• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Email hacked question

Jayson

Basic Pleskian
Hello,

Centos 7
postfix
Just had a customer have their email hacked and used to send spam. I was surprised to see maillog shows the sasl_username used for sending was the email alias and not the actual user account.

Is this by design? Or, does it indicate a configuration issue?

Thanks,
 
Last edited:
Hi Jayson,

Or, does it indicate a configuration issue?
Hard to "guess", because you don't provide actual configuration files, nor do you provide depending log - entries from your mail - logs, which could be investigated. ;)
 
That's why I only asked if the sasl_username could be the alias. If yet, then I'm not going to do any digging past talking to the mail user.

(changed customer domain to domain.org)
Nov 27 18:27:17 bigserv postfix/smtpd[24475]: A334E90E3B: client=unknown[155.133.82.113], sasl_method=CRAM-MD5, [email protected]

Customer account is actually [email protected] yet maillog is filled with entries like the above. Once I saw the alias I changed the password on the user email account and the spam stopped. I wanted to know if it's possible for someone to use an alias for the sasl_username.

Thank you,
 
Hi Jayson,

an alias - eMail - account is pretty much the same, as a "normal" eMail - account, just with the difference, that the alias - eMail - account has no own mail - directory on the server. Both usernames can be used as authentification and both usernames use the same password.
 
Back
Top