Why am I receiving spam emails from my own email address in Lotus Domino?

Question

I am running IBM Lotus Domino Email Server with Symantec Premium Antispam.

From past few days, I am receiving SPAM emails that pretend to coming from my own email address. example my email is JOHN@MYCOMPANY.COM , and in my inbox, i see spam email coming from JOHN@MYCOMPANY.COM. (and in header different ips or domains showed, subject is different everytime , see below code)

how can I prevent such spam emails. as sometimes they contains harmful .docm or sometimes it shows advertisements.

Following is full header.

Received: from dhcp-192-214-94.in2cable.com ([127.0.0.1])
          by agpinf01.agp1 (Lotus Domino Release 8.5.3FP6)
          with ESMTP id 2016070704200181-116326 ;
          Thu, 7 Jul 2016 04:20:01 +0500 
Message-ID: <454418365439223099674707@MYCOMPANY.COM>
From: <MYUSER@MYCOMPANY.COM>
To: <MYUSER@MYCOMPANY.COM>
Subject: Greetings
Date: 7 Jul 2016 08:35:58 +0400
MIME-Version: 1.0
X-Mailer: Sblyue uphckcv
X-MIMETrack: Itemize by SMTP Server on agpinf01/AGP(Release 8.5.3FP6|November 21, 2013) at
 07/07/2016 04:20:01 AM,
         Serialize by Notes Client on syed jahanzaib/MYCOMAPNY(Release 8.5.3FP6|November
 22, 2013) at 07/12/2016 08:57:32 AM,
         Serialize complete at 07/12/2016 08:57:32 AM
X-TNEFEvaluated: 1
Content-type: multipart/alternative;
 boundary="---8D7023F9ECDEAA36CB98425765118D70"
This is a multi-part message in MIME format.
-----8D7023F9ECDEAA36CB98425765118D70
Content-transfer-encoding: quoted-printable
Content-type: text/plain;
 charset="cp-850"
Salutation
Let me present to you one of the largest worldwide enterprises where I =
work as a permanent manager of HR department.
Our company is well known in various fields as follows:

real estate
companies setting-up and winding-up
supporting business in Europe and other countries=20
etc.

We need employees:

payment $5000 + bonus
1 - 2 working hours per day
free timetable=20

If you are interested in this job please=20
visit our web page.
-----8D7023F9ECDEAA36CB98425765118D70
Content-transfer-encoding: quoted-printable
Content-type: text/html;
 charset="cp-850"
<html><head>
 <meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dcp-850"></head>
<body>Salutation<br><br>
Let me present to you one of the largest worldwide enterprises where I =
work as a permanent manager of HR department.<br><br>
<b>Our company is well known in various fields as follows:</b><br>=20

real estate<br>- companies setting-up and winding-up<br>- supporting =

business in Europe and other countries <br>- etc.
<br><br>
<b>We need employees:</b><br>

payment $5000 + bonus<br>
1 - 2 working hours per day<br>
free timetable <br><br>

If you are interested in this job please <a =
href=3D"http://luixbeltzamoda.gestiondatos.com/cache/smarty/cache/blockne=
wproducts_tab/20160213/1/1/1/6/16/"><b>visit our web page</b></a>.
 </body></html>
-----8D7023F9ECDEAA36CB98425765118D70--

Answer 1

Your problem is that you have not configured anti-spoofing mechanisms for your mail server. In the 20th century I used to send e-mails from: bill.gates@microsoft.com without any problems.

1) Enable at least verifying PTR records of connecting hosts in Lotus Domino: http://www-01.ibm.com/support/docview.wss?uid=swg21378411

Verify connecting hostname in DNS:

Enable the following fields in the Configuration Document --> Router/SMTP tab --> Restrictions and Controls --> SMTP inbound controls:

Choose one: 1. Enabled - Domino verifies the name of the connecting host by performing a reverse DNS lookup. Domino checks DNS for a PTR record that matches the IP address of the connecting host to a host name. If Domino cannot determine the name of the remote host, because DNS is not available or no PTR record exists, it does not allow the host to transfer mail. Although Domino accepts the initial connection, later in the SMTP transaction, it returns an error to the connecting host in response to the MAIL FROM command.

NOTE: Internet SMTP hosts are not required to have PTR entries in DNS. As a result, when this field is enabled, the SMTP task may reject connections from valid SMTP hosts.

2. Disabled - (default) Domino does not check DNS to verify the name of the connecting host.

2) Check PTR, SPF , DKIM and DMARC records of your domain http://blog.msbiro.net/2014/09/if-you-have-trouble-with-smtp-delivery-check-ptr-spf-dkim-and-dmarc-record.html

Those records are stored in DNS server and thus must be configured by your ISP, but they usually provide some interface to allow users to edit their own DNS records.

You should verify the state of your DNS records using: http://mxtoolbox.com

You should define SPF to specify that it is your mail server that is authorized to send mail from your domain and nothing else.

http://www.openspf.org/Introduction

Let's look at an example to give you an idea of how SPF works. Bob owns the domain example.net. He also sometimes sends mail through his GMail account and contacted GMail's support to identify the correct SPF record for GMail. Since he often receives bounces about messages he didn't send, he decides to publish an SPF record in order to reduce the abuse of his domain in e-mail envelopes:

example.net.  TXT  "v=spf1 mx a:pluto.example.net include:aspmx.googlemail.com -all"

The parts of the SPF record mean the following: v=spf1 SPF version 1 mx the incoming mail servers (MXes) of the domain are authorized to also send mail for example.net a:pluto.example.net the machine pluto.example.net is authorized, too include:aspmx.googlemail.com everything considered legitimate by gmail.com is legitimate for example.net, too -all all other machines are not authorized

This example demonstrates but a small part of SPF's expressiveness. Do not take it as a guideline for building your own record — things might not work out as you expect and legitimate messages might get blocked! Instead, learn more about the record syntax, or get the complete picture by studying the full specification. Community support is available.

Answer 2

NEVER, and I repeat NEVER let an SMTP server that is meant for your internal mails be directly accessible from the internet. Having so called "spoofed" mails is your smallest concern in doing so.

Of course you can -and should- configure your Domino server to not be an open relay by setting the appropriate options in the Router/SMTP- Tab of your configuration document of your server (start reading here in the IBM Domino Administrator help), but this will only block the most obvious kind of spam / malware mails.

Your server will be objective to massive mail flooding, Denial of service attacks, mail relay attempts, ... you name them.

And as soon as they flood your server it will break down and not be able to do your internal services as well.

There are a lot of professional services that filter email and send only the "good" mails to your mailserver. There are spam - / antivirus- appliances that can be set in front of your domino to professionally filter all bad mails.

Domino cannot do this (although there are addin- products to filter spam and viruses, but that does not solve the problem of mail flooding).

Answer 3

Update: Yesterday I was able to block the spoofed emails. I made following rule in SMSDOM.

Description: Compliance Rule:

Flow: Inbound

Applied: Conditionally (Exempt my few local servers email ids that are used to send backup/alerts emails to admin)

Expression: if Internet Domain Contains MYCOMAPNY.COM

Action: QUARANTINE

:) & now I can see many spoofed emails dropping in quarantine box.

Thank you all for the support.

Answer 4

Domino servers do not support SPF or DKIM, and Domino's mail rules aren't going to help you solve this problem without creating new ones. I have no idea what capabilities or your Symantec configuration has, but I believe that your best bet will either be to install an email security appliance that is configured to act as your MX and relay to your Domino server, or to outsource your MX to a company that provides hosted anti-spam services.

P.S. This question really belongs on ServerFault rather than SuperUser.