Back to Community Threads
1
compromised passwords, large outgoing mail count
Question asked by Robbie Wright - 2/27/2015 at 9:57 PM
Unanswered
Had our first customer get their account compromised last week. Average messages per day was about 10 and spiked up to over 600 over the course of 3 days until it was caught. In the reports for the domain, it clearly shows the outgoing mail. In the delivery logs for the server, it shows the outgoing mail. However, the outgoing mail is not shown in the sent mail folder. How would a hacker with compromised creds logs into the server and send mail on behalf of a user and it not show up in sent?

4 Replies

Reply to Thread
0
Joe Wolf Replied
2/27/2015 at 10:11 PM
POP3 is the easiest way. It saves the outgoing messages locally, not on the server.
Thanks, -Joe
0
Robbie Wright Replied
2/28/2015 at 8:18 AM
so mail sent through pop3 does not get saved to the sent folder?
0
CCWH Replied
2/28/2015 at 4:14 PM
Correct, POP3 does not synchronise mail so outbound is simply for authentication and all sent emails are in the Sent folder on the local client, not the server.
0
Ben Conner Replied
3/2/2015 at 6:24 PM
One way to mitigate that is to throttle users to so many emails/hour. With one exception we have ours set to 50/hour.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Find a Compromised AccountSmarterMail > Troubleshooting
Configure an EAS Account in the Samsung Email ClientSmarterMail > Desktop and Mobile Synchronization
Cannot Send Email MessagesSmarterMail > Troubleshooting
Windows Mail and SmarterMailSmarterMail > Desktop and Mobile Synchronization
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management