Hello everyone, we are using nethserver as mail server, recently we had some spam issues due to hacked password from an external user.
The strange thing is that this external user was capable of sending mail from a fake domain not present in our nethserver. how is it possible? how can i disable my server sending mail from unknown domains?
(Obviously i changed the password of the hacked user and we have no more spam)
so you are telling me that if i know the password of a user, i can send mail from any other account? for example if a tecnician knows the password of his user account, then he can send mail from also the administration department or every other user account?
But what’s worse, is that I can, as is suggested above, enter ANY adres I like, including that of the CEO, and pretend I have send mail from there. If I edit my personal details to mach, there is no good way to see this was done.
So, it might be that I have been too long in a Microsoft world, as this is indeed default behaviour on the few mailservers I tested this on just now.
It looks pretty WTF if you are not aware of this, and have been living in an Outlook-Exchange-world.
Can anybody school me on how they prevent JohnDoe@mydomain sending mail as if it was from hrm@mydomain.com or emergency@mydomain.com with links to malicious content? Is this just no concern to people ? Am I still missing something ?
…I know, I know … try to tell that story in userland
I used to be able to …
On exchange I could just …
…stuff like that … they rather do not like to hear that exchange ignores standards in order to be able to provide those services, and therefore breaks compatibility with just about everything else.