Link to home
Start Free TrialLog in
Avatar of Pierre Ammoun
Pierre AmmounFlag for Lebanon

asked on

mDaemon Server sending spams emails


I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
Avatar of Ivan
Flag of Serbia image


do you have configured SPF record on public DNS? Maybe think about configuring DKIM as well, since it is not very hard to do it on MDaemon.

Avatar of Pierre Ammoun


I have no idea about KDim
Care to point me to some details ?
Also spf ??
Avatar of Dr. Klahn
Dr. Klahn

Sounds like your user has an infected medium, possibly a USB drive, that he's sticking into the system and reinfecting it.  Alternatively, he's visiting some shady web site and getting reinfected.  Check those possibilities out.

If the user has private network shares on a server, either scan them with full sensitivity using the server's antivirus, or restore them from a known clean backup.

If the user disavows reinfecting the system but the problem persists, shut down the afflicted system, remove it, and swap in one of your clean cold spares.  Then if the problem persists, it's something that the user is doing and you have to find out what.
Avatar of Ivan
Flag of Serbia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
if the emails actually are emitted by mdaemon spf and dkim won't help. it's most likely something the user does involuntarily. if you formatted the PC, maybe his mobile phone is the one infected ? ... or as pointed out above, there is something he does that gets him infected over and over.
Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

setting up spf is good advice but prevents a different server from sending email on behalf of your users, and incidentally prevents you from being backscattered or flagged as a spammer. it does not apply to any mail that is sent through your server since the originating address will be your server for both legit and non legit email. dkim won't apply either for similar reasons.

feel free to read @drklahn's post if/when you still face the same problem.