Build 7040 - Account hacked message
Question asked by CTL - 4/24/2019 at 6:17 AM
Hello All

some of the email stating that account hacked message,  I have no clue about how to mitigate the issue , Here header list 

Return-Path: <petrbejsak@gastroeshop.cz>
Received: from mail.bepositive.cz (hayley.bepositive.cz []) by myhostname.com with SMTP
cipher=Aes256 bits=256);
Mon, 22 Apr 2019 00:23:04 -0400
Received: from localhost (unknown [])
by mail.bepositive.cz (Postfix) with ESMTP id 12FBE614344
for <info@domain.com>; Mon, 22 Apr 2019 03:57:48 +0000 (UTC)
X-Virus-Scanned: amavisd-new at hayley.bepositive.cz
Received: from mail.bepositive.cz ([])
by localhost (hayley.bepositive.cz []) (amavisd-new, port 10024)
with ESMTP id vcxuOJpKLAlq for <info@domain.com>;
Mon, 22 Apr 2019 05:57:47 +0200 (CEST)
Received: from [79-101-63-194.static.isp.telekom.rs] (unknown [])
(Authenticated sender: petrbejsak@gastroeshop.cz)
by mail.bepositive.cz (Postfix) with ESMTPSA id 63D935E90D4
for <info@domain.com>; Mon, 22 Apr 2019 05:22:43 +0200 (CEST)
List-Unsubscribe: <https://ihvngc.us06.list-manage.com/unsubscribe?u=uz8hyx38mv01wc2vi4l32jvtu&id=y7gfh7hngx&e=ve5g42wlms&c=x9fffdsxhn>;,
From: <info@domain.com>
Feedback-ID: 29816147:60763710.800163:us09:yw
Subject: info
Abuse-Reports-To: abuse@mailer.gastroeshop.cz
X-Mailer: nlserver, Build
X-Priority: 3
X-Complaints-To: <abuse@mailer.gastroeshop.cz>
X-Sender-Info: <petrbejsak@gastroeshop.cz>
Content-Type: multipart/related;
MIME-Version: 1.0
Date: Mon, 22 Apr 2019 05:22:44 +0200
To: info@domain.com
Errors-To: v6gcrk5xcmoskp@gastroeshop.cz
Message-ID: <h24zs69-wg9b3u-09@gastroeshop.cz>
X-CTCH-RefId: str=0001.0A02020A.5CBD41B1.0031,ss=1,re=0.000,recu=0.000,reip=0.000,pt=R_669326,cl=4,cld=1,fgs=0
X-CTCH-AVLevel: Unknown
X-SmarterMail-Spam: SPF [None]: 0, UCE PROTECT LEVEL 2: 2, UCE PROTECT LEVEL 3: 2, Cyren [Confirmed]: 30, ISpamAssassin [raw:1]: 2, DK [None]: 0, DKIM [None]: 0
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - User)

Here original picture message

FYI - I have replaced my original domain name to  info@domain.com  for security purpose

How to mitigate the issue , because the original header indicate trusted user 


5 Replies

Reply to Thread
Stefano Replied
Kyle Kerst Replied
Employee Post Marked As Answer
Spoofed messages like these take advantage of lax settings for checking SPF/DKIM. Recommendation is to deploy both for your domains, then edit the failure weights associated with them under Settings>Antispam.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
CTL Replied
All our domain setup SPF/DKIM & DMARC validation . I have noticed build 7040 having still loop hole and continue receive the above message.  Moreover  latest build ie 7053 patched smartermail  for this issue and already moved to 7053 

Kyle Kerst Replied
Employee Post
Binesh, since you've already implemented these steps and are still seeing the issue I suggest submitting a support ticket in this case. I have worked on a similar issue recently, and the problem was due to the SPF FAIL and SPF NONE weights being too low in SmarterMail. So the message was being scored, but not high enough to be caught by the junk mail folder. Often these issues are like this and just require some additional adjustment to capture them.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
CTL Replied
Here my settings
Pass weight - 0
Fail weight -30
soft fail weight -0
neutral weight -0
Permanent error weight -0
None weight -0

Now I am using build 7053


Reply to Thread