I received email from my own email account

[jonatitom]

dear Sandeep B.

how are you ?
I have had a problem for a few days with my emails.
I am receiving an email from my own email account

I have configured

My host has:
rDns Ok
dkim: ok
spf: ok
Dmarc: Ok
Ip: Ok

when looking at the headers I noticed that the ip is not from my server.

I don't know what I should do to stop these scam emails from arriving.

 

Thank You.

 

the scam email is the following

-----------------------------------------------------------------------------------------

**Message removed**

Edited September 15 by Sandeep B.
Email Message body removed

[Sandeep B.]

HI change your server root password and email passwords,

if you're using email client most likely your pc is infected 

scan the server with maldet : 

 

[jonatitom]

The first thing I did was change passwords and scan for viruses. For caution

but I think this is not due to malware, but due to configuration

It will be necessary to deactivate php mail

because these emails are Phishing.
Email Spoofing

Edited September 15 by jonatitom

[Sandeep B.]

You can check email headers where the message is sent/originated from, disabling php mail function is a good idea

[jonatitom]

Email headers

Return-Path: <violated@my-business.com>
Delivered-To: contact@my-business.com
Received: from sv11.my-business.com
    by sv11.my-business.com with LMTP id wGeNBKFjA2VjQgAA7dXWpA
    for <contact@my-business.com>; Thu, 14 Sep 2023 16:48:49 -0300
Received: from localhost (unknown [127.0.0.1])
    by sv11.my-business.com (Postfix) with ESMTP id 01D0663A72
    for <contact@my-business.com>; Thu, 14 Sep 2023 19:48:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my-business.com;
    s=default; t=1694720929;
    bh=tU9vg9RxGclAz8+zuxWsGSOe8VjO2S+LNvV8MVem7Nk=;
    h=Reply-To:From:To:Subject:Date;
    b=PEdJhu9GMvk8pZHoVPIGjMqZx8rKQH/DsXPmzvYIYmqNW3Fh/Skt+1vC1kfKfenrv
    o3oCkltiWOmfgL0QVoVIVeg48pCzEItXXSXRdSHfyyDu86OPJRqqtir1/QTJ2il2AL
    wjZsk1O+S8T/rbU+ZShG7txg7Ut72O9Yl5ay6t6s=
X-Virus-Scanned: amavisd-new at my-business.com
X-Spam-Flag: NO
X-Spam-Score: 5.674
X-Spam-Level: *****
X-Spam-Status: No, score=5.674 tagged_above=2 required=6.2
    tests=[FORGED_SPF_HELO=1, KHOP_HELO_FCRDNS=0.001, OBFU_BITCOIN=1,
    PDS_BTC_ID=0.001, RCVD_IN_PSBL=2.7, SPF_HELO_PASS=-0.001,
    SPF_SOFTFAIL=0.972, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no
Received: from sv11.my-business.com ([127.0.0.1])
    by localhost (sv11.my-business.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id CM3323HKmlVf for <contact@my-business.com>;
    Thu, 14 Sep 2023 16:48:47 -0300 (-03)
Received: from x9.theworkpc.com (mta0.x9.theworkpc.com [213.142.149.172])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by sv11.my-business.com (Postfix) with ESMTPS id 2F6C663A34
    for <contact@my-business.com>; Thu, 14 Sep 2023 16:48:47 -0300 (-03)
Received: by x9.theworkpc.com for <contact@my-business.com>; Thu, 14 Sep 2023 14:48:45 -0500 (envelope-from <violated@my-business.com>)
Reply-To: contact@my-business.com
From: violated@my-business.com
To: contact@my-business.com
Subject: Waiting for payment
Date: 14 Sep 2023 13:48:43 -0600
Message-ID: <20230914134843.9E895AA123FB7CA3@my-business.com>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="utf-8"
Content-Transfer-Encoding: quoted-printable

 

[Sandeep B.]

Seems its originated from the server, check if user account from where it is originated seems you've some security holes in your script.