==== Required information ====
- iRedMail version (check /etc/iredmail-release): iredmail version is the newest, from yesterday (-bash: /etc/iredmail-release: Permission denied)
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

Hi,
I have general questions, I am newbie, first time I installed email server.

after installation of redmail, I got already IP address from china and portugal trying to login to my ssh/vps. I will bann it with IP tables but how they know already for my server because I just got it before one or two days and I just installed debian and iredmail?
does authors of iredmail have some code inside that send them IP of new installed iredmail?
I just activated server and it is functional from last night about 11 p.m. and already trying to hack... strange.

here it is below, I got it in my email, is it really trying to hack my ssh or not?

--------------------- SSHD Begin ------------------------

SSHD Killed: 3 Time(s)

SSHD Started: 8 Time(s)

Failed logins from:
    43.229.53.83: 6 times
    109.51.129.209 (a109-51-129-209.cpe.netcabo.pt): 1 time

Illegal users from:
    undef: 6 times
    60.182.30.181 (181.30.182.60.broad.jh.zj.dynamic.163data.com.cn): 1 time
    109.51.129.209 (a109-51-129-209.cpe.netcabo.pt): 7 times

Users logging in through sshd:
    root:
       xxx.xxx.41.5 (www): 1 time

**Unmatched Entries**
error: Received disconnect from 109.51.129.209: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 8 time(s)

---------------------- SSHD End -------------------------