Mail Station Hacked

Discussion Room for the Synology MailStation Package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/support_form.php?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
User avatar
jdehnert
I'm New!
I'm New!
Posts: 8
Joined: Wed May 21, 2014 4:38 am
Location: Northern California, SF Bay area.

Mail Station Hacked

Postby jdehnert » Mon Jun 12, 2017 10:40 pm

My Mail station has been hacked again.

I believe this is the 3rd time this has happened to me. I have changed the passwords on all of the email accounts, and I have been looking at the postfix log files and it seems like it's my account that is compromised, however, even after changing my password to a randomly generated password I am still seeing mail that is being sent from my account with several failure messages every minute.

It's aggravating that there are no man pages for the postfix commands, and that the paths to the actual commands aren't added to the root account when the packages are installed.

Having said all of that, I'm not having any luck finding out how this hack has taken place, or how to repair the damage.

Has anyone else had this problem?
Thanks,
James "Zeke" Dehnert

-= Eschew Obfuscation =-
"Life is racing. Everything else is just waiting"
iknowtech
Skilled
Skilled
Posts: 639
Joined: Thu Jun 19, 2014 8:11 am

Re: Mail Station Hacked

Postby iknowtech » Tue Jun 13, 2017 2:59 am

Do you have a working SSL certificate installed on the NAS?

Are you using TLS or SSL for all your connections?

Is your DSM and Mail Station app fully updated?
User avatar
jdehnert
I'm New!
I'm New!
Posts: 8
Joined: Wed May 21, 2014 4:38 am
Location: Northern California, SF Bay area.

Re: Mail Station Hacked

Postby jdehnert » Tue Jun 13, 2017 7:42 pm

iknowtech wrote:Do you have a working SSL certificate installed on the NAS?

I do.

iknowtech wrote:Are you using TLS or SSL for all your connections?

I am.

iknowtech wrote:Is your DSM and Mail Station app fully updated?

It is.
Thanks,
James "Zeke" Dehnert

-= Eschew Obfuscation =-
"Life is racing. Everything else is just waiting"
iknowtech
Skilled
Skilled
Posts: 639
Joined: Thu Jun 19, 2014 8:11 am

Re: Mail Station Hacked

Postby iknowtech » Wed Jun 14, 2017 3:09 am

Hmm, well that's not encouraging is it.

You said you were hacked before, I wonder if someone left some sort of backdoor from a previous hack where you had a security vulnerability still open?

I honestly don't really have any experience with Mail Station.

I wonder if you could run a dockerized or Virtualized version of DSM running only mail station and use something like Nginx as a proxy to limit the threat vector.
https://www.synology.com/en-us/dsm/6.1/ ... ualization
https://www.nginx.com/resources/admin-guide/mail-proxy/
jroselarsen
Novice
Novice
Posts: 46
Joined: Wed Jun 02, 2010 6:59 am
Location: Copenhagen area, Denmark

Re: Mail Station Hacked

Postby jroselarsen » Fri Jun 16, 2017 7:24 am

Is the origin of the sender on your local LAN ?
Do you have the setting 'Do not authorize for LAN sessions' in the SMTP setting in mailserver ???
Then senders on your local lan does not need to authorize to send mail.
BR johnny

Return to “Mail Station”

Who is online

Users browsing this forum: No registered users and 2 guests