Spammer sending spam mails using our mailenable server.

bala_it
Posts: 1
Joined: Wed May 17, 2017 8:06 am

Spammer sending spam mails using our mailenable server.

Postby bala_it » Wed May 17, 2017 8:17 am

Hi,

We are using mailenable professional edition V8.0,

Since few weeks spam mails are going from our email server , below log shows user "test" is sending these mails but we dont have any mailbox with name "test".

Request to guide us to stop them,

Log:
2017-05-02 19:04:17 8.31.233.62 SMTP-OU XXXXXXXXXXXXXXX 1008 RCPT MAIL+FROM:<test@mail.XXXXXXXXXXXXXXX.infor>+SIZE=4441 250+test@mail.XXXXXXXXXXXXXXX.infor+sender+accepted WNN1342 52 77 test
2017-05-02 19:04:17 80.13.43.199 SMTP-IN XXXXXXXXXXXXXXX 172.16.XXX.10 2272 RCPT RCPT+TO:<01823339@talktalk.net> 250+Requested+mail+action+okay,+completed WNN1342 43 36 test
debug log:
[05/01/17 00:00:01]****************** LOG FILE STARTED *******************

05/01/17 00:00:01 ME-I0135: Authenticating User:test using Authentication Provider Credentials

05/01/17 00:00:01 ME-I0108: [1104] Relay Granted: Sender has authenticated.

05/01/17 00:00:01 ME-I0xxx: The 1 recipient(s) for mailbox xxxxxxxxxxxxx/test puts it over limit of 1000 per hour (current count 3034).
Spam mail:
Delivered-To: x
Received: by 10.107.12.xxx with SMTP id 79csp2808518iom;
Tue, 2 May 2017 16:06:11 -0700 (PDT)
X-Received: by 10.36.64.76 with SMTP id n73mr6033369ita.4.1493766371695;
Tue, 02 May 2017 16:06:11 -0700 (PDT)
Reply-To: allamericancourier200@gmail.com
From: "L.A.X AIRPORT SECURITY" test@mail.xxxxxxxxxxxxxxxxxx.infor
Subject: ATTENTION:Notice On Your Consignment Box reg #: JG1N8875BS.
Date: Wed, 3 May 2017 01:05:57 +0200
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

MailEnable-Ian
Site Admin
Posts: 8466
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Spammer sending spam mails using our mailenable server.

Postby MailEnable-Ian » Thu May 18, 2017 12:18 am

Hi,

The only way the user would be using the mailbox name and being able to successfully authenticate is if the user resides under the default postoffice.

05/01/17 00:00:01 ME-I0135: Authenticating User:test using Authentication Provider Credentials
05/01/17 00:00:01 ME-I0108: [1104] Relay Granted: Sender has authenticated.

You need to check if there is a user named test that resides under the default postoffice that is set in MailEnable. To check which is the default postoffice navigate within the MailEnable administration console to: servers > localhost. Right click on "localhost" and select properties. Under the "general" tab you will see what is set as the default postoffice. Once you know this navigate to that postoffice and check if there is a user named test. If there is remove the mailbox or change its password.

Here are some articles to help you in locating the source of abuse:
http://www.mailenable.com/kb/content/article.asp?ID=me020339
http://www.mailenable.com/kb/content/article.asp?ID=me020280

You might also want to download version 8.61 from the link below and perform the upgrade to ensure you all the latest security fixes and updates to MailEnable core services as 8.0 is old and outdated (its a free upgrade):

http://www.mailenable.com/downloadprevious.asp
Regards,

Ian Margarone
MailEnable Support

Who is online

Users browsing this forum: No registered users and 7 guests