Hi, Someone is faking smtp authentication on our server and sending out emails. This is from header of one of such emails - --------------- Received: from 178.89.32.193 (account <[email protected]> HELO domain.com) by domain.com (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 086072675 for <[email protected]>; Fri, 7 Oct 2011 16:35:15 +0600 (our actual domain name substituted by domain.com) --------------- Even the maillog shows [email protected] as authenticated but there is no such user as [email protected] in our user list. I checked main.cf, it seems normal. Any clues on how this is happening. I need to block it immediately before our domain gets marked for spamming. Thanks in advance for helping. Regards Gorav
Is domain.com hosted on your server? I think someone is sending to that domain as [email protected]. If that is the case and your server doesn't send the maail to another SMTP server, this should be no problem spam-wise.
