ME sending spam from non-existent account

Discussions on webmail and the Professional version.
Post Reply
stonecutter
Posts: 11
Joined: Mon Oct 06, 2008 2:09 pm

ME sending spam from non-existent account

Post by stonecutter »

I have the latest version of ME Professional installed and a few weeks ago spam was being sent from one of my personal email accounts. I disabled the account and it was still occurring. I ended up deleting the account entirely and the problem persists. I have no idea why ME is able to send outgoing mail from a non-existent local account or how to fix it. Any suggestions would be appreciated.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: ME sending spam from non-existent account

Post by MailEnable-Ian »

Hi,

Are you certain that the mailbox you have disabled is the correct one being granted relay rights? Most likely the spammer is spoofing the from address and using another mailboxes credentials to authenticate and granted relay rights. Double click one of the messages sitting in the outbound queue to open the details of the message. Look at the "Mailbox:" field which is the mailbox name used to authenticate.

Here are some articles to help you troubleshoot:

https://www.mailenable.com/kb/content/article.asp?ID=me020339
https://www.mailenable.com/kb/content/article.asp?ID=me020280
Regards,

Ian Margarone
MailEnable Support

stonecutter
Posts: 11
Joined: Mon Oct 06, 2008 2:09 pm

Re: ME sending spam from non-existent account

Post by stonecutter »

Thanks Ian but I've already tried everything possible. I have relaying restricted to local IP's and Spoofing disabled. I even added the address to the list of restricted addresses.
I'm attaching a screenshot of the smtp log file where it shows that the 'tech' account (tech@solarnet.net) is the sender even though the account was deleted 2 weeks ago. I changed all of my mail account passwords and ran various malware, trojan, & malware scans. I also used this situation as the excuse I needed to upgrade the machine from Server 2003 32-bit to Server 2008 R2 x64. I also installed the new OS onto a brand new ssd drive. As soon as I got ME running on the fresh system the bogus emails started again. They only go out a few times a day & the amount of emails usually doesn't exceed a dozen.
I can't remember exactly which log I read but it showed that the 'tech' account had sent the emails from the machine's IP and not an external IP.
In short, I've been using ME for many years but this problem has me stumped.
ME-SMTP-Log-11-27.png
ME-SMTP-Log-11-27.png (32.52 KiB) Viewed 8686 times

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: ME sending spam from non-existent account

Post by MailEnable-Ian »

Hi,

Are you sure that the mailbox "Tech" resides under the "solarnet.net" default postoffice? The only way the mailbox can authenticate without specifying the full mailboxname@postoffice username, is if the mailbox "tech" resides under the "Default postoffice". Navigate within the console to the "Localhost" node and access the properties. Under the "general" tab check what is set as the default postoffice. If not "solarnet.net" then you will have a mailbox named "tech" under the default postoffice. If this doesn't help then we will need access to the log files and server. Best way forward is to lodge a support ticket.
Regards,

Ian Margarone
MailEnable Support

Post Reply