Looking for Advice to Prevent Server from Sending Email with FROM Not Matching Valid Email on Server

Zbx3x4UyxPy7Ty2

Registered
Feb 24, 2014
4
0
1
cPanel Access Level
Root Administrator
I am looking for suggestions on settings to check/change and/or additional software I should install to prevent the following:

The password for 2-3 accounts on one of our servers appear to have been compromised. Our server currently requires SMTP authentication for sending email. We're getting a lot of bounce/rejection emails from the server. The IP sending the emails through our server is in Russia (we are in the US).

We have changed the passwords. We're now looking for additional steps to take to prevent our server from making delivery attempts when

- the FROM address so very clearly does not match any valid address or domain on our server
- the FROM address does not match the email/username the user has authenticated with

Here is the email:

Code:
Return-path: <VALID_SERVER_EMAIL_ADDRESS_HERE>
Received: from [195.206.xx.xx] (port=49759 helo=VALID_SERVER_HOSTNAME_HERE)
	by host1.mycompany.com with esmtpa (Exim 4.80.1)
	(envelope-from <VALID_SERVER_EMAIL_ADDRESS_HERE>)
	id 1WNtQa-0005Gx-Ca; Wed, 12 Mar 2014 20:23:17 -0400
From: "someone" <[email protected]>
To: "someone else" <[email protected]>,
 "someone else too" <[email protected]>
Subject: Someone
Date: Wed, 13 Mar 2014 01:23:15 +0100
MIME-Version: 1.0
X-mailer: Microsoft Office Outlook, Build 11.0.5510
Reply-To: [email protected]
Content-type: multipart/alternative;
 boundary="----=_NextPart_000_17FE_291D38A0.593B4452"
 
This is a multi-part message in MIME format.
 
------=_NextPart_000_17FE_291D38A0.593B4452
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
 
http://domain.com/qhafjun/lanejbx.gicp
 
------=_NextPart_000_17FE_291D38A0.593B4452
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
 
=EF=BB=BF<html><head><meta http-equiv=3D"content-type" content: text/html;=
 charset=
=3DUTF-8></head><body>http://domain,.com/qhafjun/lanejbx.gicp</body></html>
------=_NextPart_000_17FE_291D38A0.593B4452--
 

LostNerd

Well-Known Member
Mar 12, 2014
258
12
18
Hastings, East Sussex, UK
cPanel Access Level
Root Administrator
Twitter
Re: Looking for Advice to Prevent Server from Sending Email with FROM Not Matching Valid Email on Se

There's a little tool on the net I use... MXToolbox.com. Type any of your domains in there and it will run tests on the server to see if your mailserver is currently an open relay or any other issues that may be present. ->