Blackmailer sending mail from local account to local account without AUTH

Discussions on webmail and the Professional version.
Post Reply
maladen
Posts: 1
Joined: Mon Jan 23, 2023 12:12 pm

Blackmailer sending mail from local account to local account without AUTH

Post by maladen »

Hello,
I am trying to figure out why is a blackmailer able to send message from a local account to the same account without authenticating?

I am using MailEnable Pro 10.29 and I have a ton of failed logins from random IP addresses with valid usernames.
However there have been several blackmail messages "You have outstanding debt." that have bypassed the AUTH.

Here is the SMTP Log with the abuser IP 189.113.177.2:

Code: Select all

01/22/23 22:32:22	SMTP-IN	68C9BA3AC1C54C29B5537D36073D62A6.MAI	616	189.113.177.2			220 mail.my_domain.com ESMTP MailEnable Service, Version: 10.29-10.29- ready at 01/22/23 22:32:22	104	0		
01/22/23 22:32:23	SMTP-IN	68C9BA3AC1C54C29B5537D36073D62A6.MAI	616	189.113.177.2	EHLO	EHLO 189-113-177-2.gruponct.net.br	250-my_domain.com [189.113.177.2], this server offers 3 extensions	213	36		
01/22/23 22:32:23	SMTP-IN	68C9BA3AC1C54C29B5537D36073D62A6.MAI	616	189.113.177.2	MAIL	MAIL From:<valid_user@my_domain.com>	250 Requested mail action okay, completed	43	49		
01/22/23 22:32:24	SMTP-IN	68C9BA3AC1C54C29B5537D36073D62A6.MAI	616	189.113.177.2	RCPT	RCPT To:<valid_user@my_domain.com>	250 Requested mail action okay, completed	43	47		
01/22/23 22:32:26	SMTP-IN	68C9BA3AC1C54C29B5537D36073D62A6.MAI	616	189.113.177.2	DATA	DATA	354 Start mail input; end with <CRLF>.<CRLF>	46	6		
01/22/23 22:32:31	SMTP-IN	F69E427F168040DAA8A0E6BC401DF52F.MAI	616	189.113.177.2	QUIT	QUIT	221 Service closing transmission channel	42	6
What should I do to prevent this?

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: Blackmailer sending mail from local account to local account without AUTH

Post by Admin »

Hi,

If you have a recipient email address which is on the server, generally it does not require authentication, since that is how remote servers send you email - they cannot authenticate. If you want to force the sender to authenticate though, if using an email address on the server, then you can do this by the "Address spoofing" option under the SMTP Security settings. This option allows you to force them to authenticate if their from address is one that you have configured on your server.

Post Reply