I am looking for suggestions on settings to check/change and/or additional software I should install to prevent the following:
The password for 2-3 accounts on one of our servers appear to have been compromised. Our server currently requires SMTP authentication for sending email. We're getting a lot of bounce/rejection emails from the server. The IP sending the emails through our server is in Russia (we are in the US).
We have changed the passwords. We're now looking for additional steps to take to prevent our server from making delivery attempts when
- the FROM address so very clearly does not match any valid address or domain on our server
- the FROM address does not match the email/username the user has authenticated with
Here is the email:
The password for 2-3 accounts on one of our servers appear to have been compromised. Our server currently requires SMTP authentication for sending email. We're getting a lot of bounce/rejection emails from the server. The IP sending the emails through our server is in Russia (we are in the US).
We have changed the passwords. We're now looking for additional steps to take to prevent our server from making delivery attempts when
- the FROM address so very clearly does not match any valid address or domain on our server
- the FROM address does not match the email/username the user has authenticated with
Here is the email:
Code:
Return-path: <VALID_SERVER_EMAIL_ADDRESS_HERE>
Received: from [195.206.xx.xx] (port=49759 helo=VALID_SERVER_HOSTNAME_HERE)
by host1.mycompany.com with esmtpa (Exim 4.80.1)
(envelope-from <VALID_SERVER_EMAIL_ADDRESS_HERE>)
id 1WNtQa-0005Gx-Ca; Wed, 12 Mar 2014 20:23:17 -0400
From: "someone" <[email protected]>
To: "someone else" <[email protected]>,
"someone else too" <[email protected]>
Subject: Someone
Date: Wed, 13 Mar 2014 01:23:15 +0100
MIME-Version: 1.0
X-mailer: Microsoft Office Outlook, Build 11.0.5510
Reply-To: [email protected]
Content-type: multipart/alternative;
boundary="----=_NextPart_000_17FE_291D38A0.593B4452"
This is a multi-part message in MIME format.
------=_NextPart_000_17FE_291D38A0.593B4452
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
http://domain.com/qhafjun/lanejbx.gicp
------=_NextPart_000_17FE_291D38A0.593B4452
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF<html><head><meta http-equiv=3D"content-type" content: text/html;=
charset=
=3DUTF-8></head><body>http://domain,.com/qhafjun/lanejbx.gicp</body></html>
------=_NextPart_000_17FE_291D38A0.593B4452--
