Lately we've been seeing a large number of phishing emails coming from non-active-user@ourdomain.com to random-non-user@ourdomain.com in an attempt to get through Mdaemon's Spam settings.
Maybe I've missed it, but is there a way to block emails to MDaemon from "@ourdomain" email accounts that don't exist?
What's the best way to configure the block settings to counter this?
Thanks,
Cameron
Without a log snippet that shows the issue occurring and a copy of the MSG file, we don't know exactly why this is being allowed so there are a lot of things to check. It could be a trusted IP, trusted domain, allowing local users to send mail without authentication, different domain used in the mail from vs the From header, option disabled for require the SMTP MAIL address to exist. Make sure you have SPF, DKIM, and DMARC configured for your domain and make sure MDaemon is checking them. And that your DMARC policy is not p=none.
You can also use IP Shielding to stop this, but SPF, DKIM, and DMARC are better because they protect your domain on all SMTP servers that are checking them. IP shielding only protects your domain on your server.
If you can provide a log snippet that shows the issue occurring, along with a copy of the MSG file that was received, we can provide specific instructions on what changes to make.
If you don't want to post the log snippet and MSG file here, you can upload them to us at https://mdaemon.sharefile.com/r-rc3922c1eed334d4dbf5e34f0bd04ccd6. Once the files are uploaded, please let us know the names of the files you have uploaded.
English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
