1 (edited by va102 2019-03-19 01:59:01)

Topic: Postfix doing something

===
- iRedMail version 0.9.9
- downloadable installer
- Centos 7
- MySQL
- Nginx
- No
- Ok
====

Hi guys !

Tell me what happens to the server there are only 10 mailboxes and are not yet used at the moment.
But some strange letters are processed.
And the letters inside are delivered for 2 hours or more.
for other domains for 2-3 hours too

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Postfix doing something

- Do you use simple password for some mail users?
- Check /var/log/maillog to figure out which IP address(es) sent the email to your server (then your server sent/relay out)
- Use script "find_top_sasl_usernames.sh" shipped in iRedMail (https://bitbucket.org/zhb/iredmail/src/ … ail/tools/) to figure out which smtp user sent most emails, it's very possible that its password was hacked.

3

Re: Postfix doing something

ZhangHuangbin wrote:

- Do you use simple password for some mail users?
- Check /var/log/maillog to figure out which IP address(es) sent the email to your server (then your server sent/relay out)
- Use script "find_top_sasl_usernames.sh" shipped in iRedMail (https://bitbucket.org/zhb/iredmail/src/ … ail/tools/) to figure out which smtp user sent most emails, it's very possible that its password was hacked.


Do not tell me how to run? download it on the machine where the mail server works and what's next?
I have no experience in Centos and in general in such systems.

Thank.

4

Re: Postfix doing something

Just download it and run with "bash":

bash find_top_sasl_usernames.sh