1

Topic: Iredmail sending mails from user accounts@passport.com to @hotmail.com

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 5.9
- Related log if you're reporting an issue:
====

Hi good morning. My iredmail server is sending thousands of mails to users of hotmail.
I look in the maillog and the "from" field is blank or with user accounts@passport.com, and is sending to several hotmail adresses and my other mails stop on the queue.
Is my server working like a spammer?
What can I do? I already looked all the . conf files, and its ok.

Best regards,

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Iredmail sending mails from user accounts@passport.com to @hotmail.com

Do you use a weak password for user accounts@passport.com? If so, please change password of accounts@passport.com first, then monitor maillog to check whether still has mail sent from this user or not.

It would be helpful if you can show us some samples. You can get some with command:

# postqueue -p | head -20

3

Re: Iredmail sending mails from user accounts@passport.com to @hotmail.com

ZhangHuangbin wrote:

Do you use a weak password for user accounts@passport.com? If so, please change password of accounts@passport.com first, then monitor maillog to check whether still has mail sent from this user or not.

It would be helpful if you can show us some samples. You can get some with command:

# postqueue -p | head -20

Hi, thanks for the reply.
This user accounts@passport.com doesn`t exist on my server. It`s not my domain.
this user sent`s thousands of mails, I can see this on the top 10 senders on iredadmin-pro panel.
but this mails are not showed on sents ou received mails on the admin panel and is slowing down my server.

4

Re: Iredmail sending mails from user accounts@passport.com to @hotmail.com

I scan the server with RKHUNTER to see if there is some rootkit or something like.
The server is normal and clean, according to the rkhunter scan.