1 Topic by alex42

  • alex42
  • Member
  • Offline
  • Registered: 2013-08-26
  • Posts: 145

Topic: Spam from own server?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I'm receiving spam/phishing mails which seems to come from my own server. Did someone hack the server? Or how can I prevent the sending/receiving of these emails?
Fun fact: The name used in these mails is real one of a person who is living just some kilometers away.

Following one of the email I'm receiving. I've replaced my domainname with example.com.

From Wermert@mail.example.com Mon Dec 10 12:14:14 2018
Return-Path: <cyvalberto@cyvembalajes.com.ar>
Delivered-To: user1@example.com
Received: from mail.example.com (localhost [127.0.0.1])
    by mail.example.com (Postfix) with ESMTP id 07189B2180E
    for <user1@example.com>; Mon, 10 Dec 2018 12:14:14 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at vmd20106.hoster.net
Received: from mail.example.com ([127.0.0.1])
    by mail.example.com (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id CgPPvTmv1EWc for <user1@example.com>;
    Mon, 10 Dec 2018 12:14:09 +0100 (CET)
Received: from isp3.iplatense.com.ar (isp3.iplatense.com.ar
 [200.114.86.28]) by mail.example.com (Postfix) with ESMTPS id 84536B2180B for
 <user1@example.com>; Mon, 10 Dec 2018 12:14:07 +0100 (CET)
Received: from 10.1.35.9 (unknown [190.64.95.146])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (No client certificate requested)
    (Authenticated sender: web17_cyvalberto)
    by isp3.iplatense.com.ar (Postfix) with ESMTPSA id EB22D8A27D
    for <user1@example.com>; Mon, 10 Dec 2018 07:58:06 -0300 (ART)
Date: Mon, 10 Dec 2018 07:58:04 -0300
From: Wermert@mail.example.com,
    Christian <wermert@nottuln.de> <cyvalberto@cyvembalajes.com.ar>
To: user1@example.com
Message-ID: <42553316736114019314.78C65EABA2C0311A@example.com>
Subject:  Vorauskasse-Rechnung zur Ihrer Bestellung RE0055_13
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_63786_4200422139.18150746913285741417"
X-Evolution-Source: 1495700168.3569.2@cerveau2


------=_Part_63786_4200422139.18150746913285741417
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit


Guten Morgen,


bitte die Rechnung an Wermert, Christian über 1,791.19 € ausstellen (Grund, siehe unten).

Wir freuen uns auf die weitere Zusammenarbeit!


Mit freundlichen Grüße

Wermert, Christian
-
Telefon: 0991/51713-2, Telefax: 991/51713-32
E-Mail:wermert@nottuln.de

-


Diese Nachricht wurde von meinem Android Mobiltelefon gesendet.
------=_Part_63786_4200422139.18150746913285741417
Content-Type: application/msword; name="RE0055_13.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="RE0055_13.doc"

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.