Avatar of Pierre Ammoun
Pierre Ammoun
Flag for Lebanon asked on

mDaemon Server sending spams emails


I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
Email ServersAntiSpamEmail Software

Avatar of undefined
Last Comment

8/22/2022 - Mon


do you have configured SPF record on public DNS? Maybe think about configuring DKIM as well, since it is not very hard to do it on MDaemon.

Pierre Ammoun

I have no idea about KDim
Care to point me to some details ?
Also spf ??
Dr. Klahn

Sounds like your user has an infected medium, possibly a USB drive, that he's sticking into the system and reinfecting it.  Alternatively, he's visiting some shady web site and getting reinfected.  Check those possibilities out.

If the user has private network shares on a server, either scan them with full sensitivity using the server's antivirus, or restore them from a known clean backup.

If the user disavows reinfecting the system but the problem persists, shut down the afflicted system, remove it, and swap in one of your clean cold spares.  Then if the problem persists, it's something that the user is doing and you have to find out what.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

if the emails actually are emitted by mdaemon spf and dkim won't help. it's most likely something the user does involuntarily. if you formatted the PC, maybe his mobile phone is the one infected ? ... or as pointed out above, there is something he does that gets him infected over and over.

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

setting up spf is good advice but prevents a different server from sending email on behalf of your users, and incidentally prevents you from being backscattered or flagged as a spammer. it does not apply to any mail that is sent through your server since the originating address will be your server for both legit and non legit email. dkim won't apply either for similar reasons.

feel free to read @drklahn's post if/when you still face the same problem.