Facebook
Twitter
- Server operating system version
- windows server 2019
- Plesk version and microupdate number
- obsidian 18.0.47
Hi,
I have been notified by my server that there is a high level of spam being sent from my server. I have been investigating and in the mailenable logs there are thousands and thousands of emails sent and queued. They are all saying sent from smtp:[email protected]
The server has multiple domains and mail accounts and these messages seem to be coming from most of them.
I am taking this as my server has been compromised, and I have no idea what next step to take! I find it hard to believe that someone could guess the password to MOST of the mail accounts on my server.
Is there a specific log somewhere of which IP has logged in to which SMTP mailbox?
I could TRY and just block all of the IP's that are not known to me. That seems a bit futile though.
I have been notified by my server that there is a high level of spam being sent from my server. I have been investigating and in the mailenable logs there are thousands and thousands of emails sent and queued. They are all saying sent from smtp:[email protected]
The server has multiple domains and mail accounts and these messages seem to be coming from most of them.
I am taking this as my server has been compromised, and I have no idea what next step to take! I find it hard to believe that someone could guess the password to MOST of the mail accounts on my server.
Is there a specific log somewhere of which IP has logged in to which SMTP mailbox?
I could TRY and just block all of the IP's that are not known to me. That seems a bit futile though.
