For the past 3 days, from lot of US ip's emails are sent to other domains from our domain as it is sent from our's. But when we check we are not a open relay. But still, we tried a lot to stop it, it is not stopping.
Below is the out for the above issue:
Jan 16 13:58:29 mail sendmail: r0G8SSub031922: ruleset=check_rcpt, arg1=<banheirovirtual#catanduva.sescsp.org.br>, relay=184.108.40.206-static.reverse.softlayer.com [220.127.116.11], reject=550 5.7.1 <banheirovirtual#catanduva.sescsp.org.br>... Relaying denied. Proper authentication required.
Jan 16 13:58:29 mail sendmail: r0G8SSub031922: from=<mbqj#imagine.co.in>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=18.104.22.168-static.reverse.softlayer.com [22.214.171.124]
our secondary domain is imagine.co.in. So, it is trying to send the email, but relaying denied. But immediately the 2nd option is starts working and email comes into queue and the same is happening for lot emails. Can any one help out to fix this issue.
Thank you advance - Sobhanadri
Since you don't allow relaying from your domains/email servers( which is fantastic! ); please do a virus scan on your systems to see if there's a compromised application(s) or user account? It happens all the time. It really does. User accounts with weak passwords and systems that don't get updates regularly get exploited all the time. You don't need to reply with specifics regarding your internal setup. This will help maintain your system security. I'd like to know what you found with with the scans out of personal interest? Virus/Trojan/Malware etc. I do see a lot of Wordpress complaints these days. The software is popular but so vulnerable. Ugh!