Someone forged an email address from my domain (e.g.
admin@mydomain.com) and send a mail to one of my users (e.g.
user@mydomain.com). The email attachment contains virus!!!
I reviewed the email logs and found the following:
Nov 19 15:28:44 mail sendmail[28805]: xxxxx: from=<admin@mydomain.com>, size=xxxx, class=0, nrcpts=1, msgid=<xxxx.xxxx@mydomain.com>, protocol=SMTP, daemon=MTA, relay=<a host name> [an IP address]
Not sure if I should disclose the relay info here...
A few questions which I hope you can help me out:
- how to prevent this in the future?
- how can this be done? apparently, it's simply?!!?
- Should i do sth to follow up on this incident?
Thank you for all your help!!! Much Much Much appreciated!!!
Vittibaby