How does spammer use my domain name?
Question asked by michaeljmann - 11/7/2019 at 8:12 PM
Answered
How did this happen?  I changed the setting to not allow domain admin to add users.  Does this mean someone has infiltrated this smartermail installation? I have several other domains.  Did I miss open relay setting?

6 Replies

Reply to Thread
0
michaeljmann Replied
So I see this entity adding messages to the spool, so I deleted all my domains from SmarterMail.  Yet SM still recognizes activity, notable from an "Anonymous user".  So this begs the question, how was the "anonymous user" created?  Looking for feedback from SmarterTools advise on how this intrusion came about, and implement preventative measures.
0
Employee Replied
Employee Post
Hi Michael, 

The anonymous user would be anyone viewing the webmail login page that has not yet logged in. 

Thanks, 
0
michaeljmann Replied
thanks for that info Rose.  Still hoping someone can solve the other part of the puzzle
0
Employee Replied
Employee Post
Do you have Administrative logging enabled? If so, search the Administrative logs for the term added user, this should give some additional information regarding who created those users and when.
0
Kyle Kerst Replied
Employee Post Marked As Answer
I'm sorry to hear you're having these issues. I believe you can fix this with a couple of quick changes. Under Settings>Protocols>SMTP IN please ensure you have the following values setup: 



Once set, this will prevent external users from sending mail as users on your domains without authenticating beforehand. Once completed, you can use this KB article to clear out your spool of the malicious content: 

Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
michaeljmann Replied
Thank you Kyle and other replies.  Look forward to testing this fix!  


Reply to Thread