email problems

233 · 11 May 2016 at 15:45

hi guys, quick Q seems the wife email address is sending spam out,

i've changed the password and tried deleting and replacing the account on the Cpanel for the domain but to no avail

headers below anyone tell me A where this is coming from i tracked the ip to what looks like somewhere in the chest republic, what should i be doing with this?

Sent Time: May 11, 2016 3:21:15 PM
Sender Host: 213-92-220-73.serv-net.pl
Sender IP Address: 213.92.220.73
Authentication: dovecot_plain
Spam Score: 0
Recipient: [email protected]
Delivery User:
Delivery Domain:
Delivered To:
Router: enforce_mail_permissions
Transport: remote_smtp
Out Time: May 11, 2016 3:29:15 PM
ID: 1b0V18-0003En-Ie

Subject:
sup!
From:
"Abella Danger" <[email protected]>
Date:
11/05/2016, 14:57
To:
[email protected]
Return-path:
<[email protected]>
Received:
from [5.42.7.183] (port=49932 helo=[127.0.0.1]) by defiant.servers.eqx.misp.co.uk with esmtpa (Exim 4.87) (envelope-from <[email protected]>) id 1b0UeC-00017k-VV; Wed, 11 May 2016 14:58:03 +0100
Message-ID:
<[email protected]>
User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
Content-Transfer-Encoding:
quoted-printable
Content-Type:
text/plain; charset=UTF-8
X-OutGoing-Spam-Status:
No, score=-3.0

btw the wife is not called abellia danger

Bunka · 11 May 2016 at 15:55

"the chest republic" - Otherwise known as Prague?

LizardKing · 11 May 2016 at 17:26

Anyone can send an email with any "from" address they like, you can limit it reaching peoples inbox's by setting up either dkim or an spf record (in fact you should probably do that as a given

)

233 · 11 May 2016 at 17:50

ok now that sounds like an idea, what is a dim or a spf and how do i set one up?

wife is angry and i'm not getting fed till its sorted

paradigm · 11 May 2016 at 17:58

To configure DKIM and SPF you need to be able to edit the TXT records on whatever DNS server is providing name-resolution for your domain.

233 · 11 May 2016 at 18:00

ok i'm starving then it seems, my servers are through tsohost, i don't think i will be able to do that

paradigm · 11 May 2016 at 18:22

Who did you buy the domain from/which registrar?

233 · 11 May 2016 at 18:33

all done through tso host

Dave M · 11 May 2016 at 18:33

LizardKing said:
Anyone can send an email with any "from" address they like, you can limit it reaching peoples inbox's by setting up either dkim or an spf record (in fact you should probably do that as a given )

But given this:

To:
[email protected]
Return-path:
<[email protected]>
Received:
from [5.42.7.183] (port=49932 helo=[127.0.0.1]) by defiant.servers.eqx.misp.co.uk with esmtpa (Exim 4.87) (envelope-from <[email protected]>) id 1b0UeC-00017k-VV; Wed, 11 May 2016 14:58:03 +0100

I'd say his smtp is open, ask tsohost for advice securing your smtp server. I'll move this to the right forum (or at least, most likely forum to get sensible advice).

Will Gill · 11 May 2016 at 20:10

logon to your tsohost cpanel and set which servers can sent mails under the SPF section

233 · 16 May 2016 at 17:53

cheers for the pointers guys, all seems to be sorted now