Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > Mail to unknown users gets accepted and sends spam.

[F] Alt-N Discussion Groups / MDaemon Discussion Groups / MDaemon Support / Archive /

Mail to unknown users gets accepted and sends spam.

[Leverland, Gerrit]
Gerrit Leverlan…
Newbie
Newbie
Posts: 20
Gerrit Leverland - 01:59am, Apr 2 2020

Hi Mdaemon.

I have a strange situation where my server suddenly accepts mail from my machine name. test@hollywood.leverland.net. However If I look in the accounts I have this user doesn`t exists.

It is now massive spamming, however, i,m unable to find or close the account.

Do you have any idea how to solve this ? I,m running mdaemon 16.5.

Thu 2020-04-02 07:20:11.500: 05: Session 581216; child 0007
Thu 2020-04-02 07:20:11.500: 01: Parsing message <e:\apps\mdaemon\queues\remote\pd50001325643.msg>
Thu 2020-04-02 07:20:11.501: 01: * From: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * To: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * Subject: Please Update Your Account
Thu 2020-04-02 07:20:11.501: 01: * Size (bytes): 10837
Thu 2020-04-02 07:20:11.501: 01: * Message-ID:
Thu 2020-04-02 07:20:11.508: 01: * Route slip host: hotmail.com
Thu 2020-04-02 07:20:11.509: 01: * Route slip port: 25
Thu 2020-04-02 07:20:11.844: 05: Resolving MX record for hotmail.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.106: 05: * P=002 S=000 D=hotmail.com TTL=(14) MX=[hotmail-com.olc.protection.outlook.com]
Thu 2020-04-02 07:20:12.106: 05: Attempting SMTP connection to hotmail-com.olc.protection.outlook.com
Thu 2020-04-02 07:20:12.107: 05: * hotmail-com.olc.protection.outlook.com found in internal AAAA lookup black-list
Thu 2020-04-02 07:20:12.107: 05: Resolving A record for hotmail-com.olc.protection.outlook.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.56.161]
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.57.161]
Thu 2020-04-02 07:20:12.392: 05: Randomly picked 104.47.57.161 from list of possible hosts
Thu 2020-04-02 07:20:12.393: 05: Attempting SMTP connection to 104.47.57.161:25
Thu 2020-04-02 07:20:12.393: 05: Waiting for socket connection...
Thu 2020-04-02 07:20:12.812: 05: * Connection established 80.69.83.50:61357 --> 104.47.57.161:25
Thu 2020-04-02 07:20:12.812: 05: Waiting for protocol to start...
Thu 2020-04-02 07:20:12.932: 02: <-- 220 DM6NAM11FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Thu, 2 Apr 2020 05:20:23 +0000 Thu 2020-04-02 07:20:12.944: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:13.444: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:13.444: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:13.444: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:13.444: 02: <-- 250-DSN Thu 2020-04-02 07:20:13.444: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:13.444: 02: <-- 250-STARTTLS Thu 2020-04-02 07:20:13.444: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:13.444: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:13.444: 03: --> STARTTLS
Thu 2020-04-02 07:20:13.868: 02: <-- 220 2.0.0 SMTP server ready Thu 2020-04-02 07:20:14.672: 01: SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption) Thu 2020-04-02 07:20:14.672: 01: SSL certificate is valid (matches hotmail-com.olc.protection.outlook.com and is signed by recognized CA) Thu 2020-04-02 07:20:14.672: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:15.041: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:15.041: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:15.041: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:15.041: 02: <-- 250-DSN Thu 2020-04-02 07:20:15.041: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:15.041: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:15.041: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:15.041: 03: --> MAIL From:<test@hollywood.leverland.net> SIZE=10837
Thu 2020-0

  (older msg: 4)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron Caruth - Apr 3, 2020 7:21 am (#5 Total: 6)  

Guest User  

Photo of Author
Posts: 1

If you could include a copy of one of the messages from the remote queue along with a copy of the inbound SMTP log that shows the message being received that would also be helpful.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Arron Caruth
Sent: Friday, April 3, 2020 7:10 AM
To: md-support@mdaemon.com
Subject: [md-support] Mail to unknown users gets accepted and sends spam.

 

Thank you for the SMTP Out log, but I need the SMTP In log that shows the message being received by MDaemon.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Gerrit Leverland
Sent: Thursday, April 2, 2020 8:15 AM
To: md-support@mdaemon.com
Subject: [md-support] Mail to unknown users gets accepted and sends spam.

