Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Email Spoofing Issue

Email Spoofing Issue

Scheduled Pinned Locked Moved Unsolved Support
12 Posts 4 Posters 82 Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W Offline
    W Offline
    webliska
    wrote last edited by
    #1

    Hello,

    I'm frequently facing an issue of email spoofing, basically someone spammer or hacker, gets into any of my users' email accounts and starts sending bulk emails to users.

    I'm not sure how this is getting into even though I changed the password of the email account; still, the spammer gets into the account and sends spam to users.

    Is there any way to find out what's causing this infiltration and how the spammer is getting into the system?

    Please let me know and guide me on this.

    Thanks!

    jdaviescoatesJ 1 Reply Last reply
    0
    • W webliska

      Hello,

      I'm frequently facing an issue of email spoofing, basically someone spammer or hacker, gets into any of my users' email accounts and starts sending bulk emails to users.

      I'm not sure how this is getting into even though I changed the password of the email account; still, the spammer gets into the account and sends spam to users.

      Is there any way to find out what's causing this infiltration and how the spammer is getting into the system?

      Please let me know and guide me on this.

      Thanks!

      jdaviescoatesJ Offline
      jdaviescoatesJ Offline
      jdaviescoates
      wrote last edited by
      #2

      @webliska ah you sure they are really coming from the users email and don't just look like they are? Can you share an example of the actual email header code? can you see these emails actually getting sent by your server in the email log?

      I use Cloudron with Gandi & Hetzner

      1 Reply Last reply
      0
      • W Offline
        W Offline
        webliska
        wrote last edited by
        #3

        I'm not sure from where these emails are going.. for the time being I need to deactivate the email account to stop the SPAM. Attached screenshot of the event log.

        img-email.png

        1 Reply Last reply
        0
        • W Offline
          W Offline
          webliska
          wrote last edited by
          #4

          Any help to stop this SPAM is appreciated

          1 Reply Last reply
          0
          • matix131997M Offline
            matix131997M Offline
            matix131997
            wrote last edited by matix131997
            #5

            The basic question is: did you change your Cloudron account password? Did you sometimes have a generated application password, e.g., for your email application?

            In my opinion, this looks like the password for the email application assigned to the Cloudron account has been compromised.

            1 Reply Last reply
            1
            • C Offline
              C Offline
              ccfu
              wrote last edited by ccfu
              #6

              Definitely change the password on the compromised account if you have not already done so. That should stop these emails. If you allow this to continue you risk having your server's IP blacklisted, which will then affect the deliverability of legitimate emails.

              This is not email spoofing but emails being sent from the respective account on your server.

              1 Reply Last reply
              1
              • W Offline
                W Offline
                webliska
                wrote last edited by
                #7

                Thank you for your reply.

                But as I have mentioned in my first email that I have already changed the password of the user right away when I found it compromised.

                Can't we find out from where and how these emails are being executed? Like any script running or via authentication, is it being done?

                As this is something that is of grave concern, if we can't find the loophole in how this is being executed.

                I hope you understand.

                1 Reply Last reply
                0
                • W Offline
                  W Offline
                  webliska
                  wrote last edited by
                  #8

                  image.png

                  We changed the password multiple times.. but still the same.. the emails are being delivered to unknown users and even we don't know what exactly is being sent in the email..

                  This is urgent and I need a resolution for the same.

                  Thanks!

                  matix131997M 1 Reply Last reply
                  0
                  • W webliska

                    image.png

                    We changed the password multiple times.. but still the same.. the emails are being delivered to unknown users and even we don't know what exactly is being sent in the email..

                    This is urgent and I need a resolution for the same.

                    Thanks!

                    matix131997M Offline
                    matix131997M Offline
                    matix131997
                    wrote last edited by
                    #9

                    @webliska Send the header from the Email Log here and check if you have the application password in the “Profiles” tab.

                    1 Reply Last reply
                    1
                    • C Offline
                      C Offline
                      ccfu
                      wrote last edited by ccfu
                      #10

                      Is there maybe an app running which is configured to send email via that user's account? If so, maybe the app has been compromised and is sending out emails.

                      You might want to consider temporarily disable outbound email for this domain until the the issue has been resolved. This may not be an option of course as it would impact other addresses on the same domain.

                      The email headers would be interesting here as @matix131997 already mentioned.

                      1 Reply Last reply
                      1
                      • W Offline
                        W Offline
                        webliska
                        wrote last edited by webliska
                        #11

                        Hello, how to send the header of the emails? Can you guide me on this? I'm just receiving Mailer Demon Failure emails and not the ones that are sent.

                        No app is configured with the email. For now, I have inactivated the email account.

                        matix131997M 1 Reply Last reply
                        0
                        • W webliska

                          Hello, how to send the header of the emails? Can you guide me on this? I'm just receiving Mailer Demon Failure emails and not the ones that are sent.

                          No app is configured with the email. For now, I have inactivated the email account.

                          matix131997M Offline
                          matix131997M Offline
                          matix131997
                          wrote last edited by
                          #12

                          @webliska You have to click on the list of the email in question then the information should appear underneath.
                          1000000223.png

                          1 Reply Last reply
                          1
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Bookmarks
                          • Search