Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Flooded with spam in the last 24 hours
  •  
McIrish

Messages: 225
Karma: 8
Send a private message to this user
Are any of you being flooded with spam recently? All the spam has a subject of "Mail Delivery Subsystem". They sort of appear to be non-delivery reports but I know for sure we are not an open relay. This is happening to a handful of users in the domain. We have the latest Kerio Connect and we are running the new anti-spam module from BitDefender.

Anyone got any ideas? We are getting hundreds per hour.
  •  
Pavel Dobry (Kerio)

Messages: 5141
Karma: 241
Send a private message to this user
Maybe these messages are real DSN reports and someone is spoofing your email domain addresses in emails. Make sure you're using SPF so other servers can drop emails with spoofed sender email address of your domain.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
McIrish

Messages: 225
Karma: 8
Send a private message to this user
Thanks Pavel,
We are using SPF. I also have the SPF filter set to add 2 to the spam score.
I just had the users who are having this problem change their domain password. One person said it helped and another said it didn't fix the problem. So, I'm still trying to figure out what is happening.
  •  
lodewijk

Messages: 87
Karma: 1
Send a private message to this user
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
Can you post the full header and content of such a message? That would help to analyse the problem.

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
McIrish

Messages: 225
Karma: 8
Send a private message to this user
Unfortunately, I can't post any headers. I had setup a public folder for the effected users to copy the NDRs to. I used that yesterday to determine what was going on. Somehow, that public folder is empty now, which seems to be an issue all on its own. hmmmm
I had the users change passwords and I cleared the mail queue and cleared our server from being blacklisted. So far, no more problems. I'm still not quite sure how these particular users had their email user name and password stolen. The only common denominator between all those users was that they all have an iPhone and installed a recent IOS update. I wonder if after that update the next connection to the mail server was not secure and a hacker grabbed them by monitoring traffic at our public address. It's all speculation at this point. At least I got the problem to stop. It does worry me that this could happen.
Previous Topic: value of FDB files?
Next Topic: kmsrecover complete domain
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 04 17:17:16 CET 2016

Total time taken to generate the page: 0.00946 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.