This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected "postmaster" messages being received from ?

We are receiving heaps of infected "undeliverable messages"

The senders are sometimes genuine - sometimes fake

Many people on our network are receiving them

They appear to be generated by our mail server - but how/why/what can we do to stop them ?

eg)

This message was created automatically by mail delivery software. Your email message was not delivered as is to the intended recipients because malware was detected in one or more attachments included with it. All attachments were deleted.

 

--- Additional Information ---:

 

Subject: Money transfer details

Sender: jcontreras@vwsjr.com.mx

 

Time received: 9/12/2018 7:25:25 AM

Message ID:<15394711811695819272.6409FBA2B13649AF@bucklersmeadacademy.com>

Detections found:

Lloyds Bank_Payment_Remittance_Advice_4876380.pdf               PDF/Domepidief.A



This thread was automatically locked due to age.
Parents
  • Hello Weeboo,

    which Sophos product are you referring to? This one (ESH) might not be the appropriate forum as it for the Endpoint Self Help Tool.

    Anyway, this snippet doesn't tell much, and definitely not why they appear to be generated by [y]our mail server. The full raw message (not how a mail client normally displays it) would be required. If you do not want to disclose certain information (like IPs) for privacy reasons please use pseudonymisation (like IP.of.our.mailserver).

    Christian

Reply
  • Hello Weeboo,

    which Sophos product are you referring to? This one (ESH) might not be the appropriate forum as it for the Endpoint Self Help Tool.

    Anyway, this snippet doesn't tell much, and definitely not why they appear to be generated by [y]our mail server. The full raw message (not how a mail client normally displays it) would be required. If you do not want to disclose certain information (like IPs) for privacy reasons please use pseudonymisation (like IP.of.our.mailserver).

    Christian

Children
No Data