On 5/4/2014 11:36 PM, Chandran Manikandan wrote:
Dear All,
I have received such emails like below as generated from my domain and
send to my domain. How to avoid this kind of emails. It's generated
from my domain name but it's does not have this email account in my
domain.
*
*
*From:*panasiagroup....@panasiagroup.net
<mailto:panasiagroup....@panasiagroup.net>
[mailto:panasiagroup....@panasiagroup.net]
*Sent:* Friday, 2 May, 2014 3:54 PM
*Subject:* Financial Management ICV Information Session
--
*Thanks,*
*Manikandan.C*
*System Administrator*
OK, two possibilities here:
a) the emails are coming from an external server (see log files or the
message header) -- in which case, implementing SPF would seem to be
sufficient to repair; or
b) the emails are coming from an internal source (in which case, SPF
will not help). How could they be coming from inside your server?
Once a user is authenticated to the SMTP server (qmail-smtp or
spamdyke), the system will take messages from virtually ANY user address
-- including addresses that are not local and/or are not valid.
User A connects on port 587, authenticates as us...@domain.com
User A delivers a message with a FROM label of: presid...@usa.gov
(or some other bullshit address) and TO labels for 100 of your
nearest and closest friends
QMail queues them up and sends them -- even though usa.gov might not
even exist, much less be serviced by your server
While initially this may be seen as a flaw, Eric has correctly pointed
out that this "feature" also helps QMT function as a smart-host.
Look in your SMTP/Submission logs for instances where the login
name/domain don't match the FROM address...
Dan McAllister
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
