Facebook
Twitter
Hello.
I am posting this question. Someone else might have experienced this before. I am having Linux Dedicated Server with Plesk 12.5.30 Web Host Edition. Since yesterday i have noticed that someone is trying to send virus infected e-mails / scripts to my hosted mailbox user but all those have been identified and quarantined by Dr-Web Antivirus which is running on my Server.
But the issue is this that the sender e-mail address seems like a spoof as the address is not existed on my Server for the domain name it is trying to send e-mails. I am pasting one header below for your review as i might get a solution on how to trace and identify the culprit script or compromised account hosted on my Server.
=================================================================
Received-SPF: neutral (xxxxxx.xxxxxxxxxxxxxxx.com: 106.215.190.134 is neither permitted nor denied by domain of xxxxxxxxx.biz) client-ip=106.215.190.134; [email protected]; helo=[106.215.130.217];
Content-Type: multipart/mixed; boundary=Apple-Mail-A2D26C79-C439-689E-D8EA-4480477881E1
Content-Transfer-Encoding: 7bit
From: jamar ashley <[email protected]>
Mime-Version: 1.0 (1.0)
Date: Wed, 23 Nov 2016 17:36:02 +0530
Subject: Bill-0217
Message-Id: <[email protected]>
To: [email protected]
X-Mailer: iPhone Mail (13C75)
X-Identified-User: {0000:xxxxxxxxxx.biz:local:local} {sentby
elivered locally}
================================================================
Please do note that [email protected] is not a valid e-mail address as this is a spoofed e-mail address. I have also configured SPF record for this domain name correctly as written below.
v=spf1 +a +mx ip4:158.xxx.xxx.xxx include:spf.xxxxxxxxxx.biz -all
Awaiting for help on this particular matter.
Regards,
Naeem
I am posting this question. Someone else might have experienced this before. I am having Linux Dedicated Server with Plesk 12.5.30 Web Host Edition. Since yesterday i have noticed that someone is trying to send virus infected e-mails / scripts to my hosted mailbox user but all those have been identified and quarantined by Dr-Web Antivirus which is running on my Server.
But the issue is this that the sender e-mail address seems like a spoof as the address is not existed on my Server for the domain name it is trying to send e-mails. I am pasting one header below for your review as i might get a solution on how to trace and identify the culprit script or compromised account hosted on my Server.
=================================================================
Received-SPF: neutral (xxxxxx.xxxxxxxxxxxxxxx.com: 106.215.190.134 is neither permitted nor denied by domain of xxxxxxxxx.biz) client-ip=106.215.190.134; [email protected]; helo=[106.215.130.217];
Content-Type: multipart/mixed; boundary=Apple-Mail-A2D26C79-C439-689E-D8EA-4480477881E1
Content-Transfer-Encoding: 7bit
From: jamar ashley <[email protected]>
Mime-Version: 1.0 (1.0)
Date: Wed, 23 Nov 2016 17:36:02 +0530
Subject: Bill-0217
Message-Id: <[email protected]>
To: [email protected]
X-Mailer: iPhone Mail (13C75)
X-Identified-User: {0000:xxxxxxxxxx.biz:local:local} {sentby
elivered locally}================================================================
Please do note that [email protected] is not a valid e-mail address as this is a spoofed e-mail address. I have also configured SPF record for this domain name correctly as written below.
v=spf1 +a +mx ip4:158.xxx.xxx.xxx include:spf.xxxxxxxxxx.biz -all
Awaiting for help on this particular matter.
Regards,
Naeem
