Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: power mac
power mac Author
User level: Level 2
165 points

Strange Email

Hello Guys



I am using Mac Os 10.6.8 Mini server with mail hosting. one of my user in Open Directory received strange email from another email address which is ending from my domain.😕


for example : validuser@mydomain.com is user inside the Active directory on my server , but validuser@mydomain.com recieved another email from XXXX@mydomain.com which this user is not even in the AD, so i checked the mail header from mail application and i found out that email originally comes from different ip "194.27.11.158", does this means my email server hacked ? How to resolve this type of issues ?



What i did so far, I go to server admin --> mail Settings ---> relay -- > under the refuse settings, add the ip address. So i assuming that email will not bother me again from that ip address. but i would like to have permanent solution for this .


Thanks for your time. any help appreciated.


HA

Posted on Sep 11, 2013 3:43 AM

Reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,577 points

Posted on Sep 11, 2013 8:53 AM

Post the output from the Terminal.app command postconf -n and somebody here can have a look at the current configuration. Alternatively, here is a discussion of some tools that can be used to detect an open relay.


Yes, you might be an open relay, and that would be bad. Or you might have a weak password, and the senders are using that to spam you. A compromised client is also possible.


Or somebody just set a bogus return address to match one of yours, and spammed your user. Folks do that. That would require no compromises, after all.


To determine where and how the mail message arrived, you'll need to look at the SMTP (and possibly POP or IMAP) logs. Console.app is good at that, as Server Admin.app doesn't have very much data available in its log view.


Blocking an IP address won't even slow the folks down, FWIW.


FWIW, "mydomain.com" is a real and registered domain, though I'll assume you were using that to obfuscate your domain; that you're not the registered owner of that domain. If you were obfuscating, please use example.com, example.org or example.net for that purpose. Those three are reserved for this sort of usage.

View in context
2 replies
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,577 points

Sep 11, 2013 8:53 AM in response to power mac

Post the output from the Terminal.app command postconf -n and somebody here can have a look at the current configuration. Alternatively, here is a discussion of some tools that can be used to detect an open relay.


Yes, you might be an open relay, and that would be bad. Or you might have a weak password, and the senders are using that to spam you. A compromised client is also possible.


Or somebody just set a bogus return address to match one of yours, and spammed your user. Folks do that. That would require no compromises, after all.


To determine where and how the mail message arrived, you'll need to look at the SMTP (and possibly POP or IMAP) logs. Console.app is good at that, as Server Admin.app doesn't have very much data available in its log view.


Blocking an IP address won't even slow the folks down, FWIW.


FWIW, "mydomain.com" is a real and registered domain, though I'll assume you were using that to obfuscate your domain; that you're not the registered owner of that domain. If you were obfuscating, please use example.com, example.org or example.net for that purpose. Those three are reserved for this sort of usage.

Reply

Strange Email

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up