mDaemon Server sending spams emails

Dears

I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
Pierre AmmounAsked:
Who is Participating?
 
IvanSystem EngineerCommented:
Hi,

SPF allows you to publish list of ip addresses or DNS names from which your domain is sending email, and by that it helps reduce spam.

You can go to https://mxtoolbox.com/ and enter your public domain name. After that you will get option for SPF check, or simple enter spf:yourdomain and check if you have that record.


How to generate SPF record> https://www.spfwizard.net/

DKIM is advanced spam protection, which is easy to configure, on MDaemon. How to do it for a bit older version, but still the same process: http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02621

Regards,
Ivan.
0
 
IvanSystem EngineerCommented:
Hi,

do you have configured SPF record on public DNS? Maybe think about configuring DKIM as well, since it is not very hard to do it on MDaemon.

Regards,
Ivan.
0
 
Pierre AmmounAuthor Commented:
I have no idea about KDim
Care to point me to some details ?
Also spf ??
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Dr. KlahnPrincipal Software EngineerCommented:
Sounds like your user has an infected medium, possibly a USB drive, that he's sticking into the system and reinfecting it.  Alternatively, he's visiting some shady web site and getting reinfected.  Check those possibilities out.

If the user has private network shares on a server, either scan them with full sensitivity using the server's antivirus, or restore them from a known clean backup.

If the user disavows reinfecting the system but the problem persists, shut down the afflicted system, remove it, and swap in one of your clean cold spares.  Then if the problem persists, it's something that the user is doing and you have to find out what.
0
 
skullnobrainsCommented:
if the emails actually are emitted by mdaemon spf and dkim won't help. it's most likely something the user does involuntarily. if you formatted the PC, maybe his mobile phone is the one infected ? ... or as pointed out above, there is something he does that gets him infected over and over.
0
 
skullnobrainsCommented:
Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

setting up spf is good advice but prevents a different server from sending email on behalf of your users, and incidentally prevents you from being backscattered or flagged as a spammer. it does not apply to any mail that is sent through your server since the originating address will be your server for both legit and non legit email. dkim won't apply either for similar reasons.

feel free to read @drklahn's post if/when you still face the same problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.