Maybe one of our resident computer experts can help with this.
One of the email accounts of one of our domains has been apparently hacked. It does not necessarily mean that the server has been hacked as it appears to affect only one account but it may mean that one of the devices (MacBook or recent and updated Android phone) has a virus, or that there has been an intercept of log-in details between the device and the server.
We got to know about it because of two gmail bounces with the following message:
[quote]This is the mail system at host relay.mailchannels.net.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<xxxxxxxxxx@gmail.com>: host gmail-smtp-in.l.google.com[74.125.195.26] said:
550 5.2.1 [ERN] Recipient is receiving email too quickly. (in reply to RCPT
TO command)
[/quote
(<xxxxxxxxxx@gmail.com> - the real gmail address I removed)
In both cases the bounced emails had a spoofed email address that was our email address but the origin of the bounced emails was from an IP in Vietnam and another in Iran.
The message that was attached contained one line and a a signature line that was a persons name that was also the subject of the email. It is that one line that is the real worry because it contained the smtp server, username, email address and the real password. The line is as below (with modified details) and, needless to say, the password has now been changed and before the new password is implemented in the devices a virus scan will be run.
UNIQ:smtp://name@namedomain.it|smtp.namedomain.it:465|name@namedomain.it|password
If anyone has come across this before and has any information I would be pleased to know about it.
![[Linked Image]](http://bradley.it/public_images/drive.jpg)
