Yes this is very common now, the hackers use phising and straight
guessing to get accounts and then send spam.
Some settings you may find useful are listed here, we've tried to add a
lot of tools to make it possible to protect yourself and to get a warning when
it happens.
Be aware some measures will occasionally cause your own users confusion
so you have to balance how much protection you want with how much your users
can cope with :-)
ChrisP.
just got a call from a customer. he's getting a huge number of
non-delivery notices for emails he did not send.
none of the 'to' addresses are in his address book so it's not a trojan
or virus on his workstation.
i looked at a few of the returned messages and they all look like this:
X-Default-Received-SPF: pass (skip=loggedin (res=PASS))
x-ip-name=77.222.42.120; THIS IP IS DIFFERENT ON EACH MSG
Date: Thu, 28 Jun 2012 21:30:40 +0300
From: Paul DeLay <HIDDEN@r@onebrainmarketing.com> THE NAME IS
DIFFERENT ON EACH MSG
Organization: mbpdsy
X-Priority: 3 (Normal)
Message-ID: <744914006HIDDEN@28213040@onebrainmarketing.com>
To:HIDDEN@baker884.fsnet.co.uk
Subject: Look at Pic No. 776
MIME-Version: 1.0
Content-Type: text/plain; charset=us-asciislplavsic
Content-Transfer-Encoding: 8bit
X-Authenticated-User:HIDDEN@r@onebrainmarketing.com
then there's some nasty text.
i had him change his password immediately.
looking at the outbound queue, there are still a few message from him
awaiting delivery. they all have different 'from' ip addresses. i've deleted
them.
since we're very strict about requiring authentication for smtp, the
only thing i can think of is that his password was guessed.
anyone have any ideas as to how this can be prevented - other than
strong passwords?
david camm
advanced web systems
keller, tx
