mDaemon Server sending spams emails

Pierre Ammoun
Pierre Ammoun used Ask the Experts™
on
Dears

I have a problem on my mDaemon mail server
I have 1 user that is receiving hundreds of mail delivery error as if he is trying to send emails to someone but failed...
The emails are to a weird email 24484763@att.txt

Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

Those ar the actions I took
I formatted his pc and reinstalled outlook
On mDaemon I changed the password of that user and created a complex password (10 char complex).
It worked for few hours then it is coming again...!!

My ISP is threatening to block me as he is saying thousands of emails are being sent as spams...

How to resolve this issue? What shall I do ?
BTW relay is not activated on my mDaemon server.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IvanSystem Engineer

Commented:
Hi,

do you have configured SPF record on public DNS? Maybe think about configuring DKIM as well, since it is not very hard to do it on MDaemon.

Regards,
Ivan.
Pierre AmmounIT Consultant

Author

Commented:
I have no idea about KDim
Care to point me to some details ?
Also spf ??
Dr. KlahnPrincipal Software Engineer

Commented:
Sounds like your user has an infected medium, possibly a USB drive, that he's sticking into the system and reinfecting it.  Alternatively, he's visiting some shady web site and getting reinfected.  Check those possibilities out.

If the user has private network shares on a server, either scan them with full sensitivity using the server's antivirus, or restore them from a known clean backup.

If the user disavows reinfecting the system but the problem persists, shut down the afflicted system, remove it, and swap in one of your clean cold spares.  Then if the problem persists, it's something that the user is doing and you have to find out what.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

System Engineer
Commented:
Hi,

SPF allows you to publish list of ip addresses or DNS names from which your domain is sending email, and by that it helps reduce spam.

You can go to https://mxtoolbox.com/ and enter your public domain name. After that you will get option for SPF check, or simple enter spf:yourdomain and check if you have that record.


How to generate SPF record> https://www.spfwizard.net/

DKIM is advanced spam protection, which is easy to configure, on MDaemon. How to do it for a bit older version, but still the same process: http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02621

Regards,
Ivan.
if the emails actually are emitted by mdaemon spf and dkim won't help. it's most likely something the user does involuntarily. if you formatted the PC, maybe his mobile phone is the one infected ? ... or as pointed out above, there is something he does that gets him infected over and over.
Looking at mDaemon logs I see that it is as if the user is really sending those emails while he is not.

setting up spf is good advice but prevents a different server from sending email on behalf of your users, and incidentally prevents you from being backscattered or flagged as a spammer. it does not apply to any mail that is sent through your server since the originating address will be your server for both legit and non legit email. dkim won't apply either for similar reasons.

feel free to read @drklahn's post if/when you still face the same problem.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial