Back to Community Threads
New User on google.abc.com
Problem reported by Montague WebWorks - Today at 11:45 AM
Submitted
Weirdness. I just received two of these emails (below). It is the exact language and headers generated by SM, despite the fact that I do not host google.abc.com, let alone abc.com. Any ideas? Doesn't look like it came from off-server, based on the lack of IP info and HELO. ST should expand the headers to include IP and other standard records for just this reason.

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: ; Sat, 17 Jan 2026 10:52:03 -0500
X-SmarterMail-SpamAction: None | NoAction
X-SmarterMail-TotalSpamWeight: 0 (Authenticated)
X-Forwarded-To: [me]@montaguewebworks.com
X-OriginalSender: [alias]@montaguewebworks.com
X-ForwardingAddress: [alias]@montaguewebworks.com
From: [alias]@montaguewebworks.com
Date: Sat, 17 Jan 2026 10:52:03 -0500
Subject: New User on google.abc.com
Message-Id: <0405988503204eccb18cddf223ea1ec3@fd62b604f6234e1187cf7d085934fd84>
To: [alias]@montaguewebworks.com
X-SmarterMail-Event: true
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-9wIrcXajfB5t+IeNAK8nDQ=="

--=-9wIrcXajfB5t+IeNAK8nDQ==
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

A new user has been added: admin@google.abc.com.=

--=-9wIrcXajfB5t+IeNAK8nDQ==
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

A new user has been added: admin@google.abc.com.=

--=-9wIrcXajfB5t+IeNAK8nDQ==--
I took a look through my Administrative logs and found this:

[2026.01.17] 10:51:58.673 [142.111.152.149] Webmail Attempting to login user: admin
[2026.01.17] 10:51:58.673 [142.111.152.149] Webmail Login successful: With user admin
[2026.01.17] 10:52:00.062 [142.111.152.222] User admin@ calling add event, name: Test Event
[2026.01.17] 10:52:02.073 [142.111.152.49] User admin@ calling add domain, name: google.abc.com
[2026.01.17] 10:52:04.345 [142.111.152.49] User admin@ successfully created domain google.abc.com
[2026.01.17] 10:52:05.116 [142.111.152.154] User admin@ calling delete domain, domain: google.abc.com, deleteFiles: True
[2026.01.17] 10:52:08.136 [142.111.152.154] User admin@ successfully deleted domain google.abc.com
[2026.01.17] 10:52:08.880 [142.111.152.154] User admin@ calling remove events, count: 1
[2026.01.17] 11:49:02.033 [142.111.152.164] User @ successfully force-reset-password
[2026.01.17] 11:49:03.634 [142.111.152.229] Webmail Attempting to login user: admin
[2026.01.17] 11:49:03.634 [142.111.152.229] Webmail Login successful: With user admin
[2026.01.17] 11:49:04.004 [142.111.152.47] User admin@ calling add event, name: Test Event
[2026.01.17] 11:49:08.213 [142.111.152.155] User admin@ calling remove events, count: 1
I tried to reset the admin password, but apparently it's been changed (see force-reset-password above), so I restricted the admin account to my own IP number, and blacklisted 142.111.152.*

Looking up how to change my SM admin password without knowing it. Ugh. I'm glad I caught this!
Mik MullerMontague WebWorks
Montague WebWorks Replied
Today at 12:07 PM
Wow. Go to view your Administrative logs and search for "from country China"

yeah.
Mik MullerMontague WebWorks
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Integrating Google Apps with SmarterMailSmarterMail > Domain/User Configuration and Management
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Key SmarterMail MilestonesSmarterMail
SmarterMail and OAuth 2.0SmarterMail > Server Configuration and Management
Remote Server returned: '602' errorSmarterMail > Troubleshooting