Why could it happen like this?
I checked the IP from Israhel.
Is our Mail Server leaking or is it just an attempted attack?
The sender was from support@domain.com to support@domain.com, I checked it wasn't from our IP but rejected.
@aaPanel_Kern
Cyber Attack Mail Server, RSPAMD monitor
feyputra changed the title to Cyber Attack Mail Server, RSPAMD monitor .
feyputra Same case bro, Sender and Recipient appear to be from a Domain that we own even though they are not and the status is rejected
aaPanel_Kern I am getting attacks too, even causing my server to go 503 several times and filling up my drives with files as well...
aaPanel_Kern
Yes that's right, They send and receive using email@domain.com with IP diferrent and not legal.
but our email rejected it.
Are they just trying to attack or have they already gained access to our SMTP Email?
Hello, can you check whether the sending record exists?
Hello, do you have more information or screenshots? Is the service running properly?
aaPanel_Kern I didn't find any related data. Is it just a test attack?
Hello, this can be checked through the logs
aaPanel_Kern Mail Log only has today's date. where is the file located?
Hello, different systems record different files.
Debian/Ubuntu:
/var/log/mail.log
CentOS:
/var/log/maillog
- Edited
aaPanel_Kern I searched for December 29 - 31 but couldn't find it. But other dates exist. I forgot to turn off the SSH and turn off the SSH port. Today I changed my SSH password, email and others. and it looks like we will upgrade the service to the PRO version
Are there no corresponding information in other files? Are you searching for an email address or something?
11 days later
aaPanel_Kern
how about this?
Hello, do you have this user on your server? How are the SPF records and DMARC records of your domain name configured?
aaPanel_Kern
What is a user's mailbox? Yes, here,
but the IP list is not from us.
Yes i hveconfigured :
Are these accounts you added?
aaPanel_Kern Yes, the account is in our mailbox.
Yes, the account is in our mailbox
It is recommended that you check whether your password has been leaked? Have you changed your password?
