The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email spoof

Discussion in 'E-mail Discussions' started by headout, Apr 28, 2010.

  1. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    This is part of an emailheader. The auth_id doesn't match, and probably spoofed. The spammer used this auth_id as part of a spamrun.

    The exim logs show us this:
    I'm trying to figure out why this happened. Could this be a user (-auth_id leo@vanzantvoort.nl = an existing account) who's exploited with a trojan, password hijacked or so?
     
  2. thewebhostingdi

    thewebhostingdi Well-Known Member

    Joined:
    Jan 10, 2008
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    According to the error logs the authentication email address leo@vanzantvoort.nl is being used to send spam emails. It seems that the this email address account password was compromised. You will have to reset the password of this email account.
     
  3. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Offcourse, we already did. But more important: how to prevent this from happening again? Customers are the weakest part in securing your boxes. That's why we use FTPS instead of FTP, but how about email authentication?
     
Loading...

Share This Page