I am trying to figure out why is a blackmailer able to send message from a local account to the same account without authenticating?
I am using MailEnable Pro 10.29 and I have a ton of failed logins from random IP addresses with valid usernames.
However there have been several blackmail messages "You have outstanding debt." that have bypassed the AUTH.
Here is the SMTP Log with the abuser IP 189.113.177.2:
Code: Select all
01/22/23 22:32:22 SMTP-IN 68C9BA3AC1C54C29B5537D36073D62A6.MAI 616 189.113.177.2 220 mail.my_domain.com ESMTP MailEnable Service, Version: 10.29-10.29- ready at 01/22/23 22:32:22 104 0
01/22/23 22:32:23 SMTP-IN 68C9BA3AC1C54C29B5537D36073D62A6.MAI 616 189.113.177.2 EHLO EHLO 189-113-177-2.gruponct.net.br 250-my_domain.com [189.113.177.2], this server offers 3 extensions 213 36
01/22/23 22:32:23 SMTP-IN 68C9BA3AC1C54C29B5537D36073D62A6.MAI 616 189.113.177.2 MAIL MAIL From:<valid_user@my_domain.com> 250 Requested mail action okay, completed 43 49
01/22/23 22:32:24 SMTP-IN 68C9BA3AC1C54C29B5537D36073D62A6.MAI 616 189.113.177.2 RCPT RCPT To:<valid_user@my_domain.com> 250 Requested mail action okay, completed 43 47
01/22/23 22:32:26 SMTP-IN 68C9BA3AC1C54C29B5537D36073D62A6.MAI 616 189.113.177.2 DATA DATA 354 Start mail input; end with <CRLF>.<CRLF> 46 6
01/22/23 22:32:31 SMTP-IN F69E427F168040DAA8A0E6BC401DF52F.MAI 616 189.113.177.2 QUIT QUIT 221 Service closing transmission channel 42 6