Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » unknown sender (Email at 127.0.0.1)
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
hello guys,

need your help. I think my Kerio box is compromise.

The message que From only shows "<>" and Sender IP is 127.0.0.1

Authenticated Sender is blank.

so it's coming from the host server itself.


i change the admin password already but still the same.

any other ideas how to solve the issue?


Kerio is 8.2.4

Thanks for your help.

[Updated on: Thu, 19 February 2015 14:59]

  •  
Radek Sip (Kerio)

Messages: 1319
Karma: 48
Send a private message to this user
see this article: http://kb.kerio.com/1116

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
Hi Radek,

Thank you for your reply.

The Authenticated sender is blank, and the From only shows <> is there some way to point out which user password has been compromised?

Thanks.

[Updated on: Thu, 19 February 2015 23:26]

  •  
Radek Sip (Kerio)

Messages: 1319
Karma: 48
Send a private message to this user
If the authenticated sender is blank, it seems sending of messages are allowed by whitelisted IP (typically local network), and no authentication is required.

For more, see "SMTP Server" -> "Relay Control" in the web administration.

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Pavel Dobry (Kerio)

Messages: 5223
Karma: 251
Send a private message to this user
Or it is very likely a DSN report.
  •  
clan

Messages: 224
Karma: 21
Send a private message to this user
An empty From address is normal for delivery status notifications, so the mail log may have some more information. Can you post a log entry for the message?
Also, if the message is still in the message queue you can check the contents to verify the kind of message.

Edit: I may have mixed up the return path and From for the DSN (have to check that again), but checking the logs and, if possible contents, of the message in question should still help.

[Updated on: Mon, 23 February 2015 09:42]

  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
Pavel Dobry (Kerio) wrote on Mon, 23 February 2015 16:30
Or it is very likely a DSN report.


Hi Pavel, thank you so much for your reply.

How do i turn off the DSN report? Or anyway to disable it?

Thanks.
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
hello guys, don't know what is happening got this strange activity at message queue:


From
email<_at_>emailidontknow.com

To
email<_at_>oursistercompany.com

DNS lookup failed

Authenticated Sender
Blank - nothing here

Sender IP
Public IP which I don't know

The FROM is not any of my user, the SENDER IP is a public IP but not our IP.

Authenticated Sender is just blank.

any help? Thanks.
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
just for update guys, i had checked the logs the DSN is causing this:

From only shows "<>" and Sender IP is 127.0.0.1

But logs on Message Que GUI on Kerio Administration is just quite hard to interpret.

Viewing the logs from Linux command line explains everything.

Anyway, thank you guys for your help.
Previous Topic: Missing Sent Mail Items?
Next Topic: Resources not working with CalDAV across domains
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Apr 26 23:24:11 CEST 2017

Total time taken to generate the page: 0.01348 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.