Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 5873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to find authenticated users sending mails?

DotcomDcom

Someone is sending spam mail with my utm.
Relaying is only allowed from internal network or from authenticated users from my active directory.

So the spam sender must using the credentials from one user, but i don't know how to find out which user this is.

Please help.



This thread was automatically locked due to age.
  • 0

    Hi, and welcome to the UTM Community!

    I don't recommend allowing authenticated relay from the outside. Where is your mail server and  what software is it running?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    My mail server (Exchange Server 2013) is in my internal network. I configured at host-based relay only "Internat Network" and at "Authenticated Relay" my Active Directory Users.

    Cheers - Ronny

  • 0 in reply to DotcomDcom

    I would have only the Exchange server in 'Host-based Relay' and have all users authenticate on the Exchange server instead of the SMTP Proxy.  See Exchange with SMTP Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML