1 Topic by schnappi (edited by schnappi 2018-03-06 04:34:46)

  • schnappi
  • Member
  • Offline
  • Registered: 2015-02-13
  • Posts: 166

Topic: Emails being sent via "sasl_method=PLAIN"

Hi,

Recently one user was getting a great deal of "undelivered mail returned to sender" and "banned content" messages.

The log showed this:
date time hostname postfix/submission/smtpd[REDACTED]: REDACTED: client=unknown[IP REDACTED], sasl_method=PLAIN, asl_username=USER REDACTED

Was this likely to be a login with the users password or does "sasl_method=PLAIN" mean these emails were likely sent with some kind of exploit?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,163

Re: Emails being sent via "sasl_method=PLAIN"

It's more like that this account's password was cracked and the account is used to send spams.
You need to reset its password in this case.