Cyber Attack Mail Server, RSPAMD monitor

feyputra

Why could it happen like this?
I checked the IP from Israhel.
Is our Mail Server leaking or is it just an attempted attack?
The sender was from support@domain.com to support@domain.com, I checked it wasn't from our IP but rejected.

@aaPanel_Kern

aaP_it.bpr

feyputra Same case bro, Sender and Recipient appear to be from a Domain that we own even though they are not and the status is rejected

aaPanel_Kern

Hello, this has been intercepted. Was the email sent using your domain name?

aaP_it.bpr

feyputra

TheWormsUnited

aaPanel_Kern I am getting attacks too, even causing my server to go 503 several times and filling up my drives with files as well...

feyputra

aaPanel_Kern
Yes that's right, They send and receive using email@domain.com with IP diferrent and not legal.
but our email rejected it.
Are they just trying to attack or have they already gained access to our SMTP Email?

aaPanel_Kern

Hello, do you have more information or screenshots? Is the service running properly?

TheWormsUnited

aaPanel_Kern

Hello, can you check whether the sending record exists?

feyputra

aaPanel_Kern I didn't find any related data. Is it just a test attack?

aaPanel_Kern

Hello, this can be checked through the logs

feyputra

aaPanel_Kern Mail Log only has today's date. where is the file located?

aaPanel_Kern

Hello, different systems record different files.
Debian/Ubuntu:
/var/log/mail.log

CentOS:
/var/log/maillog

feyputra

aaPanel_Kern I searched for December 29 - 31 but couldn't find it. But other dates exist. I forgot to turn off the SSH and turn off the SSH port. Today I changed my SSH password, email and others. and it looks like we will upgrade the service to the PRO version

aaPanel_Kern

Are there no corresponding information in other files? Are you searching for an email address or something?

feyputra