Email Authenticating and being spoofed by unknown account

Question asked by Hostbreak Web Technologies - 11/26/2015 at 8:13 AM

Unanswered

Hello,

I am running smartermail 6.8. I have an issue, I am seeing in logs that wrong accounts are spoofing from my server , authenticating as sales .. just sales no domain. I am confused how are they achieving this and how can I stop this?

I have SPF and DKIM enabled. My domain is hostbreak.com. If required I can send the log of any email

Any help is highly appreciated. Thanks

Regards

9 Replies

Reply to Thread

Bruce Barnes Replied

11/26/2015 at 9:32 AM

The ability to take advantage of the internal antispam settings in SmarterMail did not become available until SmarterMail 7.X.

Your SmarterMail 6.8 is a full 12 versions behind the current version of SmarterMail. Please remember, only the current, and previous two, versions of SmarterMail are officially supported by SmarterMail/SmarterTools.

They are significantly improved in SmarterMail 14.4, and you can see my most recent document, pertaining to those settings, at: https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx

In order to implement both the antispam settings, as well as take advantage of all of the new security features, including TLS encryption and DMARC, which will, pretty much ELIMINATE joe-jobbing [https://en.wikipedia.org/wiki/Joe_job], which is what you are experiencing, you will have to upgrade to the latest version of SmarterMail.

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Hostbreak Web Technologies Replied

11/27/2015 at 3:25 AM

Thanks Bruce, I have upgrade protection to upgrade to 11.x . If I upgrade SM to 11.x will it be good enough to fight joe-job and spoofing. I am pretty much interesting in applying dmarc on it as well.

Bruce Barnes Replied

11/27/2015 at 5:00 AM

If you have current upgrade protection, it should take you all the way to 14.4 -- and I would seriously consider going that route, or you will have SPF issuse with records longer than 512 bits, resolved in 14.

This will be a two-step process, however, as you will have to upgrade to SmarterMail 7.X, then to 14.4.

Remember, too, these are major version upgrades, so you will have to:

- uninstall version 6.X

- REBOOT: to unlock any locked files

- install version 7.x - wait about 30 to 60 minutes for user data file path changes to be propagated

- remap all of your ports

- the mapping of which changes significantly with SmarterMail 7.X

- map the PUBLIC IP ADDRESS for the FQDN of the SmarterMail server

- make certain that IP address has a valid rDNS, assigned by your IP address block provider

- add a #HOSTNAME# variable to your SMTP settings

- uninstall version 7.x

- REBOOT: to unlock any locked files

- install version 14.4

- DISABLE the SmarterMail webserver, as it is designed only for installations only, and was never intended to run the public web interface

- add an SSL certificate

- add the required SSL ports

- modify your registry to disable SSL 1.0, SSL 2.0, SSL 3.0

- modify your registry to utilize TLS 1.0, TLS 1.1, and TLS 1.2

- upgrade your registry to use the most secure CIPHERS

- test via https://www.ssllabs.com/ssltest/index.html

- and resolve any issues

Hostbreak Web Technologies Replied

11/27/2015 at 5:39 AM

Thanks alot Bruce. Another thing, I have SPF on hostbreak.com but it still allows me to send emails remotely using authentication. Why is it so?

Bruce Barnes Replied

11/27/2015 at 9:38 AM

SPF and SMTP authentication are two completely different animals and must be configured independently.

SPF doesn't restrict anything.

DMARC will, when properly implemented, restrict sending by non-authorized users, but you need to also have DKIM keys, generated from WITHIN SMARTERMAIL for EACH HOSTED DOMAIN (DomainKeys are obsolete, and no longer used). The DKIM keys will have to be at least 2048 bits in length, anything smaller is not secure.

You will also need to setup all of your DNS records for the DKIM records and DMARC.

If you are not totally comfortable with these topics, I would pay someone to do this as it can amount to weeks of frustration if you don't know exactly what you are doing.

Hostbreak Web Technologies Replied

11/30/2015 at 3:38 AM

Hi bruce I have done the first step, I have upgraded to 7.6 . The issue now I am facing is that I get some error regarding app_data permissions. Secondly, I am unable to download attachments from my emails. When I run self diagnostic tool I get an error , also while showing reports. So I believe the permissions might be an issue here.

Bruce Barnes Replied

11/30/2015 at 5:08 AM

Did you UNINSTALL the OLD VERSION, and REBOOT before installing version 7?

Hostbreak Web Technologies Replied

11/30/2015 at 7:25 AM

Hi Bruce , I did uninstall and reboot before installing new version but still there seems to be some issues.

Hostbreak Web Technologies Replied

11/30/2015 at 11:47 PM

Bruce, I have installed 11.x now. Other issues are resolved, just one final issue. I donot see any error in self diagnostic test. Still the attachments are not being attached. They are attached but when email is sent, they disappear. Can you guide please?

Back to Community Threads

Please leave this box unchecked

9 Replies

Reply to Thread

Tags

Related Knowledge Base Articles