in here.