Mailbox password has been hacked for used to sending out spam mails question | MDaemon Technologies, Ltd.
  1. Forum
  2. MDaemon
  3. Mailbox password has been hacked for used to sending out spam mails question

Mailbox password has been hacked for used to sending out spam mails question

  • k

    Dear All, 

     

              I have a MDaemon mail server and recently i noticed that one of our mailbox password has been hacked, and people using the mailbox credential to send out large no of spam mail, and our server's ip give banned, just wonder any efficient way to find out which credential has been used ? any help would be appreicated, Thanks       

     

     Best Regards,

    keith

    0 likes
  • A
     
    If you have a copy of one of the messages you can open it with a text editor and look for the Authentication-Results: results.  It will show you which user the sending device authenticated as when sending the message.

    If you do not have a copy of the message, open the inbound SMTP log and find the inbound SMTP session for one of the spam messages and look for the following line:

    Tue 2023-10-24 20:00:48.831: [04826982] Authenticated as user@domain.com

    If the sending device was able to authenticate this line tells you what user they authenticated as.

    --
    Arron Caruth

  • k

    I will give it a try thanks for your tips

    0 likes
Please login to reply this topic!