Spam being sent through server

I have a strange problem. My server is sending spam and I cannot locate the cause. The spool currently has about a thousand messages. When I run a System Trend Message Traffic report, I can see that my server has sent out almost 8,000 messages today. However, when I try to view what domain is causing the issue with the System Summary Message Traffic report, the outgoing messages are nowhere near 8,000 messages. So, no domain is getting "credit" for sending out the emails. But clearly, the messages are going out from my server.

I have allow relay set to "nobody". Obviously this could be a compromised password. I am just trying to isolate which domain has the compromised password. I would appreciate any help.

Thanks,

Brian

Bruce Barnes Replied

1/12/2015 at 1:48 PM

Are you enforcing SMTP AUTHENTICATION on ALL DOMAINS?

Do you have any IP addresses or domains whitelisted?

Those are all open doors and invitations to spammers.

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Brian Covington Replied

1/12/2015 at 2:40 PM

I believe I discovered the issue. My host migrated me to new server (with new IPs) yesterday and in the process, when they were updating the server IP addresses in Smaertermail's SMTP Authentication Bypass, instead of removing the old server IP addresses, they created a huge range from the new IP address to the old IP address which punched a huge security hole. I have corrected that and the emails have stopped flowing in. Thank you for your reply.

2 Replies

Reply to Thread

Related Knowledge Base Articles

2 Replies

Reply to Thread

Tags

Related Knowledge Base Articles