Oops, our mail server is sending spam!

Monday, January 9, 2023

I am currently using a Wi-Fi network that still uses WEP security, which is known to be insecure.

A few days after I started to use this network, our SR server started to send spam and hence was blocked by OVH to protect their network.

It had received this spam (190000 mails) from mail10.lwspanel.com, a server that runs Roundcube. The mail10.lwspanel.com itself is probably innocent, but one of their users is a spammer.

I guess that the spammer spoofed my password on SR, and that’s why SR accepted these mails.

I wonder whether there is a connection method that can’t be spoofed even on a low-security network.

Security settings in Thunderbird:

• Connection security: “None” or “STARTTLS” (Port 110) or “SSL/TLS” (Port 995)

• Authentication method is “Normal password” or “Encrypted password” or “Kerberos / GSSAPI” or “NTLM” or “OAuth2”

Both STARTTLS nor SSL/TLS need my password (they fail after I changed my password on the server). But I won’t tell Thunderbird my new password until I feel secure again.

Our server SR works only when authentication method is “Normal password”. Can Postfix also do “Encrypted password” or “OAuth2”?