Email Authenticating and being spoofed by unknown account
Question asked by Hostbreak Web Technologies - November 26, 2015 at 8:13 AM
Unanswered
Hello, 
 
I am running smartermail 6.8. I have an issue, I am seeing in logs that wrong accounts are spoofing from my server , authenticating as sales .. just sales no domain. I am confused how are they achieving this and how can I stop this?
 
I have SPF and DKIM enabled. My domain is hostbreak.com. If required I can send the log of any email        
 
Any help is highly appreciated. Thanks
 
Regards

4 Replies

Reply to Thread
1
The ability to take advantage of the internal antispam settings in SmarterMail did not become available until SmarterMail 7.X.
 
Your SmarterMail 6.8 is a full 12 versions behind the current version of SmarterMail.  Please remember, only the current, and previous two, versions of SmarterMail are officially supported by SmarterMail/SmarterTools.

They are significantly improved in SmarterMail 14.4, and you can see my most recent document, pertaining to those settings, at: 
https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx
 
In order to implement both the antispam settings, as well as take advantage of all of the new security features, including TLS encryption and DMARC, which will, pretty much ELIMINATE joe-jobbing [https://en.wikipedia.org/wiki/Joe_job], which is what you are experiencing, you will have to upgrade to the latest version of SmarterMail.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
If you have current upgrade protection, it should take you all the way to 14.4 -- and I would seriously consider going that route, or you will have SPF issuse with records longer than 512 bits, resolved in 14.
 
This will be a two-step process, however, as you will have to upgrade to SmarterMail 7.X, then to 14.4.
 
Remember, too, these are major version upgrades, so you will have to:
 
  - uninstall version 6.X
  - REBOOT: to unlock any locked files
  - install version 7.x - wait about 30 to 60 minutes for user data file path changes to be propagated
  - remap all of your ports
  - the mapping of which changes significantly with SmarterMail 7.X
 -  map the PUBLIC IP ADDRESS for the FQDN of the SmarterMail server
 - make certain that IP address has a valid rDNS, assigned by your IP address block provider
 - add a #HOSTNAME# variable to your SMTP settings
 - uninstall version 7.x
 - REBOOT: to unlock any locked files
 - install version 14.4
 - DISABLE the SmarterMail webserver, as it is designed only for installations only, and was never intended to run the public web interface
 - add an SSL certificate
 - add the required SSL ports
 - modify your registry to disable SSL 1.0, SSL 2.0, SSL 3.0
 - modify your registry to utilize TLS 1.0, TLS 1.1, and TLS 1.2
 - upgrade your registry to use the most secure CIPHERS
 - and resolve any issues
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
SPF and SMTP authentication are two completely different animals and must be configured independently.
 
SPF doesn't restrict anything.
 
DMARC will, when properly implemented, restrict sending by non-authorized users, but you need to also have DKIM keys, generated from WITHIN SMARTERMAIL for EACH HOSTED DOMAIN (DomainKeys are obsolete, and no longer used).  The DKIM keys will have to be at least 2048 bits in length, anything smaller is not secure.
 
You will also need to setup all of your DNS records for the DKIM records and DMARC.
 
If you are not totally comfortable with these topics, I would pay someone to do this as it can amount to weeks of frustration if you don't know exactly what you are doing.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Did you UNINSTALL the OLD VERSION, and REBOOT before installing version 7?
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread