Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > Mail to unknown users gets accepted and sends spam.

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Support  / Archive  /

Mail to unknown users gets accepted and sends spam.

[Leverland, Gerrit]
Gerrit Leverlan…
Newbie
Newbie
Posts: 20
Gerrit Leverland - 01:59am, Apr 2 2020

Hi Mdaemon.

I have a strange situation where my server suddenly accepts mail from my machine name. test@hollywood.leverland.net. However If I look in the accounts I have this user doesn`t exists.

It is now massive spamming, however, i,m unable to find or close the account.

Do you have any idea how to solve this ? I,m running mdaemon 16.5.

Thu 2020-04-02 07:20:11.500: 05: Session 581216; child 0007
Thu 2020-04-02 07:20:11.500: 01: Parsing message <e:\apps\mdaemon\queues\remote\pd50001325643.msg>
Thu 2020-04-02 07:20:11.501: 01: * From: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * To: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * Subject: Please Update Your Account
Thu 2020-04-02 07:20:11.501: 01: * Size (bytes): 10837
Thu 2020-04-02 07:20:11.501: 01: * Message-ID:
Thu 2020-04-02 07:20:11.508: 01: * Route slip host: hotmail.com
Thu 2020-04-02 07:20:11.509: 01: * Route slip port: 25
Thu 2020-04-02 07:20:11.844: 05: Resolving MX record for hotmail.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.106: 05: * P=002 S=000 D=hotmail.com TTL=(14) MX=[hotmail-com.olc.protection.outlook.com]
Thu 2020-04-02 07:20:12.106: 05: Attempting SMTP connection to hotmail-com.olc.protection.outlook.com
Thu 2020-04-02 07:20:12.107: 05: * hotmail-com.olc.protection.outlook.com found in internal AAAA lookup black-list
Thu 2020-04-02 07:20:12.107: 05: Resolving A record for hotmail-com.olc.protection.outlook.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.56.161]
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.57.161]
Thu 2020-04-02 07:20:12.392: 05: Randomly picked 104.47.57.161 from list of possible hosts
Thu 2020-04-02 07:20:12.393: 05: Attempting SMTP connection to 104.47.57.161:25
Thu 2020-04-02 07:20:12.393: 05: Waiting for socket connection...
Thu 2020-04-02 07:20:12.812: 05: * Connection established 80.69.83.50:61357 --> 104.47.57.161:25
Thu 2020-04-02 07:20:12.812: 05: Waiting for protocol to start...
Thu 2020-04-02 07:20:12.932: 02: <-- 220 DM6NAM11FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Thu, 2 Apr 2020 05:20:23 +0000 Thu 2020-04-02 07:20:12.944: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:13.444: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:13.444: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:13.444: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:13.444: 02: <-- 250-DSN Thu 2020-04-02 07:20:13.444: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:13.444: 02: <-- 250-STARTTLS Thu 2020-04-02 07:20:13.444: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:13.444: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:13.444: 03: --> STARTTLS
Thu 2020-04-02 07:20:13.868: 02: <-- 220 2.0.0 SMTP server ready Thu 2020-04-02 07:20:14.672: 01: SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption) Thu 2020-04-02 07:20:14.672: 01: SSL certificate is valid (matches hotmail-com.olc.protection.outlook.com and is signed by recognized CA) Thu 2020-04-02 07:20:14.672: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:15.041: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:15.041: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:15.041: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:15.041: 02: <-- 250-DSN Thu 2020-04-02 07:20:15.041: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:15.041: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:15.041: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:15.041: 03: --> MAIL From:<test@hollywood.leverland.net> SIZE=10837
Thu 2020-0

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron Caruth - Apr 2, 2020 7:08 am (#1 Total: 6)  

Guest User  

Photo of Author
Posts: 1

What does the inbound SMTP log show is happening when the message is accepted?

 

In this case, the inbound log is more important than the outbound log because the inbound log will show the Mail From value, along with any authentication that is taking place. 

