Could my email have been hacked?

Recently Microsoft started to block emails from my server reporting the IP as spam. Today I received an email that looks like it was sent from one of my email addresses (actually, I only have this as an alias, not an actual user/email). Could this be connected?

I have an SPF record for the domain v=spf1 a mx ip4: ~all

Here are the headers from the email, the IP address is NOT mine (it’s in Cambodia) everything else looks genuine, from the to and from email addresses to the host.

to: Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C1_01CED587.4872D6F0" Mime-Version: 1.0 Content-Language: en-gb X-Mailer: Microsoft Outlook 14.0 Return-Path: Thread-Index: Ac7Vhy3olvC1HwEAQqKw3y4wiFA/bA== X-Original-To: Received: from [] (unknown []) by (Postfix) with ESMTP id 034A41C80051 for ; Thu, 27 Aug 2015 09:39:15 +0100 (BST) Delivered-To: Message-Id:

Any idea what’s going on? What is the best way to check that my email server is ‘secure’?


Emails you receive aren’t likely related to any problems.

However, one thing you may want to check is just to verify that there aren’t a large number of emails in your mail queue.

You can determine that with this command:

mailq | tail -1

What output does that produce?


Hi Eric, thanks.

I get this:

-- 14 Kbytes in 2 Requests.

Okay, so you don’t have a ton of email in your mail queue, which can be a sign that there was a breakin of some sort.

It’s hard to say for sure, if the sites blocking your email don’t say why they did so.

However, if someone on your server has an email newsletter, it’s possible that people have been marking it as spam.

You could always try enabling DKIM, as it can help keep your server off the spam lists.


Thanks Eric, I thought DKIM was enabled but I’ll go check and if not enable it - thanks :slight_smile: