======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version:  FreeBSD
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MYSQL
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:
====

Looks like memcached is default configured to listen in public address and it should only listen locally?

# sockstat -4 | grep mem
nobody   memcached  2187  17 tcp4   *:11211               *:*
nobody   memcached  2187  22 udp4   *:11211               *:*
nobody   memcached  2187  23 udp4   *:11211               *:*
nobody   memcached  2187  24 udp4   *:11211               *:*
nobody   memcached  2187  25 udp4   *:11211               *:*
nobody   memcached  2187  26 tcp4   127.0.0.1:11211       127.0.0.1:37661
nobody   memcached  2187  27 tcp4   127.0.0.1:11211       127.0.0.1:37669
nobody   memcached  2187  28 tcp4   127.0.0.1:11211       127.0.0.1:37683

Got this warning from my abuse@datacenter:

> Dear Sir or Madam,
>
> Memcached[1] is an open-source distributed memory object caching system
> which is generic in nature but often used for speeding up dynamic web
> applications. Memcached does not support any forms of authorization.
> Thus, anyone who can connect to the memcached server has unrestricted
> access to the data stored in it. This allows attackers e.g. to steal
> sensitive data like login credentials for web applications or any other
> kind of content stored with memcached.

memcached_flags="-l 127.0.0.1" in /etc/rc.conf seems to do the trick.

Thanks for everything.