someone faking smtp authentication

Discussion in 'HOWTO-Related Questions' started by gorav, Oct 22, 2011.

  1. gorav

    gorav New Member


    Someone is faking smtp authentication on our server and sending out emails. This is from header of one of such emails -

    Received: from (account <[email protected]> HELO by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 086072675 for <[email protected]>; Fri, 7 Oct 2011 16:35:15 +0600

    (our actual domain name substituted by

    Even the maillog shows [email protected] as authenticated but there is no such user as [email protected] in our user list. I checked, it seems normal.

    Any clues on how this is happening. I need to block it immediately before our domain gets marked for spamming.

    Thanks in advance for helping.

  2. falko

    falko Super Moderator ISPConfig Developer

    Is hosted on your server? I think someone is sending to that domain as [email protected]. If that is the case and your server doesn't send the maail to another SMTP server, this should be no problem spam-wise.

Share This Page