KeyHelp Community

Das offizielle KeyHelp Forum der Keyweb AG / The official KeyHelp forum of Keyweb AG
https://community.keyhelp.de/

KeyHelp Mail hacked? Unsolicited mailsend to veloxzone.com.br

https://community.keyhelp.de/viewtopic.php?t=11200

Page 1 of 1

KeyHelp Mail hacked? Unsolicited mailsend to veloxzone.com.br

Posted: Fri 25. Feb 2022, 14:21
by latifolia
My server is only for hosting KeyHelp with user only me,

but now it seems trying to send email which I didnt try to. /var/log/mail.log show these :
Feb 25 16:57:24 server postfix/smtp[3870]: connect to veloxzone.com.br[200.223.8.81]:25: Connection timed out
Feb 25 16:57:24 server postfix/smtp[3870]: B29DEFAFCD: to=<zfixhapke1975@veloxzone.com.br>, relay=none, delay=65466, delays=65462/0.13/4.2/0, dsn=4.4.1, status=deferred (connect to veloxzone.com.br[200.223.8.81]:25: Connection timed out)
Is my server trying to send unsolicited email? Has my Mail server been hacked?

Re: KeyHelp Mail hacked? Unsolicited mailsend to veloxzone.com.br

Posted: Fri 25. Feb 2022, 15:26
by Florian
Hallo,

check the mail queue and the maillogs

Re: KeyHelp Mail hacked? Unsolicited mailsend to veloxzone.com.br

Posted: Fri 25. Feb 2022, 15:35
by latifolia
That quote from earlier post was from the /var/log/mail.log and there was a mail queue which I never intend to send. I have delete it since.
I am afraid it can happen again.

Re: KeyHelp Mail hacked? Unsolicited mailsend to veloxzone.com.br

Posted: Fri 25. Feb 2022, 15:46
by Florian
Hallo,.


grep the maillog for the mail id B29DEFAFCD to see all lines in the log file.

But if it is only one email it is very incertain that the server is missused for spam
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited