tim874536
Verified User
- Joined
- Nov 24, 2006
- Messages
- 73
Hi all,
These few months, lot of client report that there are a lot of scam email saying their email account has been hacked and looking for bitcoin payment.
Those email header said it sent by client email (e.g. [email protected]) and sent to client email as well.
It is strange that email server does not block these kind of fake sender email.
We also tested all of our servers by using the following command, the email get passed and sent to user account.
Is it any setting that we can fix this issue? (anyone from anywhere can send spam email to any customer email box)
This is our server versions.
Thank you very much.
These few months, lot of client report that there are a lot of scam email saying their email account has been hacked and looking for bitcoin payment.
Those email header said it sent by client email (e.g. [email protected]) and sent to client email as well.
It is strange that email server does not block these kind of fake sender email.
We also tested all of our servers by using the following command, the email get passed and sent to user account.
Is it any setting that we can fix this issue? (anyone from anywhere can send spam email to any customer email box)
Code:
telnet mail.company.com 25
Trying mail.company.com...
Connected to mail.company.com.
Escape character is '^]'.
220 mail.company.com ESMTP Exim 4.92 Tue, 23 Apr 2019 23:54:02 +0800
ehlo mail.company.com
250-mail.company.com Hello
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: <[email protected]>
250 OK
rcpt to: <[email protected]>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <[email protected]>
To: <[email protected]>
Date: 23 Apr 2019 23:35:50 +0800
Subject: Security Alert. Your accounts was compromised. You need change password!
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
Hello!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy
(you know what I mean).
.
250 OK id=1hIxkU-003su7-M2
quit
This is our server versions.
Code:
Installed version of DirectAdmin: 1.55.0
Installed version of dovecot: 2.3.3
Installed version of dovecot.conf: 0.3
Installed version of Exim: 4.92
Installed version of exim.conf: 4.5.12
Installed version of BlockCracking: 1.10
Installed version of Easy Spam Fighter: 1.24
Installed version of SpamAssassin: 3.4.2
Installed version of ClamAV: 0.100.2
Installed version of PHP 5.3: 5.3.29
Installed version of RoundCube webmail: 1.0.3
Thank you very much.