Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » User Account HiJacked (A user appears to be sending out SPAM)
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
Using Kerio Connect v8.8.2.

I've had cases in the past when it appears that one of our users is sending out SPAM, even when they are not at work. We allow SMTP forwarding but require user authentication It has turned out that the email account password must have been acquired by an external spammer who was using our mailserver as a relay. We fixed this by changing the email account password.

I've got what appears to be the same problem but changing the password on the account has not stopped the problem. Any thoughts what might be going on?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
What operating system you use? What kind of authentication? Do you use password policy?
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
Kerio Connect is running on Windows 2003 SP2. We are using Kerio's internal database for username and password. We are using a password generated by Kerio so it meets the complexity requirement.
  •  
topherhulett

Messages: 4
Karma: 0
Send a private message to this user
Just to clarify - the user is not on your LAN, or another IP group which you are allowing relaying? Are you sure they're using Kerio for SMTP (do you see the spam in your debug log if you enable SMTP logging)?

[Updated on: Wed, 12 March 2014 19:02]

  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
This user happened to be off work yesterday and not using their email account and yet 15 or so emails were sitting in the mail queue. All these emails had the status "4.4.1 Cannot connect to remote host". The emails have odd "To" email addresses like "support@othesof.asia" or "postmaster<_at_>ombicrew.asia". I believe these are simply SPAMs to bad email addresses. How many SPAMs may have gone through successfully is not clear.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Are you sure these were spams sent through authenticated account? It looks like responses (eg. Out of office) to spam messages delivered to the user.
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
I did some more checking and you are right. I was able to locate the main queue directory that held the emails and was able to open the .eml files and yes they were out of office messages. DUH!

I got all worked up about the system operating normally.

Thanks.
Previous Topic: Mailstorage (hardware) for Apple, OSX?
Next Topic: Emails starting to bounce back
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Aug 20 03:58:06 CEST 2017

Total time taken to generate the page: 0.00467 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.