 

Hi Arron,

Herte is the smtp in partly. Seems to come from my own server.
However, the account, and even the domain hollywood.leverland.net does not exist in the mdameon config. leverland.net does exist.



Thu 2020-04-02 07:20:11.500: 05: Session 581216; child 0007
Thu 2020-04-02 07:20:11.500: 01: Parsing message <e:\apps\mdaemon\queues\remote\pd50001325643.msg>
Thu 2020-04-02 07:20:11.501: 01: * From: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * To: test@hollywood.leverland.net
Thu 2020-04-02 07:20:11.501: 01: * Subject: Please Update Your Account
Thu 2020-04-02 07:20:11.501: 01: * Size (bytes): 10837
Thu 2020-04-02 07:20:11.501: 01: * Message-ID:
Thu 2020-04-02 07:20:11.508: 01: * Route slip host: hotmail.com
Thu 2020-04-02 07:20:11.509: 01: * Route slip port: 25
Thu 2020-04-02 07:20:11.844: 05: Resolving MX record for hotmail.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.106: 05: * P=002 S=000 D=hotmail.com TTL=(14) MX=[hotmail-com.olc.protection.outlook.com]
Thu 2020-04-02 07:20:12.106: 05: Attempting SMTP connection to hotmail-com.olc.protection.outlook.com
Thu 2020-04-02 07:20:12.107: 05: * hotmail-com.olc.protection.outlook.com found in internal AAAA lookup black-list
Thu 2020-04-02 07:20:12.107: 05: Resolving A record for hotmail-com.olc.protection.outlook.com (DNS Server: 2a01:7c8:b::c53)...
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.56.161]
Thu 2020-04-02 07:20:12.392: 05: * D=hotmail-com.olc.protection.outlook.com TTL=(0) A=[104.47.57.161]
Thu 2020-04-02 07:20:12.392: 05: Randomly picked 104.47.57.161 from list of possible hosts
Thu 2020-04-02 07:20:12.393: 05: Attempting SMTP connection to 104.47.57.161:25
Thu 2020-04-02 07:20:12.393: 05: Waiting for socket connection...
Thu 2020-04-02 07:20:12.812: 05: * Connection established 80.69.83.50:61357 --> 104.47.57.161:25
Thu 2020-04-02 07:20:12.812: 05: Waiting for protocol to start...
Thu 2020-04-02 07:20:12.932: 02: <-- 220 DM6NAM11FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Thu, 2 Apr 2020 05:20:23 +0000 Thu 2020-04-02 07:20:12.944: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:13.444: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:13.444: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:13.444: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:13.444: 02: <-- 250-DSN Thu 2020-04-02 07:20:13.444: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:13.444: 02: <-- 250-STARTTLS Thu 2020-04-02 07:20:13.444: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:13.444: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:13.444: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:13.444: 03: --> STARTTLS
Thu 2020-04-02 07:20:13.868: 02: <-- 220 2.0.0 SMTP server ready Thu 2020-04-02 07:20:14.672: 01: SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption) Thu 2020-04-02 07:20:14.672: 01: SSL certificate is valid (matches hotmail-com.olc.protection.outlook.com and is signed by recognized CA) Thu 2020-04-02 07:20:14.672: 03: --> EHLO mail.leverland.nl
Thu 2020-04-02 07:20:15.041: 02: <-- 250-DM6NAM11FT013.mail.protection.outlook.com Hello [80.69.83.50] Thu 2020-04-02 07:20:15.041: 02: <-- 250-SIZE 49283072 Thu 2020-04-02 07:20:15.041: 02: <-- 250-PIPELINING Thu 2020-04-02 07:20:15.041: 02: <-- 250-DSN Thu 2020-04-02 07:20:15.041: 02: <-- 250-ENHANCEDSTATUSCODES Thu 2020-04-02 07:20:15.041: 02: <-- 250-8BITMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-BINARYMIME Thu 2020-04-02 07:20:15.041: 02: <-- 250-CHUNKING Thu 2020-04-02 07:20:15.041: 02: <-- 250 SMTPUTF8 Thu 2020-04-02 07:20:15.041: 03: --> MAIL From:<test@hollywood.leverland.net> SIZE=10837
Thu 2020-04-02 07:20:15.350: 02: <-- 250 2.1.0 Sender OK Thu 2020-04-02 07:20:15.350: 03: --> RCPT To:<angel61188@hotmail.com>
Thu 2020-04-02 07:20:15.690

View/reply at Mail to unknown users gets accepted and sends spam.

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------
 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------



  (newer msg:1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


 Content:

Read New | Search

 Guest:

Email to Admin

You are visiting as a Guest user.