Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email spoof

Discussion in 'E-mail Discussion' started by headout, Apr 28, 2010.

  1. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Hi,

    This is part of an emailheader. The auth_id doesn't match, and probably spoofed. The spammer used this auth_id as part of a spamrun.

    The exim logs show us this:
    I'm trying to figure out why this happened. Could this be a user (-auth_id leo@vanzantvoort.nl = an existing account) who's exploited with a trojan, password hijacked or so?
     
  2. thewebhostingdi

    thewebhostingdi Well-Known Member

    Joined:
    Jan 10, 2008
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    66
    According to the error logs the authentication email address leo@vanzantvoort.nl is being used to send spam emails. It seems that the this email address account password was compromised. You will have to reset the password of this email account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Offcourse, we already did. But more important: how to prevent this from happening again? Customers are the weakest part in securing your boxes. That's why we use FTPS instead of FTP, but how about email authentication?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice