Spam being sent through server
Question asked by Brian Covington - 1/12/2015 at 11:55 AM
Unanswered
I have a strange problem. My server is sending spam and I cannot locate the cause. The spool currently has about a thousand messages. When I run a System Trend  Message Traffic report, I can see that my server has sent out almost 8,000 messages today. However, when I try to view what domain is causing the issue with the System Summary Message Traffic report, the outgoing messages are nowhere near 8,000 messages. So, no domain is getting "credit" for sending out the emails. But clearly, the messages are going out from my server.  
 
I have allow relay set to "nobody". Obviously this could be a compromised password. I am just trying to isolate which domain has the compromised password. I would appreciate any help.
 
Thanks,
 
Brian

2 Replies

Reply to Thread
0
Bruce Barnes Replied
Are you enforcing SMTP AUTHENTICATION on ALL DOMAINS?
 
Do you have any IP addresses or domains whitelisted?
 
Those are all open doors and invitations to spammers.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Brian Covington Replied
I believe I discovered the issue. My host migrated me to new server (with new IPs) yesterday and in the process, when they were updating the server IP addresses in Smaertermail's SMTP Authentication Bypass, instead of removing the old server IP addresses, they created a huge range from the new IP address to the old IP address which punched a huge security hole. I have corrected that and the emails have stopped flowing in. Thank you for your reply.

Reply to Thread