Topic: Spam from own server?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,
I'm receiving spam/phishing mails which seems to come from my own server. Did someone hack the server? Or how can I prevent the sending/receiving of these emails?
Fun fact: The name used in these mails is real one of a person who is living just some kilometers away.
Following one of the email I'm receiving. I've replaced my domainname with example.com.
From Wermert@mail.example.com Mon Dec 10 12:14:14 2018
Return-Path: <cyvalberto@cyvembalajes.com.ar>
Delivered-To: user1@example.com
Received: from mail.example.com (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 07189B2180E
for <user1@example.com>; Mon, 10 Dec 2018 12:14:14 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at vmd20106.hoster.net
Received: from mail.example.com ([127.0.0.1])
by mail.example.com (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CgPPvTmv1EWc for <user1@example.com>;
Mon, 10 Dec 2018 12:14:09 +0100 (CET)
Received: from isp3.iplatense.com.ar (isp3.iplatense.com.ar
[200.114.86.28]) by mail.example.com (Postfix) with ESMTPS id 84536B2180B for
<user1@example.com>; Mon, 10 Dec 2018 12:14:07 +0100 (CET)
Received: from 10.1.35.9 (unknown [190.64.95.146])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: web17_cyvalberto)
by isp3.iplatense.com.ar (Postfix) with ESMTPSA id EB22D8A27D
for <user1@example.com>; Mon, 10 Dec 2018 07:58:06 -0300 (ART)
Date: Mon, 10 Dec 2018 07:58:04 -0300
From: Wermert@mail.example.com,
Christian <wermert@nottuln.de> <cyvalberto@cyvembalajes.com.ar>
To: user1@example.com
Message-ID: <42553316736114019314.78C65EABA2C0311A@example.com>
Subject: Vorauskasse-Rechnung zur Ihrer Bestellung RE0055_13
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_63786_4200422139.18150746913285741417"
X-Evolution-Source: 1495700168.3569.2@cerveau2
------=_Part_63786_4200422139.18150746913285741417
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guten Morgen,
bitte die Rechnung an Wermert, Christian über 1,791.19 € ausstellen (Grund, siehe unten).
Wir freuen uns auf die weitere Zusammenarbeit!
Mit freundlichen Grüße
Wermert, Christian
-
Telefon: 0991/51713-2, Telefax: 991/51713-32
E-Mail:wermert@nottuln.de
-
Diese Nachricht wurde von meinem Android Mobiltelefon gesendet.
------=_Part_63786_4200422139.18150746913285741417
Content-Type: application/msword; name="RE0055_13.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="RE0055_13.doc"
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.