My server is sending email with spoofed accounts

[fsanchez]

Currently, I've noticed that my emails are stored in spam folders in Gmail and Hotmail, and Yahoo directly rejected.

I have a dedicated server with Standard MailServer 7.07

Some time ago, we were victims of hacking two of our websites. After correcting the problem, I noticed that many emails were sent (every second) from accounts I had not created, but the domain was mine. For example: random_user@mydomain.com

To avoid sending these emails is what I did request permission to send e-mail to non-local addresses. And I think this prevents mails are sent.

But in the SMTP server log no record every second of emails that try to send from localhost [127.0.0.1], which in the MAIL field are spoofed accounts.

I leave a piece of log:

07/06/16 10:42:45 SMTP-IN 155F294C7.MAI 127.0.0.1 944 220 [MyMailServer] ESMTP MailEnable Service, Version: 7.07-- ready at 06/07/16 10:42:45 0 0

06/07/16 10:42:45 SMTP-IN 155F294C7.MAI 944 127.0.0.1 HELO HELO [mynameserver] 250 Requested mail action okay, completed 43 15

06/07/16 10:42:45 SMTP-IN 155F294C7.MAI 944 127.0.0.1 MAIL MAIL FROM: <mercedes_cross @ [mydomain] .com> 250 Requested mail action okay, completed 43 45

06/07/16 10:42:45 SMTP-IN 155F294C7.MAI 944 127.0.0.1 RCPT RCPT TO: <trinerjr@gmail.com> 503 This mail server requires authentication When attempting to send to a non-local e-mail address . Please check your mail client settings or contact your administrator to verify That the domain or address is defined for this server. 235 30

07/06/16 10:42:45 SMTP-IN QUIT QUIT 127.0.0.1 155F294C7.MAI 944 221 Service closing transmission channel 42 6

07/06/16 10:42:46 SMTP-IN 6A6D7CD7.MAI 127.0.0.1 756 220 [MyMailServer] ESMTP MailEnable Service, Version: 7.07-- ready at 06/07/16 10:42:46 0 0

06/07/16 10:42:46 SMTP-IN 6A6D7CD7.MAI 756 127.0.0.1 HELO HELO [mynameserver] 250 Requested mail action okay, completed 43 15

06/07/16 10:42:46 SMTP-IN 6A6D7CD7.MAI 756 127.0.0.1 MAIL MAIL FROM: <lee_schneider @ [mydomain] .com> 250 Requested mail action okay, completed 43 44

06/07/16 10:42:46 SMTP-IN 6A6D7CD7.MAI 756 127.0.0.1 RCPT RCPT TO: <garytoddwright@hotmail.com> 503 This mail server requires authentication When attempting to send to a non-local e-mail address . Please check your mail client settings or contact your administrator to verify That the domain or address is defined for this server. 235 38

06/07/16 10:42:46 SMTP-IN QUIT QUIT 127.0.0.1 6A6D7CD7.MAI 756 221 Service closing transmission channel 42 6

I have to say that my domain has valid SPF a DMARC policy and is not on any blacklist. All I have is not a DKIM.

My question would be:

How I could end the continuous sending of these emails with spoofed accounts?
I would greatly appreciate your help, if anyone needs more information would be happy to provide it.

Thank you very much

[MailEnable-Ian]

Hi,

The first step here is to upgrade your Standard edition of MailEnable to version 9.15 as 7.07 is very old and outdated. The upgrade contains many updates and security fixes to MailEnable core services that you need to apply.

From looking at the log snippets you provided the inbound transactions from 127.0.0.1 are being denied relay rights to send as the 503 error is returned at the RCPT to command.

You need to search in the log files for SMTP-OU which is the transactions with the remote mail server. As to why Gmail, Hotmail etc are delivering your messages to junk you might want to review the following article to help you troubleshoot further:

http://www.mailenable.com/kb/content/ar ... D=ME020241