Email Authenticating and being spoofed by unknown account
Question asked by Hostbreak Web Technologies - November 26, 2015 at 8:13 AM
Unanswered
Hello, 
 
I am running smartermail 6.8. I have an issue, I am seeing in logs that wrong accounts are spoofing from my server , authenticating as sales .. just sales no domain. I am confused how are they achieving this and how can I stop this?
 
I have SPF and DKIM enabled. My domain is hostbreak.com. If required I can send the log of any email        
 
Any help is highly appreciated. Thanks
 
Regards

9 Replies

Reply to Thread
1
Bruce Barnes Replied
The ability to take advantage of the internal antispam settings in SmarterMail did not become available until SmarterMail 7.X.
 
Your SmarterMail 6.8 is a full 12 versions behind the current version of SmarterMail.  Please remember, only the current, and previous two, versions of SmarterMail are officially supported by SmarterMail/SmarterTools.

They are significantly improved in SmarterMail 14.4, and you can see my most recent document, pertaining to those settings, at: 
https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx
 
In order to implement both the antispam settings, as well as take advantage of all of the new security features, including TLS encryption and DMARC, which will, pretty much ELIMINATE joe-jobbing [https://en.wikipedia.org/wiki/Joe_job], which is what you are experiencing, you will have to upgrade to the latest version of SmarterMail.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks Bruce, I have upgrade protection to upgrade to 11.x . If I upgrade SM to 11.x will it be good enough to fight joe-job and spoofing. I am pretty much interesting in applying dmarc on it as well.
1
Bruce Barnes Replied
If you have current upgrade protection, it should take you all the way to 14.4 -- and I would seriously consider going that route, or you will have SPF issuse with records longer than 512 bits, resolved in 14.
 
This will be a two-step process, however, as you will have to upgrade to SmarterMail 7.X, then to 14.4.
 
Remember, too, these are major version upgrades, so you will have to:
 
  - uninstall version 6.X
  - REBOOT: to unlock any locked files
  - install version 7.x - wait about 30 to 60 minutes for user data file path changes to be propagated
  - remap all of your ports
  - the mapping of which changes significantly with SmarterMail 7.X
 -  map the PUBLIC IP ADDRESS for the FQDN of the SmarterMail server
 - make certain that IP address has a valid rDNS, assigned by your IP address block provider
 - add a #HOSTNAME# variable to your SMTP settings
 - uninstall version 7.x
 - REBOOT: to unlock any locked files
 - install version 14.4
 - DISABLE the SmarterMail webserver, as it is designed only for installations only, and was never intended to run the public web interface
 - add an SSL certificate
 - add the required SSL ports
 - modify your registry to disable SSL 1.0, SSL 2.0, SSL 3.0
 - modify your registry to utilize TLS 1.0, TLS 1.1, and TLS 1.2
 - upgrade your registry to use the most secure CIPHERS
 - and resolve any issues
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks alot Bruce. Another thing, I have SPF on hostbreak.com but it still allows me to send emails remotely using authentication. Why is it so?
0
Bruce Barnes Replied
SPF and SMTP authentication are two completely different animals and must be configured independently.
 
SPF doesn't restrict anything.
 
DMARC will, when properly implemented, restrict sending by non-authorized users, but you need to also have DKIM keys, generated from WITHIN SMARTERMAIL for EACH HOSTED DOMAIN (DomainKeys are obsolete, and no longer used).  The DKIM keys will have to be at least 2048 bits in length, anything smaller is not secure.
 
You will also need to setup all of your DNS records for the DKIM records and DMARC.
 
If you are not totally comfortable with these topics, I would pay someone to do this as it can amount to weeks of frustration if you don't know exactly what you are doing.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hi bruce I have done the first step, I have upgraded to 7.6 . The issue now I am facing is that I get some error regarding app_data permissions. Secondly, I am unable to download attachments from my emails. When I run self diagnostic tool I get an error , also while showing reports. So I believe the permissions might be an issue here.
0
Bruce Barnes Replied
Did you UNINSTALL the OLD VERSION, and REBOOT before installing version 7?
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hi Bruce , I did uninstall and reboot before installing new version but still there seems to be some issues.
0
Bruce, I have installed 11.x now. Other issues are resolved, just one final issue. I donot see any error in self diagnostic test. Still the attachments are not being attached. They are attached but when email is sent, they disappear. Can you guide please?

Reply to Thread