1 Topic by trio1234

  • trio1234
  • Member
  • Offline
  • Registered: 2017-10-04
  • Posts: 38

Topic: What means this ? Help !

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Jan 15 16:43:08 mail postfix/smtpd[19701]: connect from localhost[127.0.0.1]
Jan 15 16:43:08 mail postfix/smtpd[19701]: 632E723E92: client=localhost[127.0.0.1]
Jan 15 16:43:08 mail postfix/cleanup[19685]: 632E723E92: message-id=<20180115194300.1867727337.swift@mydomain.com>
Jan 15 16:43:08 mail opendkim[597]: 632E723E92: DKIM-Signature field added (s=mail, d=mydomain.com)
Jan 15 16:43:08 mail postfix/qmgr[1348]: 632E723E92: from=<admin@mydomain.com>, size=40015, nrcpt=1 (queue active)
Jan 15 16:43:08 mail postfix/smtpd[19701]: disconnect from localhost[127.0.0.1]
Jan 15 16:43:08 mail amavis[16684]: (16684-03) Passed CLEAN {RelayedInbound}, [127.0.0.1] <admin@mydomain.com> -> <weparu@hotmail.com>, Message-ID: <20180115194300.1867727337.swift@mydomain.com>, mail_id: AOZRtBWSQewi, Hits: -0.099, size: 39401, queued_as: 632E723E92, dkim_sd=mail:mydomain.com, 7074 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HTML_MESSAGE=0.001,NO_RELAYS=-0.001,URIBL_BLOCKED=0.001]
Jan 15 16:43:08 mail postfix/smtp[19693]: 14AB723ED0: to=<weparu@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.5, delays=0.21/0.06/0.49/6.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 632E723E92)
Jan 15 16:43:08 mail postfix/qmgr[1348]: 14AB723ED0: removed
Jan 15 16:43:09 mail postfix/smtp[19705]: Anonymous TLS connection established to smtp.mandrillapp.com[52.36.64.127]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Jan 15 16:43:09 mail postfix/smtp[19705]: 632E723E92: to=<weparu@hotmail.com>, relay=smtp.mandrillapp.com[52.36.64.127]:25, delay=1.4, delays=0.08/0.13/0.85/0.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B488C6074F)
Jan 15 16:43:09 mail postfix/qmgr[1348]: 632E723E92: removed


------------------------
I dont send any mail to "weparu@hotmail.com"
I search in my sended mail  and no see any mail send.
I been hacked?
Thx!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by trio1234

  • trio1234
  • Member
  • Offline
  • Registered: 2017-10-04
  • Posts: 38

Re: What means this ? Help !

I think is a Php mail funcion how i can see if PHP is sending this?
Thank you!
Jon

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: What means this ? Help !

It's possible that some web application or script sent this email.