Back to Community Threads
2
Backscatter
Question asked by Brian Gallutia - 3/29/2015 at 1:05 PM
Unanswered
I have one user on the mail server whose email address is being used to send out spam via an "unknown host." Every morning, like clockwork, the queue fills up with these mystery emails from this user and it appears that some of them even go through while the others stay in the queue until expiration.
 
Does anyone have any advice on how to prevent this from happening?  It's always been an issue but now it's affecting my server's rating with SenderBase and it's becoming a problem.

Thank you for any help in advance.

9 Replies

Reply to Thread
0
Brian Gallutia Replied
3/31/2015 at 6:29 AM
*bump*
0
Paul Blank Replied
4/1/2015 at 4:50 AM
Is there any info in the SM logs that can give you a clue to what's happening?
 
0
Brian Gallutia Replied
4/1/2015 at 6:47 AM
Hopefully the attached file illustrates my problem better than I am.  Every morning, my user phil[at]manningmaterialsinc[dot]com gets a ton of bounce-backs from emails he didn't send, from a server that is stating it's mail.pcsdesk.com but isn't (this server's IP is 23.23.206.207).
 
 
Even though my server isn't on any spam lists, it does get flagged by SenderBase regularly and it's turning into a real headache.
 
Any help is appreciated.
0
Brian Gallutia Replied
4/6/2015 at 10:13 AM
bump
0
Paul Blank Replied
5/5/2015 at 7:34 AM
Just noticed this again.  Did you ever resolve this?  Anything to do with the relay settings in SM?
 
0
Brian Gallutia Replied
5/5/2015 at 8:06 AM
No, never heard anything. I've resorted to shutting down the user's email account and turning it back on in the morning, since the backscatter on this account occurs overnight and early in the morning.

Since I've started this practice, the SenderBase reputation has been "Good." Unfortunately this isn't a solution and I'll need to figure out something soon. Thanks -
0
Bruce Barnes Replied
5/5/2015 at 8:17 AM
This looks more like joe-jobbing than "backscatter."
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Paul Blank Replied
5/5/2015 at 8:22 AM
If the incoming emails are always from the same server name (mail.mypcsdesk.com), can't they be automatically filtered by SM's filter settings, or am I missing something?
 
 
0
Brian Gallutia Replied
5/5/2015 at 9:33 AM
There's a new term for me. Thank you for the article link.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management
Migrating SmarterMail to LinuxSmarterMail > Server Configuration and Management
Set up SmarterMail as an IIS Site in IIS 8SmarterMail > Server Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Changing Ownership of SmarterMail on Linux: A Step-by-Step GuideSmarterMail > Server Configuration and Management