Topic: Being hacked ?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.7
- Linux/BSD distribution name and version: Debian GNU/Linux 8.10 (jessie)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
This mialbox is sending a lot of spam even afther changing the password several times.
Jul 31 18:56:05 webmail postfix/qmgr[1751]: 68257818CC: from=<aileen@juventudrebelde.cu>, size=168756, nrcpt=1 (queue active)
Jul 31 18:56:05 webmail amavis[17694]: (17694-04) Passed UNCHECKED {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:53648 <aileen@juventudrebelde.cu> -> <pei_3rn@hotmail.com>, Queue-ID: 811C2810E0, Message-ID: <492b8599502df58e48233e315abb1820@juventudrebelde.cu>, mail_id: vT4PJ10OYk9Q, Hits: 2.966, size: 167380, queued_as: 68257818CC, dkim_new=dkim:juventudrebelde.cu, 9988 ms, Tests: [ALL_TRUSTED=-1,FREEMAIL_FORGED_REPLYTO=2.503,FREEMAIL_REPLYTO_END_DIGIT=0.25,TVD_RCVD_SINGLE=1.213]
Jul 31 18:56:05 webmail postfix/amavis/smtp[16935]: 811C2810E0: to=<pei_3rn@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=41142, delays=3.6/41128/0/10, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 68257818CC)
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.