aaPanel_Kern
how about this?
Cyber Attack Mail Server, RSPAMD monitor
Hello, do you have this user on your server? How are the SPF records and DMARC records of your domain name configured?
aaPanel_Kern
What is a user's mailbox? Yes, here,
but the IP list is not from us.
Yes i hveconfigured :
Are these accounts you added?
aaPanel_Kern Yes, the account is in our mailbox.
Yes, the account is in our mailbox
It is recommended that you check whether your password has been leaked? Have you changed your password?
aaPanel_Kern Just last week we changed the password.
We tried changing the password again. Does it have an effect on the relay? Previously we used a relay and it leaked. but currently no longer using it
Hello, can you refer to DNS records to configure SPF records?
It is recommended that you change your password again
- Edited
aaPanel_Kern
there is no IP configuration there. I see, the configuration is not the same as yours
- Edited
aaPanel_Kern And i have logs
Jan 14 09:15:10 bprmajalengka postfix/cleanup[1104102]: 01E507EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
Jan 14 09:15:11 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
Jan 14 09:15:13 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
Jan 14 09:15:13 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
Jan 14 09:15:15 bprmajalengka postfix/smtpd[1104098]: A329A7EE58: client=unknown[45.182.215.67]
Jan 14 09:15:17 bprmajalengka postfix/cleanup[1104102]: A329A7EE58: message-id=67859E63.2000703@bprmajalengka.com
Jan 14 09:15:19 bprmajalengka postfix/cleanup[1104102]: A329A7EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
Jan 14 09:15:21 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
Jan 14 09:15:23 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
Jan 14 09:15:23 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
Jan 14 09:15:24 bprmajalengka postfix/smtpd[1104098]: 1AF3A7EE58: client=unknown[45.182.215.67]
Jan 14 09:15:25 bprmajalengka postfix/cleanup[1104102]: 1AF3A7EE58: message-id=67859E6E.4000805@bprmajalengka.com
Jan 14 09:15:27 bprmajalengka postfix/cleanup[1104102]: 1AF3A7EE58: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
Jan 14 09:15:28 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: warning: hostname ip-45-182-215-67.network.swlink.com.br does not resolve to address 45.182.215.67
Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: connect from unknown[45.182.215.67]
Jan 14 09:15:30 bprmajalengka postfix/smtpd[1104098]: DAF647EE6A: client=unknown[45.182.215.67]
Jan 14 09:15:31 bprmajalengka postfix/cleanup[1104102]: DAF647EE6A: message-id=67859E74.8010800@bprmajalengka.com
Jan 14 09:15:34 bprmajalengka postfix/cleanup[1104102]: DAF647EE6A: milter-reject: END-OF-MESSAGE from unknown[45.182.215.67]: 5.7.1 Spam message rejected; from=admin@bprmajalengka.com to=admin@bprmajalengka.com proto=ESMTP helo=<ip-45-182-215-67.network.swlink.com.br>
Jan 14 09:15:34 bprmajalengka postfix/smtpd[1104098]: disconnect from unknown[45.182.215.67] ehlo=1 mail=1 rcpt=1 data=0/1 commands=3/4
Is it better to reinstall? Luckily this Mail Server is separate and isolated from our main system
Hello, I can't guarantee it. You can try it.