• Support

  • Cyber Attack Mail Server, RSPAMD monitor

Hello, different systems record different files.
Debian/Ubuntu:
/var/log/mail.log

CentOS:
/var/log/maillog

feyputra

      aaPanel_Kern I searched for December 29 - 31 but couldn't find it. But other dates exist. I forgot to turn off the SSH and turn off the SSH port. Today I changed my SSH password, email and others. and it looks like we will upgrade the service to the PRO version

          Are there no corresponding information in other files? Are you searching for an email address or something?

          feyputra

              11 days later

              Hello, do you have this user on your server? How are the SPF records and DMARC records of your domain name configured?

              feyputra

                  aaPanel_Kern
                  What is a user's mailbox? Yes, here,
                  but the IP list is not from us.
                  Yes i hveconfigured :

                    It is recommended that you check whether your password has been leaked? Have you changed your password?

                    feyputra

                        aaPanel_Kern Just last week we changed the password.
                        We tried changing the password again. Does it have an effect on the relay? Previously we used a relay and it leaked. but currently no longer using it


                            Hello, can you refer to DNS records to configure SPF records?
                            It is recommended that you change your password again

                            aaP_it.bpr

                            feyputra

                                  aaPanel_Kern

                                  there is no IP configuration there. I see, the configuration is not the same as yours

                                    aaPanel_Kern And i have logs
                                    Jan 14 09:15:10 bprmajalengka postfix/cleanup[1104102]: 01E507EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
                                    Jan 14 09:15:11 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
                                    Jan 14 09:15:13 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
                                    Jan 14 09:15:13 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
                                    Jan 14 09:15:15 bprmajalengka postfix/smtpd[1104098]: A329A7EE58: client=unknown[45.182.215.67]
                                    Jan 14 09:15:17 bprmajalengka postfix/cleanup[1104102]: A329A7EE58: message-id=67859E63.2000703@bprmajalengka.com
                                    Jan 14 09:15:19 bprmajalengka postfix/cleanup[1104102]: A329A7EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
                                    Jan 14 09:15:21 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
                                    Jan 14 09:15:23 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
                                    Jan 14 09:15:23 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
                                    Jan 14 09:15:24 bprmajalengka postfix/smtpd[1104098]: 1AF3A7EE58: client=unknown[45.182.215.67]
                                    Jan 14 09:15:25 bprmajalengka postfix/cleanup[1104102]: 1AF3A7EE58: message-id=67859E6E.4000805@bprmajalengka.com
                                    Jan 14 09:15:27 bprmajalengka postfix/cleanup[1104102]: 1AF3A7EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
                                    Jan 14 09:15:28 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
                                    Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
                                    Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
                                    Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: DAF647EE6A: client=unknown[45.182.215.67]
                                    Jan 14 09:15:31 bprmajalengka postfix/cleanup[1104102]: DAF647EE6A: message-id=67859E74.8010800@bprmajalengka.com
                                    Jan 14 09:15:34 bprmajalengka postfix/cleanup[1104102]: DAF647EE6A: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
                                    Jan 14 09:15:34 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4

                                    Is it better to reinstall? Luckily this Mail Server is separate and isolated from our main system