1

Topic: vulneravility relaying mail through our iredmail server

==== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS release 6.4 (Final)
- Related log if you're reporting an issue:
====

Hello, i have thousands mail using our server for relaying spam mail. I have no account on security password compromise.

Need top now what the way for determinate what package ( s ) have vulnerabilities and how to correct the problem.

For now i haved to stop postfix, for stop send span mail.

Need to now what other info is needed for determinate what the problem is

Urgent.

Thanks in advance

2

Re: vulneravility relaying mail through our iredmail server

newzen

Please check your postfix configuration main.cf & master.cf files. If possible  post it here for debugging..

Thanks

3

Re: vulneravility relaying mail through our iredmail server

You should check some basic info:

*) Which mail user/sender send out these spams? You can try to check with "postqueue" command.
*) Any Postfix configuration causes the weakness? Please show us output of command "postconf -n" to help troubleshoot.

4

Re: vulneravility relaying mail through our iredmail server

hello,

There was a joomla web site running on the same server with contact form. In some way through this contact form they was sending a spam. We are working to determinate how this was possible. Thanks