Mailbox password has been hacked for used to se... | MDaemon Technologies Community Forum

Mailbox password has been hacked for used to sending out spam mails question

k

keith
10/29/23, 3:42 AM

Dear All,

I have a MDaemon mail server and recently i noticed that one of our mailbox password has been hacked, and people using the mailbox credential to send out large no of spam mail, and our server's ip give banned, just wonder any efficient way to find out which credential has been used ? any help would be appreicated, Thanks

Best Regards,

keith

0 likes 0 likes

3
Posts

136
Views

Arron Admin Staff

If you have a copy of one of the messages you can open it with a text editor and look for the Authentication-Results: results.  It will show you which user the sending device authenticated as when sending the message.

If you do not have a copy of the message, open the inbound SMTP log and find the inbound SMTP session for one of the spam messages and look for the following line:

Tue 2023-10-24 20:00:48.831: [04826982] Authenticated as user@domain.com

If the sending device was able to authenticate this line tells you what user they authenticated as.

k

keith
10/30/23, 7:34 PM

I will give it a try thanks for your tips

0 likes 0 likes

Please login to reply to this topic!

Mailbox password has been hacked for used to sending out spam mails question

Related topics

Email duplication

Had a weird event today

The mailbox quota

MDaemon 26.0.1 — Multiple regressions with IIS integration: stale IMAP.MRK, broken DELETE, autodiscover, theme forcing

Webmail - Mark email as spam

Participants

Arron

keith