1 Topic by dipesh_batheja (edited by dipesh_batheja 2017-05-03 07:18:18)

  • dipesh_batheja
  • Member
  • Offline
  • Registered: 2015-02-06
  • Posts: 14

Topic: Mail server sending spam emails

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi, apparently once again our mail server seems to be hacked and is sending SPAM mails. Due to this our hosting provider system auto suspends the VPS. I am requesting them to somehow unsuspend it so that I can fix the problem or reset iredmail. I wanted to know what are the quick steps I can take to first disable any mail being sent out of the system. And what steps I can take to ensure/fi the problem. I changed the password of mailbox that was being used for sending SMTP mails, but looks like it is not stopping it. What other things I can do? A quick response will call help.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by dipesh_batheja

  • dipesh_batheja
  • Member
  • Offline
  • Registered: 2015-02-06
  • Posts: 14

Re: Mail server sending spam emails

My hosting provider is willing to help as well. But asking me this:

I should be able to get the emails stopped and the VPS online so you can do what is needed.

Can you tell me the clean way to stop your mail service (lots of software out there and stringed dependencies that cause daemons to fire on)?

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Mail server sending spam emails

Stop postfix service, then check its log file.

Script "find_top_sasl_usernames.sh" below can help you find which mail user sent out most emails, it may help you find the cracked mail account:
https://bitbucket.org/zhb/iredmail/src/ … at=default

4 Reply by dipesh_batheja

  • dipesh_batheja
  • Member
  • Offline
  • Registered: 2015-02-06
  • Posts: 14

Re: Mail server sending spam emails

Hi Zhang,
Can you also guide me with quick steps to take the backup. And then restore it back? I  may have to move it to new VPS because Hosting provider is suggesting that may be the VPS is infected and its better to create another.

5 Reply by dipesh_batheja

  • dipesh_batheja
  • Member
  • Offline
  • Registered: 2015-02-06
  • Posts: 14

Re: Mail server sending spam emails

Or if you suggest me to do something? Shall i start fail2ban? How? Any other thing you suggest?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Mail server sending spam emails

dipesh_batheja wrote:

Hi Zhang,
Can you also guide me with quick steps to take the backup. And then restore it back? I  may have to move it to new VPS because Hosting provider is suggesting that may be the VPS is infected and its better to create another.

FYI:
http://www.iredmail.org/docs/backup.restore.html

NOTE: please try it before migrating.

dipesh_batheja wrote:

Or if you suggest me to do something? Shall i start fail2ban? How? Any other thing you suggest?

Fail2ban is enabled with default iRedMail setting, it's so useful. If you don't have it running, enable it please.