1

Topic: Relaying?

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
Jun  6 16:52:14 server1 postfix/qmgr[908]: 4D1582E00799: removed
Jun  6 16:52:14 server1 postfix/smtp[1698]: 9AA072E01233: to=<lokamandi@mail.com>, relay=mx01.mail.com[74.208.5.22]:25, delay=88472, delays=88471/0.3/0.68/0, dsn=4.0.0, status=deferred (host mx01.mail.com[74.208.5.22] refused to talk to me: 554-mail.com (mxgmxus006) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-mess … &c=bl)
Jun  6 16:52:14 server1 postfix/smtp[1693]: D04712E01239: to=<vincebia@usa.com>, relay=mx01.mail.com[74.208.5.22]:25, delay=88448, delays=88447/0.23/0.67/0, dsn=4.0.0, status=deferred (host mx01.mail.com[74.208.5.22] refused to talk to me: 554-mail.com (mxgmxus001) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-mess … &c=bl)
Jun  6 16:52:14 server1 postfix/smtp[1699]: DB7B72E0122F: to=<pietroabita@usa.com>, relay=mx00.mail.com[74.208.5.20]:25, delay=88449, delays=88448/0.22/0.68/0, dsn=4.0.0, status=deferred (host mx00.mail.com[74.208.5.20] refused to talk to me: 554-mail.com (mxgmxus007) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-mess … &c=bl)
Jun  6 16:52:14 server1 postfix/smtp[1700]: 4DB2F2E01244: to=<abramandrea@mail.com>, relay=mx00.mail.com[74.208.5.20]:25, delay=88325, delays=88324/0.23/0.72/0, dsn=4.0.0, status=deferred (host mx00.mail.com[74.208.5.20] refused to talk to me: 554-mail.com (mxgmxus002) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-mess … &c=bl)
====

Hi,

I believe iRedMail is one the best mailing software package. But I've come across a weird situation. My mailing server is made to relay but It's the default setting is such that no spammers can misuse that. Furthermore I checked that my iRedMail server is not open relay server.

However seeing the log file, It's clear that it's being used for spamming, resulting in the blocking of the IP as you can see in the log report. Now I'm not sure if the account has been compromised or someone is relaying through my server. The client who i have given server to have reported that it has not sent any mail at all as of now. And I can confirm the same from the mailing panel end. But the log file says the something else.

So I was wondering what could be possibilities that the server login credentials have been compromised or the server is being relayed? I know it's a bit off topic but a hint would be much welcome and appreciated. Thanks..

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Relaying?

I just want to make sure my iRedMail server is not being relayed without my intent. Thanks

3

Re: Relaying?

Try this:

*) Download this file (find_top_sasl_usernames.sh ) on your server:
https://bitbucket.org/zhb/iredmail/raw/ … ernames.sh

*) Run it with path to Postfix log file, like this:

bash find_top_sasl_usernames.sh /var/log/maillog

It will show you how many emails had been sent by which users. If some user unusually sent out many emails, then it might be the one you want to catch. Try to change its password first, if changing password stops the spamming, then that's it, otherwise you have to work on another direction. Good luck.

By the way, we offer paid support if you need some assistance.