someone faking smtp authentication

Discussion in 'HOWTO-Related Questions' started by gorav, Oct 22, 2011.

  1. gorav

    gorav New Member

    Hi,

    Someone is faking smtp authentication on our server and sending out emails. This is from header of one of such emails -

    ---------------
    Received: from 178.89.32.193 (account <info@domain.com> HELO domain.com) by domain.com (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 086072675 for <info@domain.com>; Fri, 7 Oct 2011 16:35:15 +0600

    (our actual domain name substituted by domain.com)
    ---------------

    Even the maillog shows info@domain.com as authenticated but there is no such user as info@domain.com in our user list. I checked main.cf, it seems normal.

    Any clues on how this is happening. I need to block it immediately before our domain gets marked for spamming.

    Thanks in advance for helping.

    Regards
    Gorav
     
  2. falko

    falko Super Moderator

    Is domain.com hosted on your server? I think someone is sending to that domain as info@domain.com. If that is the case and your server doesn't send the maail to another SMTP server, this should be no problem spam-wise.
     

Share This Page