 

The outbound log is only showing you the From header, and depending on how your MDaemon is configured, senders may be able to set the From header to anything they’d like, including non-existent local accounts.  The From header also doesn’t really matter as far as mail relaying is concerned, the From header is simply the value that is displayed by email clients.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Gerrit Leverland
Sent: Thursday, April 2, 2020 2:00 AM
To: md-support@mdaemon.com
Subject: [md-support] Mail to unknown users gets accepted and sends spam.

 

Hi Mdaemon.

I have a strange situation where my server suddenly accepts mail from my machine name. test@hollywood.leverland.net. However If I look in the accounts I have this user doesn`t exists.

It is now massive spamming, however, i,m unable to find or close the account.

Do you have any idea how to solve this ? I,m running mdaemon 16.5.

Thu 2020-04-02 07:20:11.500: 05: Session 581216; child 0007
Thu 2020-04-02 07:20:11.500: 01: Parsing message <e:\apps\mdaemon\queues\remote\pd50001325643.msg>
Thu 2020-04-02 07:20:11.501: 01: * From: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * To: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * Subject: Please Update Your Account
Thu 2020-04-02 07:20:11.501: 01: * Size (bytes): 10837
Thu 2020-04-02 07:20:11.501: 01: * Message-ID:
Thu 2020-04-02 07:20:11.508: 01: * Route slip host: hotmail.com
Thu 2020-04-02 07:20:11.509: 01: * Route slip port: 25
Thu 2020-04-02 07:20:11.844: 05: Resolving MX record for hotmail.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.106: 05: * P=002 S=000 D=hotmail.com TTL=(14) MX=[hotmail-com.olc.protection.outlook.com]
Thu 2020-04-02 07:20:12.106: 05: Attempting SMTP connection to hotmail-com.olc.protection.outlook.com
Thu 2020-04-02 07:20:12.107: 05: * hotmail-com.olc.protection.outlook.com found in internal AAAA lookup black-list
Thu 2020-04-02 07:20:12.107: 05: Resolving A record for hotmail-com.olc.protection.outlook.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.56.161]
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.57.161]
Thu 2020-04-02 07:20:12.392: 05: Randomly picked 104.47.57.161 from list of possible hosts
Thu 2020-04-02 07:20:12.393: 05: Attempting SMTP connection to 104.47.57.161:25
Thu 2020-04-02 07:20:12.393: 05: Waiting for socket connection...
Thu 2020-04-02 07:20:12.812: 05: * Connection established 80.69.83.50:61357 --> 104.47.57.161:25
Thu 2020-04-02 07:20:12.812: 05: Waiting for protocol to start...
Thu 2020-04-02 07:20:12.932: 02: <-- 220 DM6NAM11FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Thu, 2 Apr 2020 05:20:23 +0000 Thu 2020-04-02 07:20:12.944: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:13.444: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:13.444: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:13.444: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:13.444: 02: <-- 250-DSN Thu 2020-04-02 07:20:13.444: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:13.444: 02: <-- 250-STARTTLS Thu 2020-04-02 07:20:13.444: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:13.444: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:13.444: 03: --> STARTTLS
Thu 2020-04-02 07:20:13.868: 02: <-- 220 2.0.0 SMTP server ready Thu 2020-04-02 07:20:14.672: 01: SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption) Thu 2020-04-02 07:20:14.672: 01: SSL certificate is valid (matches hotmail-com.olc.protection.outlook.com and is signed by recognized CA) Thu 2020-04-02 07:20:14.672: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:15.041: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:15.041: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:15.041: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:15.041: 02: <-- 250-DSN Thu 2020-04-02 07:20:15.041: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:15.041: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:15.041: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:15.041: 03: --> MAIL From:<test@hollywood.leverland.net> SIZE=10837
Thu 2020-0


View/reply at Mail to unknown users gets accepted and sends spam.

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

Replies to this message
  • Gerrit Leverland (Apr 2, 2020 8:15 am)
  • Edmund Cramp (Apr 3, 2020 2:09 pm)


  • Return |


      (newer msg:5)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



     Content:

    Read New | Search

     Guest:

    Email to Admin



    You are visiting as a Guest user.