We help IT Professionals succeed at work.

mDaemon Server sending spams emails

257 Views
Last Modified: 2018-04-07
Dears

I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
Comment
Watch Question

IvanSystem Engineer
CERTIFIED EXPERT

Commented:
Hi,

do you have configured SPF record on public DNS? Maybe think about configuring DKIM as well, since it is not very hard to do it on MDaemon.

Regards,
Ivan.
Pierre AmmounIT Consultant

Author

Commented:
I have no idea about KDim
Care to point me to some details ?
Also spf ??
Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT

Commented:
Sounds like your user has an infected medium, possibly a USB drive, that he's sticking into the system and reinfecting it.  Alternatively, he's visiting some shady web site and getting reinfected.  Check those possibilities out.

If the user has private network shares on a server, either scan them with full sensitivity using the server's antivirus, or restore them from a known clean backup.

If the user disavows reinfecting the system but the problem persists, shut down the afflicted system, remove it, and swap in one of your clean cold spares.  Then if the problem persists, it's something that the user is doing and you have to find out what.
System Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
if the emails actually are emitted by mdaemon spf and dkim won't help. it's most likely something the user does involuntarily. if you formatted the PC, maybe his mobile phone is the one infected ? ... or as pointed out above, there is something he does that gets him infected over and over.
CERTIFIED EXPERT

Commented:
Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

setting up spf is good advice but prevents a different server from sending email on behalf of your users, and incidentally prevents you from being backscattered or flagged as a spammer. it does not apply to any mail that is sent through your server since the originating address will be your server for both legit and non legit email. dkim won't apply either for similar reasons.

feel free to read @drklahn's post if/when you still face the same problem.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions