| Help - server getting hammered [message #144131] |
Fri, 05 October 2018 19:59  |
TimothyPaul
Messages: 10
Registered: October 2013
Location: Naples, FL
|
|
|
|
Hi Folks - wondering if anyone can give me insight. Since my upgrade to 9.2.7 my server has been getting hammered with spam. It looks like they are authenticating using one of my aliases. I tried updating to the latest release, and that did not help.
I need the alias - it's an old email account that I forward to my new Kerio account.
I have looked through the log files but can't see where this is coming from.
Any thoughts?
THanks....Tim
|
|
|
|
| Re: Help - server getting hammered [message #144173 is a reply to message #144131] |
Wed, 10 October 2018 19:00  |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
TimothyPaul wrote on Fri, 05 October 2018 13:59Hi Folks - wondering if anyone can give me insight. Since my upgrade to 9.2.7 my server has been getting hammered with spam. It looks like they are authenticating using one of my aliases. I tried updating to the latest release, and that did not help.
I need the alias - it's an old email account that I forward to my new Kerio account.
I have looked through the log files but can't see where this is coming from.
Any thoughts?
THanks....Tim
Tim,
Is this an alias of your current account or another full account that is set to forward to your current account?
If it's really an alias, then they shouldn't be able to authenticate with it, as only the primary account, at least in my experience, can be used for that.
As for nuking some of the spam, are you using any blacklists or the built-in spam filters (including Kerio Anti-Spam and SpamAssassin)?
Cheers,
Jon
|
|
|
|
| Re: Help - server getting hammered [message #144180 is a reply to message #144173] |
Thu, 11 October 2018 16:34 |
TimothyPaul
Messages: 10
Registered: October 2013
Location: Naples, FL
|
|
|
|
Hi Jon,
It is a full account on an old domain. I just needed it to forward to my new email. It is the tim@americasgate.com that is an alias being forwarded to my regular account on the server - tim<_at_>havilah.media
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <ninjidebbie@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <patricia.legere@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <petra.sudbrack@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <poshpetgroomer@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <prescottmarilyn@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
|
|
|
|
| Re: Help - server getting hammered [message #144188 is a reply to message #144180] |
Fri, 12 October 2018 14:21 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
So if I get this right - your old mail address forwards all mails to your new mail address. Right?
In this case Kerio can't detect it as spam, because it's send in the name of your old mail account and not server/person actually sending the spam. So you basically bypass the anti spam system.
For this to work there are two ideas coming to mind.
1. I guess it's a private sytem without access to the server itself as admin. In this case, set up a "pop download" account in Kerio (admin > delivery), put in your mailbox account data to the old account and let kerio dl the mailbox like outlook. This way, Kerio will see the spam with the right sender and delete it.
2. If you host the server, you could set it out as an smtp relay and the kerio server get's the mails like the spammer would send them directly.
|
|
|
|
| Re: Help - server getting hammered [message #144206 is a reply to message #144188] |
Fri, 12 October 2018 23:28 |
TimothyPaul
Messages: 10
Registered: October 2013
Location: Naples, FL
|
|
|
|
Hmm - I am not so much concerned with the spam, more that someone is able to log into the server with the email alias and use my server as a spam relay. I am not getting the spam - its going out to a zillions of weird random email addresses.
TP
|
|
|
|
| Re: Help - server getting hammered [message #144218 is a reply to message #144131] |
Mon, 15 October 2018 15:50 |
freakinvibe
Messages: 593
Registered: April 2004
|
|
|
|
The problem is this snipped from the log:
Quote:User: tim<_at_>havilah.media
Someone is logging in with the user name tim<_at_>havilah.media and sends these emails. He or she is connecting from this ISP: 61-228-24-38.dynamic-ip.hinet.net
If that is not you, someone has got your password and is using it to send Spam. Change the password of the user tim<_at_>havilah.media and the Spam should stop.
Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
[Updated on: Mon, 15 October 2018 15:51] Report message to a moderator |
|
|
|
Members
Search
Help
Register
Login
Home
