• Support
  • Cyber Attack Mail Server, RSPAMD monitor

feyputra changed the title to Cyber Attack Mail Server, RSPAMD monitor .

feyputra Same case bro, Sender and Recipient appear to be from a Domain that we own even though they are not and the status is rejected

    aaPanel_Kern I am getting attacks too, even causing my server to go 503 several times and filling up my drives with files as well...

      aaPanel_Kern
      Yes that's right, They send and receive using email@domain.com with IP diferrent and not legal.
      but our email rejected it.
      Are they just trying to attack or have they already gained access to our SMTP Email?

        Hello, do you have more information or screenshots? Is the service running properly?

        TheWormsUnited

        Hello, different systems record different files.
        Debian/Ubuntu:
        /var/log/mail.log

        CentOS:
        /var/log/maillog

        feyputra

          aaPanel_Kern I searched for December 29 - 31 but couldn't find it. But other dates exist. I forgot to turn off the SSH and turn off the SSH port. Today I changed my SSH password, email and others. and it looks like we will upgrade the service to the PRO version

            Are there no corresponding information in other files? Are you searching for an email address or something?

            feyputra

              11 days later

              Hello, do you have this user on your server? How are the SPF records and DMARC records of your domain name configured?

              feyputra

                aaPanel_Kern
                What is a user's mailbox? Yes, here,
                but the IP list is not from us.
                Yes i hveconfigured :

                It is recommended that you check whether your password has been leaked? Have you changed your password?

                feyputra