Could my email have been hacked?

Brook · August 27, 2015, 3:11pm

Recently Microsoft started to block emails from my server reporting the IP as spam. Today I received an email that looks like it was sent from one of my email addresses (actually, I only have this as an alias, not an actual user/email). Could this be connected?

I have an SPF record for the domain v=spf1 a mx a:mysite.com ip4:176.69.270.99 ~all

Here are the headers from the email, the IP address is NOT mine (it’s in Cambodia) everything else looks genuine, from the to and from email addresses to the host.


to: info@mysite.com
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C1_01CED587.4872D6F0"
Mime-Version: 1.0
Content-Language: en-gb
Thread-Index: Ac7Vhy3olvC1HwEAQqKw3y4wiFA/bA==
Message-Id:

Any idea what’s going on? What is the best way to check that my email server is ‘secure’?

Eric · August 27, 2015, 4:32pm

Howdy,

Emails you receive aren’t likely related to any problems.

However, one thing you may want to check is just to verify that there aren’t a large number of emails in your mail queue.

You can determine that with this command:

mailq | tail -1

What output does that produce?

-Eric

Brook · August 27, 2015, 5:06pm

Hi Eric, thanks.

I get this:

-- 14 Kbytes in 2 Requests.

Eric · August 27, 2015, 6:21pm

Okay, so you don’t have a ton of email in your mail queue, which can be a sign that there was a breakin of some sort.

It’s hard to say for sure, if the sites blocking your email don’t say why they did so.

However, if someone on your server has an email newsletter, it’s possible that people have been marking it as spam.

You could always try enabling DKIM, as it can help keep your server off the spam lists.

-Eric

Brook · August 27, 2015, 11:16pm

Thanks Eric, I thought DKIM was enabled but I’ll go check and if not enable it - thanks