How to deal with Spoofed Emails

I’ve got a MiaB server I’ve used for a while that I really like. A little while ago I received a very strange email though.

My “Lost and Found” email folder contains mail sent to any address that has no account on my server, and I received an email to userida@, which is not a user that exists.

This email is a bounce notification with a subject line of “Returned mail: see transcript for details” that appears to be from a mail server in japan that was trying to route mail from userida@ to a gmail address, and it got rejected by this japanese mail server.

The content of the email is in japanese, and after translating some of it, it appears to be a phishing email attempting to impersonate a bank.

Obviously I don’t want to have my server flagged for being a spam server, is there anything I can do about this spoofing? Also how might it be done, I don’t know very much about the email protocol so I don’t really understand that part very well.

Also just for reference, there is exactly one account on my server which is permitted to send using an arbitrary address, and that’s my admin account, which as far as I can tell has not been breached.

In addition to what I could do about this, is there a way that I could check to see if my account has been accessed besides via my phone and laptop that I normally use?

1 Like

It sounds like backscatter. If I understand you correctly, you receive this mail on a catch-all address?
I’m not sure there is much you can do about it. On the other hand, if it is backscatter, there’s usually not something wrong on your side.

To check who accessed your account, you have to look at imap logins in the /var/log/mail.log logfile. You will need to know the usual (range of) ip addresses of your phone and laptop.

Thanks, this is really helpful! I can figure out looking through the log.

It was received at a specific user that doesn’t exist, so it did get redirected to a catch-all, yes.

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.