Home » Kerio User Forums » Kerio Connect » Help - server getting hammered
  •  
TimothyPaul

Messages: 8
Karma: 0
Send a private message to this user
Hi Folks - wondering if anyone can give me insight. Since my upgrade to 9.2.7 my server has been getting hammered with spam. It looks like they are authenticating using one of my aliases. I tried updating to the latest release, and that did not help.

I need the alias - it's an old email account that I forward to my new Kerio account.

I have looked through the log files but can't see where this is coming from.

Any thoughts?

THanks....Tim
  •  
j.a.duke

Messages: 186
Karma: 14
Send a private message to this user
TimothyPaul wrote on Fri, 05 October 2018 13:59
Hi Folks - wondering if anyone can give me insight. Since my upgrade to 9.2.7 my server has been getting hammered with spam. It looks like they are authenticating using one of my aliases. I tried updating to the latest release, and that did not help.

I need the alias - it's an old email account that I forward to my new Kerio account.

I have looked through the log files but can't see where this is coming from.

Any thoughts?

THanks....Tim


Tim,

Is this an alias of your current account or another full account that is set to forward to your current account?

If it's really an alias, then they shouldn't be able to authenticate with it, as only the primary account, at least in my experience, can be used for that.

As for nuking some of the spam, are you using any blacklists or the built-in spam filters (including Kerio Anti-Spam and SpamAssassin)?

Cheers,
Jon
  •  
TimothyPaul

Messages: 8
Karma: 0
Send a private message to this user
Hi Jon,

It is a full account on an old domain. I just needed it to forward to my new email. It is the tim@americasgate.com that is an alias being forwarded to my regular account on the server - tim<_at_>havilah.media

[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <ninjidebbie@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <patricia.legere@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <petra.sudbrack@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <poshpetgroomer@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
[11/Oct/2018 10:14:42] Recv: Queue-ID: 5bbf5ace-000022ef, Service: SMTP, From: <tim@americasgate.com>, To: <prescottmarilyn@gmail.com>, Size: 3862, Sender-Host: 61-228-24-38.dynamic-ip.hinet.net, User: tim<_at_>havilah.media, Subject: Re:
  •  
Maerad

Messages: 217
Karma: 38
Send a private message to this user
So if I get this right - your old mail address forwards all mails to your new mail address. Right?

In this case Kerio can't detect it as spam, because it's send in the name of your old mail account and not server/person actually sending the spam. So you basically bypass the anti spam system.

For this to work there are two ideas coming to mind.

1. I guess it's a private sytem without access to the server itself as admin. In this case, set up a "pop download" account in Kerio (admin > delivery), put in your mailbox account data to the old account and let kerio dl the mailbox like outlook. This way, Kerio will see the spam with the right sender and delete it.

2. If you host the server, you could set it out as an smtp relay and the kerio server get's the mails like the spammer would send them directly.


  •  
TimothyPaul

Messages: 8
Karma: 0
Send a private message to this user
Hmm - I am not so much concerned with the spam, more that someone is able to log into the server with the email alias and use my server as a spam relay. I am not getting the spam - its going out to a zillions of weird random email addresses.

TP
  •  
freakinvibe

Messages: 493
Karma: 72
Send a private message to this user
The problem is this snipped from the log:

Quote:
User: tim<_at_>havilah.media


Someone is logging in with the user name tim<_at_>havilah.media and sends these emails. He or she is connecting from this ISP: 61-228-24-38.dynamic-ip.hinet.net

If that is not you, someone has got your password and is using it to send Spam. Change the password of the user tim<_at_>havilah.media and the Spam should stop.

[Updated on: Mon, 15 October 2018 15:51]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: autoreply, User: Global deliver rule
Next Topic: KoffRtfWrapper.exe 99%CPU on RDS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Dec 13 12:10:39 CET 2018

Total time taken to generate the page: 0.79929 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.