I have a account at DH with some sites hosted. One of them appear to have been hacked this week.
The owner (a friend) received several emails in russian and one of his local server was hacked with a message saying they want bitcoins to give back the data on it.
This website use gsuite as email server, which means smpt is provided by google, not dreamhost. But the russian emails are using “buxton.dreamhost.com” as smtp.
What I want to know is, how can they use the mail server of dreamhost for that?
Can anyone help me?
I can put whole header of the email here but I am not sure it is allowed