someone faking smtp authentication

Discussion in 'HOWTO-Related Questions' started by gorav, Oct 22, 2011.

  1. gorav

    gorav New Member

    Hi,

    Someone is faking smtp authentication on our server and sending out emails. This is from header of one of such emails -

    ---------------
    Received: from 178.89.32.193 (account <[email protected]> HELO domain.com) by domain.com (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 086072675 for <[email protected]>; Fri, 7 Oct 2011 16:35:15 +0600

    (our actual domain name substituted by domain.com)
    ---------------

    Even the maillog shows [email protected] as authenticated but there is no such user as [email protected] in our user list. I checked main.cf, it seems normal.

    Any clues on how this is happening. I need to block it immediately before our domain gets marked for spamming.

    Thanks in advance for helping.

    Regards
    Gorav
     
  2. falko

    falko Super Moderator ISPConfig Developer

Share This Page