Finding out which authenticated account to blame on spam
Posted: Sat Jan 05, 2019 11:55 pm
The stupidest thing someone can do on a server happened to me.
A person responsible for the email accounts of a specific domain created an email like this:
email: [email protected]
pass: admin
So guess what....... the server was used for spamming by someone that got the credentials by guessing. The spammer was authenticating with this account, but sending email on behalf of [email protected], which is a domain that does not belong to this server.
So now I have 2 questions.
1) Can we force an authenticated user to only send emails from the authenticated email?
2) Is there a way to get the top 50 senders from this server by authenticated account of the las 24 hours? In this way, you can have the list and know which user is sending tons of email.
Eximstats and isoqlog did not help much on this as they were reporting tons from [email protected] not giving me any reference to [email protected].
Thanks
A person responsible for the email accounts of a specific domain created an email like this:
email: [email protected]
pass: admin
So guess what....... the server was used for spamming by someone that got the credentials by guessing. The spammer was authenticating with this account, but sending email on behalf of [email protected], which is a domain that does not belong to this server.
So now I have 2 questions.
1) Can we force an authenticated user to only send emails from the authenticated email?
2) Is there a way to get the top 50 senders from this server by authenticated account of the las 24 hours? In this way, you can have the list and know which user is sending tons of email.
Eximstats and isoqlog did not help much on this as they were reporting tons from [email protected] not giving me any reference to [email protected].
Thanks