Producing Undelivered mail messages

Producing Undelivered mail messages

Postby skeating » Tue Oct 18, 2016 6:25 pm

I have an account on my Ability mail server which has started sending out messages that are not being delivered. The person who the account is setup for says he is not sending them. I setup a second account for the individual, with a different password, but are getting the same undelivered messages. He is the only one on the server having this problem. I have scanned for viruses and root kits, but found nothing. I have changed the admin password on the server. I noticed on one of the other posted questions you said to empty the outmail box on the hard drive. Where do I go to do this? Is there anything else I could do to stop this?
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Producing Undelivered mail messages

Postby Code Crafters » Wed Oct 19, 2016 9:11 am

Check your outmail logs to see if the emails are even being sent from your Ability Mail Server. If the emails are not in the outgoing mail logs then these emails are probably just spoofed addresses sent from another IP than your Ability Mail Server. To combat this, you should have an SPF record set up for every domain that you host. This tells other email servers which IPs are allowed to send from that domain. The simplest SPF example is limited to just your domain's MX records like so:

v=spf1 mx ~all

However, if the emails are coming from your Ability Mail Server then the account may be compromised. If changing the password doesn't stop the emails being sent. Make sure you don't have any SMTP Relaying Safe IPs or similar that are getting relaying access without SMTP authentication and scan the user's PC for any viruses that may be stealing account passwords from the machine.

You can clear the outgoing mail queue from the dialog admin interface or by manually deleting all files in the "config\outmail" folder of your installation.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Producing Undelivered mail messages

Postby skeating » Thu Oct 20, 2016 2:32 pm

Thanks for the information. I closed the account and moved the person to another account. If there is a process running on the server that would be sending out email, what could it's possible name be, that I would look for? Also, the log you referred to, is the one for the individual account?
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Producing Undelivered mail messages

Postby Code Crafters » Fri Oct 21, 2016 9:11 am

Check the config\logs folder for smtp and outmail logs to track the activity; these are server logs not individual account logs. SMTP logs are for incoming traffic into Ability Mail Server and Outgoing Mail logs will show any emails that have relaying access to be sent out of Ability Mail Server.

Software can be called anything which is why checking the logs for IPs used etc. and using an antivirus on the client and Ability Mail Server machines to check for any viruses may help. Make sure no background antivirus processes are doing any mail scanning on the Ability Mail Server machine as these are meant for client traffic and will often slow down or mess up communication to a server.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Producing Undelivered mail messages

Postby skeating » Mon Oct 24, 2016 11:33 am

One additional question, is it possible that there is a setting in the Ability mail server that would allow relaying? If so where would that be?
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Producing Undelivered mail messages

Postby Code Crafters » Tue Oct 25, 2016 9:25 am

Normally, SMTP authentication should be the only mechanism for getting relay access via SMTP. However, there are options for POP before SMTP and SMTP Relaying Safe IPs in the SMTP settings so make sure you haven't enabled any of these that may be allowing people relaying access when they don't have any login credentials.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Producing Undelivered mail messages

Postby skeating » Tue Oct 25, 2016 1:00 pm

So if I unchecked Enable Safe IPs, this will only affect relaying? It will not have an effect on the normal operation of the Ability server? Also, what does the Allow Locally Assigned IP's do for the Safe IP's area.
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Producing Undelivered mail messages

Postby Code Crafters » Wed Oct 26, 2016 9:45 am

Yes, Enable Safe IPs on the Relaying Access tab of the SMTP settings only affects relaying access and nothing else. We don't recommend using Relaying Safe IPs unless you have something like a website sending emails via a script that is unable to log in via SMTP authentication in which case you may have no choice but to allow any emails from that IP address relaying access. However, any Relaying Safe IP entries will allow any relaying from that IP without SMTP authentication so obviously this is a security risk unless you are certain nothing from that IP can abuse this. Allow Locally Assigned IPs lets mail be relayed from the Ability Mail Server machine itself but still best avoided unless again there is a website running an email sending script on that machine or similar. Any virus that could get in could abuse this. Best to rely on proper SMTP authentication.

We are hoping to add password credential limitations (e.g. require Uppercase, Lowercase, Number, Special Character) in the future too to improve the security of user passwords on Ability Mail Server.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Producing Undelivered mail messages

Postby skeating » Thu Oct 27, 2016 1:58 pm

Thanks for the information :D
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm


Return to General

Who is online

Users browsing this forum: No registered users and 20 guests

cron