Build 7040 - Account hacked message
Question asked by Binesh Shammunni - April 24 at 6:17 AM
Answered
Hello All

some of the email stating that account hacked message,  I have no clue about how to mitigate the issue , Here header list 

Return-Path: <petrbejsak@gastroeshop.cz>
Received: from mail.bepositive.cz (hayley.bepositive.cz [77.93.207.30]) by myhostname.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Mon, 22 Apr 2019 00:23:04 -0400
Received: from localhost (unknown [127.0.0.1])
by mail.bepositive.cz (Postfix) with ESMTP id 12FBE614344
for <info@domain.com>; Mon, 22 Apr 2019 03:57:48 +0000 (UTC)
X-Virus-Scanned: amavisd-new at hayley.bepositive.cz
Received: from mail.bepositive.cz ([127.0.0.1])
by localhost (hayley.bepositive.cz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vcxuOJpKLAlq for <info@domain.com>;
Mon, 22 Apr 2019 05:57:47 +0200 (CEST)
Received: from [79-101-63-194.static.isp.telekom.rs] (unknown [79.101.63.194])
(Authenticated sender: petrbejsak@gastroeshop.cz)
by mail.bepositive.cz (Postfix) with ESMTPSA id 63D935E90D4
for <info@domain.com>; Mon, 22 Apr 2019 05:22:43 +0200 (CEST)
List-Unsubscribe: <https://ihvngc.us06.list-manage.com/unsubscribe?u=uz8hyx38mv01wc2vi4l32jvtu&id=y7gfh7hngx&e=ve5g42wlms&c=x9fffdsxhn>;,
<mailto:unsubscribe-mc.mn2brp4ceguvo1a8c2k61@mailin.gastroeshop.cz?subject=unsubscribe>
From: <info@domain.com>
Feedback-ID: 29816147:60763710.800163:us09:yw
Subject: info
Abuse-Reports-To: abuse@mailer.gastroeshop.cz
X-Mailer: nlserver, Build 6.0.2.6820
X-Priority: 3
X-Complaints-To: <abuse@mailer.gastroeshop.cz>
X-Sender-Info: <petrbejsak@gastroeshop.cz>
Content-Type: multipart/related;
boundary="isdvjblx-C6DAABF2C734D0-noabzruatf-A21EA19579603547-stuazrxp-B22C67D1AE8937962E34"
MIME-Version: 1.0
Date: Mon, 22 Apr 2019 05:22:44 +0200
To: info@domain.com
Errors-To: v6gcrk5xcmoskp@gastroeshop.cz
Message-ID: <h24zs69-wg9b3u-09@gastroeshop.cz>
X-CTCH-RefId: str=0001.0A02020A.5CBD41B1.0031,ss=1,re=0.000,recu=0.000,reip=0.000,pt=R_669326,cl=4,cld=1,fgs=0
X-CTCH-AVLevel: Unknown
X-SmarterMail-Spam: SPF [None]: 0, UCE PROTECT LEVEL 2: 2, UCE PROTECT LEVEL 3: 2, Cyren [Confirmed]: 30, ISpamAssassin [raw:1]: 2, DK [None]: 0, DKIM [None]: 0
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - User)


Here original picture message

FYI - I have replaced my original domain name to  info@domain.com  for security purpose

How to mitigate the issue , because the original header indicate trusted user 

Thanks

5 Replies

Reply to Thread
0
Stefano Replied
0
Kyle Kerst Replied
Employee Post Marked As Answer
Spoofed messages like these take advantage of lax settings for checking SPF/DKIM. Recommendation is to deploy both for your domains, then edit the failure weights associated with them under Settings>Antispam.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Binesh Shammunni Replied
All our domain setup SPF/DKIM & DMARC validation . I have noticed build 7040 having still loop hole and continue receive the above message.  Moreover  latest build ie 7053 patched smartermail  for this issue and already moved to 7053 

Thanks
0
Kyle Kerst Replied
Employee Post
Binesh, since you've already implemented these steps and are still seeing the issue I suggest submitting a support ticket in this case. I have worked on a similar issue recently, and the problem was due to the SPF FAIL and SPF NONE weights being too low in SmarterMail. So the message was being scored, but not high enough to be caught by the junk mail folder. Often these issues are like this and just require some additional adjustment to capture them.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Binesh Shammunni Replied
Here my settings
Pass weight - 0
Fail weight -30
soft fail weight -0
neutral weight -0
Permanent error weight -0
None weight -0

Now I am using build 7053

Thanks

Reply to Thread