Topic: This is spam ?
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi i m new in iredmail , can u say if any1 is sending mails from my iredmail server?
I attach the mail log.
Thank you alot
---------------------------------------------------------------------------------------------------------------------------------------------------
connect from unknown[189.4.178.157]
Oct 20 11:01:35 mail postfix/submission/smtpd[19960]: Anonymous TLS connection established from unknown[189.4.178.157]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Oct 20 11:01:39 mail postfix/submission/smtpd[19960]: warning: unknown[189.4.178.157]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 20 11:01:45 mail postfix/submission/smtpd[19960]: warning: unknown[189.4.178.157]: SASL PLAIN authentication failed:
Oct 20 11:01:45 mail postfix/submission/smtpd[19960]: NOQUEUE: reject: RCPT from unknown[189.4.178.157]: 554 5.7.1 <unknown[189.4.178.157]>: Client host rejected: Access denied; from=<jess@labolonia.com.ar> to=<iwashita.r.hnkmum@iwa.bbiq.jp> proto=ESMTP helo=<[189.4.178.157]>
Oct 20 11:01:46 mail postfix/submission/smtpd[19960]: disconnect from unknown[189.4.178.157]
-------------------------------------------eax_64@yahoo.com---------------------------------------------------------------------------------
CONNECT from [114.33.146.153]:3269 to [x.x.x.x]:25
Oct 20 21:19:47 mail postfix/postscreen[22732]: PREGREET 20 after 0.78 from [114.33.146.153]:3269: EHLO 192.168.172.3\r\n
Oct 20 21:19:48 mail postfix/postscreen[22732]: NOQUEUE: reject: RCPT from [114.33.146.153]:3269: 550 5.5.1 Protocol error; from=<X@tea.com>, to=<eax_64@yahoo.com>, proto=ESMTP, helo=<192.168.172.3>
Oct 20 21:19:49 mail postfix/postscreen[22732]: HANGUP after 1.8 from [114.33.146.153]:3269 in tests after SMTP handshake
Oct 20 21:19:49 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:3269
Oct 20 21:19:54 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:4262 to [x.x.x.x>:25
Oct 20 21:19:55 mail postfix/postscreen[22732]: PREGREET 21 after 0.78 from [114.33.146.153]:4262: EHLO 192.168.138.95\r\n
Oct 20 21:19:56 mail postfix/postscreen[22732]: HANGUP after 1 from [114.33.146.153]:4262 in tests after SMTP handshake
Oct 20 21:19:56 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:4262
Oct 20 21:20:06 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:3809 to [x.x.x.x]:25
Oct 20 21:20:07 mail postfix/postscreen[22732]: PREGREET 22 after 0.83 from [114.33.146.153]:3809: EHLO 192.168.231.168\r\n
Oct 20 21:20:08 mail postfix/postscreen[22732]: HANGUP after 1.1 from [114.33.146.153]:3809 in tests after SMTP handshake
Oct 20 21:20:08 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:3809
Oct 20 21:20:08 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:3809 to [x.x.x.x]:25
Oct 20 21:20:09 mail postfix/postscreen[22732]: PREGREET 22 after 0.8 from [114.33.146.153]:3809: EHLO 192.168.202.185\r\n
Oct 20 21:20:10 mail postfix/postscreen[22732]: HANGUP after 1.1 from [114.33.146.153]:3809 in tests after SMTP handshake
Oct 20 21:20:10 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:3809
Oct 20 21:20:10 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:3087 to[x.x.x.x]:25
Oct 20 21:20:11 mail postfix/postscreen[22732]: PREGREET 21 after 0.77 from [114.33.146.153]:3087: EHLO 192.168.29.185\r\n
Oct 20 21:20:12 mail postfix/postscreen[22732]: HANGUP after 1 from [114.33.146.153]:3087 in tests after SMTP handshake
Oct 20 21:20:12 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:3087
Oct 20 21:20:12 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:3599 to [x.x.x.x]:25
Oct 20 21:20:13 mail postfix/postscreen[22732]: PREGREET 20 after 0.79 from [114.33.146.153]:3599: EHLO 192.168.51.29\r\n
Oct 20 21:20:14 mail postfix/postscreen[22732]: HANGUP after 1 from [114.33.146.153]:3599 in tests after SMTP handshake
Oct 20 21:20:14 mail postfix/postscreen[22732]: DISCONNECT [114.33.146.153]:3599
Oct 20 21:20:19 mail postfix/postscreen[22732]: CONNECT from [114.33.146.153]:4506 to [x.x.x.x]:25
------------------------------------------spameri@tiscali.it-----------------------------------------------------------------------------
connect from unknown[207.46.230.116]
Oct 21 03:15:46 mail postfix/smtpd[23848]: NOQUEUE: reject: RCPT from unknown[207.46.230.116]: 504 5.5.2 <DoanTien196866>: Helo command rejected: need fully-qualified hostname; from=<spameri@tiscali.it> to=<spameri@tiscali.it> proto=ESMTP helo=<DoanTien196866>
Oct 21 03:15:46 mail postfix/smtpd[23848]: disconnect from unknown[207.46.230.116]
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.