1 (edited by ingobaab 2023-07-31 16:54:14)

Topic: How to check and secure my installation?

Hello,

I am a happy user of iredmail. Since many years now I host my own "family-mailserver" successfull without any problems. But now, I did the same installation again for a friend, who also wanted to host his own mailsystem. I used a cheap VPS for that, Ubuntu22.04LTS and executed the great installer-script "iRedMail.sh", setup the DNS (dkim._domainkey.acocare.de.). Then I checked "the quality of my new mailserver" with mail-tester.com and got a score of 9.0 out of 10.0, so I thought everything is setup ok. But some time later I got a warning from my VPS-provider, that I am reaching a server-limit for traffic on port 25 soon and checked (via "mailq") that I had many thousend emails in the queue (!). I have no idea of how to find, how I can avoid this spam on the server.

iredmail version 1.6.3 deployed with iRedMail.sh.

Enabled services:  rsyslog postfix mysql nginx php8.1-fpm dovecot clamav-daemon amavis clamav-freshclam sogo memcached fail2ban cron nftables

Is there any "cookbook" for me, to re-check my configuration and find this misconfiguration?

_______
Now, I get a score of 7.5 of 10.0 (beeing listed in 3 Blacklists) - see attachment screenshot

Post's attachments

screencapture-mail-tester-test-imslm4op6-reloaded-1-2023-07-31-10_49_48.png 399.15 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How to check and secure my installation?

well, then one of the mail accounts had its password breached

first:

postsuper -d ALL

change all passwords on all mail accounts (use secure passwords, never reuse)

3

Re: How to check and secure my installation?

you can also check logs on that server, maybe someone is trying to login into one email from different IP addresses.
Also you can check in the logs what is being sent from your server and where