2
Outbound mails being copied to strange external email
Problem reported by Simon - 5/13/2021 at 1:25 PM
Submitted
Hello,

It seems we have an issue with our Smartermail 15 .The mails that we are sending are also copied to another external account is there any setting or security issue that can cause it?

Regards,
Simon

10 Replies

Reply to Thread
1
Employee Replied
Employee Post
Hello Simon,

If this other email address that is being copied is being Blind copied, this may be due to an event. System admins, domain admins, and users can all configure an event to blind copy another email address on all sent and/or received emails. If EVERYONE's emails are being copied to this other address then the event will be either a system or domain level event. Check for events as the system admin in Settings > Events. As the domain admin go to Settings > Domain Settings > Events. And as a user go to Settings > My Settings > Events. If your delivery logs are set to detailed you may be able to find some information in there as well. 
0
Simon Replied
Hello Emily,

Thank you for the fast reply. We have identified in our logs the external email account.
We are getting a system administrator delivery failure error because this issue.
How we can stop this? Because in every email we send it sends on the background another email to strange external email and the email bounces back...

Regards,
Simon
0
Employee Replied
Employee Post
Simon,

Are you sending to an alias when this other email address gets copied? Does the other email address get copied on every sent email for every user? Did you check for a system or domain level event with the action "Add Recipient"?
0
Employee Replied
Employee Post
Simon, 

Another way you can check for an event is to set your Event logs to detailed. Send an email that would cause the other address to be copied. Then go check the event logs to see. If there are any results from you send that email in the event log, then it's being caused by an event. You would then need to find where that event is configured and delete it.

The logs might look something like this:
[2021.05.13] Argument(string) fromaddress=admin@demo.com;
[2021.05.13]     Argument(string) fromdomain=demo.com;
[2021.05.13]     Condition(string) fromdomain=demo.com (Equals);
[2021.05.13]     Argument(string) toaddress=admin@demo.com;
[2021.05.13]     Argument(string) emailaddress=admin@demo.com;
[2021.05.13]     Argument(string) todomain=demo.com;
[2021.05.13]     Argument(string) fromaddress=astephanie@demo.com;
[2021.05.13]     Argument(string) fromdomain=demo.com;
[2021.05.13]     Condition(string) fromdomain=demo.com (Equals);
[2021.05.13]     Argument(string) fromaddress=astephanie@demo.com;
[2021.05.13]     Argument(string) fromdomain=demo.com;
[2021.05.13]     Condition(string) fromdomain=demo.com (Equals);


0
Simon Replied
Emily,

On the events i dont see any relayed data with the issue.

I verified that an email is being send through Manage->View logs -> Type Delivery. I see on the report the strange external email to be the same with the one it bounces back and contains the copy of the original email.

It happens to almost all accounts. The external email is full and we get back the bounce(and is very annoying to see it on inbox) but no mater that is a security issue. I just want to see how i can clear/delete this recipient. We use the product (Pro) since 2018 with really no issues at all. Please provide me all the nececery information in order to resolve this issue.

Best Regards,
Simon


0
Employee Replied
Employee Post
Simon,

Can you confirm that you've checked for an event on the system, domain, and user levels? The event would have an action of "Add Recipient".
0
Karl Jones Replied
I had this happen on my Smartermail install, found it pretty quickly and as i'm the only admin i didn't authorise sending emails to a gmail account so somehow the server was hacked and the info added. You might want to check if it's a hack and not just a admin/user forwarding everyones emails...!!
1
Employee Replied
Employee Post
Hi Karl,

When this happened to you, where did you find the unauthorized email at? Was it in an event or in the auto-forward settings? Or did you find it somewhere else?
0
Karl Jones Replied
Sorry Emily, it was at the beginning of the year and i can't recall where i found it. I do seem to remember that it wasn't auto forward because that was an obvious setting and it was hidden away and as it was sending out some proprietary info all i wanted to do was stop it. If i manage to find the info i'll update the thread.
Another thing i remember thinking  "how the hell did they add that email"!?
0
Employee Replied
Employee Post
That's alright, Karl. Thanks for contributing!

Reply to Thread