Back to Community Threads
2
Build 7040 - Account hacked message
Question asked by CTL - 4/24/2019 at 6:17 AM
Answered
Hello All

some of the email stating that account hacked message,  I have no clue about how to mitigate the issue , Here header list 

Return-Path: <petrbejsak@gastroeshop.cz>
Received: from mail.bepositive.cz (hayley.bepositive.cz [77.93.207.30]) by myhostname.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Mon, 22 Apr 2019 00:23:04 -0400
Received: from localhost (unknown [127.0.0.1])
by mail.bepositive.cz (Postfix) with ESMTP id 12FBE614344
for <info@domain.com>; Mon, 22 Apr 2019 03:57:48 +0000 (UTC)
X-Virus-Scanned: amavisd-new at hayley.bepositive.cz
Received: from mail.bepositive.cz ([127.0.0.1])
by localhost (hayley.bepositive.cz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vcxuOJpKLAlq for <info@domain.com>;
Mon, 22 Apr 2019 05:57:47 +0200 (CEST)
Received: from [79-101-63-194.static.isp.telekom.rs] (unknown [79.101.63.194])
(Authenticated sender: petrbejsak@gastroeshop.cz)
by mail.bepositive.cz (Postfix) with ESMTPSA id 63D935E90D4
for <info@domain.com>; Mon, 22 Apr 2019 05:22:43 +0200 (CEST)
List-Unsubscribe: <https://ihvngc.us06.list-manage.com/unsubscribe?u=uz8hyx38mv01wc2vi4l32jvtu&id=y7gfh7hngx&e=ve5g42wlms&c=x9fffdsxhn>;,
<mailto:unsubscribe-mc.mn2brp4ceguvo1a8c2k61@mailin.gastroeshop.cz?subject=unsubscribe>
From: <info@domain.com>
Feedback-ID: 29816147:60763710.800163:us09:yw
Subject: info
Abuse-Reports-To: abuse@mailer.gastroeshop.cz
X-Mailer: nlserver, Build 6.0.2.6820
X-Priority: 3
X-Complaints-To: <abuse@mailer.gastroeshop.cz>
X-Sender-Info: <petrbejsak@gastroeshop.cz>
Content-Type: multipart/related;
boundary="isdvjblx-C6DAABF2C734D0-noabzruatf-A21EA19579603547-stuazrxp-B22C67D1AE8937962E34"
MIME-Version: 1.0
Date: Mon, 22 Apr 2019 05:22:44 +0200
To: info@domain.com
Errors-To: v6gcrk5xcmoskp@gastroeshop.cz
Message-ID: <h24zs69-wg9b3u-09@gastroeshop.cz>
X-CTCH-RefId: str=0001.0A02020A.5CBD41B1.0031,ss=1,re=0.000,recu=0.000,reip=0.000,pt=R_669326,cl=4,cld=1,fgs=0
X-CTCH-AVLevel: Unknown
X-SmarterMail-Spam: SPF [None]: 0, UCE PROTECT LEVEL 2: 2, UCE PROTECT LEVEL 3: 2, Cyren [Confirmed]: 30, ISpamAssassin [raw:1]: 2, DK [None]: 0, DKIM [None]: 0
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - User)


Here original picture message

FYI - I have replaced my original domain name to  info@domain.com  for security purpose

How to mitigate the issue , because the original header indicate trusted user 

Thanks

5 Replies

Reply to Thread
0
Stefano Replied
4/24/2019 at 6:30 AM
0
Kyle Kerst Replied
5/6/2019 at 4:38 PM
Employee Post Marked As Answer
Spoofed messages like these take advantage of lax settings for checking SPF/DKIM. Recommendation is to deploy both for your domains, then edit the failure weights associated with them under Settings>Antispam.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
CTL Replied
5/6/2019 at 5:32 PM
All our domain setup SPF/DKIM & DMARC validation . I have noticed build 7040 having still loop hole and continue receive the above message.  Moreover  latest build ie 7053 patched smartermail  for this issue and already moved to 7053 

Thanks
0
Kyle Kerst Replied
5/7/2019 at 4:12 PM
Employee Post
Binesh, since you've already implemented these steps and are still seeing the issue I suggest submitting a support ticket in this case. I have worked on a similar issue recently, and the problem was due to the SPF FAIL and SPF NONE weights being too low in SmarterMail. So the message was being scored, but not high enough to be caught by the junk mail folder. Often these issues are like this and just require some additional adjustment to capture them.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
CTL Replied
5/8/2019 at 10:21 PM
Here my settings
Pass weight - 0
Fail weight -30
soft fail weight -0
neutral weight -0
Permanent error weight -0
None weight -0

Now I am using build 7053

Thanks
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

SmarterMail HIPAA/FINRA/SOX ComplianceGeneral Topics
SmarterTools Licensing InformationGeneral Topics
SmarterMail Server Performance TuningSmarterMail > Server Configuration and Management
Find a Compromised AccountSmarterMail > Troubleshooting
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus