Topic: Infected IRedMail Server ?
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer?downloadable installer
- Linux/BSD distribution name and version: Debian Bullseye
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
Recently i was banned by spamhaus with this message :
The machine using this IP is infected with malware that is emitting spam or is sharing a connection with an infected device. As a result, this IP address is listed in the eXploits Blocklist (XBL) Click on Show Details to see if you can request a delisting from this blocklist. This will also display any further information we have relating to this listing. Hide details Why was this IP listed? A device (computer, server, mobile phone, etc), or an app on a device that is using 2001:xxx:xxx:xxxx::/64 is infected, badly misconfigured, or compromised. It is making SMTP connections with multiple unrelated HELO values on port 25. The most recent detection was on: May 23 2023, 07:40:00 UTC (+/- 5 minutes). The observed HELO values were dushonaghxjf.com, pnoleonorapu.com, razarleenbc.com, olobrynstu.com, ckjohannaugv.com, wgdmadelinerm.com, brrjazmineqds.com, hfodanicaxq.com, mgksimranvg.com, wnsfernga.com, prajaylinnss.com, macjaniyaijt.com, hrlaurenxx.com.
it's the second time i'm listed in XBL
How can i check this in log ? and stop it.
----Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Stable release is out.