Topic: Port 25?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.2 MARIADB
- Deployed with iRedMail Easy or the downloadable installer?Installer
- Linux/BSD distribution name and version: Ubuntu Server 20.04.3 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? YES (currently at version 4.7)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
We've been getting some spam that is spoofed to look like it's coming from other users on the domain, checking the log for one of them, not sure if I'm reading it right, but did the email come in on port 25? I thought that port was closed unless opened manually?
Here is the log:
Apr 21 15:10:01 mail postfix/postscreen[3751748]: CONNECT from [173.203.187.92]:38080 to [MYPUBLICIP]:25
Apr 21 15:10:07 mail postfix/postscreen[3751748]: PASS NEW [173.203.187.92]:38080
Apr 21 15:10:07 mail postfix/smtpd[3760425]: connect from smtp92.iad3a.emailsrvr.com[173.203.187.92]
Apr 21 15:10:08 mail postfix/smtpd[3760425]: Anonymous TLS connection established from smtp92.iad3a.emailsrvr.com[173.203.187.92]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 21 15:10:08 mail postfix/smtpd[3760425]: 4KkgvN2C1Tz1V42V: client=smtp92.iad3a.emailsrvr.com[173.203.187.92]
Apr 21 15:10:08 mail postfix/cleanup[3759440]: 4KkgvN2C1Tz1V42V: message-id=<1650553801.424825508@mail.point2agent.com>
Apr 21 15:10:08 mail postfix/qmgr[83454]: 4KkgvN2C1Tz1V42V: from=<the@gttyl.com>, size=2045, nrcpt=1 (queue active)
Apr 21 15:10:08 mail postfix/smtpd[3760425]: disconnect from smtp92.iad3a.emailsrvr.com[173.203.187.92] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 21 15:10:08 mail postfix/10025/smtpd[3759444]: connect from mail.MYDOMAIN.com[127.0.0.1]
Apr 21 15:10:08 mail postfix/10025/smtpd[3759444]: 4KkgvN5n94z1V590: client=mail.MYDOMAIN.com[127.0.0.1]
Apr 21 15:10:08 mail postfix/cleanup[3759562]: 4KkgvN5n94z1V590: message-id=<1650553801.424825508@mail.point2agent.com>
Apr 21 15:10:08 mail postfix/10025/smtpd[3759444]: disconnect from mail.MYDOMAIN.com[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 21 15:10:08 mail postfix/qmgr[83454]: 4KkgvN5n94z1V590: from=<the@gttyl.com>, size=2823, nrcpt=1 (queue active)
Apr 21 15:10:08 mail amavis[3753163]: (3753163-12) Passed CLEAN {RelayedInbound}, [173.203.187.92]:38080 [173.203.187.92] ESMTP/ESMTP <the@gttyl.com> -> <kstanley@MYDOMAIN.com>, (ESMTPS://[173.203.187.92]>
Apr 21 15:10:08 mail postfix/amavis/smtp[3761407]: 4KkgvN2C1Tz1V42V: to=<kstanley@MYDOMAIN.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.66, delays=0.18/0/0/0.48, dsn=2.0.0, status=sent (250 2.0.0 from >
Apr 21 15:10:08 mail postfix/qmgr[83454]: 4KkgvN2C1Tz1V42V: removed
Apr 21 15:10:08 mail postfix/pipe[3760059]: 4KkgvN5n94z1V590: to=<kstanley@MYDOMAIN.com>, relay=dovecot, delay=0.03, delays=0/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 21 15:10:08 mail postfix/qmgr[83454]: 4KkgvN5n94z1V590: removed
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.